Understanding changes to AML/CTF obligations and the Privacy Act for reporting entities
InsightUnderstanding changes to AML/CTF obligations and the Privacy Act: what reporting entities need to know.
Congratulations to our new Partners and Principal. Read more now.
By: Neil Jeans, Katherine Shamai, Annelies Homersham, Martin Stone
03 Mar 2025 7 min read

The reporting group concept seeks to reduce duplication of efforts and streamline compliance processes by allowing related reporting entities to share compliance resources and responsibilities.
It also facilitates a coordinated approach to risk assessment and mitigation, ensuring that all reporting entities within the group adhere to consistent standards and reporting entities better manage their AML/CTF obligations by leveraging shared expertise and resources.
The reporting group concept contained within the revised AML/CTF Act replaces the Designated Business Group concept. The main differences between the two concepts are:
A DBG consists of two or more reporting entities that join together to share the administration of some or all of their AML/CTF obligations.
Any member of the group can fulfil some obligations for other members, but each entity remains responsible for its own compliance, and DBG members can also choose to administer their own AML/CTF programs separately.
To form a DBG, entities must meet specific criteria, such as being part of a joint venture or related companies, and subject to formal agreements.
A reporting group consists of related entities that share risk management and compliance arrangements under a common ‘group’ AML/CTF program.
The group must have a lead entity responsible for overseeing the implementation of AML/CTF obligations across the group.
The reporting group concept is more flexible, allowing for elective formation or creation by operation of law.
Adopting the reporting group concept can lead to significant cost savings for entities within the group. A coordinated approach to compliance improves the overall effectiveness of AML/CTF measures, allowing reporting entities to leverage shared expertise and resources to manage their AML/CTF obligations better.
Under the revised AML/CTF Act, the lead entity in a reporting group has several key responsibilities. These include:
The lead entity must identify and assess the risks of money laundering, terrorism financing, and proliferation financing across all entities within the group. This involves analysing various risk factors and ensuring appropriate and effective risk mitigation measures are in place. The risk assessment must be regularly updated, as stipulated by the new Act, to reflect the group's risk profile changes over time.
The lead entity is responsible for creating a group-wide AML/CTF program that addresses the risks identified in the risk assessment. This program must include policies, procedures, and controls tailored to the group's needs and available resources and tools. The lead entity must also ensure that all entities within the group adhere to the program.
The lead entity must implement systems to detect and report suspicious activities across the reporting group. This includes ensuring timely and accurate reporting to AUSTRAC, such as submitting suspicious matter reports (SMRs), international value transfer services (IVTS) reports and other required reports. The lead entity must maintain comprehensive records of all AML/CTF-related activities, and ensure they are accessible and secure.
The lead entity must create tailored AML/CTF training programs that cover AML/CTF obligations and the group's policies and procedures. These programs should be designed to ensure that employees are well-informed and capable of complying with AML/CTF requirements. Regular training sessions must be conducted, and the effectiveness of these programs should be monitored and evaluated. They should be updated to accommodate any new feedback or guidance material disseminated by AUSTRAC, change in legislation or change in the AML/CTF environment of the reporting group.
The lead entity is also responsible for coordinating the group's interactions with AUSTRAC and ensuring prompt responses to regulatory inquiries or requests for information. This involves maintaining open communication with AUSTRAC and addressing any compliance issues that arise, any direct feedback received or any relevant guidance material is disseminated.
The lead entity must also stay informed about changes in regulatory requirements and emerging risks to ensure the AML/CTF program remains compliant and effective. This involves regularly reviewing and updating the AML/CTF program to incorporate best practices and ensure it remains effective in mitigating risks. Continuous improvement efforts should be documented and communicated to all entities within the group.
While presenting significant benefits, before deciding to create a reporting group, the following potential challenges should be considered, and plans should be developed to address them.
By understanding and addressing these challenges, entities can effectively leverage the benefits of the reporting group concept to enhance their AML/CTF compliance efforts.
The revised AML/CTF Act introduces new civil penalty provisions in relation to reporting groups, including failure of the lead entity to meet its obligations to assess risk, develop and maintain an AML/CTF program, and ensure compliance with the AML/CTF program. The revised AML/CTF Act exposes the lead entity to non-compliance by reporting group members.
Although the new AML/CTF requirements won't be enforced until April 2026 for existing entities and July 2026 for new entities, it is vital to start planning and preparing for compliance with the revised AML/CTF requirements now.
With a short lead time to compliance and limited AML/CTF experts across Australia, demand will only continue to increase as the compliance date approaches.
If you would like to discuss any of the above with one of our AML/CTF specialists, please reach out.
Understanding changes to AML/CTF obligations and the Privacy Act: what reporting entities need to know.
From 1 July, the updated AML/CTF regime takes effect for Tranche 2 organisations including the real estate industry. There is already commentary, interpretation and subsequently confusion in the aged care market.
The AML/CTF Amendment Bill 2026 gives AUSTRAC new powers to restrict or prohibit the use of high‑risk mechanisms such as crypto ATMs by reporting entities.