AUSTRAC privacy statement
Who we are
AUSTRAC is Australia’s anti-money laundering and counter-terrorism financing (AML/CTF) regulator and Financial Intelligence Unit (FIU).
What we do
AUSTRAC regulates entities that have obligations under the Anti-Money Laundering and Counter Terrorism-Financing Act (AML/CTF Act) and Financial Transactions Report Act 1988 (FTR Act). These entities include remittance service providers, digital currency exchange providers, financial services providers, the gambling industry, bullion dealers, and motor vehicle dealers that act as insurers or insurance intermediaries.
AUSTRAC operates under several pieces of legislation in performing our functions. In addition to the AML/CTF Act and the FTR Act, the relevant legislation include:
- Anti-Money Laundering and Counter Terrorism-Financing Rules Instrument 2007 (No.1) (AML/CTF Rules)
- Australian Transaction Reports and Analysis Centre Industry Contribution Act 2011
- Australian Transaction Reports and Analysis Centre Industry Contribution (Collection) Act 2011
- Financial Management and Accountability Act 1997 (FMA Act)
- Freedom of Information Act 1982
- Public Service Act 1999
- Public Governance, Performance and Accountability Act 2013 (PGPA Act)
To ensure we protect the privacy of your personal information, AUSTRAC adheres to the Privacy Act 1988.
What is the Privacy Act
AUSTRAC ensures that any personal information we collect is dealt with responsibly and respectfully. The Australian Privacy Principles, set out in Schedule 1 of the Privacy Act, set out 13 binding principles that govern the way AUSTRAC collects, stores, uses, and discloses your personal information.
The Privacy Act gives you rights in relation to your personal information, such as:
- ensuring your information is only collected for lawful purposes
- ensuring that we have processes in place to protect your information from misuse or interference
- ensuring we tell you why (generally) we are collecting your information and what information we are collecting, and
- ensuring that we provide an avenue for you to access your information, and to correct any incorrect information if necessary.
What is personal information
The Privacy Act defines personal information as ‘information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.’
AUSTRAC collects personal information, including, where necessary, personal information that is ‘sensitive information’. Sensitive information is defined by the Privacy Act, and includes the following categories:
- criminal record
- racial or ethnic origin
- religious beliefs or affiliations
- biometric information
- health information
- sexual orientation or practices.
What we collect and why is it collected
There are two types of personal information that AUSTRAC collects: information we are required to collect by law, and information we are authorised to collect.
The AML/CTF Act requires reporting entities to provide certain information to AUSTRAC. Reporting entities include remittance service providers, digital currency exchange providers, financial services providers, the gambling industry, and bullion dealers. These reporting entities are required by law to provide reports of certain transactions, such as:
- threshold transactions: transactions involving transfer of physical currency of $10,000 or more;
- international funds transfer instructions: instructions for the transfer of funds or property into or out of Australia.
In addition, reporting entities are required to submit reports of suspicious matters where the reporting entity suspects on reasonable grounds that the information may be relevant to tax evasion or investigation of an offence etc.
The personal information that reporting entities provide includes their customer’s name, date of birth, residential address and bank account details. This information is collected by AUSTRAC as part of the reporting entities’ reporting obligations.
AUSTRAC also collects information from other Commonwealth, State and Territory agencies where the collection would be authorised in the circumstances. Read more about AUSTRAC’s partner agencies.
AUSTRAC is also authorised to collect information from the public directly in relation to preventing crime. This can be in the form of community information or other direct collection from the public. The information collected may include personal or sensitive information.
In each case, the information collected is known as ‘AUSTRAC information’.
The primary purpose of AUSTRAC collecting personal information is to carry out its functions or activities associated with the AML/CTF Act.
Security of information
AUSTRAC employs appropriate technical, administrative, and physical procedures to protect personal information from unauthorised disclosure, loss, misuse, or alteration, pursuant to the Privacy Act.
AUSTRAC applies safeguards to ensure that the confidentiality and integrity of the information collected so that:
- only authorised people, using approved processes, may access information collected
- information collected is only used for its official purpose, retains its content integrity, and is available to satisfy operational requirements, and
- information is classified and labelled as required.
All information created, stored, processed, or transmitted in or over government information and communication technology (ICT) systems is properly managed and protected throughout all phases of a systems life cycle.
What we do with collected information
Information collected by AUSTRAC is classified as ‘AUSTRAC information’ and may only be used by or disclosed as permitted by the AML/CTF Act.
AUSTRAC works with a number of partners in Australia, including other government departments and law enforcement agencies, in order to fight financial and other serious crime, particularly money laundering and terrorism financing. In order to carry out our functions, we may share your information with our partner agencies. Information sharing between AUSTRAC and its partner agencies is governed by law. The partner agencies with which we share information are also required by the Privacy Act to protect your privacy.
Where necessary, we may also share your information with overseas governments and agencies. This sharing of information overseas is also governed by legislation, with the relevant process reflected in agreements between countries.
Information provided to AUSTRAC in accordance with the AML/CTF Act will be used for the primary purpose of its collection. The Privacy Act also authorises information to be used for a secondary purpose in some circumstances. AUSTRAC will consider your privacy when deciding whether to use your information for a secondary purpose.
AUSTRAC retains financial records for a set period of time as required by the Archives Act 1983. After that retention period, we may destroy your information securely and permanently at our discretion.
Your access to information
There are a number of actions that you can take in relation to accessing your personal information held by AUSTRAC. You can:
- access your information under the Privacy Act (although this is usually facilitated in practice through making a FOI request)
- correct any of your information that is incorrect, outdated or misleading
- make a complaint if you feel that your privacy has not been adequately protected.
You can find out more about AUSTRAC’s FOI policies and procedures, and you can contact AUSTRAC at:
Privacy and Information Access Team
PO Box 5516
West Chatswood NSW 1515
Ph: 02 6120 2631
The content on this website is general and is not legal advice. Before you make a decision or take a particular action based on the content on this website, you should check its accuracy, completeness, currency and relevance for your purposes. You may wish to seek independent professional advice.