Photo by chormail
On 10 December 2025, AUSTRAC applied for civil penalty orders in the Federal Court against two businesses — Castra Licensee Pty Ltd and Princeton Securities (NSW) Pty Ltd — for allegedly failing to lodge their annual compliance reports for the 2023 calendar year.
No complex money laundering schemes. No suspicious transaction failures. No systemic breakdowns in customer due diligence. Just the annual compliance report — a form that every reporting entity is required to submit to AUSTRAC between 1 January and 31 March each year.
If your business has ever treated the compliance report as a low-priority administrative task, this case should change your thinking.
What Happened
The timeline tells a story of escalating consequences:
April 2024: AUSTRAC issued eight infringement notices to businesses that failed to submit their 2022 annual compliance reports.
September 2024: AUSTRAC escalated its approach, issuing sixteen infringement notices to businesses that failed to lodge their 2023 compliance reports. The notices covered businesses across a range of industry sectors including precious metal traders, bookmakers, pubs and clubs, non-bank lenders and financiers, alternative remittance dealers, trustees of managed investment schemes, and stockbrokers. Penalties ranged from $3,756 for sole traders to $18,780 for companies.
Of those sixteen businesses, eleven paid their infringement notices. Five did not — including Castra and Princeton.
December 2025: AUSTRAC filed separate civil penalty proceedings in the Federal Court against Castra Licensee Pty Ltd (ACN 160 992 709) and Princeton Securities (NSW) Pty Ltd (ACN 162 219 794) for their alleged failure to lodge their respective 2023 compliance reports.
AUSTRAC Acting CEO Katie Miller stated that AUSTRAC uses the information in compliance reports to better understand the risks that businesses, and Australia's broader financial system, are facing. Without that data, AUSTRAC's ability to identify and respond to financial crime threats is diminished.
Why This Matters More Than You Think
The compliance report is arguably the simplest obligation in the entire AML/CTF framework. It does not require complex systems, specialised software, or deep compliance expertise. It is a structured questionnaire about your business activities, your AML/CTF program, and the risks you face. It must be lodged once a year.
And yet AUSTRAC has now escalated non-lodgement from infringement notices to Federal Court proceedings.
The message is unmistakable: there is no obligation too small to enforce.
The Penalty Framework
Under the AML/CTF Act, the maximum civil penalty for a body corporate contravening a civil penalty provision is 100,000 penalty units. At the current value of $313 per penalty unit, that equates to a maximum penalty of $31.3 million per contravention for a company.
For individuals, the maximum is 20,000 penalty units — approximately $6.26 million.
While the Federal Court has discretion in determining the actual penalty (and it would be unusual for a missed compliance report alone to attract the maximum), the statutory ceiling makes the point. AUSTRAC has significant enforcement tools at its disposal, and the courts have consistently demonstrated a willingness to impose substantial penalties for AML/CTF breaches.
A Pattern of Escalating Enforcement
The Castra and Princeton proceedings do not exist in isolation. They are part of a broader pattern that shows AUSTRAC tightening enforcement across the board — from the largest institutions down to the smallest operators.
Consider the trajectory of AUSTRAC's major enforcement actions:
| Entity | Penalty | Year |
|---|---|---|
| Commonwealth Bank of Australia | $700 million | 2018 |
| Westpac | $1.3 billion | 2020 |
| Crown Resorts | $450 million | 2023 |
| SkyCity Adelaide | $67 million | 2024 |
| Entain Group | Proceedings filed | 2024 |
| Mount Pritchard Community Club | Proceedings filed | 2025 |
| Castra / Princeton | Proceedings filed | 2025 |
The headline penalties — Westpac's $1.3 billion, CBA's $700 million — involved systemic failures across millions of transactions. But the Castra and Princeton cases show that AUSTRAC is equally prepared to pursue action over fundamental compliance failures by smaller entities.
This is not an agency that only chases whales. It is an agency that enforces the entire rulebook.
The Annual Compliance Report: What You Need to Know
The 2025 compliance report — covering business activities from 1 January 2025 to 31 December 2025 — must be submitted to AUSTRAC between 1 January and 31 March 2026.
