FAQs
The AML CTF regime is complex. For legal practitioners outside the financial sector, there is a great deal of information and new concepts to get your head around.
To assist you in enhancing your understanding of their new AML CTF obligations and the practical steps you can take towards compliance, we have developed these FAQs, which will be updated as and when we receive further developments, Rules and Guidance from AUSTRAC.
The below information is based on the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and other publicly available educational materials from government, AUSTRAC, Law Council of Australia and the law societies of other states and territories. The below is provided by way of information and for educational purposes only. It should not be relied on as a substitute for legal advice.
If you have any feedback about the AML CTF Hub or have found a resource you think would assist other practitioners, we would love to hear from you. Please email us.
Background
Why are these changes happening?
Solicitors may, whether knowingly or unknowingly, be used to assist in money laundering activities. The new Anti-Money Laundering and Counter-Terrorism Financing (AML CTF) Act aims to close the regulatory gap between Australia and other countries, aligning Australia with international standards and fulfilling its obligations under the Financial Action Task Force (FATF) — the global authority combating money laundering and terrorist financing. These reforms will enhance Australia’s AML CTF framework and help protect the community from serious and organised crime.
Australia is one of very few countries that have not yet brought lawyers into its anti-money laundering and counter terrorism financing regime despite the profession being a high-risk target for such activity.
What criminal activities is the Act trying to capture?
The reforms aim to address money laundering (ML), terrorism financing (TF) and proliferation financing (PF).
- Money laundering enables a wide range of serious crimes, such as drug trafficking, human trafficking, and acts of terrorism.
- Terrorism financing involves providing financial support for terrorist acts, individuals involved in terrorism, or terrorist operations.
- Proliferation financing refers to funding illegal activities that support the development and distribution of weapons of mass destruction.
What does money laundering involve?
Conventionally, money laundering involves three stages:
- Placement – the proceeds of crime are placed in the financial system
- Layering – transactions are disguised and distanced from the proceeds of the original crime (e.g., depositing funds in a solicitor’s trust account)
- Integration – funds are used in the legitimate economy (e.g. used to purchase property or a business seen to be from a legitimate source of funds)
However, in more recent times, an alternative model has emerged, that is:
- Enable – a service provider (e.g. law firm) is engaged to set up and administer a company on the client’s behalf (i.e. enabling the criminal to generate distance between them and the company)
- Distance – the service provider appoints a nominee director to manage company assets and beneficial ownership is obscured through the use of nominee shareholders and a deed of trust between the parties. The company instructs providers to open bank and brokerage accounts to deposit money generated from the proceeds of crime (distancing the proceeds of crime from the ultimate use of funds)
- Disguise – A provider sets up a trust for the ownership of the luxury good, administered by the company and its trustees. The trustee in turn owns a company acting as a registered owner of the luxury good (disguising the connection between the criminal and the luxury good).
For further details on these models see Levi, M. (2022). Lawyers as money laundering enablers? An evolving and contentious relationship. Global Crime, 23(2), 126–147. https://doi.org/10.1080/17440572.2022.2089122 and Financial Task Force (FATF) Financial Flows from Human Trafficking and AUSTRAC Money Laundering in Action, National Risk Assessment (2024)
What does terrorism financing involve?
There are many ways in which terrorism financing can occur. Generally, there are three stages:
- Raising funds – this could be through seemingly legitimate means (e.g. donations raised by charities and NFPs), moved in from overseas or from the proceeds of other serious crimes (e.g. drug trafficking, fraud, ransom payments etc).
- Transferring funds – funds are transferred to a terrorist network, organisation or cell. To avoid suspicion, individuals attempt to move funds overseas in a series of transactions to multiple beneficiaries in a high-risk jurisdiction. Online payment systems can be used to collect and transfer funds, while stored value, debit/credit cards can be used by individuals to access funds.
- Using funds – funds are used for a range of things required to facilitate terrorist activities (e.g. purchasing weapons, covering living expenses for a terrorist, etc).
What role will the reporting entity (including legal practices) and AUSTRAC play in the terrorism financing process when the AML CTF reforms commence?
The second stage of terrorism financing involves an individual attempting to move funds overseas in a series of transaction to multiple beneficiaries in a high-risk jurisdiction. That individual will use entities to facilitate these transactions, which, once the AML CTF regime is expanded in July 2026, will also include lawyers and other tranche II reporting entities. Those reporting entities will report such transactions to AUSTRAC and following an initial investigation, are reported to AUSTRAC as a suspicious matter report (SMR).
