By Amanda Mark, CEO, MIntegrity

The countdown is on. While much of the media attention regarding Australia’s anti-money laundering and counter-terrorism financing (AML/CTF) reforms focuses on “Tranche 2” entities—lawyers, accountants, and real estate agents—a seismic shift is simultaneously approaching for existing reporting entities.

For Australian Financial Services Licence (AFSL) holders already regulated by AUSTRAC, 31 March 2026 is not merely a date on the calendar. It represents the commencement of a modernised, more rigorous regulatory regime. The era of “set and forget” compliant AML Programs is definitively over. The most important question right now: “Is the business ready for the AML/CTF changes?”

The End of the Status Quo

The AML/CTF Amendment Act 2024 and the associated Rules introduce changes designed to simplify the regime but increase the burden of effectiveness. For existing reporting entities, the legislative overhaul dismantling the distinction between Part A and Part B of the AML/CTF Program is significant.

Come 31 March 2026, the separated structure disappears. In its place, reporting entities must implement a unified, outcomes-focused AML/CTF Program. This is not an administrative exercise in merging documents; it is a fundamental demand for a program that explicitly links risk assessments to controls. If the current program sits on a shelf, dusted off only for an independent review, it will likely fail the new standards.

The Dynamic Business Risk Assessment

At the heart of the reforms lies the Business Risk Assessment. Under the new regime, the Risk Assessment transitions from a static document to a dynamic, living component of the governance framework.

Crucially, the scope of risk has expanded. Entities must now explicitly identify, assess, and manage risks related to Proliferation Financing (PF) alongside Money Laundering (ML) and Terrorism Financing (TF). This requires a granular review of customers, jurisdictions, and delivery channels. Does the current risk methodology account for sanctions evasion or the financing of weapons of mass destruction? If the answer is “no,” the gap analysis must begin immediately.

Governance: The “Reasonable Steps” Standard

The reforms place squarely on the shoulders of governing bodies and senior management the obligation to take “reasonable steps” to ensure compliance. The days of a Board simply noting the AML/CTF Program in meeting minutes are over.

Senior management must now demonstrate active oversight. This means understanding the specific ML/TF/PF risks the business faces and ensuring the AML/CTF Program is resourced and effective to mitigate them. The appointment of the AML/CTF Officer is also under the microscope; this individual must be “fit and proper” and hold sufficient independence and authority. If the AML Officer is buried three layers down in the org chart without direct access to the Board, the governance structure may be non-compliant.

The Dissolution of Designated Business Groups

A practical but critical operational change is the replacement of Designated Business Groups (DBGs) with Reporting Groups. Existing DBGs will cease to exist on 31 March 2026.

This is not an automatic rollover. Corporate groups relying on shared compliance resources must proactively establish a Reporting Group under the new rules. This requires written agreement and a clear designation of a lead entity responsible for the group’s AML/CTF compliance. Failing to transition formally could leave individual entities within a group technically non-compliant and legally exposed.

Training and Culture

With new rules come new definitions and obligations. All staff involved in AML/CTF must be identified and appropriately trained. Staff training programs designed years ago will be obsolete.

For example the “tipping off” provisions have already evolved (as of March 2025), and the new Customer Due Diligence (CDD) requirements—particularly regarding value transfers and the “Travel Rule”—require updated operational knowledge.

A training plan for2026 must be drafted now. It should ensure that all staff including frontline staff, compliance teams, and the Board understand not just the mechanics of the new Act, but the cultural shift towards proactive risk management that AUSTRAC requires.

The Urgency of Now

2026 is here now, time is running out to review these new obligations. The gap between current frameworks and the 2026 requirements may be wider than anticipated.

Immediate actions for AFSL holders should include:

  • Gap Analysis: Compare the current AML/CTF Program against the new requirements.
  • Risk Assessment Review: Update the Risk Assessment to include identified risks as well as Proliferation Financing and ensure it reflects current business reality.
  • Governance Check: Verify the AML Officer’s fit and proper status, formal appointment, independence and brief the Board on their enhanced liabilities.
  • DBG Transition: Plan the restructuring from Designated Business Group to Reporting Group.

The reforms are designed to make Australia’s financial system hostile to criminal exploitation. For AFSL holders, this means the bar has been raised. Compliance is no longer a box-ticking exercise; it is a core license-to-operate imperative.

MIntegrity is assisting AFSL holders in navigating this transition. The deadline is fixed. The obligations are clear. The time to act is now.

For assistance with your AML/CTF Risk Assessment, Program review, or independent audit, contact MIntegrity today.

For AML training contact Think Caddie.

Back to Blog