AUSTRAC doesn't just send warning letters. It issues infringement notices, launches civil penalty proceedings, and has secured over $2.5 billion in penalties from Australian businesses. With Tranche 2 now in effect, the same enforcement powers apply to accountants, lawyers, conveyancers, real estate agents, and jewellers.
Here's what's at stake if you don't comply.
Maximum Penalties Under the Reformed Act
The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (as reformed) sets out significant penalties:
| Offence | Maximum Penalty |
|---|---|
| Failure to have an AML/CTF program | $31.3 million (body corporate) |
| Failure to conduct customer due diligence | $31.3 million (body corporate) |
| Failure to report suspicious matters (SMR) | $31.3 million (body corporate) |
| Failure to enrol or register with AUSTRAC | Daily penalties until resolved |
| Individual liability (officers/directors) | Up to $6.26 million |
| Tipping off (warning a client about an SMR) | Criminal offence — imprisonment |
These aren't theoretical numbers. AUSTRAC actively enforces them.
Real Enforcement Actions (2017–2026)
Landmark Civil Penalty Cases
| Entity | Year | Penalty | What Happened |
|---|---|---|---|
| Westpac | 2020 | $1.3 billion | 19.5 million+ breaches including late TTRs and failure to monitor international transfers linked to child exploitation |
| Commonwealth Bank | 2018 | $700 million | Systematic failures in transaction monitoring and SMR reporting through intelligent deposit machines |
| Crown Resorts | 2023 | $450 million | Serious and systemic non-compliance across Melbourne and Perth casinos |
| SkyCity Adelaide | 2024 | $67 million | Systemic AML/CTF failures at its Adelaide casino |
| Tabcorp | 2017 | $45 million | Breaches of AML/CTF obligations in wagering operations |
Recent Infringement Notices (2024–2025)
You don't need to be a bank or casino to attract AUSTRAC's attention. In 2024–2025, AUSTRAC issued infringement notices to:
| Entity | Penalty | Reason |
|---|---|---|
| Cointree Pty Ltd | $75,120 | Late suspicious matter report submissions |
| Revolut Australia | Infringement notice | AML/CTF compliance failures |
| Cryptolink Pty Ltd | Infringement notice + enforceable undertaking | Compliance failures |
| 14 other entities in 2024 | Various | Late compliance reports, AML/CTF program failures |
Cointree's case is particularly instructive. The digital currency exchange voluntarily disclosed that it had failed to submit SMRs within the required timeframes. Despite cooperating fully and taking steps to fix its systems, it still received a $75,120 fine. Self-reporting doesn't guarantee immunity.
Ongoing Court Proceedings (2025–2026)
| Entity | Filed | Allegation |
|---|---|---|
| Entain Group (Ladbrokes, Neds) | December 2024 | Serious and systemic non-compliance |
| Mounties (community club) | July 2025 | Serious and systemic non-compliance |
| Castra & Princeton Securities | December 2025 | Failure to lodge compliance reports |
Even failing to submit your annual compliance report can result in civil penalty proceedings — as the Castra and Princeton cases demonstrate.
How AUSTRAC Decides to Take Action
AUSTRAC uses a graduated enforcement model:
For Tranche 2 entities, AUSTRAC has stated it will take a pragmatic and proportionate approach. But this doesn't mean you can ignore your obligations.
AUSTRAC CEO Brendan Thomas has been clear:
"We don't expect perfection on day one, but we do expect sustained effort, strong leadership, and genuine progress."
What Triggers AUSTRAC Enforcement
Based on recent cases, the most common triggers are:
1. Late or Missing SMRs
The most frequent cause of infringement notices. SMR deadlines are strict:
- 3 business days for money laundering suspicions
- 24 hours for terrorism financing suspicions
Missing these deadlines — even once — can result in a fine.
2. No AML/CTF Program
Operating without a written AML/CTF program is a fundamental breach. Every reporting entity must have one before providing designated services.
3. Failure to Enrol or Register
From 1 July 2026, providing designated services without being enrolled with AUSTRAC is an offence. Daily penalties apply.
4. Inadequate Customer Due Diligence
Not verifying customer identity, not screening against sanctions lists, or not assessing customer risk levels.
5. Missing Compliance Reports
The annual compliance report is mandatory. Failing to lodge it — as Castra and Princeton discovered — can lead to civil penalty proceedings.
6. Tipping Off
Warning a customer that an SMR has been filed is a criminal offence. This applies to everyone in your organisation, not just the compliance officer.
What AUSTRAC Expects from Tranche 2 Businesses
AUSTRAC published updated regulatory expectations in December 2025. The key points:
If you can meet all obligations by 1 July 2026:
- Have your AML/CTF program in place
- Conduct CDD on new customers
- Be enrolled with AUSTRAC
- Start monitoring and reporting
If you can't meet all obligations by 1 July 2026: You must have a documented implementation plan that includes:
- How you'll manage ML/TF risks during the transition
- The gaps between your current and target state
- A timeline for closing those gaps
- Who is accountable for each step
- How you'll mitigate risks during the transition
- How you'll monitor effectiveness
This plan should be endorsed by senior management. AUSTRAC doesn't need a copy, but they will ask about your progress during any engagement.
The Cost of Compliance vs Non-Compliance
| Annual Cost | |
|---|---|
| AML Mate subscription | $588 ($49/month) |
| Compliance consultant | $5,000–$15,000 |
| Single infringement notice | $75,000+ |
| Civil penalty (small business) | $100,000–$1,000,000+ |
| Civil penalty (large business) | $45,000,000–$1,300,000,000 |
A $49/month subscription is cheap insurance against a $75,000 infringement notice.
How to Protect Your Business
Step 1: Enrol with AUSTRAC (Now)
Enrolment is open at AUSTRAC Online. Don't wait until July.
Step 2: Get Your AML/CTF Program in Place
You need a written program covering Parts A–F. AML Mate generates this using AUSTRAC's official starter kit templates.
Step 3: Set Up Customer Due Diligence
Verify client identity, screen against sanctions lists, and assign risk ratings.
Step 4: Know Your Reporting Obligations
Understand when and how to file SMRs and TTRs. Late filing is the most common cause of penalties.
Step 5: Train Your Staff
Everyone involved in designated services needs AML/CTF training within 30 days of starting.
Step 6: Document Everything
Keep records for 7 years. If AUSTRAC comes knocking, your records are your defence.
Don't Be a Case Study
Every enforcement action listed above started with a business that thought compliance could wait, or that the rules didn't apply to them.
AUSTRAC has expanded from regulating 19,000 businesses to nearly 100,000. They have the budget, the mandate, and the track record to enforce the law. The question isn't whether they'll take action against non-compliant Tranche 2 businesses — it's when.
Not sure where you stand? Run a free compliance check to see your obligations — no signup required. Or start your 14-day free trial and generate your AML/CTF program in 15 minutes.