Photo by PlaceboPill
The 2026 AML/CTF Reform Act represents the biggest shake-up to Australia's money laundering laws in nearly two decades. If you're running a remittance business, these changes will fundamentally alter how you verify customers, monitor transactions, and structure your compliance programme.
The reforms introduce simplified customer due diligence for low-risk scenarios, expand the travel rule to all international transfers, and require you to appoint a registered compliance officer by 30 May 2026. While some changes offer relief for smaller operators, others — like the new tipping-off provisions — carry serious criminal penalties for non-compliance.
Key Takeaways
- Compliance officer registration deadline: 30 May 2026 — notify AUSTRAC or face penalties up to $5.5 million
- 3-year CDD transition: Choose between old rules until 2029 or adopt new simplified/enhanced CDD immediately
- Travel rule expansion: All international transfers must include originator and beneficiary details from 31 March 2025
- Simplified CDD thresholds: Occasional transactions under $5,000 may qualify for reduced verification
- Criminal penalties increased: Tipping-off offences now carry up to 2 years imprisonment
Timeline: When Each Reform Takes Effect
The reforms don't hit all at once. Here's your compliance calendar:
| Date | Requirement | Action Needed |
|---|---|---|
| 31 March 2025 | Travel rule expansion | Update systems to capture/transmit full originator and beneficiary data |
| 30 May 2026 | Compliance officer notification | Register your AML/CTF compliance officer with AUSTRAC |
| 1 July 2026 | Tranche 2 entities join regime | Prepare for lawyers/accountants as new reporting entities |
| 31 March 2029 | CDD transition ends | All entities must use new CDD rules |
The New Customer Due Diligence Framework
The reformed CDD framework replaces the prescriptive "tick-box" approach with risk-based flexibility. You now have three paths:
Simplified CDD (New Option)
For the first time, Australian law explicitly allows simplified verification for genuinely low-risk scenarios:
- Threshold: Occasional transactions under $5,000
- Requirements: Name and either date of birth OR address
- Verification: Can rely on customer declaration (no documents needed)
- Restrictions: Not available for correspondent banking, PEPs, or high-risk countries
Example: A customer sending $500 to family in New Zealand monthly could qualify for simplified CDD if your risk assessment supports it.
Standard CDD (Reformed)
The baseline requirements now include:
- Full name, date of birth, and residential address
- Verification from reliable and independent sources (undefined — you decide what's appropriate)
- Beneficial ownership for corporate customers (25% threshold)
- Purpose and nature of business relationship
Enhanced CDD (Expanded)
High-risk scenarios trigger additional requirements:
- Source of funds/wealth verification
- Senior management approval
- Enhanced ongoing monitoring
- New: Adverse media screening for PEPs and sanctions
The key change? AUSTRAC no longer prescribes exact documents. Your AML/CTF program must justify why your chosen methods are appropriate for your risk profile.
Travel Rule: Full Data or No Transfer
From 31 March 2025, every international wire transfer must include:
Originator (sender) information:
- Full name
- Account number or unique reference
- Either: (a) address, (b) customer ID + date/place of birth, or (c) national identity number
Beneficiary (recipient) information:
- Name
- Account number
This applies to all amounts — the previous $1,000 threshold is gone. Non-compliance risks:
- Civil penalties: Up to $27.5 million for bodies corporate
- Transaction blocking: Receiving institutions must reject incomplete transfers
- Reputation damage: Banks may terminate your correspondent relationships
Implementation Challenges
Smaller MTOs face particular hurdles:
- Legacy systems: Many platforms can't capture structured beneficiary data
- Partner readiness: Your overseas agents may lack compatible systems
- Data quality: Customer-provided beneficiary details are often incomplete
Practical tip: Start testing data collection now. Run parallel processes to identify gaps before the deadline.
Compliance Officer Registration: No More Anonymous Roles
By 30 May 2026, you must notify AUSTRAC of your designated AML/CTF compliance officer. This person:
- Must be sufficiently senior to ensure compliance
- Cannot be outsourced (must be an employee or director)
- Becomes personally accountable for programme failures
- Must be contactable by AUSTRAC during business hours
The notification requires:
- Full name and position title
- Direct contact details (phone and email)
- Confirmation of their seniority and accountability
Warning: Failing to notify by the deadline attracts penalties up to $5.5 million. This isn't optional — even sole traders must designate themselves.
Tipping Off: The Offence That Can Land You in Prison
The reformed tipping-off provisions are perhaps the most dangerous change for front-line staff. From March 2025:
What's prohibited:
- Telling a customer you've submitted an SMR (suspicious matter report)
- Revealing that AUSTRAC is investigating them
- Disclosing information that could prejudice an investigation
What's allowed:
- General discussions about compliance requirements
- Explaining why you need additional documentation
- Internal discussions with staff for compliance purposes
Penalties: Up to 2 years imprisonment and/or $27,500 for individuals
Example scenario: A customer asks, "Why is my transfer delayed? Is there a problem?" You can say, "We're conducting routine compliance checks." You cannot say, "We've flagged this as suspicious."
Beneficial Ownership: The 25% Rule Gets Teeth
Corporate customers now face stricter scrutiny:
- Threshold remains 25% for identifying beneficial owners
- New: You must take "reasonable steps" to verify ownership
- New: Trusts require identification of all trustees, beneficiaries, and controllers
- New: Annual review requirement for high-risk corporate relationships
For remittance dealing with small business customers, this means:
- Company extracts are no longer sufficient
- You need declarations from directors about true ownership
- Complex structures require professional verification
Impact on Correspondent Banking Relationships
The reforms explicitly strengthen correspondent banking due diligence. Your banking partners will demand:
- Evidence of your reformed compliance programme
- Proof of compliance officer registration
- Detailed customer risk profiling data
- Transaction monitoring statistics
Banks are already tightening relationships ahead of the reforms. If you haven't updated your programme by late 2025, expect account closures.