The third stage of terrorism financing involves transactions to use the funds to acquire items or fund expenses required to facilitate the ultimate terrorist activities. Following the SMR, AUSTRAC undertakes further analysis and reveals that other reporting entities have also reported international transfers and suspicious matters that relate to beneficiaries. AUSTRAC compiles significant information which is used by law enforcement agencies to support both the arrest and subsequent prosecution of individuals for being members of a terrorist organisation and making funds available to a terrorist organisation.
AUSTRAC has more information about the terrorism financing process in their E-learning Centre’s Introduction to Financial Crime module and on their website.
How are lawyers currently being used for money laundering and terrorism financing?
Lawyers can (and are) being used in many different ways. Practices of all sizes can be targeted. A well-publicised sophisticated example of this (reported in the UK as the Russian Laundromat case) involved criminals moving more than $20billion out of the country into Western financial systems between 2010 and 2014. Laws firm were used in this scheme to set up fake loan agreements between shell companies, use court rulings from corrupt jurisdictions to justify large fund transfers and to assist in the purchase of real estate and investments to legitimise illicit funds.
Another high-profile example is the 1MDB Scandal, which involved the theft of over USD$4billion from Malaysia’s sovereign wealth fund, which was laundered through shell companies, real estate purchases and luxury assets. Lawyers involved in this case allegedly helped set up corporate structures to move stolen funds globally, facilitated the purchase of real estate and luxury assets (including yachts) and failed to report suspicious transactions despite clear AML red flags.
Other examples include lawyers allowing client accounts to be used as bank accounts (facilitating the movement of illicit money).
Note – these examples have been sourced from Artic Intelligence.
For further information on what money laundering looks like, see LCA Case Studies, Guidance Note 4 and for terrorism financing see LCA Guidance Note 5.
Who is captured?
Who is captured by the new AML CTF obligations?
Australian lawyers and legal practices that provide specific services, known as “designated services”, will be affected. These are part of the “Tranche II” entities being brought under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). The obligations apply to the law practice as the reporting entity, not individual lawyers, although individual lawyers within the practice must comply with the practice’s AML CTF Program. Sole practitioners providing designated services are also covered. Barristers are generally excluded if providing services on instruction from a solicitor, but may be captured if they provide designated services directly.
Note – a future law compilation of the Act is available on AUSTRAC.
When will the obligations for solicitors commence?
Broadly speaking, the new obligations for solicitors and other tranche II reporting entities will commence on 1 July 2026. Only solicitors who provide designated services are captured by the reporting obligations. For solicitors who are captured by the new Act, please note that there is a considerable amount of preparatory work that will need to be undertaken in advance of formal reporting obligations commence in July 2026.
Solicitors who haven’t already should start informing themselves now.
We have outlined 10 Practical Steps to help legal practices navigate the new regime (see Complying with your AML CTF obligations for suggested dates for different stages of preparatory work and implementation). We have also compiled some useful resources together in the Resource tab.
Do all legal services trigger AML CTF obligations?
No, only the specific activities defined as “designated services” under the AML CTF Act will trigger these obligations. Many traditional legal services, unrelated to the specified services, will not be considered designated services. Law practices must carefully assess which of their services fall within the legislative definition and monitor their service delivery on an ongoing basis.
What are “designated services” for lawyers?
Designated services are specific activities identified as having higher money laundering and terrorism financing risks. For lawyers, these include services related to:
- Buying, selling, or transferring real estate.
- Buying, selling, or transferring legal entities (like companies or trusts).
- Managing client funds, accounts, securities, or other assets (excluding funds held in trust for professional fees or disbursements).
- Creating, operating, or managing legal persons or arrangements.
- Acting as or arranging for another person to act as a director, secretary, partner, trustee, or nominee shareholder, or providing a registered office.
- Certain corporate finance activities, including equity and debt financing.
Further information about this is detailed in Table 6 in section 6 of the new Act (see AUSTRAC’s Future Law Compilation).
Note – in some cases, it may be straightforward to identify a designated service. In other situations, further investigation may be needed to determine whether a particular transaction or set of transactions ultimately changes the beneficial owner of property. AUSTRAC has indicated there will be further guidance and examples provided in the guidance material (anticipated to be published in late 2025.)
