AML/CTF compliance due March 2026: practical guidance

The reforms commencement date of 31 March 2026 is looming large for existing reporting entities under the AML/CTF regime. AUSTRAC has reminded reporting entities that they can:

• look at AUSTRAC’s reforms guidance (which was published in October 2025); and
• access new e-learning modules on the AUSTRAC e-learning platform free of charge.

Further material and updates will be published in 2026 so it is worth keeping a watchful eye and subscribing for updates so you can be among the first to know.

You can read more in our recent articles AUSTRAC releases Core Guidance ahead of AML/CTF reforms and Final AML/CTF Rules unveiled – key implications for reporting entities.

AUSTRAC has reminded reporting entities of their ongoing obligation under the current regime to submit AML/CTF compliance reports. Reports for the 1 January to 31 December 2025 period must be submitted before 11.59 PM (AEDT) on Tuesday 31 March 2026.

The report process involves answering a series of questions and submitting the responses through the AUSTRAC website. This year, AUSTRAC has made changes to some questions to make the task easier for reporting entities. 

AUSTRAC has also issued its 2025 compliance report guidance, which provides a detailed preview of the questions included in the report, which aim to assess whether reporting entities provided designated services, their AML/CTF program status, risk assessments, and any changes in business operations. It also explains key terms, reporting obligations, and scenarios, such as ceasing designated services, outsourcing compliance functions, and handling customer identification challenges.

The guidance emphasises AUSTRAC’s focus on improving compliance support and includes questions on digital currency exchange services, blockchain usage, de-banking experiences, mergers and AML/CTF training. Reporting entities must disclose details about transaction monitoring programs, enhanced due diligence and internal reporting to senior management. 

AUSTRAC has also reminded reporting entities that the information provided in the report must be accurate, and to check that information about the AML/CTF compliance officer and key personnel is up to date.

Reporting entities should ensure their compliance reports are prepared and submitted on time, as non-compliance can attract a suite of enforcement options, including:

• civil penalty orders;
• enforceable undertakings;
• infringement notices; and
• remedial directions.

AUSTRAC may also issue a written notice requiring a reporting entity to appoint an external auditor to:

• review their ML/TF risk management or AML/CTF compliance; or
• undertake a ML/TF financing risk assessment.

As we discuss below, AUSTRAC has recently demonstrated it is ready and willing to enforce failures to submit an AML/CTF compliance report.

In September 2024, AUSTRAC issued infringement notices to 16 businesses, including Castra Licensee Pty Ltd and Princeton Securities (NSW) Pty Ltd, which did not submit their AML/CTF compliance report for the 2023 calendar year. 

Castra and Princeton both failed to pay their infringement notices (which would have concluded the matter) so AUSTRAC has commenced civil penalty proceedings in the Federal Court. 

AUSTRAC Acting CEO Katie Miller emphasised the importance of the requirement to submit an annual compliance report, saying: 

‘The requirement to submit an annual compliance report is fundamental to a reporting entity’s AML/CTF obligations. AUSTRAC uses compliance reporting data to supervise regulated businesses, and to understand how businesses are meeting their obligations under the AML/CTF Act.’

This article was prepared with the assistance of Patrick McMullin, Law Graduate