The most significant overhaul of Australia's anti-money laundering laws in a generation came into effect on 31 March 2026. For every registered money transfer operator (MTO) in Australia — remittance network providers, affiliates, and independent remittance dealers — that date was not a distant policy milestone. It was a compliance deadline. New AML/CTF programme obligations, a mandatory fit-and-proper compliance officer requirement, reformed customer due diligence rules, the introduction of the travel rule, and the abolition of existing designated business group arrangements all came into force simultaneously. This guide documents every obligation that applies to MTOs under the reformed framework — what it is, when it applies, and what non-compliance looks like. It is written from primary AUSTRAC sources and updated to reflect the transitional rules exposure draft published in February 2026.
In This Article
The AML/CTF Amendment Act 2024 and the AML/CTF Rules 2025 introduced a staged implementation timeline. For MTOs — which are existing reporting entities under the AML/CTF Act — the primary compliance dates are not the same as for newly regulated Tranche 2 entities. Understanding which deadline applies to which obligation is the starting point for every MTO's compliance programme review.
| Date | What Happens | Applies To |
|---|---|---|
| 29 August 2025 | AML/CTF Rules 2025 tabled in Parliament — 120+ pages of obligations, definitions and reporting detail operationalising the AML/CTF Amendment Act 2024 | All reporting entities — for awareness and programme planning |
| 31 March 2026 | Reformed AML/CTF Act obligations come into force for existing reporting entities. Includes: new AML/CTF programme requirements; mandatory compliance officer appointment; reformed CDD obligations; travel rule for value transfers; abolition of designated business groups; new SMR and TTR details (new form optional from this date); new reporting group structure available | All existing MTOs — RNPs, affiliates, IRDs |
| 30 May 2026 | Deadline for existing reporting entities to notify AUSTRAC of their AML/CTF compliance officer | Existing MTOs — extended deadline under transitional rules |
| 1 July 2026 | Tranche 2 entities (real estate agents, lawyers, accountants, etc.) come under AML/CTF regulation. New TTR and SMR reporting form becomes mandatory. Travel rule for virtual asset transfers also effective this date. | Tranche 2 entities (new) + all existing reporting entities (new report forms) |
| 29 July 2026 | Deadline for newly regulated businesses (Tranche 2) and new virtual asset service providers to enrol with AUSTRAC | Tranche 2 newly regulated entities |
| 30 March 2029 | End of 3-year transitional period for initial CDD. From this date all existing reporting entities must be fully compliant with the reformed initial CDD obligations under section 28 of the AML/CTF Act | Existing MTOs using transitional CDD arrangements |
| Post-2026 (exact date TBC) | International Value Transfer Service (IVTS) reporting replaces current IFTI reporting. Existing IFTI obligations continue in the interim under transitional arrangements | All MTOs — IFTI reporting continues unchanged until IVTS transition date confirmed |
Figure 1: AUSTRAC reform timeline for MTOs — key dates, obligations triggered, and which operator categories each deadline applies to. Source: austrac.gov.au, AUSTRAC transitional rules update February 2026.
Every entity providing remittance services in Australia must be registered with AUSTRAC before providing any designated service. Operating without registration is a criminal offence under the AML/CTF Act — criminal penalties apply, including imprisonment of up to 10 years for individuals. There are three registration categories for remittance operators, each with different obligations and structures.
Figure 2: Three AUSTRAC registration categories for remittance operators — structure, compliance responsibilities, and registration roll-over provisions under the transitional rules.
The AML/CTF programme is the foundation document of every MTO's compliance framework. It is not a template that can be downloaded and used unchanged — it must be tailored to the specific risk profile of the business, reviewed at least annually, and updated whenever the business's risk profile materially changes. Under the reformed framework effective 31 March 2026, AUSTRAC's approach is explicitly outcomes-focused and risk-based: the programme must demonstrate that the operator has genuinely assessed its ML/TF/PF risks and applied controls that are proportionate to those risks.
Figure 3: Five components of a reformed AML/CTF programme for MTOs — each is required under the AML/CTF Act and AML/CTF Rules 2025 effective 31 March 2026.
