Financial Intelligence
Collects and analyses over 100 million financial reports annually to detect suspicious activity.
AML Regulator
Australia's AML Regulator: Understanding AUSTRAC
AUSTRAC is Australia's AML regulator responsible for enforcing anti-money laundering and counter-terrorism financing laws. Learn about AUSTRAC's role, powers, enforcement actions, and how to comply with AML/CTF regulations.
Key Information
The AML regulator explained
Every country with serious anti-money laundering laws has a regulator to enforce them.
In Australia, that regulator is AUSTRAC — the Australian Transaction Reports and Analysis Centre.
If you're a reporting entity (or about to become one under Tranche 2), understanding how the AML regulator works is essential to staying compliant.
Who Is Australia's AML Regulator?
AUSTRAC is Australia's financial intelligence unit and AML/CTF regulator. Established in 1989, it sits within the Attorney-General's portfolio and has two core functions:
1. Financial Intelligence
AUSTRAC collects over 100 million reports annually from reporting entities:
- Suspicious matter reports (SMRs) — when businesses identify potential money laundering or terrorism financing
- Threshold transaction reports (TTRs) — cash transactions of $10,000 or more
- International funds transfer instructions (IFTIs) — cross-border money movements
This intelligence feeds into law enforcement investigations across Australia. Drug trafficking, tax evasion, organised crime, terrorist financing — AUSTRAC's data helps catch them all.
2. Regulatory Oversight
AUSTRAC supervises 17,000+ reporting entities to ensure they meet their AML/CTF obligations. This includes:
- Banks and financial institutions
- Gambling and gaming providers
- Bullion dealers
- Digital currency exchanges
- Remittance providers
- And from July 2026 — accountants, lawyers, real estate agents, and trust service providers
How the AML Regulator Supervises Businesses
AUSTRAC takes a risk-based approach to supervision. Not every business gets the same level of scrutiny.
Risk Assessment
AUSTRAC assesses each sector's money laundering risks and focuses resources accordingly. High-risk sectors face more intensive supervision.
Compliance Assessments
AUSTRAC conducts compliance assessments to check whether businesses:
- Have adequate AML/CTF programs
- Conduct proper customer due diligence
- Submit required reports accurately and on time
- Maintain records as required
- Have appropriate systems and controls
Thematic Reviews
AUSTRAC regularly reviews specific issues across multiple businesses — for example, examining how a sector handles PEP screening or beneficial ownership identification.
The Regulator's Enforcement Powers
AUSTRAC has significant enforcement tools:
Infringement Notices
For less serious breaches, AUSTRAC can issue infringement notices with set penalties. These can be contested in court.
Enforceable Undertakings
Businesses can commit to specific remediation actions. Breaching an enforceable undertaking leads to further enforcement action.
Remedial Directions
AUSTRAC can direct businesses to take specific actions to address compliance failures.
Civil Penalty Proceedings
For serious or systemic breaches, AUSTRAC can seek civil penalties through the Federal Court. Maximum penalties are substantial:
- Up to $22.2 million per contravention for corporations
- Up to $4.44 million per contravention for individuals
Criminal Prosecution
AUSTRAC can refer matters to the Commonwealth Director of Public Prosecutions for criminal prosecution. Serious offences can result in imprisonment.
Major Enforcement Actions
AUSTRAC has imposed Australia's largest corporate penalties:
Westpac — $1.3 billion (2020)
23 million breaches including failure to report international transfers and inadequate transaction monitoring. The largest penalty in Australian corporate history.
Crown Resorts — $450 million (2023)
Systemic failures in AML/CTF compliance at its Melbourne and Perth casinos.
Commonwealth Bank — $700 million (2018)
Failures in transaction monitoring and suspicious matter reporting related to intelligent deposit machines.
These aren't just big banks. AUSTRAC has also taken action against smaller businesses, remittance providers, and digital currency exchanges. Size doesn't exempt you from enforcement.
What the Regulator Expects From You
If you're a reporting entity, AUSTRAC expects:
1. Enrolment
Register with AUSTRAC before providing designated services. For Tranche 2 professions, enrolment opens 31 March 2026.
2. AML/CTF Program
Develop and maintain a written program that addresses your ML/TF risks. This includes policies, procedures, and controls proportionate to your risk profile.
3. Customer Due Diligence
Verify customer identities, identify beneficial owners, assess risk, and apply enhanced measures for higher-risk customers.
4. Ongoing Monitoring
Monitor customer relationships and transactions throughout the business relationship. Update CDD when circumstances change.
5. Reporting
Submit suspicious matter reports within required timeframes. Report threshold transactions and international transfers as required.
6. Record Keeping
Maintain records for 7 years after the business relationship ends. Records must be readily accessible for AUSTRAC examination.
7. Training
Ensure staff understand their obligations and can identify suspicious activity.
Working With the Regulator
AUSTRAC isn't just an enforcement body. They also provide:
- Guidance — sector-specific guidance on how to comply
- Typologies — reports on how criminals exploit different sectors
- Risk assessments — national and sector-level risk assessments
- Education — webinars, resources, and direct engagement
Engaging proactively with AUSTRAC demonstrates good faith and can help you understand emerging risks before they become compliance issues.
Preparing for Regulatory Oversight
If you're entering Tranche 2 in July 2026, start preparing now:
- Understand your obligations — know what the law requires
- Build your AML/CTF program — document your policies and procedures
- Implement systems — manual processes won't scale
- Train your team — everyone needs to understand their role
- Test your controls — verify your systems work as intended
ARCaml provides the infrastructure to meet AUSTRAC's expectations — customer due diligence workflows, automated screening, secure record-keeping, and audit trails that demonstrate compliance.
Ready to prepare for regulatory oversight? Contact us to discuss your compliance requirements.
The AML Regulator's Functions
Regulatory Oversight
Supervises 17,000+ reporting entities across banking, gaming, bullion, and professional services.
Enforcement Powers
Can impose civil penalties up to $22.2 million per contravention for non-compliance.
Industry Guidance
Publishes guidance, typologies, and risk assessments to help businesses comply.
AML Regulator FAQs
Who is Australia's AML regulator?
AUSTRAC (Australian Transaction Reports and Analysis Centre) is Australia's sole AML/CTF regulator. It supervises reporting entities, collects financial intelligence, and enforces the AML/CTF Act 2006.
What powers does the AML regulator have?
AUSTRAC can conduct compliance assessments, issue infringement notices, accept enforceable undertakings, seek civil penalties through the courts, and refer matters for criminal prosecution. Penalties can reach $22.2 million per contravention.
How does AUSTRAC regulate businesses?
AUSTRAC requires reporting entities to enrol, develop an AML/CTF program, conduct customer due diligence, report suspicious matters and threshold transactions, and maintain records for 7 years. They conduct risk-based supervision and compliance assessments.
What happens if I don't comply with AML regulations?
Non-compliance can result in civil penalties, infringement notices, enforceable undertakings, remedial directions, and in serious cases, criminal prosecution. AUSTRAC also publishes enforcement outcomes, causing reputational damage.
Prepare for AUSTRAC Oversight
Get the compliance infrastructure to meet regulatory expectations before Tranche 2 commences.