Commonwealth Act
Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth)
The AML/CTF Act sets compliance duties for reporting entities that provide designated services and face money-laundering or...
Plain-English explainers, not legal advice. Use the linked official source for section-level detail, and get advice for your situation.
Get legal helpStart here
Quick read
- AML/CTF rules are risk-system rules.
- Businesses that provide designated services need customer due diligence, risk assessments, programs, reporting, record keeping and AUSTRAC engagement.
Likely relevant if
- Financial services, lending, remittance and crypto businesses
- Accountants, lawyers, real estate and professional services preparing for expanded AML/CTF coverage
- Businesses handling high-value goods, payments or customer identity checks
Check first
- Check whether the business provides a designated service.
- Prepare and maintain a money laundering and terrorism financing risk assessment.
- Run initial and ongoing customer due diligence where required.
What happens if you get it wrong
Penalties & enforcement
AUSTRAC can take enforcement action for AML/CTF breaches, including civil penalties, infringement notices, enforceable undertakings and remedial directions. Penalties can be substantial.
Enforced by AUSTRAC
When this shows up in real life
Building a payments or crypto product
Map the services against the designated service list before launch, not after onboarding customers.
Preparing for expanded coverage
Professional services and high-value sectors should plan systems, client due diligence and staff training early if they may be captured.
Plain-English glossary
- Reporting entity
- A business or person that provides designated services and is regulated under the AML/CTF regime.
- Designated service
- A service listed in the Act that can trigger AML/CTF obligations, such as certain financial, remittance, digital currency or other regulated services.
Common questions
Does AML/CTF apply to every business?
No. It applies to reporting entities providing designated services, but the list is expanding and some business models need careful review.
Is identity verification enough?
No. Identity checks are only one part. Reporting entities also need risk assessment, policies, monitoring, reporting and records.
Related topics
How Sprintlaw can help
Update history
AML/CTF Amendment Bill added to tracker
Parliament is tracking a 2026 AML/CTF amendment Bill dealing with AUSTRAC powers, high-risk mechanisms for designated services and terrorism-financing provisions.