Insight,

Take 2 - AUSTRAC commences further consultation on draft AML/CTF Rules

22 May 2025

Our People
AU | EN
Current site :    AU   |   EN
Australia
EN |
Singapore
EN |

On Monday 19 May 2025, AUSTRAC released a further set of draft AML/CTF Rules for consultation (ED2). ED2 includes updates to the first draft AML/CTF Rules that were consulted on earlier this year (ED1), incorporating feedback received by AUSTRAC – as well as a range of new draft rules that are being consulted on for the first time. AUSTRAC has also separately released for consultation draft AML/CTF Rules including class exemptions, many of which reflect existing relief.

While ED2 does not give reporting entities everything on their wish list, there are some significant wins – particularly in relation to initial CDD. The ongoing strengthening focus on the virtual asset sector is also evident from various registration and conduct-related measures in ED2.

Importantly, there may now be sufficient certainty around some key requirements to begin updating systems and processes for commencement on 31 March 2026 (for existing reporting entities) and 1 July 2026 (for entities that only provide “tranche 2” designated services).

These dates are approaching fast. For example, if you will commence to provide items 29 or 30 designated services and are not already registered as a remitter, your application for registration (including police checks for key personnel) will need to be prepared and filed before the end of 2025.

The closing date for consultation on ED2 is 27 June 2025.

KEY TAKEAWAY
DETAIL
Example uses 2

The requirement to collect and verify date and place of birth has been removed

Reporting entities will not be required to collect and verify an individual customer’s date of birth or place of birth (as was proposed in ED1). 

New rules have been introduced to assist with meeting the obligation to establish the identity of beneficiaries of a trust and beneficial owners

A reporting entity will be deemed to have established the identity of a person on whose behalf a trustee is receiving a designated service:

  • if they establish on reasonable grounds the identity of the beneficiaries;
  • if the nature of the trust means it is not possible to identify each beneficiary, if they establish on reasonable grounds a description of each class of beneficiary; or
  • if they establish on reasonable grounds that the customer is not receiving a designated service on behalf of a beneficiary or class of beneficiary.

A new rule has also been introduced to provide relief from the requirement to establish on reasonable grounds the identity of beneficial owners if the ML/TF risk of the customer is low, ECDD has not been triggered and the customer is, or is controlled by:

  • a government body;
  • an entity subject to oversight by prudential, insurance or investor protection regulator through registration or licensing requirements;
  • a corporation or association of homeowners in a strata title or community title scheme; or
  • a listed public company that is subject to public disclosure requirements (however imposed) that ensure transparency regarding the identity of any beneficial owners.

The conditions for reliance on the passporting relief have been clarified making this a more useful rule for those with offshore establishments

Draft rule 5-13 has been clarified to reflect AUSTRAC’s intention that a reporting entity may rely on a form of initial CDD previously undertaken by that entity (or a member of its reporting group) in a manner that complied with relevant FATF Recommendations. 

No changes were made to the requirement to treat non-customers as customers for the purposes of initial CDD 

There have been no material changes to the proposal in ED1 that, where a reporting entity is required to establish the identity of a person other than the customer (eg persons who act on behalf of the customer), the reporting entity must collect and verify information about the identity of that person as though they were the customer. However, AUSTRAC commentary may suggest that this is limited to the collection and verification of information related to “identity” only. 

Additional prescriptive requirements have been introduced for non-individual customers

For example:

  • For most customer types, reporting entities must establish on reasonable grounds the full name of the individual/s with primary responsibility for governance and executive decisions of the customer. This introduces a degree of legal and practical complexity, given the spectrum of possible interpretations of these concepts, making careful operationalisation important.
  • For bodies corporate, reporting entities will be required to establish on reasonable grounds the full name and director identification number of each eligible officer.

