Introduction
Meeting anti-money laundering and counter-terrorism financing (AML/CTF) reporting obligations is fundamental for businesses operating within Australia’s regulatory framework. The Australian Transaction Reports and Analysis Centre (AUSTRAC), under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), mandates these requirements to combat financial crime, safeguard the integrity of the Australian financial system, and contribute to national security efforts.
This guide provides a comprehensive overview for reporting entities required to navigate these complex compliance demands. It explains the critical reporting obligations, including suspicious matter reports and various transaction reports, helping organisations understand their role in detecting and preventing money laundering and terrorism financing through accurate and timely submissions to AUSTRAC.
Determining if Your Business is a Reporting Entity
Defining Reporting Entities & Designated Services
Your business’s requirement to comply with Australian AML/CTF laws depends on whether it is considered a ‘reporting entity’. This status is determined by your organisation’s activities, specifically if it provides one or more ‘designated services’ listed in section 6 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).
A reporting entity can be an individual (like a sole trader), a company, a trust, or a partnership. Providing even a single designated service can trigger these significant reporting obligations.
Currently, regulated sectors providing designated services include:
- Financial Services: Banks, credit unions, building societies, financial planners, investment managers, stockbrokers, and insurance companies offering services like opening accounts, making loans, or issuing cards.
- Gambling Services: Casinos, online wagering providers, and operators of gaming machines.
- Bullion Dealing: Businesses involved in buying or selling precious metals like gold or silver bullion.
- Remittance Services: Entities transferring money or value domestically or internationally.
- Digital Currency Exchange (DCE) / Virtual Asset Services: Platforms facilitating exchanges between digital currencies (like Bitcoin) and traditional currency, or between digital currencies.
Enrolment & Registration with AUSTRAC for Reporting Entities
All businesses identified as reporting entities are obligated to enrol with AUSTRAC. This enrolment must occur before you provide designated services and completed via the AUSTRAC Online portal.
Certain sectors that pose higher money laundering or terrorism financing risks face an additional requirement beyond enrolment. These entities must also formally register with AUSTRAC. This specifically applies to:
- Remittance service providers (both network providers and independent dealers)
- DCE providers, also known as Virtual Asset Service Providers (VASPs)
- Registration involves greater scrutiny by AUSTRAC, potentially including police checks for key personnel, and needs periodic renewal. Moreover, providing registrable remittance or virtual asset services is illegal without being registered with AUSTRAC.
Tranche 2 Expansion Bringing in New Reporting Entities
The Australian government is significantly expanding the reach of the AML/CTF regime through reforms often referred to as ‘Tranche 2’. This expansion aims to bring Australia further in line with international standards set by the Financial Action Task Force (FATF) by regulating professions considered ‘gatekeepers’ to the financial system.
Based on the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth), these changes will bring new types of businesses under AUSTRAC’s regulation when they provide certain designated services.
The professions affected include:
- Lawyers
- Accountants
- Conveyancers
- Real estate professionals (including real estate agents, buyers’ agents, and property developers)
- Trust and company service providers
- Dealers in precious metals and stones (extending beyond just bullion dealers)
These Tranche 2 entities should prepare for compliance, with obligations expected to commence mid-2026 (enrolment starting 31 March 2026, full obligations from 1 July 2026). These businesses should develop and implement AML/CTF programs, conduct customer due diligence (CDD), monitor transactions, and fulfil all relevant reporting obligations, representing a major operational shift for these sectors.
Key AUSTRAC Reporting Obligations for All Reporting Entities
Suspicious Matter Reports: Identifying and Reporting Suspicious Activity
Reporting entities must submit a Suspicious Matter Report (SMR) to AUSTRAC if they form a suspicion on reasonable grounds about a customer, transaction, or activity. This obligation arises when providing a designated service or being asked to provide one.
The suspicion could relate to:
- Potential money laundering
- Terrorism financing
- Proceeds of crime
- Tax evasion
- Other offences under Commonwealth, State, or Territory law
An SMR is also required if you suspect a person is not who they claim to be, or might be the victim of a crime.
