Regulatory Updates

Compliance Officer Deadline: You Must Notify AUSTRAC of Your AML/CTF Compliance Officer by May 30, 2026

New obligation under AML/CTF reforms requires every reporting entity to formally notify AUSTRAC — here's how to meet the deadline

Compliance Desk
7 min read
Compliance Officer Deadline: You Must Notify AUSTRAC of Your AML/CTF Compliance Officer by May 30, 2026

Photo by The Yuri Arcurs Collection

If you're a remittance operator in Australia, there's a date that needs to be circled on your calendar right now: 30 May 2026. That's the deadline for every existing reporting entity to formally notify AUSTRAC of its AML/CTF compliance officer — a brand new obligation that didn't exist before the reforms commenced on 31 March 2026.

This isn't about appointing a compliance officer (you should already have one). It's about formally telling AUSTRAC who that person is. And if you miss the deadline, you're looking at potential enforcement action from a regulator that has made it abundantly clear it intends to hold entities accountable under the new regime.

Background: Why This Obligation Exists Now

Under the old AML/CTF framework, reporting entities were required to appoint an AML/CTF compliance officer as part of their AML/CTF program. Most remittance operators did this — often informally designating the business owner or a senior staff member. But there was no requirement to formally notify AUSTRAC of who that person was.

The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 and the accompanying AML/CTF Rules 2025 changed that. From 31 March 2026, every reporting entity must:

  1. Appoint an AML/CTF compliance officer who meets specific eligibility criteria
  2. Conduct a documented "fit and proper" assessment of that person
  3. Formally notify AUSTRAC of the appointment

The notification requirement is part of AUSTRAC's broader push toward greater transparency and accountability in how reporting entities manage their compliance governance. It also feeds into AUSTRAC's ability to communicate directly with the person responsible for an entity's AML/CTF obligations — rather than relying on general business contact details.

What Changed: The New Statutory Requirements

Eligibility Criteria

The compliance officer role now carries explicit statutory requirements. Your AML/CTF compliance officer must:

  • Be employed or engaged at management level within your business
  • Have sufficient seniority and authority to influence business operations and challenge practices where necessary
  • Have independence from operational pressures that could compromise their compliance judgement
  • Have adequate access to resources, systems, and information needed to perform the role
  • Be a resident of Australia if your business provides designated services through a permanent establishment in Australia

The "Fit and Proper" Person Test

This is entirely new. Before appointing (or, for existing appointments, before notifying AUSTRAC), you must assess whether your compliance officer is a "fit and proper" person. AUSTRAC requires you to consider whether the individual has:

  • The competence, skills, knowledge, diligence, expertise and soundness of judgement to properly perform the role
  • Attributes of good character, honesty and integrity
  • A track record free from compliance failures or regulatory sanctions
  • Relevant AML/CTF knowledge and experience

This assessment must be documented. AUSTRAC expects to see evidence that you've turned your mind to these criteria — not just ticked a box.

Notification to AUSTRAC

Once you've appointed a compliant officer, you must notify AUSTRAC using a dedicated notification form. AUSTRAC has indicated this form will be available through AUSTRAC Online. The standard timeframe is within 14 days of appointment, but the transitional rules provide extended deadlines:

  • Existing reporting entities (enrolled on or before 30 March 2026): notify by 30 May 2026
  • Newly regulated entities (tranche 2 businesses and newly regulated VASPs): notify by 29 July 2026

You must also keep records showing that you've appointed an eligible AML/CTF compliance officer and that you've conducted the fit and proper assessment.

Can the Business Owner Be the Compliance Officer?

Yes — and for many small remittance operators, this will be the practical reality.

AUSTRAC has specifically acknowledged that for sole traders and micro businesses, a single person may act in all three governance roles (the governing body, senior management, and compliance officer). If the same person acts in all three roles, they don't need to report to themselves.

