Regulatory Updates

Australia's Biggest AML/CTF Overhaul in 18 Years Is Now Live — Here's What Changed on March 31

The AML/CTF Amendment Act 2024 and new AML/CTF Rules 2025 are now in effect — a practical breakdown for remittance operators.

Compliance Desk
9 min read
Australia's Biggest AML/CTF Overhaul in 18 Years Is Now Live — Here's What Changed on March 31

Photo by chormail

If you operate a remittance business in Australia and haven't revisited your compliance framework in the last six months, today is the day to start. On 31 March 2026, the most sweeping changes to Australia's anti-money laundering and counter-terrorism financing regime since the original Act took effect in 2007 officially commenced. This isn't a minor tune-up — it's a structural overhaul that touches every aspect of how remittance operators manage compliance, from program design to board-level accountability.

Here's what changed, what it means for your business, and what you need to do right now.

Background: Why the Overhaul Happened

Australia's AML/CTF Act 2006 was showing its age. The Financial Action Task Force (FATF) had flagged gaps in Australia's regime during its 2015 mutual evaluation, particularly around the scope of regulated entities and the prescriptive, box-ticking nature of compliance obligations. Meanwhile, criminal networks had grown more sophisticated, exploiting remittance corridors, virtual assets, and complex corporate structures to move illicit funds.

On 29 November 2024, Parliament passed the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024, which received Royal Assent on 10 December 2024. The companion AML/CTF Rules 2025 followed, setting out the detailed operational requirements. Together, they represent Australia's most significant financial crime prevention reform in nearly two decades.

The reforms took effect on 31 March 2026 for existing reporting entities (Tranche 1), with newly regulated Tranche 2 entities — including lawyers, accountants, real estate agents, and trust and company service providers — commencing from 1 July 2026.

What Changed: The Seven Big Shifts

1. From Prescriptive Programs to Outcomes-Focused Compliance

The old Part A and Part B program structure is gone. Under the previous regime, AML/CTF programs followed a prescriptive, checkbox approach — specific procedures laid out in detail, often resulting in compliance teams doing what the rules said rather than what actually worked.

The new framework requires a single, integrated AML/CTF program built around outcomes. Your program must effectively identify, mitigate, and manage your specific money laundering, terrorism financing, and proliferation financing (ML/TF/PF) risks. How you structure it is up to you — as long as it works.

For remittance operators, this is both an opportunity and a challenge. The flexibility is welcome, but it also means AUSTRAC will judge your program on results, not just paperwork.

2. New Customer Due Diligence (CDD) Requirements

The reforms introduce a new CDD framework that replaces the old Applicable Customer Identification Procedures (ACIPs). Initial CDD now requires you to collect and verify customer identity information and understand the potential risks involved in providing designated services to that customer.

The good news: existing reporting entities have a three-year transition period, running from 31 March 2026 to 30 March 2029. During this window, you can either continue using your existing ACIPs or transition to the new CDD obligations at any time.

Critical rule: whichever approach you choose, you must apply it consistently across all new customers and customer types. You cannot mix and match between old ACIPs and new CDD requirements.

Important exception: ongoing customer due diligence under Section 30 of the amended Act is mandatory from 31 March 2026 with no transitional period. This is a new obligation for all existing reporting entities — you must monitor your existing customers for changes in risk profile, unusual activity, and whether previously collected information remains accurate.

3. Mandatory Compliance Officer Appointment

Every reporting entity must now formally appoint an AML/CTF compliance officer and notify AUSTRAC of the appointment. This isn't merely a title — the compliance officer must be assessed as "fit and proper," considering their competence, skills, knowledge, diligence, expertise, soundness of judgement, and attributes of good character, honesty, and integrity.

The compliance officer is responsible for overseeing and coordinating day-to-day compliance and must communicate directly with AUSTRAC on the business's behalf. Critically, their reports must reach the governing board without other staff removing or amending the findings.

Key deadline: businesses enrolled with AUSTRAC before 31 March 2026 must notify AUSTRAC of their compliance officer by 30 May 2026 — less than two months away. Newly regulated entities have until 29 July 2026. Notification is completed through the enrolment form on AUSTRAC Online.

4. The Travel Rule for All Value Transfers

One of the most operationally significant changes is the introduction of the travel rule for all value transfers. Starting 31 March 2026, businesses that transfer money, virtual assets, or other property must collect, verify, and pass on specific sender and recipient information through the entire transfer chain.

This is not a reporting requirement to AUSTRAC — it is a transparency obligation requiring data to travel with the transaction from ordering institution through any intermediaries to the beneficiary institution. For remittance operators accustomed to International Funds Transfer Instruction (IFTI) reporting, this adds a fundamentally new dimension: sharing originator and beneficiary data with counterparty institutions.

