![[Original size] compliense business card_edited_edited.jpg](https://static.wixstatic.com/media/b4dfee_bfa8eb4c679147379eaeaa868288b5d1~mv2.jpg/v1/fill/w_445,h_75,al_c,q_80,usm_0.66_1.00_0.01,enc_avif,quality_auto/%5BOriginal%20size%5D%20compliense%20business%20card_edited_edited.jpg)
Updated AML/CTF Act implementation – Some Key Pointers
- Manish Ghiya
- Jul 2
- 5 min read
Updated: Jul 2
The Australian AML/CTF Act 2006 underwent significant amendments last year, introducing simplification and modernisation to the AML/CTF regime and expanding the legislation’s scope to include a range of non-financial professional services and businesses.
The clock is now ticking for implementation. Existing Reporting Entities (REs) must achieve compliance by the end of March 2026, while newly in-scope REs have until the start of July 2026.
This article discusses a few key considerations from an implementation perspective.
a) What are AML/CTF reforms and why do they matter
The updated Australian Anti-Money Laundering and Counter-Terrorism Financing Act (AML/CTF Act), amended by the Amendment Bill passed in November 2024, implements the Australian Government’s commitment to protecting the integrity of the Australian financial system by strengthening the AML/CTF regime.
The updated law: (a) expands the AML/CTF regime to cover new Designated Services provided by Tranche 2 entities — professions and businesses previously outside the regulatory framework; (b) modernises and simplifies the regime to ensure it remains fit-for-purpose in today’s financial environment.
b) Benefit of changes for the existing reporting entities (REs)
Reduced systemic risk: With more sectors regulated, there’s less opportunity for illicit funds to enter the financial system, thus reducing overall exposure to the money laundering/terrorism financing (ML/TF) risks.
Institutional investors, global funds, and sophisticated clients prefer working with businesses that operate in robust regulatory environments.
Positioning themselves as industry leaders in compliance and market integrity.
c) Impact for an RE’s existing obligations
The core AML/CTF obligation is still to identify, assess, understand, and mitigate ML/TF risks by implementing a robust AML/CTF compliance framework. However, there are many changes in the obligations - both small and significant - that an existing RE must implement.
It will also be useful to review at the outset whether the RE or its group company provides any newly included Designated Services. The update of AML/CTF policies and risk assessment must factor this in.
d) ML/TF risk assessment
The updated Act mandates conducting an ML/TF risk assessment to identify and assess the risks of ML, TF, and Proliferation Financing (PF) that an RE reasonably faces in providing the Designated Services. There are a few aspects to consider:
PF risk assessment
An RE is now also required to assess PF risk as part of its ML/TF risk assessment. Some relaxations apply if the overall ML/TF risk assessment is low. PF occurs when a person makes an asset available, provides a financial service, or conducts a financial transaction that is intended to facilitate the proliferation of weapons of mass destruction.
Newly regulated businesses as clients
If the RE has newly regulated businesses as existing clients, their customer risk scores may change, impacting the RE’s overall customer risk assessment.
AUSTRAC Risk Assessments
REs should also consider their AUSTRAC sectoral risk assessment and the ML, TF, and PF National Risk Assessments.
Implementing above will require updating the RE’s risk assessment methodology.
e) Impact on an RE’s current AML / CTF program
The entire suite of policies, procedures etc that support AML/CTF compliance are now called as ‘AML/CTF policies’. It is vital that these policies should align with the RE’s risk assessment. The policies should be outcome focused, in that it should mitigate ML/TF risks and achieve compliance.
The AML/CTF program must be independently evaluated at least once every three years.
f) Ongoing review of risk assessment and AML/CTF policies
In addition to event-based updates required to an RE’s risk assessment (for example: the launch of new Designated Services, or change to its organisation’s circumstances or risk profile), the updated law mandates a review and update of its risk assessment and AML/CTF policies at least every three years. Having said that, the frequency must corelate to the nature, size, and complexity of the business, thus requiring a shorter update cycle in relevant cases.
g) Sanctions screening
New requirements mandate screening of customers as part of initial CDD for targeted financial sanctions. This means that unlike before, failure to conduct sanctions screening can also breach the requirements under the AML/CTF legislation.
h) Incremental details for enrolment
There are incremental information requirements for enrolling as an RE. Consider AUSTRAC’s guidance on the subject when available for updating the information.
i) Governance
The reforms strengthen the governance framework requirements, prescribing roles for the governing body, senior manager and AML Compliance Officer of an RE.
The governing body will have oversight responsibilities, and the ‘senior manager’ has certain decision approving responsibilities (like approving the AML/CTF policies; approving onboarding certain PEPs; etc).
j) Fit-and-proper requirements for AML compliance officers (AMLCO)
The new regime requires ‘fit-and-proper’ suitability of an individual for appointment as the AMLCO, and who must be at management level. The draft rules recommend considering multiple factors including competence, skills, and expertise; good character; record of conviction for serious offence or regulatory action; whether an undischarged bankrupt; and conflict of interest.
k) Staff training
Appropriate staff training and awareness are essential on the changes and updated processes. Awareness sessions will also be essential for the RE’s senior management and even the directors/governing body. Also refer to AUSTRAC’s guidance and educational materials when released.
l) Implementation timelines
The changes are becoming effective in phases. Some are already effective (eg: the updated Offence of Tipping off, effective from March 2025).
31 March 2026: New provisions (including new AML/CTF program requirements, risk assessment, fit and proper norms for AMLCO, and initial CDD) become effective for existing REs, including Virtual Asset Service Providers.
1 July 2026: AML/CTF obligations become applicable for the new Designated Services provided by Tranche 2 entities.
With the bar of regulatory expectation that much higher now, the updated compliance program should aim to achieve that!
Note: The updated law maintains the existing exemption for AFSL holders providing Designated Services covered by item 54, table 1 in section 6 (for example, financial planners).
Note: You must also consider the provisions of the final published AML/CTF Rules to be issued by AUSTRAC in the next few months (currently in draft, and under finalisation).
1 July 2025
Regulatory References:
From our Blogs library: Refer to more from our blogs:
Post Script:
This article, with minor variations, was originally published in the Stockbrokers And Investment Advisers Association's SIAA Newsroom publication, in June 2025.
Comments