Last reviewed: May 2026 | Autonomous Sanctions Act
Penalties Due Diligence Defence
- The Autonomous Sanctions Act 2011 (Cth) is Australia’s primary enabling legislation for
domestic (autonomous) sanctions that operate independently of UN Security Council resolutions. - The Act creates two core criminal offences: dealing with a designated person’s assets (s.15) and
providing a sanctioned service to or for the benefit of a designated person (s.16). Both are strict liability
offences with a due diligence defence. - Maximum criminal penalty: 10 years’ imprisonment for individuals; substantial civil
penalties also apply. - The due diligence defence under s.17 is available if you took reasonable precautions and
exercised due diligence to avoid the contravention. Documented, systematic compliance procedures are essential
to establish this defence. - Separately, the Charter of the United Nations Act 1945 (Cth) implements UN-mandated sanctions and
carries similar offence and penalty structures.
Overview: Australia’s Dual Sanctions Framework
Australia operates a dual-track sanctions framework. The two legislative pillars are:
- The Autonomous Sanctions Act 2011 (Cth) — which enables Australia to impose and enforce
sanctions entirely of its own initiative, without requiring a UN Security Council resolution; and - The Charter of the United Nations Act 1945 (Cth) — which provides the domestic legal mechanism
for implementing sanctions mandated by the UN Security Council (e.g., DPRK, ISIL/Al-Qaida, residual Iran
measures).
This article focuses on the Autonomous Sanctions Act 2011, which underpins Australia’s most significant
current sanctions regimes — notably the Russia, Myanmar, Belarus, and autonomous Iran measures. The Charter
of the United Nations Act is addressed in the companion article on Counter-Terrorism and UN Sanctions.
The Autonomous Sanctions Act 2011: Structure
Part 1 — Preliminary
Sets out the Act’s objects (implementing Australia’s international obligations and foreign policy
positions) and key definitions, including “asset,” “deal with,” “designated
person or entity,” and “sanctioned service.”
Part 2 — Autonomous Sanctions
The operative part of the Act. Key provisions:
- Section 10 — empowers the Minister for Foreign Affairs to declare persons or entities as
“designated” for sanctions purposes, and to impose travel bans on designated persons; - Section 15 — the primary asset-dealing offence (see below);
- Section 16 — the sanctioned services offence (see below);
- Section 17 — the due diligence defence; and
- Section 18 — the permit (licence) mechanism, enabling DFAT to authorise
otherwise-prohibited conduct in specified circumstances.
Part 3 — Enforcement
Provides inspection and monitoring powers exercisable by authorised officers, and sets out enforcement mechanisms
including civil penalties and injunctions.
The Core Offences
Section 15: Dealing with Designated Person’s Assets
Section 15 makes it a criminal offence to directly or indirectly:
- Make an asset available to a designated person or entity;
- Make an asset available for the benefit of a designated person or entity (including indirectly, through an
intermediary); - Use an asset that is owned or controlled by a designated person or entity; or
- Deal with such an asset in any way — including converting, transferring, exchanging, or disposing of it.
An “asset” is defined broadly: it includes money, financial instruments, funds (in any currency),
property and property rights, and any other thing of economic value. Physical currency exchanged at a foreign
exchange counter is an asset for this purpose.
Section 16: Providing a Sanctioned Service
Section 16 makes it a separate criminal offence to provide a “sanctioned service” to, or for the
benefit of, a designated person. “Sanctioned service” is defined in the Autonomous Sanctions
Regulations 2011 and includes financial services (including banking, lending, insurance, and foreign
exchange), as well as other service categories specified for particular regimes (e.g., legal or accountancy services
in certain contexts).
The Facilitation Extension
Both offences extend to facilitating conduct that would itself be prohibited. A financial institution that assists
a third party to execute a transaction with a designated person — even if the institution does not itself
directly deal with the designated person — may commit the facilitation variant of the offence. Correspondent
banking intermediaries are particularly exposed to facilitation risk.
Penalties
| Offence | Individual (Criminal) | Body Corporate (Criminal) | Civil Penalty |
|---|---|---|---|
| s.15 — Dealing with designated assets | Up to 10 years’ imprisonment and/or fine of up to 2,500 penalty units (~A$825,000 as at 2026) | Fine of up to 12,500 penalty units (~A$4.1 million as at 2026) | Up to 10,000 penalty units (~A$3.3 million as at 2026) per contravention |
| s.16 — Providing sanctioned service | Up to 10 years’ imprisonment and/or fine of up to 2,500 penalty units | Fine of up to 12,500 penalty units | Up to 10,000 penalty units per contravention |
Note: Penalty unit values are adjusted periodically. The values above reflect the rate of A$330 per penalty unit
applicable from 2023. Verify current penalty unit values at legislation.gov.au before relying on specific amounts.
or service-provision element — meaning the prosecution does not need to prove that the defendant
knew the counterparty was a designated person. The knowledge element relates only to whether the defendant
knew the asset or service was being made available (not whether they knew about the designation). This is why the
s.17 due diligence defence is so important.
The Due Diligence Defence: Section 17
Section 17 of the Autonomous Sanctions Act provides a defence to a prosecution under s.15 or s.16 if the defendant
establishes that they:
- Took reasonable precautions to avoid the contravention; and
- Exercised due diligence to avoid the contravention.
This is a reverse-onus defence — the burden of establishing both elements falls on the defendant, on the
balance of probabilities. In practice, this means that a business charged under s.15 or s.16 must be able to produce
evidence of the specific precautions and diligence steps it took before the contravention occurred.