In the meantime, AUSTRAC has an online tool you can use to check if you will be regulated.
Should we consider whether we should continue to provide services that will likely be “designated services”?
If your firm only carries on a few activities a year, which are “designated services”, you may find that the administration and compliance time and costs mean it is financially uncommercial to continue to carry on those activities.
Are there any exemptions for certain types of legal work or clients?
As a starting point, consider if you or your firm is providing a designated service, and so needs to be enrolled. If no designated services are provided, the regime does not apply to you.
If you are within the regime, the AML CTF Act and Rules may provide for limited exemptions or simplified client due diligence requirements in specific low-risk circumstances. For example, simplified CDD may be applicable for certain types of clients or transactions deemed low risk, as defined in the Rules. However, these are exceptions, and law practices must apply the standard risk-based approach unless a specific exemption applies. Detailed exemptions will likely be outlined in the final AML CTF Rules. Trust accounts holding funds only for professional fees/disbursements are generally outside the scope.
Complying with your new AML CTF obligations
If I am captured by the Act, what do I have to do to comply with the new AML CTF obligations?
If you are a solicitor providing a designated service, you will need to:
- Enrol with AUSTRAC
- Conduct risk assessments to identify and understand the money laundering and terrorism financing risks specific to your practice
- Carry out customer due diligence (CDD), including procedures for verifying client identity and maintaining compliance with Know Your Customer (KYC) requirements.
- Establish and maintain an AML CTF program, which outlines your approach to compliance. This program must be supported by internal policies, procedures, systems, and controls that manage risk and ensure compliance with the AML CTF Act and Rules and should include both internal compliance management policies as well as externally focused policies for mitigating and managing risk
- Provide certain reports to AUSTRAC (i.e., reporting specific transactions and suspicious activities to the relevant authorities as required by law)
- Meet record-keeping obligations to demonstrate ongoing compliance with AML/CTF requirements
We have prepared a 10 step practical guide to assist legal practitioners in Western Australia navigate their path to compliance.
Is enrolment with AUSTRAC required, and when?
Yes, if your law practice provides any designated services from 1 July 2026, it will likely be classified as a “reporting entity” and must enrol with AUSTRAC.
Some service providers may also be required to register with AUSTRAC. AUSTRAC have provided further information about this (and how to enrol) on their website.
When can I enrol with AUSTRAC?
Enrolment for Tranche II entities opens on 31 March 2026. While obligations commence on 1 July 2026, you must enrol within 28 days of commencing the provision of a designated service to avoid penalties. Early enrolment is advisable to ensure compliance from the start date.
What is an AML CTF Program, and why is it necessary?
An AML CTF Program is a mandatory documented framework outlining how your law practice will identify, mitigate, and manage its money laundering and terrorism financing (ML/TF) risks.
There are two parts to an AML CTF program:
- Part A – which must include processes and procedures to identify, mitigate and manage ML/TF risks and be subject to regular independent reviews; and
- Part B – which focuses on applicable customer identification procedures that you will use to collect information and verify the identity of customers. There are certain procedures you must include in Part B.
What procedures need to be included in Part B of the program?
Procedures which AUSTRAC have said must be included are:
- how you respond to discrepancies in customer information
- what information you collect and verify to ensure a customer is who they claim to be (and for corporate or other entity types how you go about collecting and verifying information to confirm they exist)
- how you determine if a cusomer or beneficial owner is a politically exposed person (PEP)
- how you decide when to collect additional information about a customer
What else needs to be included in an AML CTF program?
Your AML CTF program needs to include your risk assessment of your practice together with your documented policies, procedures, systems and controls for client due diligence, ongoing monitoring, reporting, record-keeping, and training. It also needs to include procedures to appoint an AML CTF compliance officer at management level to manage compliance with AML CTF obligations.
All policies have to be tied to your practice‘s risk assessment, responsive to who your clients are and what services you are providing to them.
The Program must be tailored to your specific practice’s risks. It is essential because it provides the operational procedures necessary to comply with the AML CTF Act and Rules and helps protect your firm from being exploited by criminals.
Are there different types of AML CTF programs?
AUSTRAC have indicated there are three types of AML CTF programs:
- Standard program – for individual reporting entities. Most businesses should fall into this category.