For smaller businesses, the AML/CTF compliance officer may be:

  • The business owner
  • A director
  • A person responsible for managing broader risks or operations

The key requirement is that whoever takes on the role has the competency, skills, and knowledge to perform it — or at minimum, the general skills to learn the business's money laundering, terrorism financing, and proliferation financing risks and apply appropriate AML/CTF policies.

There is also an option to outsource governance roles, including the compliance officer function, to an external provider. However, the reporting entity retains ultimate responsibility for ensuring that the outsourced provider meets all the requirements of the role.

What Happens If You Don't Comply

AUSTRAC has a range of compliance and enforcement tools at its disposal, and the regulator has signalled that it will not take a lenient approach to entities that fail to meet their obligations under the reformed regime.

For failure to comply with AML/CTF Act obligations, AUSTRAC can:

  • Issue infringement notices
  • Accept enforceable undertakings
  • Mandate independent reviews of your AML/CTF program
  • Apply to the Federal Court for civil penalty orders — up to 20,000 penalty units for individuals or 100,000 penalty units for bodies corporate
  • In serious cases, refer matters for criminal prosecution

Missing the notification deadline may seem like a minor administrative oversight, but it signals to AUSTRAC that an entity's compliance governance isn't where it needs to be — which can trigger broader scrutiny of the entire AML/CTF program.

What This Means for Your Business

For remittance operators, this obligation has practical implications beyond the notification itself:

Governance review. The fit and proper test forces you to critically assess whether the person currently acting as your compliance officer actually meets the new statutory criteria. If they don't — whether due to lack of seniority, knowledge gaps, or insufficient independence — you need to address that before you can notify AUSTRAC.

Documentation burden. You need a written record of your fit and proper assessment. For operators who have historically run compliance informally, this means creating documentation that may not currently exist.

Australian residency. If your business provides designated services through a permanent establishment in Australia, your compliance officer must be an Australian resident. This could affect operators who have compliance functions managed offshore.

Ongoing obligation. This isn't a one-off notification. If your compliance officer changes, you'll need to conduct a new fit and proper assessment and notify AUSTRAC within 14 days of the new appointment.

What To Do Now

With less than eight weeks until the deadline, here's what every remittance operator should be doing:

  1. Confirm who your AML/CTF compliance officer is. If you haven't formally designated someone, do it now. Ensure they meet the eligibility criteria — management level, sufficient seniority, independence, and Australian residency (if applicable).

  2. Conduct and document the fit and proper assessment. Work through AUSTRAC's criteria: competence, skills, knowledge, diligence, expertise, soundness of judgement, character, honesty, and integrity. Write it down and keep it on file.

  3. Check AUSTRAC Online for the notification form. AUSTRAC has indicated the form will be available through its online portal. Monitor the AUSTRAC website for updates on when the form goes live and what information you'll need to provide.

  4. Update your AML/CTF program. Your program should reflect the compliance officer's role, responsibilities, and reporting lines. If your program still references the old framework, update it to align with the AML/CTF Rules 2025.

  5. Set a calendar reminder for 14 May 2026. Don't wait until the last day. Give yourself at least two weeks' buffer to deal with any issues that arise during the notification process.

Key Dates

DateEvent
31 March 2026AML/CTF reforms commence — new compliance officer obligations take effect
30 May 2026Deadline for existing reporting entities to notify AUSTRAC of their compliance officer
29 July 2026Deadline for newly regulated entities (tranche 2) and newly regulated VASPs

The Bottom Line

This is a straightforward obligation with a hard deadline. The notification itself is a simple administrative step, but what sits behind it — the eligibility assessment, the fit and proper test, the documentation — requires genuine attention. Operators who treat this as a box-ticking exercise risk falling short of AUSTRAC's expectations, and that's a risk no remittance business can afford to take in 2026.

Is your AML/CTF program updated for the 2026 reforms? Build yours free with the AML/CTF Program Builder →

AUSTRACCompliance OfficerAml Ctf Reforms 2026DeadlinesGovernance
Was this article helpful?