The VerifiMe guide to becoming AUSTRAC ready.

Introduction

Understanding your obligations under the updated Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) legislation is crucial.

The Tranche 2 reforms, which introduced new reporting requirements for businesses, will impact how you operate and report to AUSTRAC. This page is designed to help you understand these changes and prepare your business for the new compliance requirements.

Below, you'll find a series of frequently asked questions (FAQs) that outline how to meet your reporting obligations and avoid potential penalties. We’ve broken down the information into clear, actionable steps to guide you through the process.

Let's get started to ensure your business is fully prepared for the upcoming changes.

Who is AUSTRAC and what is its role?

AUSTRAC is Australia’s Financial Intelligence Unit. AUSTRAC collects financial transaction reports, analyses the information and disseminates financial intelligence, which plays an important role in preventing, detecting and prosecuting crime. It assists authorities to trace the trail of illicit money.

AUSTRAC is also the Regulator for designated service providers.

You can explore the AUSTRAC website here: Homepage | AUSTRAC

What is AML/CTF Compliance?

The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) regulates designated service providers and is governed by AUSTRAC.
A copy of the current version of the Act can be found here: AML/CTF Act | AUSTRAC

What is a ‘designated service’ and why does this matter?

The ‘designated services’ set out what is covered by the AML/CTF Act including financial services, car dealerships, buying and selling bullion and gambling, and under Tranche 2 Lawyers, Accountants, Corporate Services firms and Real Estate agents.

To understand more go to: Designated service | AUSTRAC

For a detailed list of services which will be regulated, please visit: New industries and services to be regulated | AUSTRAC

How do I know if my business is a reporting entity?

It’s natural to question whether your organisation is subject to the compliance requirements of designated service providers who are reportable to AUSTRAC. Governing bodies of industry groups will help assist you in understanding your compliance mandates, however if you feel your business falls into a grey area, it is best to seek independent legal advice on the matter and assess the risks and cost benefits to implementing and operating an AML/CTF as a reporting entity to AUSTRAC.

To understand more go to: Reporting entity | AUSTRAC

To assist in determining if you will be a reporting entity, go to: Check if you'll be regulated | AUSTRAC

What are the key milestones I need to understand to become AUSTRAC ready as a “designated service provider”?

The image below will help you understand the timeline in becoming AUSTRAC ready.

Why should we choose a record collation and Customer Due Diligence register and commence collecting data now?

For many businesses, the greatest operational burden will come when client cooperation is required to capture customer information for verification. Collecting this information over 18 months will be less burdensome than aiming to implement these changes closer to the compliance date.

Advantages of Early Data Collection

  1. Proactive Compliance: By collecting data early, you ensure that your organization is well-prepared and compliant by the regulatory deadline. This reduces the risk of last-minute non-compliance issues.

  2. Risk Mitigation: Early data collection helps identify and mitigate potential risks sooner. This proactive approach allows you to address any gaps or issues in your AML/CTF program before they become critical.

  3. Operational Efficiency: Implementing data collection processes early can streamline your operations. It allows your team to become familiar with the procedures and systems, leading to more efficient and accurate data management.

  4. Enhanced Decision-Making: Having access to comprehensive and accurate data early on enables better decision-making. It allows you to analyze trends, identify suspicious activities, and take timely actions to prevent financial crimes.

  5. Building Trust: Demonstrating a commitment to compliance and data integrity can enhance your reputation with regulators, customers, and partners. It shows that your organization takes its AML/CTF obligations seriously.

    Risks of Delaying

    Starting early with data collection and maintaining a robust CDD register can help your organization stay ahead of compliance requirements and operate more effectively.

  1. Increased Costs: Delaying data collection can lead to higher costs as you may need to rush the process closer to the compliance date. This can result in hiring additional resources or paying for expedited services.

  2. Compliance Gaps: Waiting until the last minute increases the risk of missing critical compliance requirements. This can lead to penalties, fines, and reputational damage.

  3. Operational Disruptions: Implementing new data collection processes under tight deadlines can disrupt your regular business operations. It can cause stress and errors, impacting overall productivity.

