A Guide to Anti-Money Laundering for Crypto Firms

7 Tips For Fintechs to Comply With AML Rules In Australia

AML Compliance Knowledge & Training

aml ctf regulation australia

Australia is one of the largest and most developed economies in APAC and the world, and is home to thousands of banks and financial services companies, including over 600 fintechs. Those financial institutions must learn to navigate a robust legal framework of AML rules in Australia, put in place to protect the country’s financial system against money laundering threats and the financing of terrorism. 

Australia is currently in the process of refining its AML/CFT regime. Following the recent Commonwealth Bank and Westpac scandals, AUSTRAC has indicated that it may take more action against financial services firms who do not comply with AML rules in Australia.

Managing Australia’s AML/CFT compliance regulations should be a high priority for fintechs: stay on top of your obligations with our list of the most important AML compliance considerations…


The Australian Transaction Reports and Analysis Centre (AUSTRAC) serves as Australia’s primary financial intelligence agency and regulator, tasked with preventing money laundering, terrorism financing, and other financial crimes. AUSTRAC works to ensure that fintechs, banks and other financial institutions operate in compliance with Australia’s AML rules, and those of the Financial Action Task Force (FATF).

AUSTRAC has the power to investigate and impose fines on firms that are in breach of AML regulations. In 2019, it initiated legal proceedings against the Australian bank, Westpac, after finding over 23 million breaches of AML/CFT law, in transactions worth over $11 billion. In 2018, similar breaches by Commonwealth Bank resulted in a fine of $700 million.

2. AML Rules / Legislation in Australia

The primary AML rules in Australia are part of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. The AML/CTF Act includes a list of designated services, such as deposit taking services, payroll services, or currency exchange services. Firms which provide any of those services must register with AUSTRAC and comply with the AML/CFT regulations. That legislation also imposes a number of reporting obligations on financial institutions, including Threshold Transaction Reports (TTR) and Suspicious Activity Reports (SAR).

Fintechs: There are no specific fintech regulations in Australia but fintechs must comply with the existing AML/CTF framework and the licensing and reporting regulations that it imposes.

3. Data Privacy

Fintechs must treat data privacy as a priority since it is regulated at Australia’s territorial, state, and federal levels. The main articles of data privacy legislation are the Federal Privacy Act (1988) and the Australian Privacy Principles (APP) both of which apply to firms with turnovers of $3 million or over per year. 

Australia’s Customer Data Right was introduced in 2019 and will be applied progressively across all sectors starting with the banking sector. The CDR will impact fintech firms significantly since it gives customers greater control over their personal data by allowing them to choose who it is shared with and for what purpose. 

4. AML Transaction Monitoring

Australia’s AML rules impose a regulatory requirement for firms to monitor customer accounts for suspicious activity that might be linked to money laundering. Monitoring programs should be based on the risk that each customer, or their business, presents. Firms must monitor accounts for activity such as:

  • Transactions involving unusually large amounts of money.
  • Unusually complex transactions or transactions with no clear purpose.
  • Changes in behaviour, for example, sudden increases in deposit frequency.
  • Transactions into and out of countries at a high risk of money laundering.

AUSTRAC’s investigation of Westpac’s AML rule breaches focuses on its transaction monitoring process. More specifically, Westpac missed a number of transactions that were revealed to be part of money laundering activities linked to child exploitation. The breaches involve failures in due diligence over numerous money transfers that amounted to $11 billion over several years, into countries known for child exploitation risks. The investigation also revealed Westpac’s failure to assess its correspondent banking relationships that included banks that had disclosed their own relationships with high-risk countries like Zimbabwe, DRC, Lebanon and Ukraine.

5. Payment Sanctions Screening

Fintechs in Australia must comply with financial sanctions imposed by both the Australian government and the United Nations Security Council (UNSC). That means that firms must screen payments against a list of names and entities provided by the Department of Foreign Affairs and Trade (DFAT). The DFAT list consolidates both Australia’s autonomous sanctions and UNSC sanctions. 

Australia’s sanctions apply not only to citizens and entities within Australia’s borders but also to those overseas.

6. Onboarding and Monitoring

AML rules and compliance policy in Australia requires that firms conduct Customer Due Diligence (CDD) checks when onboarding new customers and continue to monitor them on an ongoing basis. Onboarding checks should accurately verify each customer’s identity to establish the level of risk they present, while ongoing monitoring should establish whether a customer’s risk profile has changed over time. Beyond identify verification, ongoing monitoring should include:

  • PEP Screening: Verifying whether a customer is a politically exposed person and therefore at higher risk of money laundering.
  • Adverse Media Checks: Monitoring news media for reports that might suggest a customer is involved in money laundering.

7. Upcoming AML Rules in Australia

Australia is currently in the process of refining its AML/CFT regulations, a process that will run into 2020. Broadly, the changes are intended to simplify AML rules in Australia and make it easier for firms to comply with anti-money laundering, but will also widen AUSTRAC’s regulatory scope to cover new technologies and payments systems used by fintechs. 

Following the recent Commonwealth Bank and Westpac investigations, AUSTRAC has indicated that it may take more action against financial services firms: the regulator has already ordered the appointment of an external auditor to examine PayPal for potential AML breaches. The Currency (Restrictions of the Use of Cash) Bill 2019 will also be introduced in 2020, implementing an economy-wide cash payment limit of $10,000

How ComplyAdvantage Can Help With The AML Rules In Australia

Complying with Australia’s anti-money laundering regulations involves significant administrative effort, especially if firms carry out the required screening processes manually. The complexity of regulations can also create costly efficiency drains, while human errors can hamper the process further, and even lead to compliance penalties. 

ComplyAdvantage helps firms avoid those problems with automated AML solutions tailored to their unique risk profiles. Our solution takes advantage of smart technology to build speed and accuracy into your AML program while complementing the skills of compliance teams.

AML Solutions for Fintechs in Australia

Learn more about our AML Solutions that help you to comply with AML/CTF regulations in Australia.

Request a Demo

Originally published December 2, 2019, updated May 9, 2022

Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.

Copyright © 2022 IVXS UK Limited (trading as ComplyAdvantage).