Understanding recent changes to the AML/CTF legislation and what reporting entities need to know

 
In November 2024, Parliament enacted the AML/CTF Amendment Act 2024, updating the original Act. The changes expanded the AML/CTF framework to include higher-risk services offered by real estate professionals, as well as professional service providers ('Tranche 2' entities). The amendments also updated the AML/CTF regime to better align with evolving business models, technologies, and methods used for illicit financing.

To put the amended Act into practice, AUSTRAC created the AML/CTF Rules in August 2025. These Rules have replaced the AML/CTF Rules Instrument 2007 (No. 1) and are in effect from 31 March 2026.

After their introduction, AUSTRAC discovered that certain targeted amendments were necessary to enhance the effectiveness of the AML/CTF Rules and correct minor errors in drafting.

The AML/CTF (2025 Rules) Amendment Rules 2026 (in effect from 31 March 2026) include some key changes Grant Thornton considers important for reporting entities. These include: 

• Changes to the reporting group framework to include an 'opt-out' model, where related entities within a corporate group or other control structure automatically become part of a reporting group unless a reporting entity formally declines membership in writing. 
• Extending the timeframe to verify Know Your Customer (KYC) information previously verified by another party to a real estate transaction from 15 days to 28 days. 
• Requiring monitoring for prohibited hate group offences as part of monitoring for unusual transactions and behaviours under safe harbour rules. 
• If a customer in a business relationship becomes a foreign or high-risk Politically Exposed Persons (PEP), a reporting entity may continue to provide designated services until senior manager approval is obtained. 
• Amending the compliance reporting timeframes to the Australian financial year rather than the calendar year, so that the next reporting period is the period beginning on 1 July 2026 and ending on 30 June 2027. The lodgement period will July to September 2027. 

The purpose of the AML/CTF (Class Exemptions and Other Matters) Amendment Rules 2026 is to update, clarify and modernise the existing class exemptions and ancillary rules so they align with the reformed AML/CTF regime that commenced on 31 March 2026.

The instrument created class exemptions where AUSTRAC considers the ML/TF risk to be low or appropriately managed by other means, with the intent of avoiding unnecessary regulatory burden where full AML/CTF obligations would be disproportionate.

The exemptions are in effect from 31 March 2026, and include: 

1. Exemption from initial Customer Due Diligence (CDD) – withdrawals from automatic teller machines 
   
   This exemption can be relied upon when a person withdraws money from an ATM and certain conditions are met including the value of the withdrawal is less than $10,000. 
   
   
2. Exemption from initial CDD – transfer of value using gift card issued by reporting entity 
   An exemption can be relied upon when certain conditions are met, including that no part of the monetary value stored in connection with the gift card may be withdrawn in cash and the monetary value stored in connection with the gift card cannot be increased. 
   
   
3. Gift card issued by person not providing designated services 
   This exemption relates primarily to open-loop gift cards issued in the course of carrying on a business that does not otherwise involve the provision of designated services and can be relied upon when the monetary value stored in connection with the gift card cannot be increased, and no part of the monetary value can be withdrawn in cash. 
   
   In relation to exemptions 2 and 3 above, a condition of the exemption refers to “risk mitigation and management”, which is subject to an 18-month transition period to allow time for gift card issuers to review their existing products and processes. The transition period allows administrators of gift card schemes time to address the ML/TF and other crime risks associated with stored value cards, including those highlighted by relevant agencies such as the National Anti-Scam Centre, the Australian Centre to Counter Child Exploitation and AUSTRAC. 
   
   Refer to the legislation for the full list of conditions for each exemption. 

The AML/CTF Transitional Rules 2026 sit alongside the broader AML/CTF reforms introduced through the AML/CTF Amendment Act and the AML/CTF Rules 2025. They provide businesses with extra time to update their processes and systems for certain requirements while continuing to manage ML/TF risks effectively.

Key Transitional Arrangements for Reporting Entities:

Extended period for Initial Customer Due Diligence (ICDD) 
One of the most significant transitional provisions is the three-year transition period for initial CDD obligations. From 31 March 2026 to 30 March 2029, existing reporting entities will have the option to: 

• Continue applying their pre-reform customer identification procedures (Applicable Customer Identification Procedures), or 
• Adopt the reformed initial CDD obligations at any time during this period.

The transition applies only to initial CDD - ongoing CDD obligations apply without exception from 31 March 2026.

AUSTRAC have stated that reporting entities who intend to rely on the ICDD transitional rule must have a transitional policy that describes the following by 1 July 2026:

• list the classes of customers they will apply ACIP to; and 
• state the date when they will stop applying ACIP to each class. 

2. Compliance officer notification deadlines 
Transitional rules also extend the timeframe for notifying AUSTRAC of appointed AML/CTF compliance officers: 

• Existing reporting entities have until 30 May 2026 to lodge their compliance officer details. 
• Newly regulated businesses (including Tranche 2 and virtual asset service providers) have until 29 July 2026. 

These extensions provide reporting entities with additional time to establish appropriate governance arrangements and properly communicate to AUSTRAC.

3. Staggered independent evaluations 
To avoid compliance bottlenecks, both existing and newly regulated entities will be able to stagger their initial independent evaluation deadlines based on AUSTRAC account numbers. This means businesses won’t face the same evaluation date and can prioritise compliance in line with capacity and risk profile.  
Existing reporting entities that have had at least one independent review under the pre-reform Rules, must conduct their first independent evaluation by the later of: 

• 4 years after their most recent independent review, or 
• 31 March 2027. 

AUSTRAC expects reporting entities to revise their AML/CTF policies to ensure that the evaluation schedule is consistent with the identified deadline.

4. Registration clarifications and roll-over 
The transitional rules confirm that: 

• Existing digital currency exchange providers will automatically transition to the category of virtual asset service providers without re-registration, and 
• There is no change in status for current remittance network providers, remittance affiliates, or independent remittance dealers. 

This continuity avoids administrative duplication and supports operational stability through the reform phase.

5. Deferred obligations for certain Virtual Asset Services (VAS) 
While obligations for many virtual asset services begin in line with tranche 2 timing, the transitional rules defer certain AML/CTF requirements until 1 July 2026, consistent with tranche 2 commencement dates. This deferral provides aligned timing for newly regulated virtual asset businesses to enrol, register and prepare for full compliance.

Notably: 

• The ‘travel rule’ for virtual asset transfers applies from 1 July 2026 for all virtual asset service providers. 
• Reporting obligations for international value transfer services are deferred until 2029. 

6. Financial advisers becoming Tranche 2 entities 
While these obligations generally commence in line with tranche 2 implementation, transitional arrangements apply to certain existing reporting entities. Specifically, entities that previously qualified for pre-reform special AML/CTF programs will not be required to apply AML/CTF obligations to the newly designated tranche 2 services until 1 July 2026. This ensures consistent commencement timing across tranche 2 sectors and allows affected advisers time to update systems, controls, and compliance frameworks.

7. Transition to International Value Transfer Service (IVTS) reporting 
The transitional rules delay the commencement of the IVTS reporting framework to allow sufficient time for reporting entities and AUSTRAC to update or implement required systems changes.

Reporting entities IVTS reporting transition date will either be:

•  31 March 2029, or 
• a substitute transition date that is no earlier than 31 March 2029 and no later than 30 September 2029. 

Until a reporting entity nominates a transition date, the existing International Funds Transfer Instructions (IFTI) reporting framework remains in force for them.