Here is what every reporting entity should understand about the obligation:
Who Must Lodge?
Every entity that was enrolled with AUSTRAC and provided designated services during the reporting period must submit a compliance report. This includes remittance providers, banks, gaming operators, digital currency exchanges, precious metal dealers, and all other reporting entities.
From 2026 onwards, Tranche 2 entities (lawyers, accountants, real estate agents, and others) will also be required to submit compliance reports for their first reporting period — read more about Tranche 2 and its implications.
What Does the Report Cover?
The compliance report asks about:
- Your business operations and the designated services you provided
- Your AML/CTF program — including your risk assessment and compliance officer details
- Customer identification and verification procedures
- Transaction monitoring and suspicious matter reporting
- Staff training and awareness activities
- Any changes to your business or risk profile during the reporting period
AUSTRAC publishes preview questions ahead of each reporting period so entities can prepare. The 2025 compliance report preview questions are available on the AUSTRAC website.
What Happens If You Miss the Deadline?
As the Castra and Princeton cases demonstrate, the consequences escalate:
- Reminder and follow-up — AUSTRAC may contact you after the deadline
- Remedial direction — AUSTRAC can issue a formal direction requiring you to lodge
- Infringement notice — A financial penalty of up to $18,780 for companies
- Civil penalty proceedings — Federal Court action with potential penalties up to $31.3 million
The progression from infringement notice to court proceedings can happen quickly. Castra and Princeton received infringement notices in September 2024 and were in Federal Court by December 2025.
The Hidden Risk: What Your Compliance Report Reveals
Beyond the legal obligation, there is a strategic dimension to the compliance report that many operators overlook. The report is not just paperwork — it is a window into your compliance culture.
AUSTRAC analyses compliance report data across its regulated population to identify trends, risks, and outliers. An entity that reports minimal training, no risk assessment updates, and zero suspicious matter reports will stand out — not in a good way.
Conversely, a well-completed compliance report demonstrates an active, engaged compliance function. It shows AUSTRAC that you take your obligations seriously and that your AML/CTF program is more than a document gathering dust on a shelf.
What To Do Now
With the 31 March 2026 deadline for the 2025 compliance report approaching (or recently passed, depending on when you are reading this), here are the steps every reporting entity should take:
-
Confirm your enrolment details are current — Log into AUSTRAC Online and verify that your business profile, compliance officer details, and contact information are up to date. Outdated enrolment details can cause compliance report issues.
-
Gather your reporting data early — Do not leave the compliance report until the last week of March. Collect information about your AML/CTF program activities throughout the year: training records, risk assessment updates, suspicious matter reports filed, and any changes to your business operations.
-
Review the preview questions — AUSTRAC publishes the 2025 compliance report questions in advance. Review them now so you know what information to prepare.
-
Audit your AML/CTF program — If your compliance report will reveal gaps — no training conducted, no risk assessment review, no program updates — fix those gaps before you report them. It is better to invest in compliance now than to report deficiencies that trigger further AUSTRAC scrutiny. The free AML/CTF Program Builder can help identify and close gaps.
-
Set a calendar reminder for next year — The compliance report is an annual obligation. Treat it like a tax return: diarise the deadline, assign responsibility, and build it into your annual compliance calendar.
The Bottom Line
The Castra and Princeton proceedings are a case study in how small failures become big problems. A compliance report that should take a few hours to complete. An infringement notice that could have been paid for under $19,000. And now, Federal Court proceedings where the theoretical maximum penalty exceeds $31 million.
AUSTRAC's message to the industry is simple: comply with every obligation, no matter how routine it seems. The annual compliance report is not optional, it is not low-priority, and it is not something AUSTRAC will overlook.
For remittance operators, who already navigate a complex web of reporting, due diligence, and program requirements, the compliance report should be the easy part. Make sure it stays that way.
Check your compliance status — use the free Compliance Tracker to make sure your annual report is lodged, or review the compliance guides to stay current.