One of the most operationally significant changes introduced by the reformed framework is the explicit statutory requirement to appoint a fit and proper AML/CTF compliance officer. This was previously a best-practice expectation implicit in programme obligations — it is now a mandatory, named obligation under the AML/CTF Act.
| Requirement | Detail | Deadline |
|---|---|---|
| Appointment obligation | Every reporting entity must appoint a fit and proper AML/CTF compliance officer responsible for implementing the AML/CTF programme. The obligation is in the AML/CTF Act itself — not just AUSTRAC guidance. | From 31 March 2026 |
| Notification to AUSTRAC | The identity of the compliance officer must be notified to AUSTRAC. Existing reporting entities have until 30 May 2026. Newly regulated businesses and new virtual asset service providers have until 29 July 2026. | Existing MTOs: 30 May 2026 |
| "Fit and proper" standard | The compliance officer must be fit and proper — meaning they have the skills, knowledge, experience, and integrity required to implement the AML/CTF programme effectively. AUSTRAC has not defined a specific qualification but expects documented evidence of competence. A compliance officer with no AML/CTF training or experience does not satisfy the standard. | Ongoing |
| Programme implementation responsibility | The compliance officer is responsible for implementing — not just overseeing — the AML/CTF programme. This includes ensuring monitoring rules are operating, training is delivered, reports are filed on time, and the programme is reviewed and updated as required. | Ongoing from 31 March 2026 |
| Governing body obligation | Separate from the compliance officer, governing bodies and senior management have a new explicit obligation to take reasonable steps to ensure compliance. The compliance officer and the board are complementary obligations — the compliance officer cannot satisfy the governing body requirement. | From 31 March 2026 |
Figure 4: AUSTRAC compliance officer requirements — the new statutory obligation, notification deadlines, and the fit and proper standard. Source: AML/CTF Act as amended; AUSTRAC transitional rules update February 2026.
The reformed CDD framework under the AML/CTF Rules 2025 introduces a more flexible but more demanding risk-based approach than the previous applicable customer identification procedures (ACIP). The key conceptual shift is from a prescriptive checklist of identification steps to a risk-calibrated requirement: the CDD measures applied must be appropriate to the risk the customer presents, and the operator must be able to demonstrate why the measures chosen were proportionate to that risk.
Figure 5: CDD framework split — initial CDD (3-year transitional period for existing MTOs) versus ongoing CDD (no transitional period, full obligations from 31 March 2026).
Reporting to AUSTRAC is one of the most operationally demanding components of MTO compliance — particularly for operators processing significant transaction volumes. The four reporting types that apply to MTOs each have different triggers, timeframes, and content requirements. Getting any of them wrong — whether through late submission, inaccurate data, or failure to report a matter that should have been reported — is a compliance breach with enforcement consequences.
| Report Type | Trigger | Deadline | Key Requirement | 2026 Change |
|---|---|---|---|---|
| International Funds Transfer Instruction (IFTI) | Every cross-border transfer of any value — both instructions sent out of Australia and instructions received into Australia | Within 10 business days of the instruction being given or received | Report must include originator and beneficiary details, transfer amount and currency, and the financial institution involved at each end of the transfer | IFTI reporting continues unchanged under transitional arrangements. Will be replaced by International Value Transfer Service (IVTS) reporting post-2026 — exact transition date to be confirmed by AUSTRAC |
| Threshold Transaction Report (TTR) | Cash transactions of A$10,000 or more (or foreign currency equivalent) | Within 10 business days of the transaction | Report must include the identity of the person conducting the transaction, the amount and currency, and the account details involved | From 1 July 2026, a new TTR form with expanded required details becomes available. Existing entities can use either the current or new form between 1 July 2026 and 30 March 2029. New form becomes mandatory after 30 March 2029. |
| Suspicious Matter Report (SMR) | When the MTO forms a suspicion that a transaction or matter may be related to a designated offence (money laundering, terrorism financing, sanctions evasion, tax crime, etc.). No threshold — suspicion is the trigger, not a transaction size. | Within 24 hours for TF-related suspicions; within 3 business days for all other suspicions | Report must document the basis for the suspicion with sufficient detail for AUSTRAC to analyse. Operators must not tip off the customer or any other person that a report has been lodged. | From 1 July 2026, expanded reportable details required in SMRs. New SMR form available from that date; existing form may continue to be used until 30 March 2029. |
| AML/CTF Compliance Report | When required by AUSTRAC — typically annual | As specified by AUSTRAC when the requirement is issued | Reports how the entity is complying with the AML/CTF Act, Regulations and Rules. AUSTRAC uses compliance reports for intelligence on sector-wide compliance levels. | No material change to compliance reporting structure from the 2026 reforms — obligation continues as before |
Figure 6: Four AUSTRAC reporting obligations for MTOs — triggers, deadlines, content requirements, and what changes in 2026. Source: austrac.gov.au/business/core-guidance/reporting.
