AML/CTF Reform: Key Changes You Must Know
by Dario Sabljak | 05 March 2026
The Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) landscape in Australia is undergoing its most significant transformation in nearly two decades. Following the passage of the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024, existing reporting entities captured under the AML/CTF laws and regulations face a hard deadline of March 31, 2026, to align their compliance frameworks with a new “outcomes-focused” regime.
This article outlines the critical updates required for your AML/CTF Program and AML/CTF Risk Assessment to ensure regulatory alignment and avoid the steep penalties associated with the new enforcement powers.
The Core Shift: From “Tick-the-Box” to Outcomes-Based
The primary objective of the AML/CTF reform is to move away from prescriptive, manual compliance and toward an effectiveness-based model. AUSTRAC now expects reporting entities to prove that their AML/CTF Program and AML/CTF Risk Assessment actually mitigate the specific risks they face, rather than simply meeting a list of technical requirements.
Key structural changes include:
- Removal of the Part A & Part B Requirement: The traditional requirement of an AML/CTF Program needing to be structured in two-parts is gone. Whilst reporting entities may still keep this structure, reporting entities may also now maintain a single, integrated AML/CTF Program.
-
Reporting Groups: The “Designated Business Group” (DBG) concept has been replaced by ‘Reporting Groups’. If you operate in a group, you must appoint a ‘Lead Entity’ by March 31, 2026, which carries enhanced liability for group-wide compliance.
- Outcomes-Focused: Rather than following prescriptive steps, reporting entities must prove that their AML/CTF Program is effective at identifying and mitigating the specific risks that the business faces.
- Flexibility: Reporting entities have more freedom to organise the program in a way that suits their operational structure, provided it satisfies the new “General Rules”.
Updating the ML/TF Risk Assessment
The foundation of your updated program is the risk assessment. The new legislation introduces a third pillar of risk that must be explicitly addressed: Proliferation Financing (PF).
Vital updates to the AML/CTF Risk Assessment include:
-
Proliferation Financing: Reporting entities must now identify and assess the risk of services being used to support the development or acquisition of chemical, biological, or nuclear weapons. Even if the risk is deemed “low,” the assessment must be documented.
-
Event-Based Reviews: Risk assessments are no longer “set and forget.” The new AML/CTF laws and regulations specify explicit “triggers” that mandate updates following “adverse events”, significant changes in business models, entering new markets, launching new products, or significant changes in AUSTRAC’s national risk threats.
-
National Risk Alignment: Reporting entities are now required to incorporate relevant risks published by AUSTRAC into their internal AML/CTF Risk Assessments.
Revised Governance and Accountability
AUSTRAC is placing a significantly higher burden of accountability on senior leadership and boards. Some of these include:
- Governing Body Oversight: Boards (or equivalent governing bodies) must now take “reasonable steps” to oversee the AML/CTF Program. This is no longer a task that can be fully delegated without active oversight. The new Governance Framework now includes a ‘Governing Body’, ‘Senior Manager/s’ and ‘AML/CTF Compliance Officer’, rather than just an ‘AML/CTF Compliance Officer’.
- Fit and Proper Compliance Officer: There is now an explicit requirement to appoint an AML/CTF Compliance Officer who must be ‘fit and proper’ and at a mangement level. Current reporting entities have until 30 May 2026 to notify AUSTRAC of this appointment.
- Independent Evaluations: The frequency and scope of independent reviews will be more strictly enforced, with a general expectation of a review at least every three years (staggered deadlines apply for some reporting entities). Independent Reviews are now referred to as ‘Independent Evaluations’.
Other Key Changes
Other key changes affecting existing reporting entities include:
- Updated Designated Services: Many existing designated services have been updated, and many new designated services have been added. It is critical to determine how these changes with existing designated services or which new designated services are now being provided by your business.
- Travel Rule: The ‘Travel Rule’ applies to ordering, intermediary, and beneficiary institutions in the value transfer chain, where financial institutions, remittance service providers, virtual asset service providers and some other international transfers must obtain and pass on detailed information (name, address, account number) to identify, monitor, and report suspicious activity.
- Personnel Due Diligence: Employee Due Diligence is now referred to as ‘Personnel Due Diligence’ to resemble an extended and broader requirement in capturing more than just employees, but contractors, consultants, third-party service providers and other persons involved with relevant AML/CTF duties and obligations.
- International Value Transfer Services: International Funds Transfer Instructions are now referred to as ‘International Value Transfer Services’ to resemble an extended and broader consideration to ‘Transfer Value’ rather than merely funds, money or property.
- Legal Professional Privilege: Legal Professional Privilege (LPP) has been introduced regarding Suspicious Matter Reports (SMRs), in the sense that, where information is subject to LPP, that information does not need to be submitted to AUSTRAC, which in such a case, an LPP form needs to be submitted to AUSTRAC.
Key Timelines and Transitional Rules
AUSTRAC has introduced ‘Transitional Rules’ to prevent a compliance bottleneck. Here is how they affect existing entities:
| Obligation | Deadline for Existing Entities | Note |
| Program & Risk Assessment | March 31, 2026 | Must ensure the AML/CTF Program and Risk Assessment is compliant with the new AML/CTF laws and regulations. |
| Ongoing CDD | March 31, 2026 | Transaction monitoring and risk profiling updates. |
| Compliance Officer Notification | May 30, 2026 | Extended from the initial March deadline. |
| Initial CDD (KYC) | March 30, 2029 | You can use existing procedures for 3 more years. |
| The ‘Travel Rule’ | July 1, 2026 | Mandatory for transfer value services. |
Summary of Impact
For existing reporting entities, these changes are not just a documentation update; they represent a fundamental change in regulatory mindset. AUSTRAC’s new ‘coercive powers’ and ‘examination process’ mean they will be looking for proof of effectiveness rather than just proof of existence of a manual.
How We Can Help
Adria Group is well placed to assist existing reporting entities in navigating the new AML/CTF regime and having their Program, Risk Assessment, processes and procedures updated accordingly. We provide end-to-end tailored support to ensure that you are completely aware of the AML/CTF regime changes and how they impact your business, so that you can implement effective measures by the regulator’s due date to ensure ongoing compliance.
Contact us today for a free consultation on 1800 955 816 or [email protected].
Useful Reading
-
- ANTI-MONEY LAUNDERING AND COUNTER-TERRORISM FINANCING AMENDMENT ACT 2024 (NO. 110, 2024)
- Anti-Money Laundering and Counter-Terrorism Financing Act 2006
- Anti-Money Laundering and Counter-Terrorism Financing Rules 2025 – Federal Register of Legislation
- ANTI-MONEY LAUNDERING AND COUNTER-TERRORISM FINANCING ACT 2006
- Homepage | AUSTRAC
- AML/CTF Reform | AUSTRAC
- Reforms guidance | AUSTRAC