What Businesses Need AML Compliance in Australia?

⚡ Direct Answer:  Businesses in Australia need AML compliance if they provide “designated services” under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. These businesses are classified as reporting entities and must comply with obligations regulated by AUSTRAC — including maintaining an AML/CTF program, conducting customer due diligence, and submitting required reports. From 1 July 2026, the Tranche 2 reforms will extend these obligations to professional service providers including accountants, lawyers, and real estate agents.

The Core Test: Do You Provide Designated Services?

The key question is whether your business provides one or more “designated services” with a geographical link to Australia. Designated services are listed in the AML/CTF Act and cover specific financial and related activities — not all businesses or industries are captured.

The key indicators that suggest your business may provide a designated service are:

  • Your business moves money on behalf of clients (remittance, wire transfers)
  • Your business exchanges one form of currency or value for another
  • Your business accepts deposits or provides credit
  • Your business facilitates the buying and selling of financial instruments
  • Your business operates in the gambling sector
  • Your business deals in virtual assets (cryptocurrency)
  • From 2026: your business provides certain professional services involving client funds or financial structures

Financial Sector: Currently Captured

The financial sector has been subject to AML/CTF obligations since the Act was introduced in 2006. Captured businesses include:

  • Banks, credit unions, and building societies (accepting deposits, providing credit)
  • Mortgage brokers and non-bank lenders
  • Foreign exchange businesses
  • Remittance dealers and money transfer operators
  • Stockbrokers, securities dealers, and financial advisers
  • Fund managers and superannuation fund trustees
  • Insurance companies, life insurers, and insurance intermediaries
  • Custodial and depository service providers
  • Bullion dealers
  • Pawnbrokers

Digital Currency and Fintech: Captured

The digital currency and fintech sector has been subject to AML/CTF obligations since 2018. AUSTRAC has been active in supervising this sector, with a particular focus on cryptocurrency exchange compliance.

  • Digital currency exchanges (buy, sell, or exchange cryptocurrency)
  • Virtual asset service providers
  • Platforms facilitating peer-to-peer cryptocurrency transfers for customers
  • Cryptocurrency ATM operators

The 2026 reforms will expand the categories of virtual asset services that are regulated, bringing new types of digital asset businesses into the regime for the first time.

Gambling Sector: Captured

  • Casinos (land-based and online)
  • Sports and race wagering operators
  • Lottery operators
  • Electronic gaming machine venues
  • Keno operators

Gambling businesses have specific AML/CTF obligations given the inherent cash intensity of the sector. AUSTRAC has historically identified gambling as a high-risk sector for money laundering.

Professional Service Providers: Captured from 1 July 2026

The Tranche 2 reforms represent the most significant expansion of the AML/CTF regime in Australia’s history. From 1 July 2026, the following professional service providers will be subject to AML/CTF obligations when providing certain designated services:

  • Accountants and accounting firms (for services involving client funds, trusts, company structures)
  • Lawyers and law firms (for conveyancing, trust management, and related services)
  • Conveyancers
  • Real estate agents (residential and commercial sales, leasing of high-value properties)
  • Trust and company service providers
  • Precious metals, stones, and jewellery dealers

Businesses in these sectors should begin their AML/CTF preparations now. Enrolment with AUSTRAC must be completed by 29 July 2026.

Businesses NOT Currently Required to Comply

The following types of businesses are generally not required to comply with AML/CTF obligations (unless they also provide a designated service):

  • Retailers (including high-value goods dealers, unless also dealing in bullion or precious metals from 2026)
  • General tradespeople and contractors
  • Hospitality businesses (restaurants, hotels) — unless also operating casino gaming
  • Standard professional service providers not providing designated services
  • Technology companies not facilitating payments, currency exchange, or digital assets

That said, as the regulatory perimeter continues to expand, businesses should regularly review their position — particularly as new services or business models are introduced.

How to Determine if Your Business Needs AML Compliance

  1. List all services your business currently provides to customers.
  2. Cross-reference your services against the designated services in the AML/CTF Act (Tables 1 and 2) and the new designated services from 1 July 2026.
  3. Confirm whether there is a geographical link to Australia.
  4. If you are captured, begin your AML/CTF compliance journey — enrolment, risk assessment, and program development.
  5. If you are uncertain, seek professional advice. The consequences of incorrectly concluding you are not a reporting entity can be significant.

Frequently Asked Questions

Do I need AML compliance if I’m based overseas but serve Australian customers?

Potentially yes. The geographical link test can be satisfied in various ways. If your business is carried on in Australia or provides services to Australian customers through an Australian business, you may be a reporting entity. Seek specialist advice.

Are NGOs and charities required to comply?

Charities and NGOs are generally not reporting entities unless they also provide designated financial services. However, charities handling large volumes of cash or international transfers should be mindful of financial crime risks and relevant obligations.

Does the AML Act apply to sole traders?

Yes. If a sole trader provides designated services, they are a reporting entity with the same obligations as any other business — scaled to their size and complexity.

What happens if I only provide a designated service occasionally?

The Act applies when a business “provides” a designated service — including on a one-off basis. However, AUSTRAC typically focuses its supervisory resources on businesses with higher volumes and risks. The safest approach is to seek advice and ensure you are compliant.

📣 Need help with AML/CTF compliance? 

👉 Check if your business needs AML compliance: Do I need AML?

👉 Read the complete AML guide: AML Compliance Australia – Complete Guide (2026)

👉 Contact us for a compliance assessment: contact us

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by