- Joint program – for members of a designated business group which allows certain groups to share an AML CTF program (i.e. piggy-backing type provisions)
- Special program – for holders of an Australian Financial Services License whose only designated service is make arrangements for customers to receive another designated service.
What does AML CTF governance oversight look like for a small practice or sole practitioner?
This question has been raised consistently by legal professional associations throughout the reform consultation process. AUSTRAC has said it’s a risk-based, scalable approach, but there are no exclusions if you are a sole trader.
There have been some changes to the requirements made based on feedback provided on behalf of legal practitioners. For example, there is no longer a requirement for an AML CTF compliance officer to report to the governing body where there is a sole practitioner. There should be further guidance about this from AUSTRAC when they release their Rules and Guidance (anticipated release date is mid-December 2025).
Risk assessment
What is ML/TF risk?
AUSTRAC considers ML/TF risk to be both the likelihood (chance) of and the impact (damage) to a business being exploited for money laundering, terrorism financing and other serious crimes. No businesses are free from ML TF risks. And no two businesses are the same. Every business (and every legal practice) will therefore have different ML/TF risks.
Even if you are managing your risk, this does not mean you are operating in a completely risk-free environment. Each business must identify the risks it may face, then implement strategies to mitigate and manage those risks. These strategies should be in proportion to the size, nature and complexity of your business and the risks it faces.
The AML CTF legislation uses a risk-based approach – what does this mean in a practical sense?
A risk-based approach is considered best practice worldwide. Under this approach, reporting entities will identify their money laundering and terrorism financing risks to assess which risks pose a greater or lesser threat and apply appropriate responses.
What does the ML/TF risk assessment involve for a law practice?
AUSTRAC have provided information about the steps in the process of conducting an ML/TF risk assessment, namely:
- Identify the risks faced by your business – Ask yourself who are your clients? What services do you provide to your clients? How do you deliver your services (e.g. over the phone, face to face, email or online?) In which countries do you provide services?
- Assess and measure the risks – Once you have identified the risks, you need to assess and measure risks to determine the risk score (i.e. assess the likelihood or chance the risk could occur against the impact or consequences to the practice/business. In other words, your risk score = likelihood x impact. Examples of impact include financial loss from crime, compromise to the safety and welfare of persons (clients, staff etc), damage to a business’s reputation and enabling crimes that cause broader impact and serious damage for the community and country.
- Apply controls – Your risk score can help you identify appropriate controls. Examples of controls include setting transaction limits, including management approval in some receipt of funds transactions, requiring additional identification and/or verification methods for certain risk scores or refusing to accept certain clients in some circumstances
- Monitor and review effectiveness – You need to regularly monitor and assess the effectiveness of your systems.
What factors are relevant to my ML/TF risk assessment?
The ML/TF risk assessment requires your practice to identify and assess the potential ML/TF risks it may face based on factors such as the types of designated services offered, the types of clients, the countries clients are from or operate in, and the delivery channels used.
Based on this assessment, you must develop appropriate controls and procedures to mitigate those risks. The assessment should be documented and updated regularly.
Some jurisdictions carry higher risks depending on whether they have a strong AML CTF framework and the geopolitical situation in the country or regions within the country (e.g. countries subject to trade sanctions, or known to be a tax haven, source of narcotics or other significant criminal activity including scams and child exploitation.
What levels of likelihood could be used in an ML/TF risk assessment?
AUSTRAC have indicated you can include as many levels as you consider necessary, noting that every business is different and you are in the best position to know how your practice could be impacted. However, as a starting point there are three levels that could be used (e.g. a traffic light system):
- Very likely – almost certain it will occur (RED)
- Likely – highly probable that it will occur (ORANGE)
- Unlikely – not likely but not impossible it will occur (GREEN)
What levels of impact could be used in an ML/TF risk assessment?
Again, while you could use as many levels as you consider necessary for your business, the three levels of a traffic light style system could be used, i.e.:
- Major – severe impact or consequence (RED)
- Moderate – moderate impact or consequence (ORANGE)
- Minor – minimal impact or consequence (GREEN)
When must an ML/TF risk assessment be reviewed?