Sector-Specific Guidance for Remittance
AUSTRAC has promised targeted guidance for remittance providers by December 2025, expected to cover:
- Risk indicators specific to informal value transfer
- Simplified CDD applicability for migrant remittances
- Travel rule implementation for cash-based corridors
- Enhanced monitoring for high-risk corridors
Preparing Your Business: A Practical Checklist
Immediate Actions (By June 2025)
- Audit current programme: Identify gaps against new requirements
- Designate compliance officer: Ensure they understand personal liability
- Review IT systems: Can they capture travel rule data?
- Train all staff: Focus on tipping-off and CDD changes
Medium-term (By December 2025)
- Decide on CDD transition: Early adoption or wait until 2029?
- Update customer forms: Capture all required data fields
- Test travel rule compliance: Run pilot transfers with full data
- Document risk methodology: Justify your CDD approach
Pre-deadline (By March 2026)
- Submit compliance officer notification: Don't leave this until May
- Full system cutover: Travel rule must be operational
- Update all procedures: Reflect new requirements
- Obtain board sign-off: Document governance approval
Cost Implications: Budget for Compliance
Based on industry feedback, expect these costs:
| Item | Small MTO (<1000 monthly transactions) | Medium MTO (1000-10,000) | Large MTO (10,000+) |
|---|---|---|---|
| System upgrades | $15,000-30,000 | $50,000-150,000 | $200,000+ |
| Legal review | $5,000-10,000 | $15,000-25,000 | $30,000+ |
| Training | $2,000-5,000 | $10,000-20,000 | $25,000+ |
| Ongoing compliance | $20,000/year | $60,000/year | $150,000+/year |
Special Considerations for Cash-Based Remittance
Cash-intensive operations face unique challenges:
- Enhanced scrutiny: AUSTRAC specifically targets cash in their 2025-26 priorities
- Simplified CDD limitations: Cash transactions rarely qualify for reduced verification
- Travel rule complexity: Capturing sender details at agent locations
- Banking pressure: Expect increased de-banking risk
Consider pivoting to digital channels or partnering with established platforms to reduce compliance burden.
What Happens If You Don't Comply?
AUSTRAC has signalled aggressive enforcement:
- Civil penalty proceedings: Public enforcement actions for systemic failures
- Registration reviews: "Use it or lose it" approach to inactive registrations
- Criminal prosecutions: For serious breaches, especially tipping off
- Enforceable undertakings: Mandatory business improvements at your cost
The days of "flying under the radar" are over. AUSTRAC's data-matching capabilities mean non-compliance will be detected.
The Opportunity Hidden in Reform
While compliance costs are significant, the reforms create competitive advantages for prepared operators:
- Simplified CDD reduces onboarding friction for genuine customers
- Risk-based approach allows innovation in verification methods
- Clearer rules reduce uncertainty and defensive over-compliance
- Level playing field as cowboys are forced out
Operators who embrace the changes early will capture market share from those who delay or exit.
Next Steps and Resources
The clock is ticking. Start with these actions:
- Download AUSTRAC's reform guidance from their website
- Review your current AML/CTF program against new requirements
- Consult a specialist lawyer for programme updates
- Contact your banking partners about their expectations
- Subscribe to our newsletter for ongoing updates and practical guides
The 2026 reforms will separate professional remittance operators from amateurs. By preparing now, you ensure your business survives and thrives in the new regulatory environment.
Frequently Asked Questions
Can I keep using my current AML/CTF programme until 2029?
Yes, for customer due diligence requirements only. You can continue using existing CDD rules during the three-year transition period ending 31 March 2029. However, all other reforms (travel rule, compliance officer registration, tipping off) take effect on their specified dates regardless of which CDD approach you choose.
What if my overseas partners can't provide travel rule data?
You face a difficult choice: either refuse the transfer or risk non-compliance. AUSTRAC expects you to work with partners to ensure data completeness. Consider requiring contractual commitments from agents or switching to partners with compatible systems. The receiving institution may reject incomplete transfers anyway.
Does simplified CDD apply to regular remittance customers?
Generally no. Simplified CDD is designed for "occasional transactions" under $5,000. Regular remittance customers establish an ongoing business relationship, requiring standard CDD. However, you might use simplified CDD for genuine one-off transfers like emergency family support, subject to your risk assessment.
How detailed must my source of wealth checks be?
The reformed Act doesn't prescribe specific requirements — it depends on risk. For a nurse sending $500 monthly to the Philippines, payslips might suffice. For a customer transferring $50,000 to a high-risk jurisdiction, you might need tax returns, bank statements, and employment verification. Document your risk-based reasoning.
Can I outsource the compliance officer role?
No. The compliance officer must be an employee or director of your organisation. You can use external consultants for advice and programme development, but the designated officer must be internal and "sufficiently senior" to ensure compliance. Sole traders must designate themselves.
What happens to existing customers when I switch to new CDD rules?
AUSTRAC expects a risk-based approach to remediation. You don't need to immediately re-verify all existing customers, but should prioritise high-risk relationships and update records at trigger events (changes to customer details, unusual transactions, periodic reviews). Document your remediation plan.