An SMR triggers the formation of ‘suspicion on reasonable grounds’, a standard requiring more than vague unease but less than proof of illegality. It is based on considering all available information and circumstances. Importantly, there is no minimum monetary threshold for submitting an SMR; the obligation is based solely on suspicion.
Key details to include in an SMR involve:
- Your business information
- Information about the suspicious matter itself
- Details of the individuals or entities involved
- A clear explanation in plain English detailing the grounds for your suspicion
Strict deadlines apply for SMR submission:
- Within 24 hours, if the suspicion relates to terrorism financing
- Within three business days for suspicions pertaining to money laundering or other offences
Crucially, reporting entities and their staff are prohibited from disclosing that an SMR has been submitted or is required, if doing so is likely to prejudice an investigation. This practice, known as ‘tipping off’, is a criminal offence under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).
Threshold Transaction Reports: Reporting Large Cash Transactions
Reporting entities are required to submit a Threshold Transaction Report (TTR) to AUSTRAC when they provide a designated service involving a transaction with physical currency (cash) amounting to A$10,000 or more. This threshold also applies to the foreign currency equivalent.
The obligation covers receiving cash from a customer and providing cash to a customer.
The primary purpose of TTRs is to help authorities track large cash movements and prevent ‘structuring’. Structuring involves deliberately splitting a large cash transaction into multiple smaller transactions to fall below the A$10,000 reporting threshold and evade detection.
Assisting or engaging in structuring is an offence. TTRs must be submitted to AUSTRAC within 10 business days after the transaction date.
International Funds Transfer Instruction / International Value Transfer Service Reports
Reporting entities must report instructions for transferring funds, property, or value into or out of Australia. These are reported as International Funds Transfer Instruction (IFTI) reports. This obligation applies regardless of the amount transferred; no minimum monetary threshold exists.
IFTIs capture:
- Instructions accepted in Australia for value to be made available overseas
- Instructions received from overseas for value to be made available in Australia
The deadline for submitting IFTI reports is 10 business days after the day the instruction was sent or received.
Upcoming reforms, effective from 31 March 2026, will replace IFTI reporting with International Value Transfer Service (IVTS) reporting, expanding the scope to explicitly include virtual assets.
Cross-Border Movement Reports
Unlike other reports specific to reporting entities, the obligation to submit a Cross-Border Movement (CBM) report applies to any person (including individuals and businesses). A CBM report is required when A$10,000 or more in monetary instruments is moved across Australia’s border. This includes physical currency (cash), bearer negotiable instruments (BNIs), or their foreign currency equivalent.
The reporting deadlines for CBMs vary depending on how the monetary instruments are moved:
- If carried or sent out of Australia: The report must be submitted before the movement occurs
- If carried into Australia: The report must be made upon arrival
- If received into Australia via mail, shipping, or similar means: The report must be submitted witfivein 5 business days of receiving the instruments.
AUSTRAC Compliance Reports Annual Reporting Requirements
Reporting entities must submit an AUSTRAC Compliance Report each year. This report details how the entity has met its AML/CTF obligations during the previous calendar year (1 January to 31 December).
The information helps AUSTRAC:
- Assess industry compliance
- Identify areas needing support
- Refine guidance
The content is based on a questionnaire covering aspects such as:
- The entity’s money laundering and terrorism financing (ML/TF) risk assessment
- AML/CTF program implementation
- CDD practices
- Transaction monitoring
- Reporting activities
- Employee training
The submission window for the annual compliance report is between 1 January and 31 March each year. Failure to submit this report can result in penalties.
How & When Reporting Entities Must Submit AUSTRAC Reports
Using AUSTRAC Online for Mandatory Reporting
Reporting entities must use the secure web portal, AUSTRAC Online, to fulfil their reporting obligations to AUSTRAC. This digital platform serves as the primary electronic channel for submitting mandatory reports.