AUSTRAC have indicated that each business’s approach must be flexible enough to adapt to changes in the risk level, informed by:
- external information – e.g. the external threat environment, information from AUSTRAC and law enforcement
- internal information – e.g. transaction monitoring program and reporting (e.g. SMRs)
- changes to service delivery – e.g. new services, new means of delivering services (technological or process changes) or changes to same
- changes to customer circumstances or profiles (e.g. change to corporate structure, customer’s beneficial owners or nature of the relationship with a customer)
AUSTRAC has more information about risk assessments on their E-Learning Centre’s module “Financial Crime,” including an interactive practical case study to guide you through the process of an ML/TF risk assessment and applying controls in response to the risk score. The information in this section of the FAQs has been adapted from AUSTRAC.
Customer due diligence
What is Customer Due Diligence (CDD)?
Customer Due Diligence (CDD) is the process of collecting information about your customers and understanding who they, their agents and ultimately any beneficial owners are. It involves understanding the nature and purpose of the business relationship or occasional transaction and assessing the ML/TF and PF risks associated with that client.
It is often referred to as Know Your Client (KYC) within the AML CTF regime and includes verification of identity for AML CTF purposes. The level of CDD required is risk-based, meaning higher-risk clients or transactions require more rigorous checks (Enhanced CDD).
Initial CDD must be conducted before providing a designated service.
How do I meet Initial CDD requirements?
Before a practice provides a designated service, it must establish on reasonable grounds the identity of the customer as well as the identity of:
- Any person on whose behalf the customer is receiving the designated service
- Any person acting on behalf of the customer and their authority to act
- The beneficial owners of the customer
The practice will also be required to identify, as part of its initial CDD requirements, whether the customer is a PEP or otherwise subject to sanctions and the nature and purpose of the customer’s business relationship with the practice.
What is Enhanced Customer Due Diligence (CDD) and when is it required?
Enhanced Customer Due Diligence (ECDD) is required when the assessed ML/TF/PF risk is higher. Situations triggering ECDD often include dealing with politically exposed persons (PEPs), clients from high-risk jurisdictions, complex or unusual transactions, or where there are doubts about the veracity of identification information.
ECDD involves taking additional steps to verify identity, understand the source of funds or wealth, and scrutinise the business relationship more closely than for standard CDD.
Further information about ECDD triggers should be in the AML CTF Rules and Guidance when it is published (anticipated release date mid-December 2025).
How do I verify a client’s identity to comply with the AML CTF framework?
Verifying a client’s identity is a key part of Customer Due Diligence. The AML CTF Rules will likely outline acceptable methods for verification. This typically involves collecting reliable and independent identification information (e.g. driver’s license, passport) and using appropriate methods to verify that information. Verification can often be done using electronic identity verification services, which are often more robust than manual processes. The specific requirements will likely be detailed in the finalised AML CTF Rules and AUSTRAC guidance.
What is Ongoing Customer Due Diligence?
Ongoing Customer Due Diligence is the process of monitoring a client’s transactions and activities throughout the business relationship to ensure consistency with your knowledge of the client and their risk profile. This helps detect suspicious activity that might not be apparent at the outset. It involves reviewing existing client information, updating risk assessments, and conducting enhanced monitoring where necessary. The frequency and intensity of ongoing CDD should be risk-based.
How do I check whether someone is a PEP or subject to sanctions?
There are several ways to screen or check whether someone is subject to sanctions. An easy starting point is a general internet and social media search of their name and any known aliases and close relationships (e.g. spouse or partner). Further, the Commonwealth Department of Foreign Affairs and Trade manages a Consolidated List of all persons and entities under Australian sanction laws.
Some practitioners and firms may use to rely on third-party service providers who undertake these screens on your behalf using databases and subscription-based services.
Reporting
What reporting obligations will lawyers have?
Law practices providing designated services likely have mandatory reporting obligations to AUSTRAC. The primary reports are:
- Suspicious Matter Reports (SMRs): Required when you form a suspicion on reasonable grounds that information you have concerns potential money laundering, terrorism financing, or other serious offences.
- Threshold Transaction Reports (TTRs): Required for physical currency transactions of $10,000 or more.
- There may also be International Funds Transfer Instructions (IFTIs) or their replacement (International Value Transfer Services – IVTS reports) in certain circumstances, though these primarily affect financial institutions.
What is a Suspicious Matter Report (SMR)?
A Suspicious Matter Report (SMR) must be submitted to AUSTRAC as soon as practicable after a law practice forms a suspicion on reasonable grounds that information it has is relevant to investigating money laundering, terrorism financing, or another serious offence. The threshold for suspicion is low. An SMR should include all relevant information supporting the suspicion. Law practices must have internal procedures for identifying and reporting suspicious matters. Discussions about legal professional privilege are ongoing between professional bodies and AUSTRAC.
