Running a money transfer or remittance business in Australia without the required regulatory authorisation is not a grey area. It is a criminal offence under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, with consequences ranging from civil penalties calculated per contravention to criminal prosecution carrying custodial sentences. AUSTRAC — Australia's financial intelligence unit and AML/CTF regulator — treats unlicensed money transfer activity as a priority enforcement category because it exposes the financial system to exactly the risks that Australia's regulatory framework is designed to prevent. Whether you are considering launching a remittance service, already operating without full authorisation, or unsure whether your current structure requires registration, this guide explains what the law actually requires, what enforcement looks like in practice, and what the pathway to legitimate operation involves.
In This Article
In Australia, providing a "designated remittance service" — defined under the AML/CTF Act and its associated rules — requires enrolment with AUSTRAC as a reporting entity before any service is provided to any customer. A designated remittance service includes accepting money or digital currency from a person for the purpose of transmitting it to a person in a different location, regardless of whether that location is domestic or international. The definition is deliberately broad and captures a wide range of business structures and operating models.
The activities that require authorisation include operating a domestic or international remittance service for retail customers, providing money transfer services through agent networks or sub-agents, operating a digital platform that facilitates peer-to-peer or business-to-person cross-border transfers, conducting hawala or informal value transfer arrangements, and continuing to operate after an existing enrolment has lapsed, been suspended, or been cancelled by AUSTRAC. The legal position applies to Australian residents and to foreign companies operating in the Australian market — the obligation attaches to the service being provided in Australia or to Australian customers, not to where the operator is incorporated.
The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) is the primary legislation governing money transfer businesses in Australia. Section 6 of the Act defines "designated services" — the financial services whose provision creates obligations for the provider as a reporting entity. Remittance services fall within Item 31 of the table in Section 6, which covers the service of accepting or making a transfer of a value of $1,000 or more, or any amount on behalf of another, for the purpose of transmitting that value to a recipient in another location.
Once a business provides a designated service, its obligations under the AML/CTF Act are immediate and comprehensive. These include enrolling with AUSTRAC before commencing operations, developing and maintaining an AML/CTF programme that contains customer due diligence procedures, transaction monitoring, and ongoing compliance controls, filing International Funds Transfer Instructions for every cross-border electronic transfer, filing Threshold Transaction Reports for cash transactions of $10,000 or more, filing Suspicious Matter Reports when suspicious activity is identified, and retaining all relevant records for a minimum of seven years. Failure to enrol is the threshold breach — but the full suite of obligations that flow from the enrolled status is equally binding and enforced with the same rigour.
Figure 1: Six AML/CTF Act obligations that apply immediately upon providing a remittance or money transfer service in Australia — all triggered by the service, not by enrolment
The consequences of operating a money transfer business without AUSTRAC authorisation in Australia operate across three distinct dimensions — civil penalties, criminal prosecution, and operational consequences. Understanding each dimension separately is important because they can apply simultaneously, and the combined effect is typically far more damaging than any single consequence in isolation.
AUSTRAC's enforcement mechanism under the AML/CTF Act involves civil penalties calculated per contravention. This is the detail that most unlicensed operators fail to appreciate until it is too late. Providing a remittance service without enrolment is not a single contravention — it is a contravention that occurs with every transaction, every day, every customer. Under the AML/CTF Act as amended, civil penalties for serious contraventions can reach thousands of penalty units per breach, with each penalty unit currently valued at $330 AUD. For a business that has been operating without authorisation for months or years, processing hundreds or thousands of transactions, the aggregate civil penalty exposure can reach figures that far exceed the value of the business itself.
AUSTRAC calculates penalties based on the number and nature of the contraventions, the duration of non-compliance, the benefit obtained from the non-compliant conduct, whether the non-compliance was deliberate or inadvertent, and the degree of cooperation with AUSTRAC's investigation. Australia's track record on AML/CTF enforcement includes some of the largest civil penalty settlements in the world relative to market size — demonstrating that the regulator will pursue maximum penalties where the seriousness of the conduct warrants it.
