ARTICLE
7 May 2025

Understanding AML/CTF reforms – Part 1: Existing reporting entities

SG
Sophie Grace Pty Ltd

Contributor

Sophie Grace Pty Ltd logo
Sophie Grace is a leading Australian firm specialising in both compliance and legal services to participants within the financial services and credit industries. We have serviced Australian and international clients across the financial sector for over a decade. From obtaining the required licences to operate your business to the provision of ongoing compliance support, many businesses have benefited from Sophie Grace’s extensive knowledge in the financial and credit space. We take pride in our ability to offer tailored solutions to a broad range of businesses whilst keeping business practicalities and obligations to regulators at the forefront of our minds when delivering services and advice. Our consultancy services can equip you with assistance and clarity in your business endeavours.
Explore Firm Details
High-level overview of some of the changes introduced under the reforms.
Australia Government, Public Sector
Larissa Tan
Your Author LinkedIn Connections

Reforms to Australia's AML/CTF regime have been passed and will for the most part commence in 2026. For existing reporting entities, the reforms and the new AML/CTF Rules (currently in draft) introduce changes to various AML/CTF obligations and requirements contained in the current AML/CTF Act 2006.

While many of these changes do not start until 31 March 2026, existing reporting entities should become familiar with these changes by reviewing the draft rules so that they are on track to implement them when they are finalised. This will help ensure they continue to stay compliant with the AML/CTF regime in its next iteration.

1619882a.jpg

AML/CTF Programs

Under the reforms, an AML/CTF Program no longer needs to be separated into Part A and Part B. A reporting entity can choose how it wants to structure their AML/CTF Program, so long as the AML/CTF Program documents the reporting entity's:

  • assessment of money laundering, terrorism financing and proliferation financing risks specific to its business (ML/TF risk assessment);
  • procedures and measures appropriate to manage and mitigate the ML/TF risks specific to its business; and
  • procedures and measures to ensure it complies with its obligations and requirements under the AML/CTF Act.

A failure to comply with the procedures and requirements as outlined in a reporting entity's own AML/CTF Program will be a breach attracting civil penalties. This means reporting entities need to not only have an AML/CTF Program, but also implement what they say they will do in their AML/CTF Program.

Customer due dilligence (CDD) procedures

The reforms give a reporting entity more flexibility when conducting customer due diligence (CDD) procedures.

When? What? How? Outcome
Initial CDD

(at the onboarding stage)
  • Establish the identity of the customer in the first instance - the draft rules prescribe the minimum KYC information that must be collected;

  • Identify the ML/TF risk of the customer;

  • Collect further KYC information based on the ML/TF risk of the customer; and

  • Verify the KYC information collected.


 Simplified CDD can be applied where:

  • the ML/TF risk of the customer is low.


Enhanced CDD must be applied where:

  • ML/TF risk of the customer is high; or

  • customer is suspicious; or

  • customer / agent / beneficial owner is:

    • a foreign PEP; or

    • physically located or incorporated in a high-risk jurisdiction.


 The reporting entity must be satisfied about factors such as:

  • the identity of the customer / agent / beneficial owner;

  • whether the customer is a politically exposed person or subject to sanctions; and

  • the nature or purpose of the transaction
Ongoing CDD

(on an ongoing basis)
  • Monitor the customer's transactions / behaviour;

  • Review and update the ML/TF risk of the customer; and

  • Review, update or reverify the customer's KYC information based on the ML/TF risk of the customer.
 The reporting entity must appropriately identify, assess, manage and mitigate the ML/TF risks associated with providing designated services to the customer.

The terms "simplified CDD" and "enhanced CDD" are not specifically defined in the legislation. A reporting entity will have the flexibility to decide what constitutes simplified and enhanced CDD procedures, so long as enhanced CDD involves more rigorous checks and monitoring on the customer when compared to simplified CDD.

From 'Designated Business Group' to 'Reporting Group'

The reforms replace the existing "Designated Business Group" regime with the "Reporting Group" concept. If a reporting entity is part of a business group, the AML/CTF governance structure is set out as follows:

Business Group A group of 2 or more persons, where one person in the group controls each other person in the group (e.g. parent/subsidiary corporate structure).
Reporting Group Either:
  • A business group, where at least one entity is a reporting entity; or

  • A group of 2 of more persons who have elected to form a group as permitted by the AML/CTF Rules.
Lead Entity The method for determining the lead entity of a reporting group is to be defined in the AML/CTF Rules. The lead entity will likely be the entity which controls all other members of the group who provide a designated service, have some connection to Australia and will fulfil the risk and compliance management functions for the reporting group.

Reporting Group

1619882b.jpg

AML/CTF Compliance Officer

The reforms set out specific eligibility requirements for a person to be an AML/CTF Compliance Officer, including that they must:

  • have sufficient authority, independence and access to resources and information to ensure they can oversee and coordinate the reporting entity's AML/CTF compliance on a day-to-day basis;
  • be an employee of the reporting entity or otherwise engaged at management level;
  • be a fit and proper person - some factors when considering fitness and propriety are competence, character, integrity, criminal history, records of misconduct, bankruptcy, and conflict of interest.

Further, if a reporting entity provides designated services through a permanent establishment in Australia, the AML/CTF Compliance Officer must be a resident of Australia.

Offence of "Tipping Off"

Previously, the tipping off provision was very broad such that a reporting entity could not share information about suspicious matters to anyone other than AUSTRAC, except in very limited circumstances.

The reforms have amended the offence such that it will be an offence only if the person discloses information about suspicious matters or in relation to AUSTRAC's request for further information, to a person other than AUSTRAC, where the disclosure would or could reasonably be expected to prejudice an investigation of an offence.

Key Elements of the New "Tipping Off" Offence

1619882c.jpg

Note: the changes to the offence of "tipping off" came into effect on 31 March 2025. Further information is available here.

AUSTRAC's New Powers

The reforms give AUSTRAC a new 'examination power' which allows AUSTRAC to issue a notice to a person, requiring the person to produce documents or appear before an examiner to answer questions and produce documents. The examination must be relevant to compliance with the AML/CTF regime or a criminal offence that relates to the AML/CTF regime. A failure to comply with the notice, whether intentionally or recklessly, is an offence.

The reforms also amend AUSTRAC's 'information gathering' power, to allow AUSTRAC to issue a notice to a person, requiring the person to provide certain information or documents, in circumstances that do not relate to suspicious matter, threshold transaction or international funds transfer instruction reports. This enables AUSTRAC to conduct investigations into a reporting entity's regulatory compliance with the AML/CTF regime or to gather information to support its other functions like financial crime analysis and intelligence. A failure to comply with a notice of this type constitutes a breach attracting civil penalties.

Note: the changes to AUSTRAC's powers came into effect in January 2025.

Further Reading

This article only provides a high-level overview of some of the changes introduced under the reforms. Further detail can be found in the AML/CTF Amendment Act 2024, as well as the upcoming new AML/CTF Rules and AUSTRAC's core guidance - to be released in the second half of 2025.

If you have any questions about how these changes affect you, please contact us.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Larissa Tan
Larissa Tan
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More