Final AML/CTF Rules unveiled – key implications for reporting entities

• The final Anti-Money Laundering and Counter-Terrorism Financing Rules 2025 complete a major overhaul of Australia's AML/CTF legislation.
• Key changes include updated group compliance structures and simplifications made to customer due diligence (CDD) requirements.
• Existing reporting entities must comply by 31 March 2026, while newly covered Tranche 2 entities (real estate agents, accountants, lawyers) will be required to comply from 1 July 2026.
• Our team can help review your AML/CTF program and other AML/CTF compliance frameworks, update your internal AML/CTF processes, and ensure your team is fully prepared for the upcoming changes.

As part of the ongoing reforms to the AML/CTF regime, AUSTRAC has undertaken a complete re-write of the current AML/CTF rules. For more context, see our latest articles:

• Countdown to AML/CTF reforms: AUSTRAC outlines what’s required
• AUSTRAC fires warning shot at AML/CTF reporting entities
• New draft AML/CTF rules: what fund managers need to know
• New Draft Rules shake up AML/CTF regime.

Earlier this year, and together with ED2, AUSTRAC released an exposure draft of the AML/CTF (Class Exemptions and Other Matters) Rules 2007 (Cth) (Class Exemption Rules) for the first time. The Rules and the Class Exemption Rules, together with the amended Anti-Money Laundering and Counter-Terrorism Act 2006 (Cth) (the Act), propose the biggest shakeup of Australia’s AML/CTF regime since the legislation was enacted in 2006.

The changes under the new AML/CTF regime will apply to existing reporting entities from 31 March 2026. New reporting entities, including real estate agents, accountants and lawyers, known as ‘Tranche 2’ entities, will be required to comply with the framework from 1 July 2026.

The two exposure drafts of the AML/CTF rules to date indicated that the Rules would set out key requirements for reporting entities, both new and existing, to comply with their obligations under the AML/CTF Act. This includes, among other things:

• obligations to conduct initial customer due diligence and to undertake ongoing customer due diligence;
• what reporting entities will need to have in their AML/CTF Programs;
• how groups of entities are to be organised or formed for the purpose of compliance with the AML/CTF Act (to replace the existing concept of ‘designated business groups’);
• details to be provided to AUSTRAC upon application for enrolment or registration under the AML/CTF Act;
• details to be provided to AUSTRAC as part of the lodgement of a suspicious matter report, threshold transaction report, or international funds transfer instruction; and
• the requirement to include information about both the payer and payee when making remittances and other transfers of value.

Following its consultation on ED2, AUSTRAC has made several substantive amendments and improvements to the Rules, including the following.

The concept of ‘reporting groups’ replaces the current concept of a ‘designated business group’. Reporting groups can no longer be formed without agreement by all the members of the group as to who will be the ‘lead entity’ of the reporting group. Keep in mind that the ‘lead entity’ will be responsible for the AML/CTF policies of the reporting group and will itself be ‘deemed’ to be a reporting entity. 

New section 5-2 introduces the obligation for the AML/CTF policies of a reporting entity to set out circumstances in which it will, for the purposes of both undertaking initial and ongoing CDD, collect, or collect and verify, kinds of ‘know your customer’ (KYC) information relating to a customer, including the circumstances in which the reporting entity will collect, or collect and verify, information on the customer’s source of wealth and source of funds. 

This provision is consistent with the increased emphasis in the Rules on collection of KYC information and a clearer view on when verification of KYC information is required.

Initial CDD has been reorganised by customer type, with minimum KYC collection standards established for some of the matters reporting entities must establish in relation to their customers. 

The applicable circumstances and requirements for simplified and enhanced CDD have been set out more fully.

Where a reporting entity enters into a written agreement or arrangement with another person relating to its reliance on the collection and verification of relevant KYC information, new section 6-30 prescribes that the reporting entity will need to carry out an assessment of the agreement or arrangement:

• at regular intervals, taking into account the type and level of risks of money laundering, terrorism financing and proliferation financing; however, not exceeding intervals of two years; and
• each time there is a significant change in circumstances that may affect whether the agreement or arrangement continues to meet the requirements of such agreements or arrangements as contained in section 6-29 of the Rules.

Historically, it has been understood that trustees of SMSFs were entities ‘subject to regulatory oversight in respect of their activities as a trust’. AUSTRAC has clarified by way of the Explanatory Statement to the Rules that reporting entities cannot conduct simplified CDD in respect of trustees of SMSFs.

While an interest in a managed investment scheme was taken to be a ‘security’ for the purposes of the Act, this has instead been expressly specified under new section 1-9 of the Rules.

The Rules also contain transitional relief with respect to reports of suspicious matters and threshold transactions:

• between 31 March and 30 June 2026, suspicious matter and threshold transaction reports must be lodged in accordance with the form prescribed by the current law;
• from 1 July 2026 onwards existing reporting entities (as at 31 March 2026) may lodge suspicious matter and threshold transaction reports in accordance with the current law or the new form (which will be released as part of the Tranche 2 reforms); and
• if you are not a reporting entity as at 31 March 2026 (this is mainly Tranche 2 entities), from 1 July 2026 onwards you must lodge suspicious matter and threshold transaction reports in accordance with the new Tranche 2 reforms.

AUSTRAC has developed a table of feedback setting out common topics of feedback from the submissions made on ED2. Within the feedback table, AUSTRAC will respond to industry queries and feedback. This table of feedback is to be made publicly available shortly. AUSTRAC has said that its responses will include: 

• clarification on the policy intent or operational scope of the Rules;
• examples of how sections of the Rules are intended to operate in practice; and
• an explanation of any amendments to the relevant sections which addressed a query raised in the submissions.

AUSTRAC will also issue final guidance for both existing reporting entities and Tranche 2 entities in the coming months.