  4. Regulatory Scrutiny: Regulators may view delayed compliance efforts as a lack of commitment to AML/CTF obligations. This can lead to increased scrutiny and more frequent audits.

Starting early with data collection and maintaining a robust CDD register can help your organization stay ahead of compliance requirements and operate more effectively.

What are the key AML/CTF requirements as a reporting entity?

To assist in understanding your core requirements to be ready prior to the commencement date, we have listed 7 key steps to educate yourself on, which will relate to how the operations within your business will change:

1. Educate yourself and train your staff

2. Assign an AML/CTF Compliance Officer (AMLCO)

3. Perform a Risk Assessment and create an AML/CTF Policy

4. Implement a Customer Due Diligence Process for KYC and KYB

5. Risk Assess your customers in accordance with the rules and your AML/CTF policy

6. Enroll with AUSTRAC

7. Report to AUSTRAC

Why has the AML/CTF legislation been changed?

The Tranche 2 changes to Australia's Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) legislation are being made to address several key objectives:

  1. Extending the AML/CTF Regime: The changes aim to include higher-risk services provided by real estate professionals, lawyers, accountants, trust and company service providers, and dealers in precious stones and metals. These sectors are seen as vulnerable to money laundering and terrorism financing.

  2. Improving Effectiveness: The reforms seek to make the AML/CTF regime simpler and clearer for businesses to comply with, thereby improving its overall effectiveness.

  3. Modernising the Regime: The amendments are designed to reflect changing business structures, technologies, and illicit financing methodologies, ensuring the regime remains relevant and robust.

  4. Increasing Oversight and Governance: Governing bodies will be required to take reasonable steps to ensure their businesses are appropriately managing and mitigating money laundering and terrorism financing risks.

  5. Enhancing Customer Due Diligence: There will be redesigned obligations for initial and ongoing customer due diligence to better identify and manage risks.

These changes are part of a broader effort to protect Australia's financial system from criminal abuse and to align with international standards.

Further information regarding the changes can be found here: About the reforms | AUSTRAC

What are the benefits of the updated AML/CTF Act for professional service firms, accountants, lawyers and real estate agents?

AML/CTF compliance is mandatory for designated service providers. The Tranche 2 changes to the AML/CTF legislation offer numerous benefits to businesses complying with AUSTRAC regulations, such as:

  1. Being a good corporate citizen and playing your part in preventing criminal activity and acts of terrorism;

  2. Helping to reduce the risk of fraud losses against your business;

  3. Enhancing the reputation of our associations and generally avoiding negative press coverage;

  4. Avoiding fines and enforcement action by AUSTRAC;

  5. Understanding your customers and the risk profile of the services you offer within the Australian market.

What kinds of enforcement actions are open to AUSTRAC?

Enforcement actions available to AUSTRAC include issuing an infringement notice, accepting an enforceable undertaking and seeking a civil penalty order in the Federal Court, and in some cases criminal prosecution.

The maximum civil penalty for a company for each contravention of the AML/CTF Act is $21 million. Further information can be found here: Consequences of not complying | AUSTRAC

What is the difference between enrolling with AUSTRAC and registering with AUSTRAC?

Enrolling and registering with AUSTRAC serve different purposes and are required for different types of businesses:

  1. Enrolling with AUSTRAC:

    • Who needs to enroll: Any business providing designated services under the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Act must enroll with AUSTRAC

    • Purpose: Enrolling helps AUSTRAC monitor and regulate businesses to prevent money laundering and terrorism financing

    • Process: Businesses must complete the AUSTRAC Business Profile Form (ABPF) and provide details about their services, business structure, key personnel, and financial statements.

  2. Registering with AUSTRAC:

    • Who needs to register: Businesses providing remittance services or digital currency exchange (DCE) services must register with AUSTRAC in addition to enrolling

    • Purpose: Registration ensures that these businesses meet specific regulatory requirements before they can legally operate

    • Process: Registration involves additional scrutiny and approval from AUSTRAC before the business can start providing these services

In summary, enrollment is a broader requirement for businesses providing designated services, while registration is an additional step for those offering remittance or DCE services.

