How AUSTRAC’s New AML/CTF Rules Will Change Compliance in 2025

This image is AI-generated.

The landscape of anti-money laundering (AML) and counter-terrorism financing (CTF) compliance in Australia is on the verge of a sweeping transformation. With the release of AUSTRAC’s Second Exposure Draft (ED2) of the new AML/CTF Rules in May 2025, compliance professionals, financial institutions, fintechs, virtual asset service providers (VASPs), and other designated service providers are facing a future marked by more granular requirements, expanded oversight, and a concerted effort to align Australia’s regime with global best practices.

Australia’s overhaul of its AML/CTF regime responds to years of regulatory feedback, evolving international standards, and the urgent need to address vulnerabilities highlighted by recent risk assessments. The changes will affect thousands of entities and require new approaches to risk assessment, customer due diligence, reporting, and registration. Understanding the upcoming requirements is critical for compliance teams preparing for the March 2026 implementation date.

The New AML/CTF Rules: Modernizing Australia’s Compliance Framework

Australia’s AML/CTF Act 2006 underwent significant revision with the passage of the AML/CTF Amendment Act 2024, forming the backbone of the Amended AML/CTF Act. These changes reflect Australia’s commitment to international standards set by the Financial Action Task Force (FATF) and address identified gaps in coverage and enforcement. AUSTRAC, the nation’s financial intelligence unit and regulator, is driving the reforms with a co-design approach, consulting widely with industry to develop the Second Exposure Draft Rules.

The new AML/CTF Rules framework will supersede the legacy 2007 rules, delivering a streamlined, risk-based, and technologically relevant set of obligations. Key objectives include bringing a broader range of professions and services under the AML/CTF umbrella, including real estate, precious metal and stone dealers, professional services, and virtual asset businesses. Oversight of remittance service providers and VASPs, sectors considered high risk for both money laundering and terrorism financing, is being significantly strengthened. The rules are also aligning more closely with international approaches, particularly those found in the UK, Singapore, and Hong Kong.

Two separate instruments will govern the new regime: the Anti-Money Laundering and Counter Terrorism Financing Rules 2025, containing the core operational rules, and the AML/CTF (Class Exemptions and Other Matters) Rules 2007, focusing on sector-specific exemptions and legacy carve-outs. AUSTRAC’s consultation and feedback process ensures that stakeholder concerns—from operational challenges to legal clarity—are being addressed in real time, building a framework designed to be robust, flexible, and fit for a digital economy.

Importantly, the Second Exposure Draft Rules are currently open for public consultation. AUSTRAC is actively encouraging submissions from regulated entities, industry professionals, and interested stakeholders until June 27, 2025. This consultation is a rare opportunity for compliance professionals and businesses to directly influence the rules that will shape Australia’s AML/CTF obligations for years to come. Feedback provided during this period will be instrumental in refining the final regulatory text and the associated guidance, so proactive engagement is highly recommended for those affected by the changes.

Customer Due Diligence, Enrolment, and Registration: Raising the Bar

One of the most consequential changes relates to how entities enroll with AUSTRAC, register for specific services, and conduct customer due diligence (CDD). These updates reflect both risk-based thinking and lessons learned from regulatory and enforcement actions worldwide.

The Reporting Entities Roll, maintained by AUSTRAC, is becoming a dynamic tool for mapping Australia’s regulated landscape. Any business providing designated services must enroll within 28 days of commencing operations. The information required has been expanded, allowing AUSTRAC to profile the nature, size, and complexity of regulated entities, target guidance and education more effectively, and track key risk factors, such as employee numbers and industry association memberships.

For remittance service providers and VASPs, a strengthened registration regime means detailed scrutiny before operations begin. AUSTRAC will now consider a wider range of factors, including the applicant’s exposure to money laundering and terrorism financing (ML/TF) risk, the adequacy of the entity’s AML/CTF program, key personnel vetting, compliance history, and international operations. This new approach is modeled on international standards and aims to reduce de-banking of legitimate providers while excluding those unable to demonstrate robust compliance capabilities. Transitional arrangements are also in place for new virtual asset-related services, ensuring continuity while maintaining regulatory intent.

Customer due diligence requirements have undergone substantial updates. There are simplified requirements for low-risk customers such as government bodies, regulated public companies, and entities under prudential oversight. The requirement to verify place of birth has been relaxed for individuals, in line with global standards, while maintaining stringent requirements for date of birth in certain scenarios. Provisions for delayed verification allow business continuity where immediate verification is not possible, provided that outstanding checks are completed within 30 days and risks are managed. The rules also provide clearer limits on when reporting entities need to establish the beneficial ownership chain or investigate customers’ customers, reducing operational ambiguity.

