Regulatory Updates

Tipping Off: The Reformed Offence That Can Send You to Prison — What Changed in March 2025

The tipping off offence was rewritten a full year before the main AML/CTF reforms — and the changes are actually good news for operators who understand them

Compliance Desk
9 min read
Tipping Off: The Reformed Offence That Can Send You to Prison — What Changed in March 2025

Photo by drobotdean

Of all the changes in Australia's AML/CTF reform package, one arrived a full year ahead of the rest — and it's one that can put you in prison.

On 31 March 2025, the reformed tipping off offence under Section 123 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 took effect. While most of the AML/CTF reforms commenced on 31 March 2026, Parliament brought this change forward as part of Schedule 5 to the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024.

The result is a fundamentally different offence — and, surprisingly, one that gives remittance operators clearer boundaries and more flexibility than the old law. But the penalty remains severe, and misunderstanding the new rules could still land you in front of a judge.

What Is Tipping Off?

At its core, tipping off is the act of disclosing information that could compromise a law enforcement investigation — specifically, information related to suspicious matter reports (SMRs) filed with AUSTRAC.

The classic scenario: a remittance operator files an SMR about a customer's suspicious transaction, then tells the customer (or someone else) that a report has been made. That disclosure could alert the subject to the investigation, giving them time to destroy evidence, flee, or otherwise frustrate law enforcement efforts.

Tipping off is a criminal offence. Not a civil penalty. Not a compliance breach. A crime that carries a maximum penalty of two years' imprisonment, 120 penalty units, or both.

The Old Law: The "Reasonable Inference" Test

Under the previous Section 123, tipping off was defined very broadly. It was a criminal offence to disclose any information from which it could be inferred that:

  • A reporting entity had lodged, or was required to lodge, a suspicious matter report with AUSTRAC
  • A reporting entity had been required to provide information to AUSTRAC or specified law enforcement authorities

The key phrase was "from which it could be inferred." This was an extremely wide test. It didn't matter whether you intended to tip someone off, or whether any investigation was actually prejudiced by the disclosure. If the information you shared could lead someone to infer that an SMR had been filed, you were potentially committing a criminal offence.

This created real problems in practice:

  • Internal communication was risky. Sharing SMR-related information within your own organisation — even with senior management or your compliance team — required careful navigation of narrow statutory exceptions.
  • Third-party engagement was paralysed. Engaging external consultants, auditors, or service providers to review your AML/CTF program was complicated by the risk that they would gain access to SMR-related information.
  • Remediation was hampered. Entities conducting look-back reviews or compliance uplifts struggled to give their advisers the information needed to do the work properly.
  • The boundaries were unclear. The broad "inference" test made it difficult for operators — particularly smaller businesses without in-house legal teams — to know what they could and couldn't say.

As one law firm put it, the old prohibition "often proved to be an obstacle to appropriate sharing of information."

The New Law: The "Prejudice" Test

From 31 March 2025, Section 123 was replaced with a materially different prohibition. Under the reformed offence, it is a criminal offence to disclose certain types of information to another person where the disclosure would or could reasonably be expected to prejudice:

  • An investigation of an offence against Commonwealth, State, or Territory laws
  • An investigation of a proceeds of crime matter under Commonwealth, State, or Territory laws

This is a fundamentally different test. Instead of asking "could someone infer that an SMR was filed?" the new law asks: "would this disclosure prejudice an investigation?"

The shift from an inference-based test to a prejudice-based test has three important consequences:

1. The Focus Is on Harm, Not Inference

The old law criminalised disclosure regardless of whether any harm resulted. The new law requires a nexus between the disclosure and actual (or reasonably expected) prejudice to an investigation. This means disclosures made for legitimate business purposes — where there's no reasonable prospect of prejudicing an investigation — are no longer automatically caught.

2. Greater Flexibility for Legitimate Disclosures

The reformed framework specifically provides for greater flexibility in disclosing information to:

  • Law enforcement agencies — disclosures to Australian law enforcement, intelligence, or regulatory agencies will generally not breach the new offence
  • Corporate group members — entities within the same designated business group or corporate group can share information, subject to appropriate safeguards and for the purpose of ML/TF risk management
  • Third-party service providers — consultants, auditors, and other external providers can receive information where it's needed for AML/CTF compliance purposes, subject to appropriate safeguards
  • Legal advisers — you can share information with your lawyer to seek legal advice on your AML/CTF obligations

3. Clearer Boundaries for Operators

The prejudice test gives operators a more practical framework for assessing whether a disclosure is lawful. Instead of trying to predict whether someone could infer that an SMR exists (a near-impossible assessment in many cases), you now need to consider whether the disclosure could reasonably prejudice an investigation.