What Constitutes “Reasonable Precautions and Due Diligence”?
The Act does not prescribe a specific minimum standard. The Australian Sanctions Office has indicated that the
following types of documented measures are relevant to establishing the defence:
- A written sanctions compliance policy and procedure that is current, approved at board or senior management
level, and operationally implemented; - Customer and counterparty screening against the DFAT Consolidated List (and supplementary lists) at each
transaction occasion, not just at onboarding; - Beneficial ownership identification and screening, including for corporate counterparties;
- Staff training on sanctions obligations, red flags, and escalation procedures, conducted at least annually;
- Documented escalation procedures and a clear chain of authority for approving high-risk transactions or clearing
potential matches; - Prompt action on list updates — evidence that the institution had a process for monitoring and acting on
new designations without delay; and - Where enhanced due diligence was triggered, documented evidence of the steps taken and the conclusions reached.
The defence requires that precautions were actually taken in the specific case, not merely that a general
policy existed. A compliance policy that was never operationally implemented, or screening that was performed but
results not reviewed, is unlikely to satisfy the defence.
The Permit (Licence) Mechanism: Section 18
Section 18 empowers DFAT to issue permits authorising conduct that would otherwise contravene the Act. Permits are
regime-specific and typically issued for:
- Humanitarian transactions (e.g., delivering aid to sanctioned countries or regions);
- Diplomatic or consular activities;
- Legal proceedings (e.g., engaging legal counsel on behalf of a designated entity for purposes directly related
to challenging the designation); and - Other exceptional circumstances where the Minister is satisfied the permit is in the national interest.
Permits are not granted routinely. Any business seeking a permit should engage DFAT’s Australian Sanctions
Office well in advance and obtain independent legal advice on the application process and prospects.
Enforcement: Who Investigates and Prosecutes?
Sanctions breaches are investigated jointly by the Australian Federal Police (AFP) and the
Australian Sanctions Office (DFAT). AUSTRAC may also refer sanctions-related intelligence arising
from SMR or regulatory data. The Commonwealth Director of Public Prosecutions (CDPP) handles criminal prosecutions.
Civil penalty proceedings may be taken in the Federal Court by the Commonwealth.
Australia has historically taken a relatively restrained enforcement posture compared to OFAC in the United States
or OFSI in the United Kingdom. However, the scale of Russia-related designations since 2022 and increasing FATF and
FATF-style body scrutiny of autonomous sanctions effectiveness have led to expectations of more active enforcement
in the medium term. Institutions should not assume that low historical enforcement rates translate into low
enforcement risk going forward.
Frequently Asked Questions
- Is knowledge that the counterparty is designated required for a criminal conviction under the Autonomous
Sanctions Act? - Not for the dealing/services element. The primary offences under ss.15 and 16 are strict liability in respect of
the asset-dealing or service-provision element — meaning the prosecution need not prove you knew the
counterparty was designated, only that the dealing or service occurred. Fault elements may be relevant in other
respects. This reinforces why the s.17 due diligence defence, and the precautions needed to establish it, are so
operationally important. - Can a body corporate be criminally prosecuted, or only individuals?
- Both. The Autonomous Sanctions Act applies to natural persons and bodies corporate. A body corporate can be
convicted of a criminal offence under s.15 or s.16, with maximum fines as set out in the penalties table above.
Individual officers, directors, or employees may also be personally liable — particularly where a
contravention arose from their authorisation or negligence. Senior management cannot assume corporate liability
insulates them personally. - How does the s.17 defence work in practice? If we had a screening system that produced a false negative, can we
rely on it? - A false negative from a screening system may support the s.17 defence if you can establish that the system was
appropriately calibrated, regularly tested and updated, and that staff followed the required screening and review
protocols. The defence requires both reasonable precautions (having the right system and policy) and due diligence
(following that policy in the specific case). A false negative that arose because screening was not performed, or
because an alert was ignored, would not support the defence. Independent testing and audit of your screening
system’s detection rates is important evidence of “reasonable precautions.” - What is the practical difference between a criminal penalty and a civil penalty in this context?
- Criminal penalties require proof beyond reasonable doubt and carry the possibility of imprisonment (for
individuals) and a criminal conviction. Civil penalties are imposed by the Federal Court on the balance of
probabilities, without the possibility of imprisonment, but can be substantial (up to ~A$3.3 million per
contravention for a body corporate under the civil penalty provisions). Civil enforcement actions are expected to
become more common as a lower-threshold enforcement tool. There is no double-jeopardy bar on using both criminal
and civil mechanisms for the same contravention in some circumstances. - We discovered a past breach. Should we self-report to DFAT?
- Voluntary disclosure to the Australian Sanctions Office is not expressly required by the Autonomous Sanctions
Act (unlike some other regulatory frameworks), but it is strongly advisable for several reasons: (1) it may
mitigate enforcement consequences, including penalty quantum; (2) it demonstrates good faith and the kind of
active compliance culture that supports a s.17 defence argument in subsequent proceedings; and (3) failure to
report when you had actual knowledge of a breach may aggravate any enforcement response. Seek legal advice before
making any disclosure to ensure it is appropriately prepared and does not inadvertently prejudice your position.
This article is general information only and does not constitute legal advice. Sanctions law is subject to
frequent change. Always verify current designations against the live DFAT Consolidated List and seek independent
legal advice for specific situations.