Beyond civil penalties, the AML/CTF Act contains criminal offence provisions that can result in prosecution of individuals — not just the corporate entity. Providing a designated remittance service without enrolment, knowingly structuring transactions to avoid reporting obligations, providing false or misleading information to AUSTRAC, and operating after an enrolment has been cancelled are all conduct that can attract criminal charges. Custodial sentences of up to ten years imprisonment apply for the most serious offences under the Act. Prosecutions typically target individuals who are responsible for the decision to operate without authorisation — directors, officers, and beneficial owners — meaning that corporate structures do not insulate individuals from personal liability.
Figure 2: Four primary consequences of operating a money transfer business without AUSTRAC authorisation in Australia — each applies independently and all can apply simultaneously
AUSTRAC publishes enforcement outcomes on its website. When civil penalty proceedings are concluded or criminal charges are filed, the operator's name, the nature of the non-compliance, and the penalty imposed are part of the public record. In a sector where correspondent banking relationships, payment processing access, and customer trust are built on demonstrated regulatory compliance, a public enforcement record is effectively a permanent disqualification from the mainstream financial services ecosystem. Even operators who subsequently obtain a licence following enforcement action find that international correspondent banks, major payment processors, and institutional partners conduct due diligence on enforcement history before establishing relationships.
A common misconception among unlicensed operators is that AUSTRAC's detection capabilities are limited — that operating at modest volumes, through personal bank accounts, or in informal community networks reduces detection risk. This is not accurate. AUSTRAC has multiple, overlapping detection mechanisms that operate continuously across the financial system, and the regulator has demonstrated it identifies unlicensed operators through each of them.
| Detection Method | How It Works | What It Finds |
|---|---|---|
| IFTI data analysis | Banks and licensed providers file IFTIs for all cross-border transfers — AUSTRAC cross-references senders against the enrolled entity register | Individuals or businesses facilitating multiple international transfers without AUSTRAC enrolment |
| Bank referrals | Banks identify accounts receiving multiple deposits followed by international transfers — file SMRs and refer to AUSTRAC | Informal remittance operators using personal bank accounts as collection accounts |
| ATO data sharing | The ATO shares data with AUSTRAC where income patterns suggest undeclared remittance business income | Cash-based operators whose bank deposits or tax returns don't match declared income |
| AFP and ACIC referrals | Law enforcement investigations into financial crime frequently identify unlicensed remittance networks as part of the money trail | Operators whose services are being used by subjects of financial crime investigations |
| Community intelligence | AUSTRAC receives referrals from members of the public, competitors, and industry participants | Known informal operators in community remittance networks — particularly hawala and community-based services |
Figure 3: AUSTRAC's five primary detection mechanisms for identifying unlicensed money transfer operators in Australia
Once AUSTRAC identifies a potential unlicensed operator, the investigation process is comprehensive and time-consuming for the operator. AUSTRAC has broad compulsory information-gathering powers under the AML/CTF Act — it can require the production of documents, compel individuals to answer questions, access bank records, and obtain information from third parties without the operator's consent or knowledge. Investigations can extend for months and involve simultaneous engagement from AUSTRAC, the Australian Federal Police, and in cases involving serious financial crime, the Australian Criminal Intelligence Commission.
The loss of banking access is often the most immediately operationally devastating consequence of being identified as an unlicensed operator — and it can occur before any formal enforcement action is taken. Australian banks have their own AML/CTF obligations and their own risk management frameworks that require them to identify and exit relationships with customers whose activities suggest unlicensed financial services provision. When a bank identifies account activity consistent with an unlicensed remittance operation — regular cash deposits followed by international transfers, multiple third-party payers, high volumes inconsistent with the account holder's profile — they are both required and motivated to close the account and file a Suspicious Matter Report with AUSTRAC.
For an unlicensed remittance operator, account closure is an existential event. Without a bank account, transactions cannot be received. Without a payment processor relationship, digital transfers cannot be executed. Without correspondent banking relationships — which require documented AUSTRAC enrolment and compliance history before any correspondent will engage — international transfers cannot be settled. The business ceases to function on the day banking access is withdrawn, regardless of the status of any regulatory investigation. Obtaining new banking relationships after account closure for compliance reasons is significantly harder than the initial process — banks conduct enhanced due diligence on applicants with prior AML-related account closures, and many will decline regardless of the subsequent licensing status.
