Anti-Money Laundering reforms

Skip to content
Skip to navigation

Australia has commenced reforming its Anti-Money Laundering and Counter-Terrorist Financing (AML/CTF) regime to further align it with the international standards recommended by the Financial Action Task Force (FATF). The reforms will take effect in 2026 - is your organisation prepared?

These updates include the ‘Tranche 2’ reforms, which expand AML/CTF compliance from 1 July 2026 to apply to additional professions including lawyers, accountants, real estate professionals, property developers, and precious stone dealers. The reform also introduces some significant changes for pre-existing reporting entities which must be enacted by 31 March 2026.

This is law – the AML/CTF Amendment Bill 2024 passed by Parliament aims to strengthen the existing AML/CTF framework and meet international standards set by the FATF. This will ensure Australia can effectively deter, detect and disrupt money laundering and terrorism financing to enhance Australia’s ability to address the evolving threats posed by money laundering, terrorism financing, and other serious and organised crime. 

The video is playing. This video is playing in mini-player mode.

A simple and modern regime – key changes

These key changes aim to simplify and modernise the AML/CTF regulatory framework, enhancing compliance and international cooperation while reducing business administrative burdens:

Key changes explained

Replace the existing Designated Business Group (DBG) model with a new “reporting group” structure to streamline compliance for related entities.
Adjust ‘tipping-off’ rules to clarify permissible disclosures between entities, balancing investigation integrity with information sharing.
Clarify how businesses operating internationally should manage AML/CTF obligations for services provided in Australia versus abroad.
Extend AML/CTF regulations to digital assets, requiring virtual asset service providers to adopt controls in line with international standards.
Repeal the outdated Financial Transaction Reports Act (1998) to reduce legal redundancy and streamline AML/CTF rules, improving compliance efficiency.
Expand AML/CTF compliance to high-risk professions like lawyers, conveyancers, accountants, real estate professionals, and precious stone dealers, known as the ‘Tranche 2’ reforms.

AML/CTF Compliance

AUSTRAC's AML/CTF Starter Programs

AUSTRAC's Starter Programs translate complex regulatory requirements into clear, step-by-step instructions for reporting businesses.

AML/CTF compliance

Existing Entities content hub

Explore a range of insights and webinars to understand the impact of the reforms on your AML/CTF compliance strategy.

AML/CTF compliance

New Entrants content hub

Your guide to navigating AML/CTF regulations for the first time.

Tranche 2 reforms

Lawyers, conveyancers, accountants, and trust and company service providers (collectively known as Professional Service Providers (PSPs)), as well as real estate agents and other professionals in the property industry who provide one or more of the new designated services, will be required to meet AML/CTF obligations prescribed by the amended AML/CTF Act.

Real estate industry

What real estate services will be covered by AML/CTF obligations?

Based on the International Standards and equivalent activity in other countries, the following services offered by the real estate industry will be included as designated services under the AML/CTF Act:

Engaging in activity that involves the transfer of a beneficial interest in land or other real property;
Managing client funds (other than sums paid as fees for professional services) or other assets; or
Engaging in or giving instructions on behalf of a customer to another person for any conveyancing to affect the grant, sale, or purchase or any other disposal or acquisition of real estate or an interest in land.

If your business offers or provides one or more of the above services, your business will be subject to AML/CTF obligations.

Why will real estate have AML/CTF obligations?

Real estate can be an attractive channel for criminals wishing to launder illicit funds.
Criminals can purchase a property using illicit funds, live in that property, renovate the property using illicit funds to improve its value and sell the property later for a capital gain.
The ultimate beneficial ownership of real estate can also be easily concealed, making it an attractive asset class for criminals.

Risks faced by the real estate industry

Aspects of the services offered by the real estate industry have been identified as being attractive to criminals wanting to launder the proceeds of crime and to finance terrorism. The money laundering and terrorist financing (ML/TF) risks associated with the real estate sector include:

The use of third parties to buy and sell properties;
Manipulating property values (that is, criminals buy and sell real estate at a price above or below market value);
Structuring cash deposits to buy real estate;
The use of complex company structures and multiple accounts to disguise the real purpose of a property transaction and disguise the true ownership;
Buying and leasing properties, but providing the tenant with illicit funds to pay the rent;
Buying a property using illicit funds with the intention of conducting further criminal activity at the property; and
Using illicit funds to renovate properties.