What is the role of the AML/CTF Compliance Officer (AMLCO)?

An AML/CTF Compliance Officer (AMLCO) needs to be appointed and need not be a member of staff. However, they will need to meet the “Fit and Proper Person Test”. For some organisations with elevated risks and complexities, outsourcing your AMLCO may be an option.

TIP: Appoint a Compliance Officer now and have them outline an annual AML/CTF compliance calendar for you.

There are a number of responsibilities for the AML/CTF compliance officer:

•   acting as the contact point and providing the day-to-day oversight of the organisation’s AML/CTF Policy, compliance manuals, policies, procedures and systems;

•    reporting suspicious matters to AUSTRAC;

•    staff training;

•    conducting and updating the venue’s AML/CTF risk assessment;

•    reporting to the Committee and senior management;

•    addressing AUSTRAC feedback about the organisation’s compliance.

Further information can be found here: AML/CTF compliance officers | AUSTRAC

Getting Started

With the official compliance due date for all Tranche 2 entities beginning 1 July 2026, it’s important to understand your obligations to prepare your business as a reporting entity to AUSTRAC whilst monitoring the milestones and how your operations will need to change to become compliant.

What is an AML/CTF Program?

An AML/CTF program is a set of policies, procedures, and controls designed to help businesses comply with the AML/CTF Act, managed by AUSTRAC. Below is a brief overview:

  1. AML/CTF Policy: This outlines how a business will identify, mitigate, and manage risks related to money laundering and terrorism financing.

  2. Part A of the AML/CTF Policy: Focuses on identifying, mitigating, and managing risks. It includes:

    • Risk Assessment: Regularly reviewing and updating the risk of money laundering and terrorism financing.

    • Board/Senior Management Oversight: Approval and ongoing oversight of the program.

    • AML/CTF Compliance Officer (AMLCO): A designated officer to manage compliance.

  3. Part B of the AML/CTF Policy: Deals with customer identification and verification, including:

    • Customer Due Diligence (CDD): Procedures for identifying and verifying customers and beneficial owners.

    • Enhanced Due Diligence (EDD): Additional measures for high-risk customers, such as politically exposed persons (PEPs).

  4. Ongoing Obligations:

    • Transaction Monitoring: Continuously monitoring transactions to detect suspicious activities.

    • Reporting: Submitting reports on suspicious matters, threshold transactions, and international funds transfers to AUSTRAC.

  5. Training: Regular training for employees to ensure they understand and can effectively implement the AML/CTF program.

  6. Record Keeping: Maintaining records of transactions, customer identification, and risk assessments for a specified period.

This program is essential for protecting businesses and the community from financial crimes.

Further information can be found here: AML/CTF programs | AUSTRAC

What is an AML/CTF Policy?

An AML/CTF policy is a crucial component of a business's compliance framework under the AML/CTF Act. Below is a brief overview:

  1. Purpose: The policy outlines how a business will identify, mitigate, and manage the risks of money laundering and terrorism financing.

  2. Components:

    • Risk Assessment: Regularly assessing the risk of money laundering and terrorism financing within the business.

    • Customer Due Diligence (CDD): Procedures for identifying and verifying customers and beneficial owners.

    • Enhanced Due Diligence (EDD): Additional measures for high-risk customers, such as politically exposed persons (PEPs).

    • Transaction Monitoring: Continuously monitoring transactions to detect suspicious activities.

    • Reporting: Procedures for reporting suspicious matters, threshold transactions, and international funds transfers to AUSTRAC.

    • Training: Regular training for employees to ensure they understand and can effectively implement the AML/CTF policy.

    • Record Keeping: Maintaining records of transactions, customer identification, and risk assessments for a specified period.

  3. Governance:

    • Board/Senior Management Oversight: Approval and ongoing oversight of the policy.

    • AML/CTF Compliance Officer: A designated officer to manage compliance and ensure the policy is effectively implemented.