Practical Scenarios: What Can and Can't You Say?

Here's how the reformed offence applies to situations remittance operators commonly face:

Can you tell your compliance officer about a suspicious transaction?

Yes. Internal disclosures to your AML/CTF compliance officer for the purpose of assessing whether an SMR should be filed, or managing compliance obligations, are clearly within the bounds of the new law. This has always been the case in practice, but the reformed framework makes it unambiguously lawful.

Can you discuss an SMR with your senior management or board?

Yes, with care. Disclosures to senior management for the purpose of AML/CTF governance and risk management are permitted. However, SMR information should be treated as sensitive and access should be restricted on a need-to-know basis. AUSTRAC recommends storing SMR information in a restricted area of your IT system, accessible only to those who need it.

Can you tell a customer that you've filed an SMR about them?

Never. This is the paradigm case of tipping off. Telling a customer (or anyone connected to them) that an SMR has been filed — or that their transaction is being investigated — could clearly prejudice an investigation. This remains a criminal offence under any reading of the new law.

Can you tell a customer why you're declining their transaction?

Be very careful. You can decline a transaction without providing a reason, and in many cases that's the safest approach. If you do provide a reason, avoid any language that could suggest the transaction has triggered a suspicious matter report or a law enforcement investigation. Phrases like "we're unable to process this transaction at this time" are preferable to "your transaction has been flagged."

Can you share SMR information with an external auditor or consultant?

Yes, under the new law. This is one of the most significant practical changes. Under the old law, engaging external providers to conduct remediation work, look-back reviews, or independent compliance assessments was fraught with tipping off risk. The new framework allows disclosures to third-party service providers where appropriate safeguards are in place and the disclosure is for the purpose of ML/TF risk management.

Can you share information with another remittance provider in your network (RNP)?

It depends. If the other provider is within your designated business group or corporate group, disclosures for ML/TF risk management purposes are permitted. If they're an independent third party, you need to assess whether the disclosure could reasonably prejudice an investigation. Sharing the fact that you've filed an SMR about a specific customer with an unrelated business would almost certainly cross the line.

The AML/CTF Program Obligation

From 31 March 2026, reporting entities are required to adopt and maintain AML/CTF policies in their program specifically designed to prevent tipping off. This means your AML/CTF program must include:

  • Clear policies on what information can and cannot be disclosed, and to whom
  • Procedures for handling SMR-related information, including access controls and information security measures
  • Training for all staff who may encounter suspicious transactions on what constitutes tipping off and how to avoid it
  • Escalation procedures that allow staff to raise concerns internally without triggering tipping off risks

What To Do Now

  1. Update your staff training. Every staff member who handles customer transactions or has access to compliance information needs to understand the new tipping off rules. Training should cover what tipping off is, practical examples of prohibited disclosures, and what to do if a customer asks why a transaction has been declined.

  2. Review your information security. Restrict access to SMR information to those who genuinely need it. Store SMR records separately from general customer files and implement access controls that prevent casual browsing of sensitive compliance data.

  3. Update your AML/CTF program. Ensure your program includes specific tipping off prevention policies, as required from 31 March 2026. This should cover internal disclosures, customer interactions, and engagements with third parties.

  4. Brief your external providers. If you use external consultants, auditors, or legal advisers for compliance work, ensure they understand the new framework and the conditions under which you can share SMR-related information with them.

  5. Create a quick-reference guide for frontline staff. A simple one-page document covering the most common scenarios — customer asks why a transaction was declined, staff member is unsure whether to escalate, another business asks about a shared customer — can prevent costly mistakes in the moment.

Key Dates

DateEvent
31 March 2025Reformed tipping off offence (Section 123) takes effect
31 March 2026AML/CTF program must include tipping off prevention policies

The Bottom Line

The reformed tipping off offence is genuinely good news for remittance operators. The shift from an inference test to a prejudice test gives you clearer boundaries, more flexibility for legitimate business disclosures, and a more workable framework for daily operations.

But the offence remains a criminal one, and the penalty — up to two years' imprisonment — hasn't changed. The operators who benefit most from the reform will be the ones who invest in understanding it, training their staff, and building it into their AML/CTF programs.

Ignorance of the new rules is not a defence. Understanding them is your best protection.

Is your AML/CTF program updated for the 2026 reforms? Build yours free with the AML/CTF Program Builder →

Tipping OffSmrCriminal OffenceStaff TrainingAml Ctf Reforms 2026
Was this article helpful?