The virtual asset travel rule has been deferred to 1 July 2026. A detailed breakdown of travel rule obligations is covered in a separate article on this site.

Read the detailed breakdown of the travel rule and its implications.

5. Proliferation Financing Now Explicitly Covered

The reformed Act explicitly requires reporting entities to address proliferation financing (PF) within their risk assessments and AML/CTF programs. PF involves the use of financial systems to support the development and spread of weapons of mass destruction.

This means your enterprise-wide risk assessment must now cover ML/TF and PF risks. Your AML/CTF policies must address all three categories. For most remittance operators, this translates to enhanced sanctions screening processes and ensuring your risk assessment methodology considers proliferation financing scenarios relevant to your corridor mix.

6. Reporting Groups Replace Designated Business Groups

The old "designated business group" concept has been replaced with a new "reporting group" structure. If your business operates as part of a group, the "lead entity" now bears specific obligations and expanded liability for ensuring compliance across the group.

Reporting group members must share information for customer due diligence purposes and for identifying, assessing, managing, and mitigating ML/TF/PF risks. The lead entity's AML/CTF policies must address how this information sharing works in practice.

7. Senior Manager Accountability

The reforms introduce a "senior manager" concept that pushes compliance accountability to the board level. A reporting entity's ML/TF/PF risk assessment and AML/CTF policies — including any updates — must be approved by a senior manager. Businesses must designate one or more senior managers as responsible for approving AML/CTF policies.

The governing body must be "sufficiently informed" of the ML/TF/PF risks the business faces. This is designed to prevent compliance from being siloed in operational teams while boards remain disengaged.

What It Means for Your Business

For remittance operators, the practical impact breaks down into three categories:

Immediate obligations (now):

  • Your AML/CTF program must be updated to the new outcomes-focused model
  • Ongoing CDD applies to all existing customers from 31 March 2026
  • The travel rule applies to all value transfers from 31 March 2026
  • Your risk assessment must now cover proliferation financing

Near-term deadlines:

  • Notify AUSTRAC of your compliance officer by 30 May 2026
  • Ensure senior manager approval of your risk assessment and AML/CTF policies

Transition period (by 30 March 2029):

  • Fully transition from ACIPs to new CDD requirements for all new customers

What To Do Now: Your 5-Step Action Plan

Step 1: Appoint and Notify Your Compliance Officer

If you haven't already, formally appoint your AML/CTF compliance officer and assess their fitness and propriety. Submit notification to AUSTRAC via AUSTRAC Online before 30 May 2026. This is the most pressing deadline.

Step 2: Update Your AML/CTF Program

Rewrite your program as a single, integrated, outcomes-focused document. Remove the old Part A/Part B structure. Ensure it addresses money laundering, terrorism financing, and proliferation financing risks specific to your business and corridors.

Step 3: Refresh Your Enterprise-Wide Risk Assessment

Conduct or update your ML/TF/PF risk assessment. Include proliferation financing scenarios. Have it approved by a designated senior manager. Ensure your governing body is briefed on the findings.

Step 4: Implement Travel Rule Processes

Map your value transfer chains. Identify what originator and beneficiary data you already collect and where the gaps are. Ensure your systems can pass required information to counterparty institutions. Test your processes before AUSTRAC begins enforcement.

Step 5: Plan Your CDD Transition

Decide whether to continue with existing ACIPs or move to the new CDD framework. Whichever you choose, apply it consistently. Begin planning for full transition well before the 30 March 2029 deadline — don't leave it until the last year.

Key Dates at a Glance

DateWhat Happens
31 March 2026Reforms commence for existing reporting entities (Tranche 1). Travel rule, ongoing CDD, new program requirements all in effect.
30 May 2026Deadline for existing reporting entities to notify AUSTRAC of AML/CTF compliance officer.
1 July 2026Reforms commence for newly regulated Tranche 2 entities. Virtual asset travel rule takes effect.
29 July 2026Deadline for newly regulated entities to notify AUSTRAC of compliance officer.
30 March 2029End of transitional period for initial CDD — all existing entities must be on new CDD framework.

The Bottom Line

AUSTRAC has signalled clearly that it expects an "assertive and strategic" enforcement posture in 2026. Herbert Smith Freehills noted in its February 2026 analysis that AUSTRAC will be "zeroing in on vulnerabilities in digital assets, cash-intensive businesses, and complex transfer-of-value arrangements" — a description that captures much of the remittance sector.

The three-year CDD transition gives breathing room on identity verification procedures, but everything else is live now. Remittance operators who treat this as a distant compliance project rather than an immediate operational priority are taking a significant regulatory risk.

Is your AML/CTF program updated for the 2026 reforms? Build yours free with the AML/CTF Program Builder → — or check your current compliance status.

AML/CTFAUSTRACRegulatory ReformcomplianceTravel RuleCdd
Was this article helpful?