The travel rule is one of the most significant new obligations introduced by the AML/CTF reforms for MTOs. It came into force on 31 March 2026 for value transfers involving traditional currencies, and on 1 July 2026 for value transfers involving virtual assets.
The travel rule requires MTOs to collect, verify, and pass on key information about value transfers — specifically originator and beneficiary information — across the entire transfer chain. The purpose is to ensure that the information needed to trace a suspicious transfer is available at every point in the chain, not just at the originating institution. This is aligned with FATF Recommendation 16 and brings Australia's regime into line with the travel rule frameworks already operating in the EU, UK, Singapore, and other FATF-member jurisdictions.
Figure 7: Travel rule requirements for MTOs — originator data, beneficiary data, intermediary obligations, and the technology implication. Effective 31 March 2026 for fiat value transfers; 1 July 2026 for virtual assets.
Designated business groups (DBGs) — the arrangement under which related entities could share AML/CTF obligations — ceased to exist on 31 March 2026. They have been replaced by reporting groups, which operate under a different structure with different obligations.
Under the new reporting group framework, related entities that want to share AML/CTF compliance functions must formally constitute a reporting group with a nominated lead entity. The lead entity takes on primary responsibility for the group's AML/CTF programme and reporting obligations. Existing DBGs must have taken steps before 31 March 2026 to create a reporting group if they wished to continue operating with shared compliance arrangements — entities that did not act and were in a DBG on 30 March 2026 need to assess their obligations as standalone reporting entities from 31 March 2026 onwards. MTOs that were part of a DBG and have not yet established a reporting group should take legal advice on their current obligations as a priority.
MTOs must retain records that evidence their compliance with AML/CTF obligations for a minimum of seven years from the date the record was created. The categories of records that must be retained include: customer identification and CDD records (including the documents or data sources used to verify identity); transaction records (including all IFTI-reportable transactions, all TTR-reportable transactions, and all transactions that triggered monitoring alerts); AML/CTF programme versions and all updates, with dates; SMR lodgement records (note: the contents of the SMR itself must be treated as confidential — operators must not disclose to the customer that an SMR has been lodged); and all staff training records.
From 1 July 2026, legal professional privilege (LPP) protections under the AML/CTF Act are clarified — nothing in the amended Act affects the right to refuse to produce documents that are subject to LPP. This is a protective provision for operators seeking legal advice about their compliance obligations; the advice itself is not required to be disclosed to AUSTRAC.
AUSTRAC enters 2026 with its largest budget and staffing numbers to date, and with an explicitly articulated shift from entity-level compliance checking to industry-level risk targeting. AUSTRAC CEO Brendan Thomas has stated that 2026 marks a shift from regulation that primarily checks for compliance to regulation focused on substantive risks and harms — with AUSTRAC looking at risk and behaviour at an industry and sector level rather than focusing solely on individual entities.
