Australia’s New AML/CTF Framework: Key Changes Under the 2025 Rules

Introduction: Purpose and Scope of the AML/CTF Rules 2025

The Anti Money Laundering and Counter Terrorism Financing Rules 2025 (AML/CTF Rules or 2025 Rules) mark a decisive turning point in Australia’s compliance framework. Issued under the Anti-Money Laundering and Counter Terrorism Financing 2006 (AML/CTF Act), the rules were finally signed on 29 August 2025 and will take effect from 31 March 2026. This transition period allows institutions to restructure systems, update governance practices, and prepare for expanded obligations.

Unlike earlier iterations, the 2025 Rules go beyond consolidation by extending regulatory scope. Alongside traditional reporting entities and remittance providers, the framework now directly encompasses Virtual Asset Service Providers (VASPs) and, for the first time, Real Estate transactions. They also formalise definitions of Domestic Politically Exposed Persons (PEPs), reflecting closer alignment with global best practices.

The new regime reflects AUSTRAC’s broader strategy, embedding accountability, raising compliance expectations and positioning Australia as a credible partner in the global fight against illicit finance. Far from a routine update, the Rules establish a forward-looking framework that balances regulatory strength with business adaptability.

Who All Will Be Regulated?

The AML/CTF Rules 2025 expand AUSTRAC’s authority, capturing new sectors and closing regulatory gaps. While retaining core obligations, the framework significantly broadens its scope and raises compliance expectations across diverse industries.

Current Reporting Entities

Reporting Entities remain at the centre of Australia’s AML/CTF framework. These include banks, financial institutions, and other designated service providers. While their core obligations are familiar, the 2025 Rules place sharper emphasis on governance structures and accountability mechanisms.

Domestic Politically Exposed Persons in Focus

The 2025 Rules also spell out clearer definitions for Domestic PEPs. By subjecting these clients to enhanced scrutiny, Australia strengthens its safeguards against political corruption risks and better aligns with international best practices for managing high-risk customers.

Regulation of Real Estate Dealings

One of the most notable shifts is the formal inclusion of Real Estate dealings within AML/CTF oversight. Property transactions, long recognised as attractive for illicit fund flows, now fall squarely under AUSTRAC’s remit, requiring compliance by agents, developers, and settlement professionals.

Remittance Providers and Virtual Asset Services

Remittance operators and VASPs are again in regulatory focus, reflecting the risks of fast, opaque cross-border transactions. These entities must now adopt stricter Customer Due Diligence and reinforce monitoring systems to address evolving Money Laundering threats.

Major Shifts Brought by the 2025 Framework

The AML/CTF Rules modernise Australia’s compliance framework, merging earlier obligations, bringing virtual assets and real estate under the regulations, and refining Customer Due Diligence (CDD). Collectively, these reforms strengthen governance and reflect evolving global standards in financial crime prevention.

Direct Oversight of Virtual Asset Services

VASPs are formally regulated through a new register, requiring disclosures on assets, wallets and customer channels. Programs must assess wallet types, licensing, and secure transfers, ensuring digital finance risks are addressed alongside traditional services.

Stronger AML/CTF Programs and Due Diligence

Compliance programs must now address Proliferation Financing, Targeted Sanctions, and Real Estate transactions. Refined CDD rules require deeper ownership checks, ongoing monitoring of high-risk clients, and stricter reliance provisions for third-party KYC, enhancing transparency and accountability.

Streamlined Regulatory Structure

Replacing the former framework, the 2025 Rules adopt twelve parts for clarity and accessibility. This streamlined framework reduces fragmentation, supports compliance, consistency, and provides entities until 31 March 2026 to align their systems with the updated structure.

Central Compliance Duties Under the 2025 Rules

The AML/CTF Rules establish a robust framework of compliance obligations designed to strengthen governance and accountability across Reporting Entities. The obligations are far more comprehensive than in earlier frameworks, reflecting both domestic priorities and international Financial Action Task Force (FATF) standards.

Requirements for Enrolment and Registration

All reporting entities must undergo an updated enrollment process, which captures detailed information on ownership, corporate structures, identifiers, business activities, and exposure to financial crime risks. VASPs for the first time, are required to obtain a formal registration, creating a greater transparency in relation to wallet management and delivery mechanisms.

Designing Robust AML/CTF Programs

Entities are expected to implement customised programs that directly address the risk of Money Laundering, Terrorist Financing, and Proliferation Financing. These programs must embed strong governance measures, including regular reporting from the Compliance Officer to the boards, independent reviews of effectiveness, and rigorous due diligence and training for employees.

Enhanced Customer Identification and Monitoring

The new framework expands verification obligations across individuals, corporates, trusts, and government agencies. Enhanced checks apply in high-risk contexts, including dealings with PEPs and Real Estate transactions. Entities must also conduct Ongoing Monitoring to ensure customer information remains accurate and up to date.

Obligations For Record Management

The 2025 Rules embed record-keeping as a cornerstone of compliance. Lead Entities must maintain updated registers of group membership, reliance agreements must assign clear documentation responsibilities, and entities acquiring customers from another provider must secure historical records. These requirements underpin transparency, support audits, and support investigative capacity when irregularities occur or any suspicious activity is detected.