The honest answer is: yes, in limited circumstances, but the pathway is significantly harder, slower, and more expensive than obtaining authorisation before commencing operations. AUSTRAC's enforcement framework includes graduated responses — not every unlicensed operator will face immediate maximum penalties if they identify their non-compliance early and engage with AUSTRAC proactively. The regulator distinguishes between operators who self-identify non-compliance and engage voluntarily, and those who continue to operate until detection forces a response.
Figure 4: Caught while unlicensed vs licensed before operating — the operational and legal consequences that differ between the two paths
For operators who self-identify that they are providing a designated remittance service without AUSTRAC enrolment, the recommended approach is to cease operations immediately while authorisation is obtained, engage legal counsel with AML/CTF Act expertise, approach AUSTRAC proactively rather than waiting for enforcement contact, and prepare a comprehensive remediation plan that addresses the full suite of outstanding compliance obligations — not just the enrolment gap. AUSTRAC responds more favourably to self-identified non-compliance with a credible remediation commitment than to continued operation until detection. But "more favourably" does not mean without consequences — it means the consequences are likely to be less severe than they would be if the operator waited to be caught.
The pathway to operating a legal money transfer or remittance business in Australia involves multiple regulatory steps, each of which must be completed before the next can proceed. The process is not fast — depending on the complexity of the business structure and the jurisdiction or jurisdictions involved, full authorisation can take several months. Understanding the sequence and investing in it properly at the outset is far less costly than the alternative.
Figure 5: Five-step licensing pathway for launching a legally compliant money transfer or remittance business in Australia under AUSTRAC's framework
For businesses planning to launch a remittance or cross-border payment service in Australia, the compliance infrastructure required to operate legally — AUSTRAC reporting, AML/CTF programme management, KYC and transaction monitoring — is substantial to build from scratch. The time and cost of developing this infrastructure independently, before a single transaction is processed, is one of the most significant barriers new operators face.
RemitSo's Remittance as a Service platform for Australia is purpose-built for operators who need to launch compliantly and operate at scale without building the entire compliance and payments stack from the ground up. RemitSo provides the technology infrastructure — transaction processing, IFTI reporting workflows, KYC and CDD tooling, sanctions screening, and audit documentation — that AUSTRAC-regulated operators require, along with the operational experience to deploy it in compliance with Australia's specific regulatory requirements. Whether you are a startup seeking to launch a compliant remittance service or an established MSB looking to modernise its infrastructure, starting with the right compliance foundation is not optional — it is what determines whether you operate long-term or face the consequences documented in this guide.
Yes — providing a designated remittance service in Australia without AUSTRAC enrolment is a breach of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and can constitute a criminal offence. The obligation to enrol arises from the act of providing the service, not from any registration or licensing process that follows. Operating before completing enrolment, operating while an enrolment application is pending, or continuing to operate after an enrolment has been cancelled or lapsed are all forms of unlicensed operation that attract enforcement action. The severity of consequences — ranging from civil penalties to criminal prosecution — depends on factors including the duration of non-compliance, the volume of transactions processed, whether the non-compliance was deliberate, and the degree of cooperation with AUSTRAC once identified.
AUSTRAC's civil penalties under the AML/CTF Act are calculated in penalty units, with each unit currently valued at $330 AUD. Serious contraventions — including providing a designated remittance service without enrolment — can attract penalties of thousands of penalty units per contravention. Because AUSTRAC calculates penalties per contravention and each transaction or day of non-compliant operation can constitute a separate contravention, aggregate penalty exposure for a business that has operated without authorisation for a meaningful period can be very large. Australia's AML/CTF enforcement history includes settlements in the hundreds of millions of dollars against financial institutions with systemic compliance failures. For smaller unlicensed operators, penalties will be calibrated to the scale of the non-compliance and the benefit obtained, but can still exceed the total revenue earned during the unlicensed period.