| Enforcement Action | Maximum Penalty | Application |
|---|---|---|
| Operating without registration | Criminal — up to 10 years imprisonment (individual) + significant fines | Providing any designated remittance service without AUSTRAC registration. Zero tolerance. |
| Failure to maintain AML/CTF programme | Civil penalty — up to A$33.3 million per contravention (body corporate) | Operating without a compliant AML/CTF programme; programme not reviewed; programme not tailored to risk profile |
| Failure to report (IFTI, TTR, SMR) | Civil penalty — calculated per contravention; each unreported transaction is a separate contravention | Late IFTIs, missed TTRs, or failure to lodge an SMR when suspicion was formed are each separate contraventions at the maximum penalty per instance |
| Tipping off | Criminal — up to 2 years imprisonment | Disclosing to a customer, or any third party, that an SMR has been lodged or is being considered |
| Failure to conduct CDD | Civil penalty per contravention | Providing a designated service without completing required initial CDD; failure to apply EDD when required |
Figure 8: AUSTRAC enforcement penalties — penalty levels and the contraventions they apply to. Each unreported transaction is a separate contravention, meaning penalties scale linearly with volume of non-compliance.
AUSTRAC's stated 2026 sector priorities for enforcement include digital assets, cash-intensive businesses, and complex transfer-of-value arrangements. For MTOs, the relevant enforcement focus is on: operators with high transaction volumes and inadequate automated monitoring, operators serving high-risk corridors with insufficient corridor-specific controls, and operators whose compliance programmes are generic rather than risk-calibrated. AUSTRAC has been explicit that it expects proactive preparation and sustained progress — not last-minute, tick-box compliance.
RemitSo's platform is built for AUSTRAC compliance — not as an add-on, but as an architectural foundation. The IFTI reporting module generates and submits compliant IFTI reports automatically from transaction data, removing the manual overhead that becomes operationally unsustainable above a few hundred monthly transactions. The transaction monitoring engine applies 55+ risk indicators per transaction, with corridor-specific rule calibration that meets AUSTRAC's outcomes-focused standard. The sanctions and PEP screening module checks against 40,000+ records across eight global lists in real time on every transaction. The KYC/eKYC integration supports the initial CDD and ongoing CDD obligations — customer identity records are stored with the seven-year retention requirement built into the record architecture.
For operators launching under RemitSo's RNP umbrella as affiliates, the AML/CTF programme, compliance officer function, and AUSTRAC reporting obligations sit with RemitSo as the licensed RNP — materially reducing the compliance overhead for the affiliate operator while maintaining full regulatory standing under AUSTRAC's framework. Explore RemitSo's Australia RaaS platform →
Need Expert Guidance on Money Transmitter Compliance?
On 31 March 2026, the reformed AML/CTF Act obligations came into force for all existing reporting entities including MTOs. The key changes were: new AML/CTF programme requirements incorporating an outcomes-focused, risk-based approach and the addition of proliferation financing as a mandatory risk assessment dimension; an explicit statutory requirement to appoint a fit and proper AML/CTF compliance officer (with a deadline of 30 May 2026 to notify AUSTRAC of the officer's identity); reformed customer due diligence requirements under section 28 (with a 3-year transitional period for initial CDD — existing procedures continue to apply until the entity chooses to formally transition); new ongoing CDD obligations under section 30 with no transitional period; the travel rule for value transfers; abolition of designated business groups (replaced by reporting groups); and new governance obligations for boards and senior management. IFTI reporting continues unchanged under transitional arrangements until IVTS reporting is implemented post-2026.
No. Under the transitional rules, existing registered remittance network providers, remittance affiliates, and independent remittance dealers are not required to re-register. Existing registrations roll over automatically into the reformed framework. However, operators must update their AUSTRAC enrolment and registration details to include any new designated services they provide from 31 March 2026, and must continue to update AUSTRAC when registration details change. The obligation to not provide a designated remittance service before registration remains in full force — any new remittance service type that was not previously part of the registration must be added before it is offered to customers.
Yes — the travel rule applies to all MTOs in Australia that transfer money on behalf of customers. The travel rule requires you to collect, verify, and pass on key information about the originator (sender) and beneficiary (recipient) with each value transfer instruction throughout the transfer chain. For fiat currency transfers, this obligation came into force on 31 March 2026. For virtual asset transfers, it came into force on 1 July 2026. The information that must travel with the transfer includes the originator's full name, account number or transaction reference, and address or date of birth or national ID number, plus the beneficiary's name and account number. Your platform must be technically capable of including this structured data in outbound transfer messages and processing it in inbound messages — a written policy alone does not satisfy the obligation if the technology cannot support the data flow.
