AUSTRAC ramps up regulatory interventions; outlines Regulatory Priorities for 2025-26

AUSTRAC has undertaken a series of regulatory actions in 2025, a tone that is echoed in the recently released 2025–26 Regulatory Priorities. Together, these actions and priorities signal a clear message: compliance expectations continue to rise to mitigate financial crime risks, and failure to meet AML/CTF obligations will draw regulatory action.

2025 continues the intense momentum of reform for AUSTRAC as it rolls out the new AML/CTF regime across industry. Alongside these structural changes, the regulator has engaged actively with reporting entities through a series of webinars, aimed at sharpening awareness of both current obligations and upcoming requirements.

At the same time, AUSTRAC has further stepped up its regulatory interventions, launching significant enforcement actions and supervisory cases. It has also woven insights from recent supervisory findings into its messaging through the webinars*.

These themes are further reflected in its Regulatory Priorities for 2025–26, released in July. The priorities set out a clear roadmap: compliance expectations continue to rise to mitigate financial crime risks in the ecosystem, and failure to meet AML/CTF obligations will invite regulatory action.

The message is also reinforced by the updated AML/CTF legislation, where certain parts are already in effect, expanding AUSTRAC’s investigative and information-gathering powers. Crucially, AUSTRAC continues to remind industry that AML/CTF compliance is not a “set-and-forget” exercise — programs and frameworks must be regularly reviewed, recalibrated, and adapted to changing business and risk environments.

In that context, it is useful to consider some of AUSTRAC’s enforcement actions so far this year, which provide a sense of “what is out there”:

• Civil Penalty Proceeding | The year’s headline action so far is AUSTRAC launching Federal Court proceeding against Mount Pritchard & District Community Club (Mounties), one of the largest club groups in NSW, alleging serious and systemic failings across its AML/CTF program, governance, risk assessment, and customer monitoring. This follows AUSTRAC’s late-2024 similar action against Entain (operator of Ladbrokes and Neds) for similar failings.

• External Audit Orders | Underlining its stronger focus on regulatory interventions, AUSTRAC issued notices to three Reporting Entities (REs) requiring the appointment of external auditors and remedial action. These audits covered issues related to risk assessments, KYC, Board oversight, transaction monitoring, Ongoing and Enhanced CDD matters, and other program elements — delivering an independent, time-bound diagnostic of risk and compliance issues.

• Remitters and Digital Currency Exchanges (DCEs) | AUSTRAC has acted against 13 remittance and DCE businesses for various issues including non-disclosures related to key personnel, entities no longer operating a business but still registered, and failures to meet registration requirements. A further 50 cases are reportedly still ‘in sight’! There was also an infringement notice to Cointree DCE on SMR reporting.

• “Use it or Lose it” Blitz | AUSTRAC has targeted inactive DCEs, encouraging businesses to voluntarily withdraw their registrations or risk cancellation. This reduces opportunities for exploitation via shell or inactive entities, and mitigates the risk of inactive businesses being bought and co-opted by criminals.

• Crypto ATM Users | AUSTRAC ran a targeted operation on crypto ATM users that identified scam victims, mules, and suspected offenders with high-volume ATM use. Such actions highlight AUSTRAC’s role in preventing consumer harm, alongside its traditional financial crime prevention focus.

These actions indicate a clear trend of increasing regulatory scrutiny and enforcement, with AUSTRAC’s ongoing efforts to identify issues and non-compliance.

Regulatory Priorities for 2025–26

AUSTRAC’s 2025–26 regulatory priorities released in July outline its strategic objectives: improving ML/TF/PF risk management through effective controls, and enabling intelligence through high-quality transaction reporting. It has identified specific outcomes, with a timeline of 30 June 2026, to drive compliance behaviours among REs:

• Tranche-2 (T2) Businesses | AUSTRAC expects T2 entities to understand their obligations and appropriately manage ML/TF/PF risks. This means enrolling/registering on time, implementing an AML/CTF program (including appointing a compliance officer and staff training), and being equipped to report suspicious transactions.

• Existing REs | Similarly, existing REs are expected to review their ML/TF/PF risk assessments in line with their current risk profiles, update compliance frameworks as required, and demonstrate sustained progress. They must also maintain existing AML/CTF controls during the transition to the new regime.

  
  

• SMR Quality and Volume | Suspicious matter reporting is a core obligation that provides critical intelligence to AUSTRAC. The regulator will target REs with no or low SMRs relative to their risk profiles, with an expectation that such entities improve both reporting volume and quality.

• Digital Currency Exchanges (DCEs) | Risk management by DCEs and Virtual Asset Service Providers remains a priority. Businesses that demonstrate competence will be registered, while those that are indifferent or reckless in mitigating financial crime risks will face regulatory action. This is already evident in many actions that the regulator has already taken.

• Cash Acceptance | AUSTRAC’s Money Laundering National Risk Assessment identified cash as a significant vulnerability. Domestically, cash is one of the most commonly restrained, forfeited or frozen asset types in criminal asset confiscations. REs that accept cash must have robust controls to mitigate cash-related ML/TF/ PF vulnerabilities and risks. The Mounties case is a good example, where failures included managing cash-related risks.

• Enrolment Details | REs must update their enrolment details within 14 days of any change in line with the regulatory obligation. AUSTRAC has made this a priority, reinforcing compliance expectations through repeated reminders. Failure to act can invite regulatory intervention.

Bottom Line | 2025 is shaping up as a year of heightened regulatory consequences, paired with clear expectations for 2025–26. Failure to meet these expectations will attract further action. AUSTRAC is using enforcement levers to change behaviours and reduce ML/TF/PF risk in the ecosystem, particularly in higher-risk segments.

For both existing REs and Tranche-2 businesses, it is essential to have credible plans to timely implement AML/CTF obligations — new or updated — in line with the new regime, leaving no gaps for regulatory scrutiny.

It will be important to remember AUSTRAC CEO’s remarks: “…we are tireless in ensuring businesses are alert to their risks and have effective and working controls in place.”

This article is dated as of - 18 August 2025

Published on our website - 5 September 2025 **

* AUSTRAC’s Industry webinars series is also available on their YouTube channel (click here).

** Post Script:

This article, with minor variations, was originally published in the Stockbrokers And Investment Advisers Association's SIAA Monthly, September 2025 edition.

Note: The above article is for general informational purposes only and does not constitute professional or legal advice. Please seek specific advice for your situation.

Compliense Advisors is an AML and FinCrime compliance and risk management advisory firm, and we can assist in your compliance framework and obligations. Write to us on compliense@compliense.com.au.

Visit our website for more such knowledge resources. If you liked this update, sign up for new articles and updates.