Key reports submitted through AUSTRAC Online include:
- SMRs
- TTRs
- IFTI reports / IVTS reports
- Annual AUSTRAC Compliance Reports
Beyond report submission, AUSTRAC Online is also used for:
- Initial enrolment with AUSTRAC
- Registration (required for sectors like remittance and DCE providers)
- Management and updating of crucial business details, such as contact information
- Maintaining the list of designated services provided, which is essential for ongoing compliance
For example, submitting the annual compliance report involves these steps within AUSTRAC Online:
- Log in to your account
- Navigate to the ‘My Business’ section
- Expand the menu options and select ‘Compliance Reports’
- Choose ‘Open Compliance Report’ for the relevant year
- Complete the required questions
- Review the information carefully before submitting the report
Get Your Free Initial Consultation
Request a Free Consultation with one of our experienced AML Lawyers today.
Critical AUSTRAC Reporting Deadlines for Reporting Entities
Meeting reporting deadlines is crucial for compliance under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). Failure to submit timely reports can result in enforcement action, including financial penalties.
The specific deadlines vary depending on the type of report:
- SMRs:
- Within 24 hours of forming a suspicion related to terrorism financing
- Within three business days of forming a suspicion related to money laundering or other serious crimes
- TTRs: Within 10 business days after the date the cash transaction of A$10,000 or more occurred
- IFTI / IVTS Reports: Within 10 business days after the day the instruction for the international transfer was sent or received by the reporting entity
- CBM Reports:
- Before the monetary instrument (A$10,000 or more) is carried or sent out of Australia
- Upon arrival, if carrying the monetary instrument into Australia
- Within five business days of receiving the monetary instrument, if it was mailed or shipped into Australia from overseas
- AUSTRAC Compliance Reports: Annually, between 1 January and 31 March, covering the compliance activities of the previous calendar year (1 January to 31 December)
Supporting Your Reporting Obligations via Your AML/CTF Program & Record-Keeping
Role of Your AML/CTF Program in Effective Reporting
A documented, risk-based AML/CTF program is mandatory for all reporting entities under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). This program is the operational foundation for meeting your compliance obligations, including accurate and timely reporting to AUSTRAC. It must be tailored to your business’s specific nature, size, complexity, and the ML/TF risks you face.
Your AML/CTF program is structured into two key parts that directly support your reporting capabilities:
- Part A (Risk Management): This part outlines your overall framework for managing ML/TF risks. It includes essential components such as:
- Conducting a thorough ML/TF risk assessment,
- Ensuring management oversight and approval,
- Appointing an AML/CTF compliance officer,
- Implementing employee due diligence and training programs,
- Establishing systems for ongoing customer due diligence (OCDD).
OCDD incorporates transaction monitoring to detect unusual activity and enhanced customer due diligence (ECDD) for high-risk situations. Both are crucial for identifying matters requiring reports like SMRs.
- Part B (Customer Identification): Often referred to as ‘Know Your Customer’ (KYC), this part details your procedures for identifying and verifying customer identities (Applicable Customer Identification Procedures or ACIP) before providing designated services. Identifying customers is fundamental to understanding transaction origins and assessing risk, which informs reporting decisions.
By implementing these program components, your organisation establishes the necessary policies, procedures, systems, and controls to:
- Identify risks,
- Conduct appropriate CDD,
- Monitor transactions effectively,
- Ultimately enable the accurate and timely submission of required transaction and suspicious matter reports to AUSTRAC.
Essential Record-Keeping Requirements for Reporting Entity Compliance
Maintaining comprehensive and accurate records is fundamental under Part 10 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and associated AML/CTF Rules. Proper record-keeping is essential for demonstrating your organisation’s compliance with its obligations and assisting AUSTRAC and law enforcement agencies during investigations into financial crime. Failure to keep adequate records can lead to enforcement actions.
Reporting entities must create and retain several key categories of records, including:
- Customer Identification Records: Details of the steps taken to verify customer identity (ACIP/KYC), the information collected, and verification methods used.
- Transaction Records: Records of all transactions related to designated services.
- AML/CTF Program Records: Documentation relating to the program, such as adoption dates, board/management approvals, the program document, and records of subsequent changes.
- Reporting Records: Copies or details related to submitted AUSTRAC reports, including SMRs, TTRs, IFTI reports, and annual Compliance Reports, as well as records of considerations regarding suspicious matters.
- Other Compliance Records: Documentation related to employee due diligence and training, independent AML/CTF program reviews, and correspondent banking due diligence.
