Foreign branches and subsidiaries (Reform)

Learn what your anti-money laundering and counter-terrorism financing (AML/CTF) obligations are if you provide designated services through a permanent establishment in a foreign country.

On this page

Australian reporting entities providing designated services through a permanent establishment in a foreign country have different obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (the Act) to those based in Australia.

This includes businesses that provide these services through foreign branches of an Australian reporting entity or subsidiaries of an Australian parent company. 

Obligations for overseas services

This section refers to the Explanatory Memorandum paragraphs 70, 101 and 220.

The Act adopts a risk-based approach. It focuses on what you must achieve, instead of prescribing how to achieve it. This means foreign branches and subsidiaries can use systems and controls that suit foreign conditions, as long as they achieve the required outcomes.

Certain obligations only apply to designated services provided at a permanent establishment in Australia.

AML/CTF obligations comparison: Australian versus overseas services

The following table compares the AML/CTF obligations of Australian versus overseas services.

Obligation Applies to permanent establishment in Australia Applies to permanent establishment in foreign country Sections of the Act applicable to permanent establishment in foreign country
Enrolment and registration Yes – must comply in full Yes – must comply in full
  • Enrol: Part 3A  
  • Register (for remittance and virtual asset services): Part 6 and 6A 
ML/TF risk assessment Yes – must comply in full

Yes – limited obligations 

 

Must undertake a risk assessment based on nature, size and complexity of business

 

Must keep risk assessment up to date and review or update at least once every 3 years
  • Risk assessment: sections 26C(1) and (2)
  • Review and update: sections 26D and 26E 
AML/CTF policies Yes – must comply in full

Yes – limited obligations 

 

Must develop and maintain AML/CTF policies that achieve outcomes in s26F(1)

 

Must comply with AML/CTF policies
  • AML/CTF policies: section 26F(1)
  • Comply with policies: section 26G
  • Document and approve program: sections 26N-26P
Governance Yes – must comply in full

Yes – must comply in full, with one exception:

  • AML/CTF compliance officer doesn’t need to be a resident of Australia
  • AML/CTF compliance officer: sections 26J-26M
  • Governing body: section 26H
Customer due diligence (CDD) Yes – must comply in full

Yes – limited obligations

 

If the reporting entity achieves the high-level outcomes in the Act, this will often be sufficient under Australian law even if they haven’t followed the specific steps required under the Act

 

The reporting entity also: 

  • benefits from most deemed compliance provisions
  • may delay initial CDD if they comply with eligible foreign laws
  • will treat foreign politically exposed persons (PEPs) in their country as domestic PEPs
  • Initial CDD: sections 28(1)-(3), (6)-(8), rules 5-5(2), part 6 Division 1 and 3, 6-6(2), 6-8, 6-11, 6-15, 6-23 and 6-43
  • Alternative ID: Rules 6-10
  • Ongoing CDD: section 30(1)
  • Simplified CDD: section 31
  • Enhanced CDD: section 32

 
Reporting Yes – must comply in full

Yes – limited obligations

 

Must submit: 

  • cross-border movement (CBM) reports
  • compliance reports

 

Not required to submit:

  • international funds transfer instruction reports (IFTIs). A recipient or sender of the IFTI must be in Australia to have an IFTI obligation under section 46 of the AML/CTF Act
  • suspicious matter reports (SMR)
  • threshold transaction reports (TTR). If the service is a remittance network provider under item 32A of table 1 in section 6 SMRs and TTRs still need to be made
  • CBM reports: Part 4
  • Compliance reports: Part 3, Division 5
  • IFTI reports: Part 3, Division 4
  • SMR exemption: 
    section 42(5)
  • TTR exemption: section 44(5)
Record keeping Yes – must comply in full

Yes – limited obligations

 

Must keep records relating to:

  • AML/CTF programs
  • correspondent banking (if a financial institution)
  • active and closed ADI accounts (if an ADI)
  • Record keeping: section 116
  • Record keeping exemption: section 118(5)

 

Additional obligations apply if the entity is:

  • an ADI: sections 109 and 110
  • a financial institution: section 117
Civil penalties Yes – applies to each provision of a designated service

Yes – limited 

 

Breaches of certain AML/CTF programs and CDD obligations are calculated daily, rather than every time a designated service is provided

Penalties that are calculated daily:

  • Keeping your risk assessment up-to-date: section 26E(4)
  • Having deficient AML/CTF policies: section 26F(10)
  • Initial CDD: section 28(10)
  • Ongoing CDD: section 30(8)

Conflicts with foreign laws

This section refers to the Act section 236A and Explanatory Memorandum paragraphs 69, 159, 160, 161 and 162.

You must comply with these obligations overseas unless foreign laws prohibit it. 

If a foreign branch or subsidiary can’t comply with certain AML/CTF program or CDD obligations, you may rely on a defence from certain civil penalties. 

To use this defence, the reporting entity must:

  • notify us of the conflict before any breach occurs, using the new form (this will become available before laws start on 31 March 2026)
  • take reasonable steps to appropriately identify, assess, mitigate and manage any additional money laundering, terrorism financing or proliferation financing risks (we refer to these as ML/TF risks).

You’ll bear the legal burden of this defence. This means you’ll likely need to provide: 

  • evidence of the conflict, including evidence of the foreign law (such as cited legislation)
  • an explanation of how it conflicts with Australian AML/CTF requirements.

Penalties for overseas breaches

This section refers to the Act sections 26E(3), 26E(4), 26F(9), 26F(10), 28(9), 28(10), 30(7) and 30(8).

Penalties for breaching certain Australian AML/CTF program and CDD obligations (outlined in the table above) differ depending on whether the breach is committed in Australia or a foreign country. 

A foreign branch or subsidiary incurs a separate breach for each day the non-compliance occurs. However, a reporting entity providing a designated service in Australia incurs a separate breach for each designated service provided. This recognises that breaches overseas are likely also to attract penalties under local AML/CTF laws. 

Example: Australian bank doesn’t have policies in place

An Australian bank doesn’t have AML/CTF policies to mitigate and manage its ML/TF risks for one day after they start providing designated services. During that day, it accepts 500 deposits through a permanent establishment in Australia. 

The Australian branch commits 500 contraventions – one for each designated service provided.

The Australian bank also provides designated services at a permanent establishment in a foreign country. The foreign branch doesn’t have AML/CTF policies for one day after they start providing designated services, during which it accepts 500 deposits through the foreign branch. 

The foreign branch commits one contravention – one for each day the breach occurs.

This guidance sets out how we interpret the Act, along with associated Rules and regulations. Australian courts are ultimately responsible for interpreting these laws and determining if any provisions of these laws are contravened. 

The examples and scenarios in this guidance are meant to help explain our interpretation of these laws. They’re not exhaustive or meant to cover every possible scenario.

This guidance provides general information and isn't a substitute for legal advice. This guidance avoids legal language wherever possible and it might include generalisations about the application of the law. Some provisions of the law referred to have exceptions or important qualifications. In most cases your particular circumstances must be taken into account when determining how the law applies to you.

Last updated: 16 Oct 2025
Page ID: 1355

Was this page helpful?

Please note that feedback you provide here will be used only for the purpose of improving our website. If you have a specific question about your AML/CTF obligations, please contact us.