You must submit an IFTI for every international funds transfer instruction of any value — there is no minimum threshold. Every outbound transfer you initiate and every inbound transfer you receive generates a separate IFTI obligation. Each IFTI must be submitted within 10 business days of the instruction being given or received. For an MTO processing 500 transactions per month, that is 500 IFTIs per month, each individually due within 10 business days. Manual IFTI submission is not realistic at any meaningful volume — automated IFTI generation from transaction data is an operational necessity. IFTI reporting will eventually be replaced by International Value Transfer Service (IVTS) reporting under a transitional arrangement post-2026, but existing IFTI obligations continue until that transition is implemented and AUSTRAC provides specific guidance on the changeover date.
A Suspicious Matter Report (SMR) is triggered by suspicion — when you form a belief that a matter may be related to money laundering, terrorism financing, tax evasion, or another designated offence. There is no minimum transaction size threshold. An SMR must be lodged within 24 hours if the suspicion relates to terrorism financing, or within 3 business days for all other suspicions. You must not tip off the customer that an SMR has been or may be lodged. A Threshold Transaction Report (TTR) is triggered by transaction size — any cash transaction of A$10,000 or more (or the foreign currency equivalent) must be reported, regardless of whether anything is suspicious about it. TTRs must be submitted within 10 business days of the transaction. These are independent obligations: a suspicious transaction below A$10,000 requires an SMR but not a TTR; a routine cash transaction of A$10,000 requires a TTR but not an SMR unless there is also a suspicion. Both may apply simultaneously to the same transaction.
The 3-year transitional period (31 March 2026 to 30 March 2029) applies to initial customer due diligence only — the procedures applied when onboarding a new customer for the first time. During this period, existing MTOs may continue using their pre-reform applicable customer identification procedures (ACIP) for all new customers, rather than immediately switching to the new section 28 initial CDD obligations. When an MTO decides to transition — which it can do at any point before 30 March 2029 — it must apply the new section 28 requirements to all new customers from that date and cannot go back. The new provisions (deemed compliance and delayed CDD) are only available after the formal transition. The transitional period does not apply to ongoing CDD under section 30 — those obligations apply in full from 31 March 2026 with no transitional relief. This means that even if you are continuing to use your pre-reform initial CDD procedures, you must apply the new ongoing CDD monitoring requirements to all customers from 31 March 2026.
Designated business groups ceased to exist on 31 March 2026. They have been replaced by reporting groups. If you were part of a DBG and wanted to maintain a shared compliance arrangement, you needed to have taken steps before 31 March 2026 to constitute a reporting group under the new framework — with a nominated lead entity taking primary responsibility for the group's AML/CTF programme and reporting obligations. If your DBG did not transition to a reporting group before 31 March 2026, the entities within the former DBG are now standalone reporting entities, each with their own independent AML/CTF obligations. Operators in this situation should seek legal advice urgently to understand their current obligations and whether a reporting group can still be constituted retrospectively.
AUSTRAC CEO Brendan Thomas has stated that 2026 represents a shift from compliance-checking to substantive risk targeting — AUSTRAC will look at risk and behaviour at an industry and sector level, not solely at individual entities. For remittance operators specifically, the enforcement focus areas relevant to MTOs are: operators with high transaction volumes and inadequate automated monitoring (where manual or generic monitoring creates systematic gaps in suspicious transaction detection); operators serving high-risk corridors without corridor-specific controls documented in their AML/CTF programme; and operators whose programme is generic rather than genuinely tailored to their specific customer base, product range, and corridor risk profile. AUSTRAC has also emphasised governance — boards and senior management who cannot demonstrate active oversight of AML/CTF risk are exposed under the new framework. AUSTRAC's increased budget and staffing in 2025–26 means enforcement capacity has grown to match the ambition of the reform programme.