How does Legal Professional Privilege (LPP) interact with these obligations?
The AML CTF Act 2006 includes provisions designed to clarify the interaction between AML CTF obligations and Legal Professional Privilege (LPP). The intent is to preserve the fundamental principles of LPP. The Act specifies that it does not require the disclosure of information or the production of a document if a person reasonably believes it is subject to LPP. However, there are complexities, particularly regarding SMRs, and ongoing discussions and guidance are aimed at providing clarity on balancing reporting requirements with LPP obligations. This has been a contentious point between the legal profession’s representative bodies and AUSTRAC.
How do I balance suspicious matter reporting obligations with my legal client’s legal privilege obligations?
This has been a major concern for the legal profession and has been raised by the Law Council of Australia on behalf of its constituent bodies many times with the Attorney-General. The profession has continued to raise concerns about this, noting that the threshold under the Solicitors’ Conduct Rules is higher than the threshold for forming a suspicion under the AML CTF Bill. It is understood that the Attorney-General has indicated an intention to abrogate confidentiality as an exception where suspicious matters arise. Further information about this will be released when it becomes available.
Record keeping
What records must be kept, and for how long?
Law practices must make and keep records relating to their AML CTF compliance. This includes records of client identification and verification, transactions (including TTRs), suspicious matter reports (copies and internal deliberations), risk assessments, and their AML CTF Program. Records must generally be kept for seven years after the relevant transaction or relationship ends, or the record is made. It is anticipated that specific record-keeping requirements will be detailed in the AML CTF Rules when they are published (anticipated release date mid-December 2025).
Roles and training
What roles are required under the AML CTF regime?
Under the AML CTF regime, a reporting entity must designate certain roles within their practice, including a senior manager and an AML CTF compliance officer (although in practice, one person can discharge both roles).
Who is the senior manager?
The senior manager must be an individual who makes, or participates in making, decisions that affect the whole or or substantial part of the business of the reporting entity. They are responsible for approving content for, and updates to, AML CTF policies and ML and TF risk assessments, as well as receipt of reports prepared as part of the required independent evaluation of AML CTF policies. They also must approve designated services to any PEPs before such services are provided.
AUSTRAC may seek a civil penalty from the reporting entity for non-compliance.
Who is the AML CTF Compliance Officer?
The AML CTF compliance officer is responsible for overseeing the development, implementation, and maintenance of the practice’s AML CTF Program and ensuring day-to-day compliance with the Act and Rules. They must be a ‘fit and proper’ person at the management level with sufficient authority, independence and access to resources and information to perform their specific functions. The AML CTF compliance officer usually sits in the client onboarding process and understands the day-to-day functions of the practice and has oversight of training.
AUSTRAC may seek a civil penalty from the reporting entity for non-compliance.
What training is needed?
Law practices must provide appropriate AML CTF training to relevant staff members. The training should be tailored to the staff member’s role and the risks they may encounter. It should cover topics such as the nature of ML and TF risks relevant to legal practice, the firm’s AML CTF Program, how to conduct client due diligence, identifying red flags for suspicious activity, internal reporting procedures, and record-keeping requirements.
Ongoing training is essential to keep staff updated. It is likely that there will be at least 3 different levels of training. The highest level of training must be provided to the AML CTF officer. Staff involved in client intake will need training in terms of procedures. All staff will need training at least in respect of red flags, and whether an existing client has become a client who requires ECDD.
What does the training obligation look like for a sole practitioner (with no employees)?
It is likely that sole practitioners will play both the role of senior manager and AML CTF compliance officer. At this stage, it is anticipated that sole practitioners will need to undertake training to make sure they are in a position to demonstrate that they know their obligations specific to each distinct role.
Regulation and non-compliance
Who regulates Australia’s AML CTF regime?
AUSTRAC (the Australian Transaction Reports and Analysis Centre) is the regulator – it has a dual role as regulator and financial intelligence unit. As a financial intelligence agency, AUSTRAC analyses financial reports and information to generate financial intelligence. AUSTRAC’s intelligence analysts then use the information to work with law enforcement and national security agencies to target money laundering, terrorism financing and other serious crimes.
Are there examples of non-compliance by lawyers in other (overseas) jurisdictions?
