This page provides a summary of your upcoming anti-money laundering and counter-terrorism financing (AML/CTF) obligations.

On this page:

• New regulated services
• Key obligations summary
• 1. Enrol and register with us
• 2. Develop and maintain an AML/CTF program tailored to your business
• 3. Get your staff ready
• 4. Conduct customer due diligence
• 5. Report certain transactions and suspicious activity
• 6. Make and keep records
• Clear protections for legal professional privilege
• Related pages

New regulated services

From 1 July 2026, AML/CTF obligations will apply to certain services typically provided by the following professions and businesses, known as tranche 2 entities: 

• real estate professionals – such as real estate agents, buyer's agents and property developers
• dealers in precious stones, metals and products
• lawyers
• conveyancers
• accountants
• trust and company service providers. 

More virtual asset-related services and intermediary transfer message services will also come under AML/CTF regulation from 31 March 2026.

To check if you provide services that will be regulated under these changes and have AML/CTF obligations: 

• use the online tool to check if you may be regulated
• visit our new industries and services to be regulated page.

For information on the services we already regulate visit who and what we regulate. 

We’ve developed education resources to help you to implement effective AML/CTF measures. 

You can subscribe to stay updated on AML/CTF reform. 

Key obligations summary

The key obligations for businesses regulated by us are to:

1. Enrol and register with us
2. Develop and maintain an AML/CTF program tailored to your business
3. Get your staff ready to implement your obligations
4. Conduct initial and ongoing customer due diligence (CDD)
5. Report certain transactions and suspicious activities
6. Make and keep records.

In meeting your obligations, the relevant laws also provide clear protections for information that may be subject to legal professional privilege.

Understanding and meeting your obligations is essential to protect your business from misuse by criminals and make sure you comply with Australia’s AML/CTF laws.

1. Enrol and register with us

If you provide a designated service with a geographical link to Australia you must enrol. Enrolment opens 31 March 2026 for newly regulated industries and can’t be done earlier.

If you’re a remittance service provider or virtual asset service provider, you need to enrol and apply for registration. 

If you’re already enrolled or registered, you must update your enrolment and registration details to include any of the new designated services you provide from 31 March 2026. You must also continue to update us when your enrolment or registration details change. 

The Department of Home Affairs is considering whether transitional rules should be made to extend the deadlines for enrolment and registration mentioned below. This guidance will be updated if any transitional rules are made.

Enrol

Enrolment involves providing basic information about your business, such as its:

• structure
• services
• key personnel
• contact details. 

You must also update your details when they change.

You must submit your enrolment application no later than 28 days after the day you start providing a designated service.

If your business provides any of the newly regulated virtual asset services or intermediary transfer message services, these new laws start 31 March 2026. This means you’ll have until 28 April 2026 to enrol.

If you provide any other newly regulated designated services, the new laws start on 1 July 2026, and you must enrol by 29 July 2026. 

Register 

You must not provide an existing regulated virtual asset or remittance designated service before you’ve registered with us. This obligation applies to newly regulated virtual asset services from 31 March 2026. 

Criminal penalties apply for non-compliance. 

Learn more about enrolment and registration and the consequences of not complying.

2. Develop and maintain an AML/CTF program tailored to your business

An AML/CTF program protects your business from criminal exploitation through money laundering, terrorism financing and proliferation financing. It helps you fulfil your obligations and contributes to a safer Australian financial system. 

Your program must contain both of the following:

• A risk assessment: you must identify and assess your money laundering, terrorism financing and proliferation financing risks (we refer to these as ML/TF risks).
• AML/CTF policies: you must develop and maintain appropriate policies, procedures, systems and controls to manage and mitigate your ML/TF risks and comply with your obligations. 

Your program must be documented and approved by a senior manager of your business. It must be kept up to date, including to reflect significant changes to your business and relevant ML/TF risk products we release. It must also be independently evaluated at least once every 3 years. 

Reporting group

If you want to share the costs of compliance with other businesses and fit within the framework established by the Act and Rules, you may be able to do so within a reporting group. Entities in a reporting group share some or all risk management and compliance arrangements. This includes those set out in a group AML/CTF program established by a lead entity of the group. 

Note that obligations apply differently to foreign branches and subsidiaries.

Learn more about:

• your AML/CTF program obligations
• reporting groups. 

3. Get your staff ready

Preparing your staff is critical to help you meet your AML/CTF obligations. This includes making sure of all of the following: 

• they’re fit to perform their roles
• they understand their obligations
• your business has strong governance and oversight in place.

Governance

Your AML/CTF program must be subject to appropriate governance arrangements.