Further information can be found here: AML/CTF programs | AUSTRAC

What is Customer Due Diligence?

Customer Due Diligence (CDD) is a critical component of an AML/CTF program, ensuring businesses understand who their customers are and the risks they may pose. Here's a concise overview:

  1. Purpose: To identify and verify the identity of customers and beneficial owners, and to understand the nature of the business relationship. This is something referred to as “Know your Customer/Business" (KYC / KYB).

  2. Components:

    • Customer Identification: Collecting and verifying information such as name, address, date of birth, and identification documents.

    • Beneficial Ownership: Identifying individuals who own or control the customer, especially for entities like companies and trusts.

    • Risk Assessment: Assessing the risk level of each customer based on factors defined in your AML/CTF policy like the service provided, their background, transaction patterns, and geographic location.

  3. Types of CDD:

    • Standard CDD: Basic identification and verification procedures for most customers.

    • Enhanced Due Diligence (EDD): Additional measures for high-risk customers, such as politically exposed persons (PEPs) or those from high-risk jurisdictions.

    • Simplified CDD: Reduced measures for low-risk customers, where appropriate.

  4. Ongoing Monitoring:

    • Transaction Monitoring: Continuously monitoring customer transactions to detect unusual or suspicious activities.

    • Periodic Reviews: Regularly updating customer information and reassessing risk levels.

  5. Reporting:

    • Suspicious Matter Reports (SMRs): Reporting suspicious activities to AUSTRAC.

    • Threshold Transaction Reports (TTRs): Reporting large cash transactions above a certain threshold.

    • International Funds Transfer Instructions (IFTIs): Reporting international funds transfers.

  6. Record Keeping: Maintaining records of customer identification, transaction monitoring, and risk assessments for a specified period.

  7. Training: Ensuring employees are trained to understand and implement CDD procedures effectively.

Further information can be found here: Changes to customer due diligence | Attorney-General's Department, Enhanced customer due diligence (ECDD) program | AUSTRAC

To help your business meet its AML/CTF obligations, you may choose to engage the services of a regulatory technology business (RegTech).

Further information can be found here: Guidance for engaging a RegTech.pdf

What are the ongoing reporting obligations for a reporting entity enrolled with AUSTRAC?

Reporting entities enrolled with AUSTRAC and performing designated services have several key reporting obligations. Here's a brief overview of each:

Threshold Transaction Reports (TTRs):

  • What: Report transactions involving physical currency of AUD 10,000 or more (or the foreign currency equivalent).

  • When: Within 10 business days after the transaction.

International Funds Transfer Instructions (IFTIs):

  • What: Report instructions for transferring funds into or out of Australia, regardless of the amount.

  • When: Within 10 business days after the transfer instruction is sent or received.

Suspicious Matter Reports (SMRs):

  • What: Report any transaction or activity that raises suspicion of money laundering, terrorism financing, or other criminal activity.

  • When: Within 24 hours if related to terrorism financing, or within three business days for other suspicions.

AUSTRAC Compliance Reports:

  • What: Periodically report on how the entity is meeting its AML/CTF obligations.

  • When: As required by AUSTRAC.

Cross-Border Movement (CBM) Reports:

  • What: Report the movement of physical currency of AUD 10,000 or more (or the foreign currency equivalent) into or out of Australia.

  • When: Before sending or carrying the cash out of Australia, or within five business days of receiving cash from overseas.

These reporting obligations help AUSTRAC detect, deter, and disrupt financial crimes. Further information can be found here: Reporting | AUSTRAC, Understanding AUSTRAC reporting: a closer look behind the scenes | AUSTRAC,

Getting Detailed

The following section takes the level of detail for your compliance requirements to a deeper level of understanding. You may wish to take a tea break now. 🍵

Elements of Risk

Risk management is the process of recognising risk and developing methods to both minimise and manage the risk. It is important to consider the criminal threat environment and possible vulnerabilities of your organisation. Click on the link below to learn more.

AML/CTF: Governance Committee

Internal roles in AML/CTF policies are essential for ensuring that an organization effectively prevents and detects money laundering and terrorist financing activities. Click on the link to below to learn more.