CDD obligations for mergers and acquisitions have also been modernized, streamlining the process when transferring customers between regulated entities and clarifying deemed compliance.

Financial Sanctions, Suspicious Matter Reporting, and the Evolving Threat Landscape

Recent years have highlighted the intersection between financial crime, sanctions evasion, and global security risks. The new AML/CTF Rules make explicit provisions for integrating financial sanctions into everyday compliance activities.

Section 4-12 of the new rules introduces a mandate for reporting entities to implement robust policies addressing targeted financial sanctions. These policies are designed to prevent the provision of designated services to sanctioned individuals or entities, ensure compliance with asset freezing obligations, and prevent inadvertent returns of frozen assets. This update directly responds to international criticism of Australia’s previous regime, where FATF noted gaps in the supervision of financial sanctions. By requiring all reporting entities to maintain current policies and controls, AUSTRAC aims to close loopholes that have historically allowed sanctioned parties to exploit weaknesses in the system.

Suspicious Matter Reports (SMRs) and Threshold Transaction Reports (TTRs) remain core elements of Australia’s AML/CTF regime, but the reportable details have been overhauled to keep pace with new typologies and digital business models. Reporting entities must now submit more granular data on suspicious activities, with forms updated to capture relevant information from both traditional and emerging financial products. Large cash transactions (AUD 10,000 or equivalent) and a broader range of designated services must be reported, reflecting expanded regulatory coverage. AUSTRAC’s approach to SMR and TTR reporting is now more risk-sensitive, reflecting the diversity of the financial sector and the emergence of non-bank actors. The intent is to provide law enforcement and regulatory partners with actionable intelligence while reducing unnecessary compliance burdens.

The global “travel rule” requires payer and payee information to accompany certain value transfers, including virtual asset and cross-border transactions. Australia’s new rules align more closely with FATF’s expectations and international norms, ensuring that critical information is available for monitoring and investigation. Transitional provisions allow the industry time to adapt to the expanded requirements for international value transfer service reporting, especially regarding self-hosted virtual asset wallets.

Exemptions, Class Rules, and Practical Implications

While the overall regime is becoming stricter, the new framework preserves and updates a range of exemptions and sector-specific carve-outs. These include continued relief for certain low-risk activities, such as friendly society benefit funds, debt collection services, administrative salary packaging, and risk-only life policies. Provisions have been modernized for transferring customers between entities, especially in the context of mergers, acquisitions, and authorized deposit-taking institutions. The rules also clarify that non-operating holding companies can act as lead entities in reporting groups if control and other legislative criteria are satisfied. AUSTRAC has also clarified that only entities providing designated services need to enroll or register and has updated its guidance on delegation of compliance obligations within groups, ensuring ultimate accountability remains clear.

The Road Ahead: Transition, Consultation, and Compliance Readiness

With the draft rules out for public consultation, AUSTRAC is actively seeking feedback on a wide range of practical and policy issues, including the balance between intelligence gathering and compliance cost, the effectiveness of current forms, and how best to handle new types of payment systems and technologies. Reporting entities should begin reviewing their AML/CTF programs now, with a focus on updating customer onboarding and risk assessment processes, training staff on new requirements, especially regarding beneficial ownership and sanctions compliance, reviewing internal systems to ensure readiness for new reporting and data collection obligations, and preparing for enhanced scrutiny during registration or renewal, particularly for remittance service providers and VASPs.

AUSTRAC’s consultation period closes in June 2025, with the final rules expected to take effect by March 2026. Early engagement with the draft rules and proactive preparation will position regulated entities to avoid last-minute compliance risks.

Conclusion: Building Resilience in a Changing Threat Environment

Australia’s new AML/CTF Rules represent a generational shift in the nation’s fight against financial crime. By adopting more robust standards, expanding regulatory coverage, and integrating new technologies and international best practices, AUSTRAC is fortifying the defenses of the Australian financial system. Compliance professionals must recognize that the new rules are not simply a regulatory update—they are a call to reexamine risk management frameworks, leverage advanced data capabilities, and foster a compliance culture that keeps pace with rapidly evolving threats. As the implementation date approaches, organizations that invest early in aligning with the new regime will not only reduce their exposure to regulatory penalties but also strengthen their reputation and resilience in the global market.

Source: AUSTRAC (Consultation Paper)

Some of FinCrime Central’s articles may have been enriched or edited with the help of AI tools. It may contain unintentional errors.

Want to promote your brand with us or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.