When comparing Australia’s AML CTF regime with other jurisdictions, it is important to keep in mind the differences that exist between the AML CTF regimes in each jurisdiction, as no two countries are the same.
With that in mind, below are some generalised examples of when lawyers in other jurisdictions have been found to have breached their respective AML CTF obligations:
- United Kingdom: A salaried partner had a relationship with a customer in which he allowed the firm’s trust account to be used for purposes unrelated to the provision by the firm of a legal service. The firm was found to have failed to have proper procedures in place and failed to ensure that proper checks were in place to mitigate against the risk of money laundering. The salaried partner who had the conduct of the file was personally fined, as was the equity partner who was found to have materially contributed to the firm’s AML failures, as they caused or allowed the funds to go to and from the firm’s client accounts.
How can I maximise compliance?
Ultimately, you need to know the risk associated with the services you are providing. It will be important to document the basis on which you made certain decisions and tie them always back to your risk-based approach.
What are the potential penalties for non-compliance?
Failure to comply with the AML CTF Act and Rules can result in significant civil and criminal penalties for both the reporting entity (the law practice) and potentially individuals involved in the contravention. Penalties can include substantial fines. AUSTRAC has a range of enforcement powers, from issuing warning letters and infringement notices to seeking civil penalty orders through the courts. Non-compliance also poses significant reputational damage risk to a law practice and increased vulnerability to money laundering and terrorism financing risks.
Preparing and implementing your AML CTF programs
When should law practices start to prepare?
There is a lot of work to be undertaken by lawyers both to prepare to develop a tailor-made AML CTF compliance program and to implement one and its supporting policies, procedures, systems and training once it is developed.
While the new AML CTF obligations don’t come into effect until 1 July 2026, it is recommended that practices start their preparation now. The Law Society has prepared a 10 Practical Steps Guide for lawyers to break down the individual steps required for compliance.
There are preliminary steps in the guide which can (and should) be undertaken now in advance of the AUSTRAC Rules and Guidance being finalised and published to ensure practitioners have the ability to prepare for compliance in time for the commencement date of 1 July 2026.
Unlike the introduction of the tranche I AML CTF reforms, most of the information lawyers will need to understand and comply with the tranche II reforms is found in the legislation. While the Rules and Guidance will aid lawyers in their understanding, it is anticipated that this will just add nuance and further context to the legislative provisions. Lawyers should not wait until the Rules and Guidance are published before commencing their steps to compliance.
Is the commencement date likely to change?
The Commonwealth Attorney-General’s Department has announced that Australia’s next mutual evaluation by the Financial Action Task Force is scheduled for 2026. The commencement date of 1 July 2026 is in the Act and was chosen with this evaluation in mind. It is highly unlikely that either the date for the evaluation or the commencement date will change, particularly noting Australia is one of the last countries to enact an AML CTF regime to comply with FATF recommendations. This is despite significant and persistent calls from advocacy bodies raising concern about the short period, and the significant body of work reporting entities will be required to do to comply with the new obligations.
What are the key steps and suggested timings for implementation?
The Law Society has developed a 10 Practical Steps Guide to assist practitioners in breaking down the steps involved towards compliance. See Complying with your AML CTF obligations.
What can I do right now?
While the AML CTF Rules and Guidance are yet to be finalised, there is a lot of preparatory work required by solicitors before they can begin to design and build their own tailor-made AML CTF program.
The best initial steps you can take include:
- Familiarise themselves with the obligations under the new Act (you will need to read the Act)
- Get to know your practice from an AML CTF risk perspective. If you haven’t already, gather data so you know (and can easily show) what services you provide, how you provide those services, to whom you provide those services and the locations you operate in
- Keep informed (i.e. subscribe to receive updates directly from AUSTRAC, CPDs and resources available through our AML CTF Hub.)
Where can I find further information, resources and guidance?
The Law Society has brought together in this AML CTF Hub useful resources, including recordings of past CPD events run internally, by the Law Council of Australia and/or law societies in other states and territories.
These resources outline what is involved in the implementation process and, in particular, the preparatory work all practices must do before they can start to design and build their own tailor-made AML CTF program.
See Resources.
How can I stay informed?
You can subscribe for updates with AUSTRAC to receive information about when to enrol and register.
We will notify members of AML CTF updates, including updates to this Hub, through Friday Facts.