Businesses within the real estate industry that the AML/CTF Act will capture must ensure they conduct a comprehensive ML/TF risk assessment to identify, assess, mitigate, and manage ML/TF risk exposures. This is a critical first step in complying with the AML/CTF Act and AML/CTF Rules by 1 July 2026.

What are the types of activities AML/CTF compliance requires?

AML/CTF compliance in Australia involves several core activities that help businesses mitigate risks associated with money laundering and terrorism financing:

Assessing exposure to potential ML/TF risks, considering factors like customer types, transaction types, product/service delivery channels and geographical areas. This step is foundational to tailoring AML/CTF policies and measures to the specific risks relevant to each business.
Initial Customer Due Diligence (CDD) to verify a customer's identity before establishing a business relationship. Low risk clients may only require Simplified Due Diligence, and high-risk clients or transactions may require Enhanced Due Diligence (EDD).
Regularly monitor customer transactions to identify potentially suspicious activities, including keeping track of customer profiles, understanding transaction patterns, and detecting unusual or high-risk activities that might indicate money laundering or terrorism financing.
Submit reports on specific types of transactions to AUSTRAC, including Suspicious Matter Reports (SMRs), Threshold Transaction Reports (TTRs) for cash transactions of AUD 10,000 or more and International Funds Transfer Instruction (IFTI) reports (until such a time as International Virtual Tranbebenbesfer Services (IVTS) replace IFTI reports). where relevant.
Businesses must maintain records of all due diligence activities, transaction reports, and relevant correspondence for at least seven years. This supports transparency and allows authorities to review historical data if required.
Businesses are required to develop, implement, and regularly update an AML/CTF program. Under the new AML/CTF Act, this program includes the ML/TF Risk Assessment and AML/CTF Policy, which together will outline the ML/TF risks identified by the business and the specific controls and procedures the business will use to manage and mitigate those risks.
Businesses are required to review their ML/TF Risk Assessment at most every 3 years but will also be required to do so where certain triggers occur (e.g., where AUSTRAC communicates information that identifies or assesses risks associated with the reporting entity’s provision of its designated services or where there is significant change to any of the factors in its ML/TF risk assessment). Where the change is within the entity’s control the review must be completed prior to the change taking place. Where it is outside of the reporting entity’s control, the review must be completed as soon as practicable after the change.
Regular training on AML/CTF compliance for employees ensures they know their obligations and understand how to identify and report suspicious transactions.

Professional Services Providers (legal, accountancy, trust and company services)

What legal services may be covered by AML/CTF obligations?

Designated services offered under the AML/CTF Act include:

Acting as a formation agent of legal persons or legal arrangements;
Acting as, or arranging for a person to act as, a nominee director or nominee shareholder or trustee in relation to legal persons or legal arrangements;
Providing a registered office or a business address, a correspondence address, or an administrative address for a company, or a partnership, or for any other legal person or arrangement;
Managing client funds (other than sums paid as fees for professional services), accounts, securities, or other assets;
Engaging in a transaction on behalf of any person in relation to the buying, transferring, or selling of a business or legal person (for example, a company) and any other legal arrangement;
Engaging in a transaction on behalf of a customer in relation to creating, operating, and managing a legal person (for example, a company) and any other legal arrangement;
Engaging in or giving instructions on behalf of a customer to another person for any conveyancing to affect the grant, sale, or purchase or any other disposal or acquisition of real estate or an interest in land; and
The transfer of a beneficial interest in land or other real property.

If you offer or provide one or more of the above services, your business will be subject to AML/CTF obligations from 1 July 2026.

Why will professional service providers have AML/CTF obligations?

Professional service providers provide services that operate as a gateway to property and financial markets, financial institutions and other regulated professionals.
These ‘gatekeepers’ provide financial and business services that can be abused to disguise beneficial ownership, conceal the origins and purposes of financial transactions, facilitate tax evasion and, ultimately, launder the proceeds of crime. Operating through or behind a professional adviser can provide a veneer of legitimacy to criminal activity.
Professional service providers can be used to create complex (but legal) structures creating distance between criminals and their illicit wealth. Conveyancers facilitate a process that allows for the transfer of ownership of property, a high-value asset that provides ideal opportunities for laundering large volumes of illicit funds.

What ML/TF risks are faced by professional service providers?

