Sign up today — FREE access until 1 July 2026. No credit card required.
    ComplyReady
    FeaturesPricingBlogFAQContactGet Started
    Back to Blog
    austrac
    5 min read

    AUSTRAC Compliance: What Every Australian Business Must Know

    ComplyReady Team|2 April 2026

    If you run a business that provides designated services in Australia, AUSTRAC compliance is not something you can afford to ignore. With enforcement activity increasing and the Tranche 2 reforms expanding the list of regulated businesses, understanding what AUSTRAC expects from you is essential. This guide breaks down the AUSTRAC compliance framework in plain language.

    What Is AUSTRAC?

    AUSTRAC stands for the Australian Transaction Reports and Analysis Centre. It is Australia's financial intelligence agency and the regulator responsible for administering the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (the AML/CTF Act).

    AUSTRAC has a dual role. It collects financial transaction data from reporting entities and analyses it to produce intelligence for law enforcement and national security agencies. It also acts as the regulator, setting compliance standards and taking enforcement action against businesses that fail to meet their obligations.

    Why AUSTRAC Compliance Matters

    Money laundering is estimated to cost the Australian economy billions of dollars each year. It enables serious criminal activity — including drug trafficking, fraud, tax evasion, and terrorism financing. AUSTRAC compliance exists to disrupt this. Beyond the public interest argument, non-compliance exposes your business to substantial penalties, reputational damage, and potential criminal liability.

    Who Must Register With AUSTRAC?

    Any business that provides a designated service under the AML/CTF Act must enrol with AUSTRAC. Designated services include financial services, gambling services, bullion dealing, remittance services, and digital currency exchanges.

    The Tranche 2 Expansion

    From 1 July 2026, the following professions must also enrol with AUSTRAC:

    • Real estate agents — Buying and selling real property
    • Accountants — Managing client funds, forming entities, and providing certain advisory services
    • Lawyers — Conveyancing, company formation, trust work, and handling client money
    • Conveyancers — Property transfer services

    If your profession is on this list, you must be enrolled and have a compliant AML/CTF program in place before providing any designated service.

    The AUSTRAC Compliance Framework

    AUSTRAC compliance is built around five interconnected components.

    1. AML/CTF Program

    Every reporting entity must have a written AML/CTF program including:

    • Part A: General compliance — Your risk-based approach, governance structures, the compliance officer role, employee screening, and oversight arrangements
    • Part B: Customer identification — Procedures for verifying the identity of customers

    Your program must be approved by a senior manager or board member and reviewed regularly.

    2. Customer Due Diligence (CDD)

    CDD is the process of identifying your customers and understanding the nature of their relationship with you. AUSTRAC requires you to collect identifying information, verify it against reliable sources, identify beneficial owners, assess risk, and apply enhanced due diligence for higher-risk customers including politically exposed persons (PEPs).

    CDD must be completed before you provide a designated service and is an ongoing obligation throughout the business relationship.

    3. Transaction Monitoring

    You must monitor your customers' transactions for indicators of money laundering or terrorism financing. For smaller businesses, a documented manual process can be sufficient. Watch for transactions that are unusually large or complex, activity with no apparent legitimate purpose, transactions involving high-risk jurisdictions, and attempts to structure transactions to avoid reporting thresholds.

    4. Reporting Obligations

    When monitoring identifies something suspicious, you must report to AUSTRAC:

    • Suspicious Matter Reports (SMRs) — Within 24 hours for terrorism financing matters, or 3 business days for all other suspicions
    • Threshold Transaction Reports (TTRs) — For cash transactions of $10,000 or more, within 10 business days
    • International Funds Transfer Instructions (IFTIs) — For international electronic funds transfers

    Failure to submit a required report is a serious contravention. In the case of SMRs, it can constitute a criminal offence.

    5. Record Keeping

    All AML/CTF records must be retained for a minimum of seven years, including customer identification records, transaction records, copies of reports, your AML/CTF program, risk assessments, and training records. Records must be accessible and producible in a readable format.

    AUSTRAC's Enforcement Powers

    AUSTRAC has a range of enforcement tools, from compliance assessments and infringement notices to remedial directions and enforceable undertakings.

    Penalties

    The penalties under the AML/CTF Act are significant:

    • Civil penalties of up to $25.2 million per contravention for body corporates
    • Civil penalties of up to $5.04 million per contravention for individuals
    • Criminal penalties for serious offences, including failure to report suspicious matters

    AUSTRAC pursues enforcement against businesses of all sizes. The $1.3 billion penalty imposed on Westpac in 2020 remains the largest civil penalty in Australian corporate history. CBA, Tabcorp, and Crown Resorts have also faced major enforcement outcomes.

    Practical Steps to Achieve AUSTRAC Compliance

    If you are new to the framework, here is how to approach it:

    1. Confirm your obligations — Determine whether your services are designated services
    2. Enrol with AUSTRAC — Register through the AUSTRAC Online portal
    3. Appoint an AML/CTF compliance officer — For sole practitioners, this may be yourself
    4. Conduct a risk assessment — Document the ML/TF risks specific to your business
    5. Develop your AML/CTF program — Build a program addressing your identified risks
    6. Implement CDD processes — Set up customer identity verification, beneficial ownership identification, and enhanced due diligence
    7. Establish monitoring and reporting — Put processes in place for suspicious matters and threshold transactions
    8. Train your staff — Ensure all relevant employees understand their obligations
    9. Set up record keeping — Implement secure storage meeting the seven-year retention requirement

    Get AUSTRAC Compliant With Confidence

    Navigating the AUSTRAC compliance framework can feel daunting, especially if your profession has never dealt with AML regulation before. ComplyReady is purpose-built for businesses affected by the Tranche 2 reforms. From guided risk assessments and AML/CTF program generation to customer due diligence and staff training, ComplyReady gives you everything you need to achieve and maintain AUSTRAC compliance — without the steep consulting fees. Start your compliance journey today.

    Ready to get AML/CTF compliant?

    ComplyReady helps Australian businesses build their AML/CTF compliance program in hours, not months.

    Get Started
    ComplyReady

    AML/CTF compliance software built for Australian professional services. Helping real estate agents, lawyers, accountants and conveyancers meet their obligations under the amended AML/CTF Act.

    Product

    • Program Builder
    • Risk Assessment
    • CDD Records
    • Training
    • AI Assistant

    Industries

    • Real Estate
    • Accountants
    • Lawyers
    • Conveyancers

    Free Tools

    • Readiness Check
    • Penalty Calculator
    • Compliance Calendar
    • Enrolment Guide
    • Blog
    AUSTRAC AlignedAustralian MadeISO 27001 Pending
    © 2026 ComplyReady. All rights reserved.Made in Australia