Clarification on the status of PEPs for offshore designated services 

AUSTRAC has acknowledged that it does not have the power to address the issues created by the definitions of domestic and foreign PEP for customers receiving services offshore by amending the definitions itself.  However, it has addressed the underlying issue by introducing rules that allow reporting entities to treat PEPs as “domestic” if the service is provided to a PEP of the same country in which the service is provided.   For example, the intention seems to be that if providing a service in Singapore, involving a Singapore PEP, that person should be practically treated as a domestic PEPs under the Australian AML/CTF Act (in addition to any other local laws that may be applicable). 

Double jeopardy for breaches of Australian sanctions laws as AUSTRAC gets the power to commence civil penalty proceedings for breaches of sanctions laws

AML/CTF policies must ensure that a reporting entity does not make money, property or virtual assets available to, or for the benefit of, a sanctioned person and does not use or deal with (or facilitate the use of or dealing with) controlled assets in contravention of Australian sanctions laws.

If these policies are breached, this will constitute a strict liability offence under either the Charter of the United Nations Act 1945 (Cth) (COTUNA) or the Autonomous Sanctions Act 2011 (Cth) (ASA) (unless a defence applies) and a breach of section 26G of the amended AML/CTF Act (the requirement to comply with AML/CTF policies).

The problems created by the definitions of ordering and beneficiary institutions have been resolved by….not defining them

ED2 simplifies the definitions proposed by the first draft but in doing so doesn’t give any real meaning to the terms.

A person will be an ordering institution (OI) if it accepts an instruction for the transfer of value on behalf of a payer and a person will be a beneficiary institution (BI) if it makes transferred value available to a payee. This means that, for example, a person provides an item 29 service if in the capacity of a person who accepts an instruction for the transfer of value in the course of carrying on business, they accept an instruction for the transfer of value.

There is some helpful commentary from AUSTRAC which may assist in determining who is the ordering institution, and the exemption for entities that accept instructions or make value available incidentally to another service remains available in the amended AML/CTF Act (although this incidental exemption still does not extend to intermediary institutions).

The criteria that were used in ED1 to determine whether a person was an OI or BI are now examples of actions that may result in a person being an OI or BI (with some minor clarifications). 

AUSTRAC has provided guidance on the obligations of intermediary and beneficiary institutions to take “reasonable steps to monitor” whether they have received the required information 

Intermediary institutions will not be required to monitor for the accuracy of the information provided to them, but they will be required to monitor for possible SMRs (eg obviously fictitious names included in transfer messages).

While small remitters acting as an intermediary or beneficiary institution may be able to monitor in real time, larger entities processing high volumes may instead use sampling and quality assurance. 

Reporting international funds transfers

The Department of Home Affairs intends to develop transitional rules which will extend the operation of the current international funds transfer instruction (IFTI) reporting requirements until after 2026 to enable AUSTRAC and industry to undertake consultative development of reportable details for the new international value transfer service reporting requirements.

Virtual asset services

ED2 introduces several changes that generally impact virtual asset service providers (VASPs). Notable changes specific to VASPs include a more comprehensive registration application process that requiring VASPs to provide detailed information about their operations, including expected transactions for the first 12 months, as well as specific reporting requirements for Suspicious Matter and Threshold Transaction Reports related to virtual assets. Additionally, ED2 sets out the type of information that will be recorded on the public virtual asset register and clarifies that renewal applications will remain active while the AUSTRAC CEO reviews them.
Categories

Key Contacts

Show MoreShow Less
Latest Thinking
Insight
Bendel: Commissioner ‘A loan’ in view that UPE was a loan for Division 7A purposes
The long-awaited High Court decision in Bendel has arrived!

12 June 2026

Insight
Queensland goes all in on critical minerals: Key changes under the SDPWO Amendment Bill 2026
Queensland has fired the legislative starting gun in the race for critical minerals investment.

05 June 2026

Insight
The forfeiture rule and superannuation death benefits: emerging issues for trustees
While the forfeiture rule is a longstanding position in law, its application to superannuation is not always clear.

05 June 2026

Explore Latest Thinking
Our People
Media Centre
About Us
Contact Us
Explore Our Expertise
Explore insights

Advertising and Targeting Cookies