Yes — the AML/CTF Act contains criminal offence provisions that carry custodial sentences for serious violations. Providing a designated remittance service without enrolment, structuring transactions to avoid reporting obligations, and providing false or misleading information to AUSTRAC can all attract criminal charges with maximum imprisonment terms of up to ten years for the most serious offences. Criminal prosecution typically targets individual directors and operators — not just the corporate entity — meaning that company structures do not protect individuals from personal criminal liability. The likelihood of criminal prosecution versus civil penalty proceedings depends on the seriousness of the conduct, the scale of the operation, and whether the activity was connected to other financial crime. Deliberate, large-scale, or repeat unlicensed operation is more likely to attract criminal proceedings than inadvertent non-compliance that is self-identified and remediated promptly.
AUSTRAC enrolment is the AML/CTF Act registration requirement — it applies to any business providing a designated remittance service and is administered by AUSTRAC. An Australian Financial Services Licence (AFSL) is a separate requirement administered by ASIC under the Corporations Act 2001 — it applies to businesses providing financial services that constitute financial product advice, dealing in financial products, or making a market in financial products. Many remittance businesses require both AUSTRAC enrolment and an AFSL (or to operate as an authorised representative of an AFSL holder), depending on the specific services they provide. Operating without the required ASIC authorisation is a separate and distinct breach from operating without AUSTRAC enrolment — both regulators have independent enforcement powers and both must be satisfied before a remittance business commences operations.
It is possible to obtain AUSTRAC enrolment after enforcement action, but the pathway is substantially more difficult, more expensive, and less certain than obtaining authorisation before commencing operations. AUSTRAC will conduct enhanced scrutiny of any enrolment application from an operator with a prior enforcement history. The enrolment application will need to be accompanied by a comprehensive remediation plan, evidence that all outstanding compliance obligations have been addressed, and documentation demonstrating that the systems and controls required to operate compliantly are in place. Separately, banking access — which is essential for a money transfer business to function — may be difficult to obtain after an AML-related enforcement action, even after AUSTRAC enrolment is confirmed. The time, cost, and uncertainty of the post-enforcement licensing pathway typically far exceeds the cost of obtaining proper authorisation before commencing operations.
Yes — AUSTRAC's regulatory framework applies to the nature of the service provided, not to the formality of the business structure through which it is provided. Informal or community-based remittance services — including hawala, community-based transfer networks, and informal value transfer arrangements operated through personal accounts — that meet the definition of a designated remittance service under the AML/CTF Act require AUSTRAC enrolment regardless of their operating model. AUSTRAC has historically devoted significant enforcement attention to informal remittance networks because they present elevated ML/TF risk due to the absence of formal compliance controls. The regulator has established relationships with community organisations and financial institutions specifically to identify and engage with informal operators, and enforcement action against informal networks has included both civil penalties and criminal prosecution.
AUSTRAC enrolment itself — the registration step — can be completed relatively quickly through the AUSTRAC Online portal, typically within a few days for a straightforward business structure. However, enrolment is only the first step in the compliance journey, not the last. Before commencing operations, an AML/CTF programme must be developed and implemented, KYC systems must be operational, transaction monitoring must be configured and active, and IFTI and TTR reporting workflows must be ready to file from the first transaction. Depending on whether the operator is building this infrastructure from scratch or using a specialist remittance platform that provides compliance infrastructure, the full pre-launch compliance setup typically takes between two and six months. Businesses that use a purpose-built compliance and payments platform can reduce this timeline significantly by leveraging pre-built reporting, monitoring, and KYC infrastructure rather than building each component independently.
Yes — the AML/CTF Act obligation attaches to the provision of a designated service in Australia or to Australian customers, not to the jurisdiction of incorporation of the operator. A foreign-incorporated company providing remittance services to customers in Australia, or facilitating transfers that involve Australia as a sending or receiving jurisdiction, is required to enrol with AUSTRAC as a reporting entity regardless of where the company is registered. The obligation also requires appointing an Australian-based contact officer for compliance correspondence, maintaining records that are accessible to AUSTRAC within Australia, and ensuring that the AML/CTF programme addresses the specific risks of operating in the Australian market. Non-Australian operators who believe they can serve Australian customers from offshore without regulatory obligations in Australia are mistaken — AUSTRAC's jurisdictional reach extends to any business providing designated services to Australian customers or involving Australian funds flows.
