Sandbox environment — test data only, not production
AML/CTF Compliance Guide

AML/CTF compliance guide for Australian businesses

From registration to annual reviews, here is every obligation Australian businesses face from 1 July 2026.

12 min readUpdated June 2026Based on AUSTRAC guidance

The compliance journey

  1. Register
  2. Program
  3. KYC
  4. Screening
  5. Reporting
  6. Training
  7. Annual review

Every obligation, step by step

What each obligation involves, why it matters and what happens if you miss it.

  1. 1
    Register with AUSTRAC
    What it involves

    Enrol before you provide any designated service, through the AUSTRAC portal.

    Why it matters

    You must be registered before you start providing services.

    If missed

    You may be providing designated services while unregistered.

  2. 2
    Write your AML/CTF Program (Part A & B)
    What it involves

    A written program tailored to your business covering risk, controls, training and review.

    Why it matters

    It shows how you manage risk and keep your business compliant.

    If missed

    You may not be able to demonstrate compliance to AUSTRAC.

  3. 3
    Customer Identification (KYC / CDD)
    What it involves

    Verify every client, identify beneficial owners and assess each client risk level.

    Why it matters

    It reduces the risk of dealing with criminals or high-risk clients.

    If missed

    You may face penalties for inadequate customer due diligence.

  4. 4
    Screen against PEP & Sanctions lists
    What it involves

    Check every client against sanctions and PEP data at onboarding and periodically.

    Why it matters

    It helps prevent money laundering and terrorist financing.

    If missed

    You may deal with sanctioned or politically exposed individuals.

  5. 5
    File reports with AUSTRAC
    What it involves

    File SMRs within 24 hours of suspicion, and TTRs within 10 business days for cash over $10,000.

    Why it matters

    Mandatory reporting helps AUSTRAC protect the financial system.

    If missed

    Late or missed reports can lead to significant civil penalties.

  6. 6
    Train your staff
    What it involves

    Make sure anyone handling designated services understands your controls and obligations.

    Why it matters

    Well-trained staff reduce risk and support a strong compliance culture.

    If missed

    Human error and gaps in knowledge increase your compliance risk.

  7. 7
    Annual report & ongoing obligations
    What it involves

    Submit an annual report, review your program independently and keep records for 7 years.

    Why it matters

    Ongoing review keeps your program effective and up to date.

    If missed

    You may fail to identify gaps in your AML/CTF controls.

Guides for your profession

The obligations are the same, but the designated services and risks differ by industry.

Up to

$33 million

per contravention for a body corporate (100,000 penalty units)

Up to

$6.6 million

per contravention for an individual (20,000 penalty units)

Calculated at

$330

per penalty unit (from 7 November 2024)

You have seen the obligations. Now simplify the work.

Generate your AML/CTF program, screen clients, file reports and stay audit ready, all from one platform.

From

$49

/month
vs $3,000 to $8,000/year for compliance consultants

This guide is based on AUSTRAC's publicly available guidance and Starter Kits. It does not constitute legal or compliance advice. We recommend consulting a licensed compliance professional for complex situations.

AML/CTF Compliance Guide for Australian Businesses | AML Mate