⚡ Direct Answer: AML/CTF penalties in Australia can be severe. Civil penalty amounts for individuals can reach tens of thousands of dollars per contravention, while for corporations the penalties can be calculated as a multiple of the benefit obtained or the annual turnover of the business. AUSTRAC has also pursued landmark enforcement actions resulting in billion-dollar penalties against major Australian financial institutions. Enforcement actions range from infringement notices to court-ordered penalties and external compliance auditors.
Why AML Penalties in Australia Are Significant
AUSTRAC has dramatically increased its enforcement activity over recent years. Australia has witnessed some of the largest corporate financial crime penalties in history, and AUSTRAC has made it clear that non-compliance — including inadequate risk assessments, poor customer due diligence, and failure to report suspicious matters — will be met with serious regulatory consequences.
Enforcement action is not reserved for egregious cases. AUSTRAC regularly takes action against entities with weak or poorly maintained AML/CTF programs, inadequate record keeping, or systemic failures in their reporting obligations.
Types of Civil Penalties
Under the AML/CTF Act, civil penalties can be imposed for a wide range of contraventions. The penalty units applicable to each contravention are set out in the Act, and the dollar values are updated periodically. Key penalty categories include:
- Failure to enrol or register with AUSTRAC when required
- Failure to have or comply with an AML/CTF program
- Failure to conduct customer due diligence
- Failure to submit Suspicious Matter Reports (SMRs) on time
- Failure to submit Threshold Transaction Reports (TTRs)
- Failure to submit International Funds Transfer Instructions (IFTIs)
- Failure to maintain adequate records
- Tipping off — disclosing that an SMR has been or may be submitted
- Knowingly providing false or misleading information to AUSTRAC
For body corporates, penalties are typically calculated as the greater of a fixed dollar maximum per contravention, 3 times the value of the benefit derived from the contravention, or 10% of annual turnover. This means that for large financial institutions, penalties can run into hundreds of millions or even billions of dollars.
Landmark Australian AML Enforcement Actions
To understand the real scale of AML penalties in Australia, it is instructive to look at recent enforcement actions:
- Westpac Banking Corporation (2020): AUSTRAC commenced proceedings against Westpac alleging 23 million contraventions of the AML/CTF Act. Westpac agreed to pay $1.3 billion — the largest civil penalty in Australian corporate history at the time.
- Commonwealth Bank of Australia (2018): CBA agreed to pay $700 million to resolve proceedings brought by AUSTRAC for systemic non-compliance with AML/CTF reporting and monitoring obligations.
- Bell Financial Group and other remittance providers: AUSTRAC has cancelled registrations of and taken action against numerous remittance businesses for failure to comply with registration and reporting requirements.
- Online gambling and cryptocurrency businesses: AUSTRAC has increasingly scrutinised these sectors, with several enforcement actions and compliance assessments undertaken.
Types of Enforcement Actions Available to AUSTRAC
Beyond civil penalties, AUSTRAC has a broad toolkit of enforcement options:
- Infringement notices: For less serious contraventions, AUSTRAC can issue an infringement notice requiring payment of a penalty without court proceedings.
- Compliance directions: AUSTRAC can direct a reporting entity to take specific remediation steps within a set timeframe.
- Enforceable undertakings: AUSTRAC can accept a formal undertaking from a reporting entity to remedy non-compliance. Breach of an undertaking is itself enforceable.
- External compliance auditor: AUSTRAC can require a reporting entity to engage an external auditor to assess and report on its AML/CTF compliance.
- Court-ordered penalties: AUSTRAC can commence civil penalty proceedings in the Federal Court.
- Cancellation of registration: For remittance dealers and virtual asset service providers, AUSTRAC can cancel their registration — effectively preventing them from operating.
- Criminal referrals: In cases involving deliberate non-compliance or facilitation of financial crime, AUSTRAC can refer matters to the Australian Federal Police or state police.
Common Reasons Businesses Face AML Penalties
AUSTRAC’s supervisory and enforcement activities have revealed consistent patterns in the types of failures that lead to penalties:
- Failing to recognise that a business is a reporting entity and operating without enrolling
- Having an AML/CTF program that is not tailored to the business — generic templates that do not reflect actual risks
- Inadequate or absent customer due diligence procedures, particularly for high-risk customers
- Failure to update the AML/CTF program when business circumstances change
- Not conducting periodic independent evaluations of the program
- Systematic failure to submit SMRs for suspicious activity
- Late or missing TTRs for threshold transactions
- Poor record-keeping with records that cannot be retrieved on request
- Insufficient staff training, leading to widespread non-compliance at the operational level
How to Avoid AML Penalties
- Confirm your status: Determine whether your business is a reporting entity and enrol with AUSTRAC if required.
- Develop a proper AML/CTF program: The program must be documented, approved by a senior manager, and genuinely tailored to your business’s risks.
- Complete a thorough ML/TF risk assessment: Don’t rely on generic templates. Your assessment must reflect your actual customer types, services, channels, and geographies.
- Implement robust CDD: Have clear procedures for verifying customers, conducting enhanced due diligence on high-risk clients, and monitoring ongoing relationships.
- Submit reports on time: Have systems and procedures that ensure SMRs, TTRs, and other reports are submitted within required timeframes.
- Conduct independent reviews: Schedule periodic independent evaluations of your AML/CTF program — before AUSTRAC does it for you.
- Train your staff: Ensure all relevant employees understand their AML/CTF obligations.
- Maintain your records: Keep complete, accurate, and retrievable records for at least 7 years.
Frequently Asked Questions
Can individuals (as opposed to companies) face AML penalties?
Yes. While the most prominent penalties have been against large corporations, individuals — including directors, senior managers, and compliance officers — can also face civil and criminal penalties if they are personally involved in contraventions.
Is there a minimum penalty for AML breaches?
The AML/CTF Act sets out maximum penalty amounts for each type of contravention. AUSTRAC and the courts consider factors including the seriousness of the contravention, the benefit obtained, and the entity’s compliance culture when determining penalty amounts.
What is tipping off and why is it penalised?
Tipping off refers to disclosing to a person (such as the customer) that a Suspicious Matter Report has been or may be submitted about them. This is prohibited because it could alert a suspect and compromise a law enforcement investigation. It is a separate offence from the substantive reporting obligation.
Can I self-report non-compliance to AUSTRAC?
Yes. AUSTRAC’s published guidance encourages entities to come forward and self-report compliance issues. While self-reporting does not guarantee immunity, it is a mitigating factor that AUSTRAC considers when determining enforcement responses.
📣 Need help with AML/CTF compliance?
👉 Want to avoid AML penalties? Start with a compliance assessment: contact us
👉 Read our complete AML guide: AML Compliance Australia – Complete Guide (2026)
👉 Download the AML compliance checklist: AML Compliance Checklist for Australian Businesses
👉 Find out what are the common AML mistakes businesses make