Australia is preparing for the most significant shift to its anti-money laundering (AML) and counter-terrorism financing (CTF) structure since the legislation first came into effect in December 2006.
Newly released guidance from the Australian Transaction Report and Analysis Centre (AUSTRAC) sets the tone for a far more risk-focused and outcomes-based framework, and one that requires meaningful change for existing reporting entities, which are mainly banks, financial services providers, remittance providers and gambling service providers, as well as for the large cohort of professionals not formerly covered by AML/CTF regulation – most notably lawyers and accountants.
The extensive overhaul is required because Australia’s existing framework no longer meets global Financial Action Task Force standards and professional gatekeepers are a key risk for exploitation.
For businesses already regulated the reforms will not be a light uplift. AUSTRAC has made it clear that AML/CTF programs will require substantial redevelopment ahead of the 31 March 2026 transition.
A major structural change is the move from Designated Business Groups (DBG) to the more flexible Reporting Groups. These new groups will be easier to form and maintain allowing members to share AML/CTF functions, including risk assessments, elements of their AML/CTF program, customer identification procedures, and transaction monitoring, reducing duplication.
Australian financial services licence (AFSL) holders and wholesale fund managers currently relying on DBGs must review their arrangements and update enrolment information before the March commencement.
Governance expectations are also evolving. The reforms will introduce a more defined accountability, including ‘fit and proper’ requirements for AML/CTF compliance officers, new senior management approval obligations, and clearer expectations of board oversight.
AUSTRAC has been explicit that governance must now be active, documented and demonstrably linked to risk.
Alongside these changes sits an expanded definition of ‘designated services.’ Wholesale funds involved in property development or sales may now find themselves captured in additional categories, while advisers assisting in the planning or execution of the creation of companies, trusts or SMSFs will need to reassess whether they are providing new designated services under the revised definitions. This will greatly increase their obligations under the new regime.
These changes are not peripheral, with misalignment between business activities and enrolment details and compliance frameworks potentially creating unwitting compliance gaps at a time when AUSTRAC is strengthening its enforcement posture.
The largest shift, however, is conceptual. AUSTRAC now expects businesses to move away from template-based programs toward genuinely risk-aligned operational frameworks.
The business-wide risk assessment becomes the centrepiece of compliance with programs required to clearly demonstrate how their controls address the money laundering and terrorism financing risks identified. AUSTRAC has described these as ‘living and breathing’ documents with the expectation they will be updated regularly as customer profiles, business activities and external risks evolve.
Client due diligence obligations are also being sharpened. While the structure remains risk-based, AUSTRAC has introduced clearer triggers for enhanced due diligence, stronger requirements to understand customer purpose and expected behaviour, and more explicit expectations surrounding ongoing monitoring throughout the client lifecycle.
For businesses with higher-risk client segments the changes are likely to require a substantial procedural improvement.
For accountants and lawyers the reforms represent an entirely new compliance landscape. These professionals will fall under AUSTRAC supervision for the first time requiring formal enrolment from March 2026 and ongoing compliance by 1 July 2026.
Unlike traditional professional conduct frameworks, the AML/CTF structure imposes statutory obligations with prescribed risk assessments, customer verification, ongoing monitoring, suspicious matter reporting, and employee due diligence and training.
Firms will need documented compliance frameworks, defined internal responsibilities and extensive staff training. For many practices the shift will require new systems, cultural alignment and a clearer understanding of financial-crime risk than has historically been expected.
Across both existing and newly regulated sectors, the message is consistent: the reforms are comprehensive and preparation cannot wait. Program redevelopment, technology changes, governance engagement, and staff capability uplift all take time and AUSTRAC’s guidance suggests it expects readiness, not retrospective scrambling.
Catherine Evans is founder and head of legal at KitLegal.