These records must generally be retained for a minimum period of seven years. For customer identification records, this period starts after the business relationship ends. Transaction records begin from the date of the transaction.
Records must be kept securely, legibly, and readily retrievable upon request. Additionally, they must adhere to requirements under the Privacy Act 1988 (Cth) regarding personal information.
Consequences of Non-Compliance for Reporting Entities
Failure by reporting entities to meet their obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and the associated AML/CTF Rules can result in serious consequences. AUSTRAC, as the regulator, possesses a wide range of enforcement powers to address non-compliance effectively. These measures are applied proportionately based on the identified breaches’ nature, severity, and persistence.
AUSTRAC’s Administrative & Regulatory Tools
AUSTRAC can utilise various administrative and regulatory tools to enforce compliance:
- Infringement Notices: These may be issued for specific contraventions related to:
- CDD procedures
- Reporting obligations (such as failing to submit the annual compliance report)
- Enrolment or registration requirements
- Record-keeping failures: Monetary penalties apply per contravention, with recent examples indicating amounts around A$3,300 for sole traders and A$16,500 for companies concerning compliance report failures.
- Remedial Directions: AUSTRAC can issue formal written directions compelling a reporting entity to undertake specific actions to rectify non-compliance or prevent its recurrence. These directions can potentially be made public.
- Enforceable Undertakings (EUs): An entity may provide a formal written undertaking to AUSTRAC, committing to specific actions (or refraining from certain actions) to ensure future compliance. EUs are legally binding and can be enforced through court action if breached.
- Written Notices for External Audit / Risk Assessment: Where AUSTRAC suspects deficiencies in risk management or compliance, it can require the reporting entity to appoint an independent external auditor to review its AML/CTF program or conduct a specific ML/TF risk assessment, with findings reported back to AUSTRAC.
- Registration Actions: Specifically for remittance service providers and DCE providers, AUSTRAC holds the power to refuse, suspend, cancel, or impose conditions on their registration if they are deemed to pose an unacceptable risk of money laundering, terrorism financing, or other serious crime.
Potential Court-Enforced Penalties
In cases involving serious, systemic, or widespread non-compliance, AUSTRAC has the authority to seek more substantial penalties through the courts:
- Civil Penalty Orders: AUSTRAC can initiate proceedings in the Federal Court of Australia seeking civil penalty orders. The maximum potential penalties are significant, reaching up to:
- A$6.26 million for individuals
- A$31.3 million for corporations per contravention (based on the penalty unit value as of mid-2024) Several high-profile cases against major financial institutions and casinos have resulted in penalties ranging from tens of millions to over a billion dollars, often stemming from systemic failures in transaction reporting (like TTRs and IFTIs), suspicious matter reporting, and deficient AML/CTF programs.
- Criminal Sanctions: Certain actions under the Anti-Money Laundering and Counter-Terrorism Financing Act2006 (Cth) are criminal offences. These include:
- Deliberately structuring transactions to avoid reporting thresholds
- Providing false or misleading information or documents
- Using false customer names
- Unlawfully disclosing (‘tipping off’) that an SMR has been or needs to be submitted. Prosecution, typically handled by the Commonwealth Director of Public Prosecutions (CDPP), can lead to severe penalties, including imprisonment for up to 10 years and substantial fines.
Reputational Impact of Non-Compliance
Beyond the direct legal and financial repercussions, any public enforcement action taken by AUSTRAC invariably attracts significant negative publicity. This can cause substantial reputational damage, erode customer trust, and negatively impact business relationships and overall market standing.
Conclusion
Meeting Australia’s AML/CTF reporting obligations through AUSTRAC, including submitting key transaction reports and suspicious matter reports accurately and on time, is crucial for all reporting entities, particularly with upcoming Tranche 2 changes expanding the regime. Effective compliance relies heavily on implementing a robust, risk-based AML/CTF program encompassing thorough CDD and diligent record-keeping, alongside understanding the severe consequences of non-compliance.
Navigating these complex requirements can be challenging. For trusted expertise and tailored solutions to ensure your organisation meets its AUSTRAC compliance obligations effectively, contact the specialists at AML House today to transform regulatory challenges into strategic opportunities.