Reporting Duties and Transaction Requirements

Obligations relating to Suspicious Matter Reports (SMRs), Threshold Transaction Reports (TTRs), and cross-border movement declarations have become more detailed and data-intensive. Transitional arrangements permit temporary reliance on earlier reporting formats, giving institutions a limited adjustment period before full compliance is enforced.

Correspondent Banking and Transfers of Value

Financial institutions are required to perform detailed due diligence before entering correspondent banking arrangements, with senior management overseeing them. Rules on transfer transparency now cover both traditional money transfers and virtual assets, requiring ordering, intermediary, and beneficiary institutions to capture and pass on complete transaction information.

Practical Challenges for Businesses

While the AML/CTF Rules 2025 establish a stronger compliance regime, they also create a far more demanding environment for businesses. Meeting these requirements need a substantial amount of investment in people, processes, and governance, technology, and skilled personnel, exposing entities to operational pressure and reputational risks.

Heavy Reporting Obligations

Reporting requirements for SMRs, TTRs, and cross-border movement disclosures now demand highly detailed data. The sheer volume increases compliance costs and data-management risks, while AUSTRAC’s public reporting of breaches exposes businesses to reputational damage if obligations are not met effectively.

Managing International and Third-Party Relationships

Relying on third parties for KYC verification or managing correspondent banking ties requires rigorous due diligence. Businesses must evaluate whether the overseas partners meet FATF standards and repeat such assessments regularly, an exercise that is resource-heavy and highly technical.

Ongoing Risk Monitoring and Assessments

Entities must maintain continuous oversight of Money Laundering or Terrorist Financing and Proliferation Financing Risks across products, delivery channels, and jurisdictions. Policies require rapid updates whenever independent reviews reveal weaknesses. For smaller institutions, this constant cycle of monitoring and adjustment can be especially burdensome.

Complex Data Collection and Verification Needs

The new framework expands CDD obligations, compelling institutions to gather detailed Know Your Customer (KYC) information across individuals, corporates, trusts, and government bodies. Providing Beneficial Ownership in layered or opaque structures is particularly difficult, especially where evidence is incomplete or subject to delayed verification.

Compliance Challenges for VASPs

VASPs encounter distinct challenges. They must identify custodial versus self-hosted wallets, confirm that controllers are properly licensed, and ensure secure handling of transaction data. The decentralised nature of Virtual Assets makes these tasks uniquely difficult.

Transparency and International Alignment

The AML/CTF Rules 2025 place a strong focus on transparency and global consistency. By mandating public disclosures, reinforcing payment traceability, and harmonising with the FATF framework, they bolster Australia’s domestic accountability while strengthening its standing in the international financial system.

Public Disclosure and Payment Transparency Measures

Listed public companies that are already bound by market disclosure rules are treated as transparent for Beneficial Ownership during CDD. In addition, the updated “Payment Transparency” obligations for Transfers of Value demand that both payer and payee information be verified and transmitted through the chain, reflecting FATF-strengthened recommendations.

Cross-Border Cooperation and Oversight Mechanisms

AUSTRAC is also empowered to share information with both domestic regulators and foreign counterparts, enhancing cooperation against financial crime. More importantly, registrations can be suspended or cancelled if providers are subject to adverse findings or sanctions, ensuring that international risks are factored into Australia’s oversight.

Alignment with FATF Global Standards

The Rules allow reliance on CDD already undertaken in FATF-compliant jurisdictions, as well as delayed verification in foreign branches where such regimes are recognised. For Virtual Asset transactions, service providers must confirm wallet controllers are licensed under laws consistent with FATF standards, otherwise services must proceed.

AUSTRAC’s Role in Promoting Openness

Under the Rules 2025, AUSTRAC must publish details from the Remittance Sector Register and the Virtual Asset Service Provider Register that are publicly accessible. This includes legal identifiers such as entity names, ABNs, registered addresses, and website domain names. Where conditions are attached to a registration, or where an entity faces suspension or cancellation, AUSTRAC is required to publish these outcomes to maintain openness.

The AML/CTF Rules 2025 represent a turning point in Australia’s approach to financial regulation. By weaving international best practices into local compliance obligations, the framework strengthens domestic safeguards while reinforcing Australia’s credibility on the global stage. Beyond meeting regulatory demands, these rules provide businesses with a chance to adopt more resilient systems, contributing to a safer and more transparent financial environment worldwide.

Key Takeaway

The AML/CTF Rules 2025 are more than just a compliance exercise; they represent a decisive recalibration of Australia’s regulatory landscape. By extending obligations to Real Estate, VASPs, and Domestic PEPs, the framework plugs long-standing gaps that criminals might have exploited. For businesses, the challenge lies in balancing the heavy operational burden of data collection, risk assessment, and reporting with the opportunity to build resilience and trust.

With the March 2026 deadline fast approaching, organisations that invest early in governance, technology and training will be better positioned not only to meet AUSTRAC’s standards but also to strengthen their competitive standing in a global marketplace where transparency and accountability increasingly define success.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.