Aspects of the professional service providers are recognised as being attractive to criminals wanting to launder the proceeds of crime and to finance terrorism. The Money Laundering and Terrorist Financing (ML/TF) risks associated with Professional service providers include:

Obscuring ultimate ownership through complex layers and legal entity structures;
Evading tax and exploiting known tax shelters;
Evading regulatory controls;
Providing a veneer of legitimacy to criminal activity;
Creating distance between criminal entities and their illicit income or wealth by using complex business and corporate structures; and
Avoiding the detection and confiscation of assets and hindering law enforcement investigations.

Business activities of professional service providers the AML/CTF Act will capture must ensure they conduct a comprehensive ML/TF risk assessment to identify, assess, mitigate, and manage ML/TF risk exposures.

What are the types of activities AML/CTF compliance requires?

AML/CTF compliance in Australia involves several core activities that help businesses mitigate risks associated with money laundering and terrorism financing:

Assessing exposure to potential ML/TF risks, considering factors like customer types, transaction types, product/service delivery channels and geographical areas. This step is foundational to tailoring AML/CTF policies and measures to the specific risks relevant to each business.
Initial Customer Due Diligence (CDD) to verify a customer's identity before establishing a business relationship. Low risk clients may only require Simplified Due Diligence, and high-risk clients or transactions may require Enhanced Due Diligence (EDD).
Regularly monitor customer transactions to identify potentially suspicious activities, including keeping track of customer profiles, understanding transaction patterns, and detecting unusual or high-risk activities that might indicate money laundering or terrorism financing.
Submit reports on specific types of transactions to AUSTRAC, including Suspicious Matter Reports (SMRs), Threshold Transaction Reports (TTRs) for cash transactions of AUD 10,000 or more and International Funds Transfer Instruction (IFTI) reports (until such a time as International Virtual Tranbebenbesfer Services (IVTS) replace IFTI reports). where relevant.
Businesses must maintain records of all due diligence activities, transaction reports, and relevant correspondence for at least seven years. This supports transparency and allows authorities to review historical data if required.
Businesses are required to develop, implement, and regularly update an AML/CTF program. Under the new AML/CTF Act, this program includes the ML/TF Risk Assessment and AML/CTF Policy, which together will outline the ML/TF risks identified by the business and the specific controls and procedures the business will use to manage and mitigate those risks.
Businesses are required to review their ML/TF Risk Assessment at most every 3 years but will also be required to do so where certain triggers occur (e.g., where AUSTRAC communicates information that identifies or assesses risks associated with the reporting entity’s provision of its designated services or where there is significant change to any of the factors in its ML/TF risk assessment). Where the change is within the entity’s control the review must be completed prior to the change taking place. Where it is outside of the reporting entity’s control, the review must be completed as soon as practicable after the change.
Regular training on AML/CTF compliance for employees ensures they know their obligations and understand how to identify and report suspicious transactions.

Grant Thornton is a leading specialist in AML/CTF risk management providing tailored services including expert advisory, compliance and support services; program development, risk assessment and policies; and support on regulatory engagement and remediation.

Unlike providers that rely on generic, one-size-fits-all compliance models and lack dedicated AML/CTF teams, we are a team of specialists who design and leverage specific tools, accelerators and leading frameworks, to collaborate with you to achieve the right risk management outcomes, pragmatically, efficiently and effectively.

Proven by our unique track record of high profile, complex engagements on AML/CTF risk management and compliance across all industry sectors, which spans both existing and new entrants to the regime. We have a detailed understanding of the reforms and how both existing entities and new entrants can minimise costs and stay or become compliant. We have worked closely with AUSTRAC on a number of Tranche 2 industry engagement initiatives.

We are also the only AML/CTF consultants from Australia that have worked directly with over 200 New Zealand entities since 2018.

We partner with you to build an outcomes-focused, fit-for-purpose AML/CTF risk management program that protects and future-proofs your organisation from criminals seeking to launder money and fund terrorism.

Case study

Money remitter

New business collaboration

We worked with a new business providing services to customers to collectively pay for goods and services.

AUSTRAC registration requirement

Part of their service involved the provision of remittance designated services, and they were required to register with AUSTRAC.

Understanding operations and controls

In preparation for the registration, we engaged with the business and management to understand how they operated their service and what their control environment was.