Strong governance and oversight help protect your business from criminal exploitation and support a culture of AML/CTF compliance.

Your AML/CTF governance structure must clearly identify 3 roles:

• Governing body: has primary responsibility for your governance and executive decisions, empowers the AML/CTF compliance officer and oversees compliance at the highest level.
• Senior manager or managers: approves key AML/CTF compliance decisions.
• AML/CTF compliance officer: manages day-to-day AML/CTF compliance and makes sure policies and procedures are implemented.

These roles are usually held by different people, but in smaller businesses, one person may conduct multiple governance responsibilities.

Learn more about governance.

Conduct personnel due diligence and provide AML/CTF training

Personnel due diligence and training ensure the people performing AML/CTF functions in your business have the right skills, knowledge and integrity to meet your obligations and manage risk.

We expect your business to do both of the following:

• conduct personnel due diligence: assess the skills, knowledge, expertise and integrity of personnel you employ or engage to conduct AML/CTF functions
• provide AML/CTF training: make sure personnel understand your AML/CTF obligations and know how to follow your policies, procedures and systems. This is so they can identify, manage and mitigate money laundering, terrorism financing and proliferation financing risks (we refer to these as ML/TF risks).

These requirements help your business comply with AML/CTF obligations and reduce the risk of criminal exploitation.

Learn more about personnel due diligence and AML/CTF training.

4. Conduct customer due diligence

Customer due diligence (CDD) helps you understand who your customers are and the ML/TF risks they may bring to your business. 

CDD is separated into initial CDD and ongoing CDD. 

The level of information you collect and verify to complete CDD will depend on the ML/TF risk profile of the customer. 

You must apply enhanced CDD in high-risk scenarios. You may be able to apply simplified CDD in low-risk scenarios. 

Initial customer due diligence

Initial CDD involves establishing certain matters about a customer on reasonable grounds before you start providing them with a designated service. This makes sure you identify relevant ML/TF risks from the beginning of your relationship with the customer based on information reasonably available to you. 

You must establish the identity of your customer, their representatives, any person on whose behalf they are receiving a service and any beneficial owner of the customer. 

You must also establish if any of these persons are any of the following:

• designated for targeted financial sanctions – which prevents you from dealing with their assets or making assets available to them
• a politically exposed person – a person who holds a prominent public position in a government body or international organisation (e.g. a government minister) or is a family member or close associate of such a person. 

Ongoing customer due diligence

Ongoing CDD involves monitoring and managing ML/TF risks throughout the customer relationship. This includes all of the following: 

• monitoring transactions and behaviours for suspicious activity
• updating the customer’s ML/TF risk profile in response to various triggers
• reviewing, updating and re-verifying information as needed. 

Pre-commencement customers

You won’t need to do initial or ongoing CDD on a pre-commencement customer until any of the following occurs: 

• you’re required to file a suspicious matter report in relation to the customer
• there’s a significant change in the nature and purpose of the business relationship with a customer which results in the customer’s ML/TF risk being assessed as medium or high. 

This is intended to reduce the regulatory burden of regulating your existing customers, while making sure they’re subject to appropriate CDD measures when their risk profile changes. 

Learn more about CDD.

5. Report certain transactions and suspicious activity

Reporting certain transactions and suspicious activities maintains the integrity of the financial system and helps law enforcement to combat crime. 

The types of reports you may need to submit to us are all of the following: 

• suspicious matter reports (SMR): if you suspect a person isn’t who they claim to be, or you have information relevant to criminal activity
• threshold transaction reports (TTR): for any transaction involving physical currency (cash) of $10,000 or more
• international funds transfer reports for instructions to transfer funds into or out of Australia
• cross-border movement reports: if you move physical currency (cash) and other monetary instruments of $10,000 or more into or out of Australia
• compliance reports: an annual report about how you met your obligations the previous calendar year. 

Learn more about reporting.

6. Make and keep records

You must make and maintain accurate and complete records for at least 7 years. 

These records provide evidence of your due diligence, risk management practices and compliance with AML/CTF obligations. Your records include documents related to your:

• AML/CTF program
• CDD
• transaction records
• staff training sessions
• audit results.

Learn more about record keeping.

Clear protections for legal professional privilege

The new laws provide clearer protections for information or documents that are subject to legal professional privilege (LPP).

Nothing in the amended Act affects the right of a person to refuse to give information (including by answering a question) or produce a document. This applies if the information or document would be privileged from being given or produced on the grounds of LPP. 

These changes come into effect on 1 July 2026 

Learn more about legal professional privilege. 

Related pages

• Check if you may be regulated
• Why combat money laundering and terrorism financing
• Risks and indicators of suspicious activity