New AML Regulations: What Businesses Must Do Now

New AML regulations: What businesses must do now

As Australia sharpens its regulatory lens on financial crime, new anti money laundering (AML) reforms are reshaping the obligations of businesses across multiple sectors. between 2023-2024 alone, AUSTRAC received over 380,000 suspicious matter reports an all-time high that reflects both increased awareness and rising criminal sophistication. As a result, the agency has intensified its expectations around compliance, transparency, and enforcement.

Whether you’re a financial services provider, legal professional, real estate agent or high-value goods dealer, understanding these changes is critical to avoiding penalties and safeguarding your business. This guide breaks down the latest AML regulatory updates and outlines the key steps businesses must take now to ensure they meet their anti money laundering compliance requirements.

Overview of new AML regulations in Australia

AUSTRAC’s updated guidelines and compliance expectations

AUSTRAC, Australia’s financial intelligence unit, has recently updated its compliance guidance to reflect evolving threats and international standards. The updates include:

• A stronger focus on risk-based AML programs
• Heightened expectations around beneficial ownership transparency
• Expanded obligations for high-risk sectors, including crypto, remittance and legal professionals
• Increased scrutiny of customer due diligence (CDD), especially for complex or non-face-to-face transactions
• Clearer expectations for businesses to demonstrate an ongoing culture of compliance

AUSTRAC has also introduced tighter reporting deadlines and expects businesses to take a proactive approach to detecting, deterring and disrupting money laundering activities. In its public statements and regulatory actions, AUSTRAC has emphasised that passive compliance is no longer acceptable – businesses must now actively demonstrate their AML efforts through training, documented procedures and response systems.

Key industries affected by the changes

While financial institutions remain central to AML legislation, recent reforms signal a broader industry focus. Businesses increasingly under AUSTRAC’s microscope include:

• Digital currency exchanges and fintechs
• Real estate agents
• Accountants and law firms
• Dealers in high-value goods (e.g. precious metals, cars, art)

The inclusion of these sectors reflects AUSTRAC’s commitment to closing long-standing regulatory gaps. Historically, criminal actors have exploited less-regulated industries to clean illicit funds and these updates aim to mitigate that risk. If your business operates in one of these newly targeted industries, now is the time to establish or refine your AML program before enforcement actions escalate.

Safetrac’s AML training programs are designed to support businesses in meeting these evolving obligations with confidence. Our modules are regularly updated to reflect AUSTRAC’s latest expectations and include practical guidance tailored for different sectors and job roles.

Compliance obligations for businesses

Customer due diligence (CDD)

The updated regulations place greater emphasis on robust and ongoing customer due diligence. Businesses must:

• Verify customer identity using reliable, independent documentation
• Identify and verify beneficial owners of entities
• Understand the purpose and nature of the business relationship
• Apply enhanced due diligence for high-risk customers or jurisdictions
• Regularly review and update CDD information

Effective CDD is no longer a one-time process. Safetrac’s AML training modules include role-based content to help staff understand how to verify customer identities, assess ongoing risk and recognise red flags in real-world scenarios. By embedding these capabilities across your teams, you can ensure compliance and reduce the likelihood of oversight. Businesses are expected to maintain an evolving understanding of their customer’s risk profile. For example, if a low-risk customer suddenly begins transacting in high-risk jurisdictions, that change should trigger further review.

Non-compliance with CDD obligations has led to high-profile enforcement actions, including multi-million dollar fines for Australian banks. In one notable case, regulators identified serious deficiencies in CDD practices that allowed suspicious activity to go undetected for months.

Transaction monitoring and record-keeping

Monitoring customer activity is essential for detecting unusual or suspicious transactions. AUSTRAC expects businesses to:

• Implement automated or manual systems to detect anomalies
• File suspicious matter reports (SMRs) promptly
• Maintain comprehensive records of transactions and CDD for at least seven years

These systems should be tailored to your business size and service complexity. For smaller businesses, a robust manual process may suffice. For larger or higher-risk businesses, technology-driven solutions with integrated alert systems are expected.

Record-keeping isn’t just about storing documents. Safetrac’s compliance platform enables secure tracking and storage of training records, audit trails, and policy acknowledgements – ensuring you’re prepared to demonstrate compliance if AUSTRAC requests documentation. AUSTRAC may request access to logs of staff training, internal communications about suspicious activity, or system audit trails during a compliance review. Businesses must be prepared to provide these records promptly and accurately.

Risks of non-compliance

Fines, reputational damage and legal implications

Failing to comply with AML legislation carries significant consequences. In recent years:

• Westpac was fined $1.3 billion for AML/CTF breaches involving international transactions
• Crown Resorts faced scrutiny for failing to prevent money laundering through its casinos
• Smaller institutions have faced penalties and licensing restrictions for reporting failures

Beyond fines, AML breaches can erode trust with clients, investors and regulators. A single lapse can lead to public investigations, criminal prosecution and long-term reputational harm. Businesses should also be aware that directors and senior management can be held personally accountable for compliance failures. In several recent enforcement cases, AUSTRAC highlighted governance failures and a lack of training among leadership teams.

Safetrac can support organisations in mitigating these risks through intuitive dashboards and real-time tracking tools, giving compliance leaders visibility into training progress and gaps across teams. Failing to act can also result in:

• Increased scrutiny in audits or future licence renewals
• Loss of banking or supplier relationships
• Civil litigation from affected stakeholders

Immediate steps to take

Reviewing and updating AML policies

Organisations should immediately review their AML/CTF programs to ensure they reflect recent regulatory changes. Focus areas include:

• Incorporating new AUSTRAC guidance into internal procedures
• Ensuring CDD and transaction monitoring systems are risk-based and up to date
• Updating documentation to include beneficial ownership and high-risk jurisdiction checks

AML programs must be more than a policy document – they should guide behaviour across the business. Safetrac helps you convert policies into engaging, interactive training experiences that resonate with staff. Our platform also offers built-in reminders and document versioning to keep your policy framework aligned with AUSTRAC’s expectations.

Training teams and conducting risk assessments

Compliance training is not just a legal obligation; it’s a frontline defence. AUSTRAC expects organisations to educate employees regularly on:

• How to identify and report suspicious activity
• Changes in AML obligations and risk indicators
• Internal processes for SMR filing and escalation

Training should be role-specific, ongoing and trackable. Refresher training should occur at least annually or when legislation or business operations change. Managers and executives should also receive leadership-specific AML guidance.

Risk assessments should also be reviewed in light of regulatory changes to ensure they account for:

• New client segments or services
• Emerging threats such as digital currency laundering or trade-based money laundering
• Geographic risk exposure

Safetrac offers customisable AML compliance training designed to support financial services, legal firms and other high-risk sectors. Our ISO-certified platform tracks completion, automates updates and helps demonstrate a genuine culture of compliance.

Are you ready for the latest AML reforms?

AML legislation in Australia is evolving rapidly. To stay ahead, businesses need to act now – review policies, train teams and implement systems that demonstrate meaningful compliance.

Safetrac makes it easier. Our solutions cover the full compliance journey – from training development and deployment to audit-ready tracking and reporting. Whether you’re updating your AML/CTF program or building one from scratch, Safetrac’s platform offers the flexibility and support you need to stay ahead.

Explore Safetrac’s AML compliance training or contact us today to update your AML approach.