Developing AML/CTF compliance

Using our proprietary tools, we supported them developing an ML/TF risk assessment and an AML/CTF program for their business, which were shared with AUSTRAC as part of the registration process.

Case study

Financial institution

Post-review AML/CTF uplift

As a result of an independent review, we were subsequently engaged to uplift their ML/TF risk assessment and AML/CTF program.

Stakeholder engagement & assessment

This included engagement with internal stakeholders to understand the business and the current control environment.

Enterprise & business unit risk assessments

We developed an enterprise-wide risk assessment, supported by business unit risk assessments aligned to the AML/CTF rule requirements and relevant AUSTRAC guidance, including the sectorial risk assessment.

Case study

Payment service provider

Global payment provider compliance

We worked with a major payment services provider that operated compliance arrangements globally and sought to comply with the international funds transfer instruction (IFTI) obligations unique to its Australian business.

IFTI obligations & control enhancements

We supported them in fully understanding the IFTI applicability of their transaction types, understanding the control environment, and establishing systematic controls to ensure they identified all qualifying transactions.

Process uplift across global teams

We subsequently supported the re-tooling and process uplift across teams and systems located globally.

case study

Medium sized bank

Appointed to monitor compliance commitments

We have been appointed by a medium-sized bank to monitor compliance as part of a long term remediation project

Addressing onboarding and legacy system challenges

The bank had developed a revised AML/CTF strategy, which required them to address a complex customer onboarding servicing environment with legacy systems and data challenges.

Assessing and measuring the revised AML/CTF strategy

We developed a detailed understanding to assess the revised AML/CTF strategy and measure and monitor the implementation of that strategy.

Ongoing monitoring of strategy implementation

We continue to monitor the implementation of the AML/CTF strategy into the bank’s operational environment to identify where the activity does not deliver the strategy.

Other industry experience

Financial accommodations

We have worked with several businesses, ranging from wholesale retail to pharmacies, who have discovered they have inadvertently been providing limited loans that fall under the definition of designated services 6 and 7.

These businesses sought to normalise the situation and remediate their non-compliant position.

We supported them by determining the risk profile of previous activity, and then developing ML/TF risk assessments and AML/CTF Programs for the small part of their business that was providing designated services.

Online gaming

We have developed AML/CTF Programs and ML/TF risk assessments for a number of online gaming businesses subject to AUSTRAC scrutiny.

Whilst in the same industry and providing the same designated services, these required tailored responses to accommodate the nature, size, and complexity of each business.

These engagements also required the assessment of unique risk factors, such as payment channels, which required the adaption of risk assessment methodologies and the collection and assessment of unique data sets to understand the risk posed.

Precious metals and products

Grant Thornton has provided a wide range of AML/CTF services to clients in the precious metals and products sector. This gives us a holistic understanding of the unique intricacies that must be taken into consideration in this space.

We have worked with a number of precious metal dealers across Australia, supporting their AML/CTF compliance activities.

Virtual Asset Service Provider (VASP)

In 2017, digital currency exchange providers were subject to Australia’s AML/CTF regime for the first time in a bid to address an emerging ML/TF risk.

We led workshops and supported 15 digital currency exchange providers to prepare for and meet new compliance requirements, including:

Risk assessment and management – establishing an approach and methodology to assess their ML/TF risk, identify ML/TF risks in their operations and implement appropriate measures to mitigate and manage identified risks.
AML/CTF program – providers were required to develop and maintain an AML/CTF program. This program had to outline the procedures and controls in place to mitigate and manage the risks of money laundering and terrorism financing.
Registration with AUSTRAC – how to prepare for and register with AUSTRAC before offering their services. This registration became mandatory to legally operate in Australia.
Customer due diligence – how to identify and verify the identities of their customers. This included collecting and verifying information to ensure they knew who their customers were in a digital environment.
Monitoring and reporting – providers needed to monitor customer transactions for suspicious activity and report any suspicious matters to AUSTRAC.
Record keeping – how to keep and retrieve records of transactions, customer identification processes, and their AML/CTF program for a minimum of seven years.

Supporting the digital currency exchange involved undertaking detailed research on the structure of the sector, how they provide their services, and the type and nature of the ML/TF risks they face.

We have continued to provide support to digital currency exchanges since 2017 undertaking AML/CTF Independent Reviews as well as providing ML/TF Risk Assessments and AML/CTF Programs.