The Australian Transaction Reports and Analysis Centre (AUSTRAC) is Australia's financial intelligence agency and AML/CTF regulator. Under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), reporting entities - including financial services licensees, banks, remittance providers, digital currency exchange providers, and gambling service providers - must comply with comprehensive obligations designed to detect, deter, and disrupt money laundering, terrorism financing, and other serious financial crimes.

The AML/CTF framework has been subject to significant reform. The AML/CTF Amendment Act 2024 expanded the regime to cover additional sectors (often referred to as "Tranche 2") including real estate agents, lawyers, accountants, and trust and company service providers. For entities already within the regime, the reforms have also strengthened existing obligations around customer due diligence, beneficial ownership transparency, and transaction monitoring. All reporting entities must ensure their AML/CTF programs reflect the current legislative requirements.

Non-compliance with AML/CTF obligations carries severe consequences. AUSTRAC has enforcement powers including civil penalties (up to $22.2 million per contravention for bodies corporate), enforceable undertakings, remedial directions, and registration cancellation. The Westpac ($1.3 billion) and Crown ($450 million) enforcement outcomes demonstrate that AUSTRAC will pursue substantial penalties for systemic compliance failures.

Every reporting entity must develop and maintain a written AML/CTF program. The program has two parts. Part A covers customer identification and verification (Know Your Customer), ongoing customer due diligence, and the processes for identifying and managing money laundering and terrorism financing risk. Part B covers employee due diligence, including screening processes for employees who handle relevant services.

The AML/CTF program must be risk-based, meaning it must identify, assess, and document the ML/TF risks specific to the business and implement controls proportionate to those risks. The program must be approved by a senior manager or board, and compliance officers must be appointed. The program must also include provisions for independent review at least every three years, staff training, and record-keeping.

Customer Due Diligence (CDD) is the cornerstone of AML/CTF compliance. Reporting entities must verify the identity of customers before providing a designated service, using reliable and independent documentation or electronic data. For individual customers, this typically means verifying identity through government-issued documents. For corporate and trust customers, it includes identifying and verifying beneficial owners - the natural persons who ultimately own or control the entity.

The 2024 amendments have strengthened beneficial ownership transparency requirements, aligning Australia more closely with Financial Action Task Force (FATF) recommendations. Reporting entities must now take reasonable steps to identify and verify the identity of each beneficial owner who holds 25 per cent or more ownership interest, or who exercises significant control. Enhanced customer due diligence is required for higher-risk customers, including politically exposed persons (PEPs), customers from high-risk jurisdictions, and complex ownership structures.

Reporting entities have three core reporting obligations to AUSTRAC. Suspicious Matter Reports (SMRs) must be submitted when the entity forms a suspicion (on reasonable grounds) that a transaction or matter may be related to money laundering, terrorism financing, tax evasion, or any other serious offence. SMRs must be submitted within prescribed timeframes: 24 hours for terrorism financing suspicions, and three business days for other suspicious matters.

Threshold Transaction Reports (TTRs) must be submitted for all cash transactions of $10,000 or more (or foreign currency equivalent). TTRs must be lodged within 10 business days. International Funds Transfer Instructions (IFTIs) must be reported for all transfers of funds into or out of Australia. IFTIs must be lodged within 10 business days of sending or receiving the instruction. Failure to lodge any of these reports can constitute a separate contravention for each unreported transaction.

FormaOS provides financial services organisations with a compliance operating system that maps AML/CTF obligations to controls, tracks program currency, manages independent review schedules, and maintains evidence of CDD processes and reporting compliance. This enables organisations to demonstrate to AUSTRAC that their AML/CTF program is not just a document but a living, operational system.