Main laws

Commonwealth Act

Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth)

The AML/CTF Act sets compliance duties for reporting entities that provide designated services and face money-laundering or...

In forceCommonwealth4 practical checks

Plain-English explainers, not legal advice. Use the linked official source for section-level detail, and get advice for your situation.

Get legal help

Start here

Quick read

  • AML/CTF rules are risk-system rules.
  • Businesses that provide designated services need customer due diligence, risk assessments, programs, reporting, record keeping and AUSTRAC engagement.

Likely relevant if

  • Financial services, lending, remittance and crypto businesses
  • Accountants, lawyers, real estate and professional services preparing for expanded AML/CTF coverage
  • Businesses handling high-value goods, payments or customer identity checks

Check first

  • Check whether the business provides a designated service.
  • Prepare and maintain a money laundering and terrorism financing risk assessment.
  • Run initial and ongoing customer due diligence where required.

What happens if you get it wrong

Penalties & enforcement

AUSTRAC can take enforcement action for AML/CTF breaches, including civil penalties, infringement notices, enforceable undertakings and remedial directions. Penalties can be substantial.

Enforced by AUSTRAC

When this shows up in real life

  1. Building a payments or crypto product

    Map the services against the designated service list before launch, not after onboarding customers.

  2. Preparing for expanded coverage

    Professional services and high-value sectors should plan systems, client due diligence and staff training early if they may be captured.

Plain-English glossary

Reporting entity
A business or person that provides designated services and is regulated under the AML/CTF regime.
Designated service
A service listed in the Act that can trigger AML/CTF obligations, such as certain financial, remittance, digital currency or other regulated services.

Common questions

Does AML/CTF apply to every business?

No. It applies to reporting entities providing designated services, but the list is expanding and some business models need careful review.

Is identity verification enough?

No. Identity checks are only one part. Reporting entities also need risk assessment, policies, monitoring, reporting and records.

Related topics

How Sprintlaw can help

Update history

Reviewed12 Mar 2026

AML/CTF Amendment Bill added to tracker

Parliament is tracking a 2026 AML/CTF amendment Bill dealing with AUSTRAC powers, high-risk mechanisms for designated services and terrorism-financing provisions.