Changes in Risk

The ML/TF risk profile of your business changes over time. Click on the link below to learn more.

AML/CTF: Internal Controls

These roles and the governance committee collectively ensure that an organisation maintains a robust AML/CTF framework, effectively managing risks and complying with regulatory requirements. Click on the link below to learn more.

Risk Management Elements

An AML/CTF policy refers to organisations implementing measures and procedures to comply with Australia's AML/CTF legislation. Click on the link below to learn more.

AML/CTF: Oversight

These roles and the governance committee collectively ensure that an organisation maintains a robust AML/CTF framework, effectively managing risks and complying with regulatory requirements. Click on the link below to learn more.

AML/CTF: Customer Due Diligence

The cornerstone of an AML/CTF policy. It involves verifying the identity of customers to ensure they are who they claim to be. Click on the link below to learn more.

AML/CTF: Independent Reviews

Independent reviews are critical. This one minute read will help with understanding and provide links to the appropriate AUSTRAC pages. Click on the link below to learn more.

Getting Help

We understand these changes can add a high level of complexity and operational demand to businesses unfamiliar with these new regulations. It may be necessary for your business to outsource some components of the preparation and ongoing procedures in becoming AUSTRAC ready. The following section offers information for consideration when considering approaches to implementing an AML/CTF Program.

AUSTRAC AML/CTF Starter Kits

AUSTRAC has announced that they are developing AML/CTF starter program kits specifically for small businesses in Tranche 2 sectors. These kits aim to help these businesses create effective AML/CTF programs by providing templates tailored to typical low-complexity small businesses.

The guidance and educational materials will be developed in close consultation with industry peak bodies and are expected to be released for public consultation in mid-2025.

Advantages:

  1. Cost-Effective: Starter kits are generally more affordable than hiring a consultant, making them a good option for small businesses with limited budgets.

  2. Time-Saving: These kits provide ready-made templates and guidelines, which can save time in developing an AML/CTF program from scratch.

  3. Ease of Use: Designed for simplicity, starter kits are user-friendly and can be implemented without extensive expertise.

Disadvantages:

  1. Lack of Customization: Starter kits may not fully address the specific needs and risks of your business, leading to potential gaps in compliance.

  2. Limited Expertise: While starter kits provide a basic framework, they may lack the depth of knowledge and expertise that a consultant can offer.

  3. Potential for Inadequate Coverage: The one-size-fits-all approach might not cover all regulatory requirements or unique risks associated with your business.

    More information can be found here: Summary of AML/CTF obligations for new regulated entities | AUSTRAC

Outsourced AML/CTF Assistance

There are a number of AML/CTF experts offering services in risk assessments, policy development and ongoing guidance, and training. Some consultants also offer outsourced AMLCO services to assist in management of the AML/CTF program, customer due diligence and ongoing mitigation of risks that are identified, as well as reporting requirements. 

Advantages:

  1. Tailored Solutions: Consultants provide customized AML/CTF programs that are specifically designed to meet the unique needs and risks of your business.

  2. Expert Guidance: Consultants bring extensive knowledge and experience, ensuring that your AML/CTF program is robust and compliant with all regulations.

  3. Ongoing Support: Consultants can offer ongoing support and updates to your AML/CTF program, helping you stay compliant as regulations change.

Disadvantages:

  1. Higher Costs: Hiring a consultant can be expensive, which might be a barrier for small businesses.

  2. Time-Consuming: The process of working with a consultant to develop a tailored program can take longer than using a starter kit.

  3. Dependency: Relying on a consultant might create a dependency, where your business may need to continually seek external help for updates and compliance.

    More information can be found here: Using outsourcing to help meet your AML/CTF obligations | AUSTRAC

Need help to get AUSTRAC ready?


VerifiMe is working with partners who assist with:

  • Risk Assessments

  • Policy Creation

  • Outsourced AMLCO Services

  • Staff Training

  • Monitoring and Reporting

Complete the form and we will send you the contact details of some of our trusted expert partners.