Tipping off

If you submit, or are required to submit a suspicious matter report (SMR), about one of your customers, you must not disclose any information about the report, except in certain limited circumstances.

This includes any information from which it could be reasonably inferred that you have submitted (or are required to submit) an SMR.

This conduct is known as ‘tipping off’, and is prohibited.

A breach of the tipping off offence provisions is a criminal offence and can result in a penalty of up to two years imprisonment, 120 penalty units, or both.

Changes to section 123 of the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (AML/CTF Act) took effect on 17 June 2021. These changes permit you to share suspicious matter reports (SMRs) and related information in a number of circumstances, including with: 

  • external auditors
  • foreign members of the same corporate or designated business group with which you have a shared customer but only if the foreign members are regulated by laws of a foreign country that give effect to some or all of the FATF recommendations. 

The information on this page includes guidance on how to apply these updated provisions.

Purpose of the tipping off offence 

The reason you can’t disclose information about an SMR to another person is to:  

  • protect the privacy and reputation of the customer who the SMR is about, including where a customer may be the victim of suspected criminal activity. This is because a suspicion in itself is not conclusive evidence that a customer is involved in wrongdoing
  • ensure that the identity of the person submitting an SMR remains confidential
  • ensure that law enforcement investigations are not affected by criminals taking additional steps to hide their activities and behaviours when they become aware that their activities led to suspicions.

SMRs are financial intelligence, and play a crucial role in identifying, detecting and disrupting serious and organised crimes. However, a suspicion in itself doesn’t mean that the customer is guilty of a criminal offence. The customer may not have engaged in any wrongdoing.

If you have submitted an SMR about a person who is, in fact, breaking the law, and they (or one of their associates) become aware of this, it could have serious consequences for any law enforcement investigation.

Managing customer relationships without tipping them off

You are not obliged to stop providing a service to a customer who is the subject of an SMR.

You do, however, need to follow your AML/CTF program’s risk-based systems and controls.  This may include temporarily not providing a service to a customer until you are satisfied they don’t pose an unacceptable level of ML/TF risk.

Conducting reasonable inquiries into customer activity that may be unusual is not by itself considered tipping off.  You must use judgment in communicating with the customer to avoid committing the tipping off offence.  See Example 1 in this guidance for illustration.

If you decide to end the business relationship, you must not tell the customer, or give the customer any information that implies you have submitted, or are required to submit, an SMR to AUSTRAC.

Where an SMR or an obligation to submit an SMR informs a risk-based decision to terminate a business relationship with a customer, you must assess the justification you can provide to the customer when ending the relationship without tipping them off.

Informing your customer that you have made a risk-based decision to terminate a business relationship is not considered tipping off, as long as your discussion doesn’t reasonably infer that you have submitted an SMR, or are required to submit an SMR to AUSTRAC. 

Enhanced customer due diligence (ECDD)

ECDD is an important part of your AML/CTF program. It gives you more information so you can address ML/TF risks posed by a customer and protect your business from criminal exploitation.

The tipping off offence is not intended to stop you from conducting ECDD on a customer once you have formed a suspicion. In most circumstances, you should be able to perform ECDD as part of your AML/CTF program without tipping off the customer.

Asking the customer for more information, including about their identity or the source or destination of their funds, is not considered ‘tipping off’ in and of itself, and can often be managed in a way that avoids tipping off. However, you should identify any risk of tipping off before performing ECDD and consider ways to manage that risk. If you consider that applying specific ECDD measures would tip off the customer, you should not perform them – but you should document the reasons for this decision.

Once you form a suspicion about a customer, be discreet when conducting ECDD. You must not disclose that you have submitted, or are obliged to submit, an SMR to AUSTRAC, or any information from which it could be reasonably inferred that you have submitted an SMR.

If carrying out some ECDD measures would likely tip off the customer, you can still perform a range of other ECDD measures, including the use of in-house or third party information sources, such as:

  • undertaking a more detailed analysis of the customer’s KYC information
  • verifying or re-verifying KYC information in accordance with Part B of your AML/CTF program, including using reliable and independent sources of information that do not require direct contact with the customer
  • undertaking more detailed analysis and monitoring of the customer’s transactions – both past and future
  • reviewing whether a transaction or particular transactions should be processed.

Related pages

The content on this website is general and is not legal advice. Before you make a decision or take a particular action based on the content on this website, you should check its accuracy, completeness, currency and relevance for your purposes. You may wish to seek independent professional advice.

Last updated: 14 Dec 2022
Page ID: 639

Was this page helpful?

Was this page helpful?
Please note that feedback you provide here will be used only for the purpose of improving our website. If you have a specific question about your AML/CTF obligations, please contact us.