Key Highlights of AML Screening for Australian Businesses
AML screening is a legal requirement under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, regulated by AUSTRAC.
The AML/CTF Amendment Act 2024 and new Rules expand compliance obligations from 2026.
Tranche 2 reforms bring 80,000–90,000 new businesses (lawyers, accountants, real estate agents) under regulation from 1 July 2026.
Screening includes sanctions, PEP, watchlist, and adverse media checks.
Ongoing monitoring and Suspicious Matter Reporting are mandatory.
Non-compliance can result in significant financial penalties and reputational damage.
A risk-based AML/CTF program with proper governance and documentation is essential.
If your business provides financial services, processes transactions, or from 1 July 2026, it operates in law, accounting, real estate, or related professional sectors, AML screening is not just a compliance checkbox. It is a legal obligation enforced by AUSTRAC under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act).
AML screening is the process of checking customers, transactions, and business relationships against recognised risk indicators including sanctions lists, Politically Exposed Persons (PEPs), international watchlists, and adverse media to detect and prevent money laundering and terrorism financing before it occurs.
In Australia, the AML/CTF regulatory landscape is undergoing its most significant transformation in nearly two decades. The AML/CTF Amendment Act 2024 passed Parliament on 29 November 2024 and, together with the new AML/CTF Rules 2025 tabled by AUSTRAC in August 2025, has reshaped compliance obligations for existing reporting entities while preparing to bring an estimated 80,000 to 90,000 new businesses into the regulatory net.
This guide explains what AML screening is, who it applies to, what the law requires, how it works in practice, and what happens when businesses get it wrong. Whether you are an established fintech founder, a compliance officer reviewing your AML/CTF program, or a professional services provider preparing for Tranche 2 obligations, this guide will give you the clarity you need.
What Is AML Screening?
AML Screening Definition in Simple Terms
AML screening is short for Anti-Money Laundering screening and it is the process of checking individuals, businesses, and transactions against a range of databases and risk indicators to identify potential money laundering, terrorism financing, or sanctions violations.
In practice, it involves verifying whether a customer or counterparty appears on:
- Government and international sanctions lists
- Politically Exposed Persons (PEPs) registers
- Law enforcement and regulatory watchlists
- Adverse media reports linked to financial crime
AML screening is a component of broader AML/CTF compliance but the two are not the same thing. AML compliance encompasses the entire framework: governance, risk assessment, customer due diligence, transaction monitoring, record-keeping, and reporting. AML screening is specifically the activity of checking customers and transactions against known risk criteria to flag potential concerns for further review. Think of AML screening as the detection mechanism within a broader compliance program.
Why AML Screening Is Mandatory in Australia
AML screening is mandatory in Australia because reporting entities, businesses that provide designated services under the AML/CTF Act are legally required to identify and manage money laundering and terrorism financing risks.
AUSTRAC, Australia’s financial intelligence unit and AML/CTF regulator, oversees these obligations. Reporting entities must implement AML/CTF programs, conduct customer due diligence (including screening), monitor transactions, and submit reports to AUSTRAC. These are not optional risk management practices; they are legislated requirements.
AUSTRAC has a strong enforcement record. Civil penalties for serious and systemic non-compliance have reached into the hundreds of millions of dollars, Crown paid $450 million in 2023, SkyCity paid $67 million in 2024, and AUSTRAC applied for civil penalty orders against Entain Group in December 2024 and Mount Pritchard District Community Club in July 2025. The reputational damage from being publicly named in AUSTRAC enforcement proceedings can be equally damaging to the financial penalties themselves.
The message is clear: AUSTRAC expects businesses to take their screening obligations seriously and it has the tools and intent to pursue those that do not.
Turn AML Compliance Into a Strength
Build a risk-based AML/CTF program aligned with the Anti-Money Laundering and Counter-Terrorism Financing.
Who Needs AML Screening in Australia?
Under the AML/CTF Act, any business that provides a “designated service” is a reporting entity and must comply with AML/CTF obligations, including AML screening. The reforms introduced by the AML/CTF Amendment Act 2024 have significantly expanded the definition of designated services and the categories of businesses that must comply.
Current Reporting Entities
Since the AML/CTF Act commenced in 2006, the following types of businesses have been required to comply with AML/CTF obligations, including conducting AML screening:
- Banks and authorised deposit-taking institutions
- Other financial institutions, including non-bank lenders and credit providers
- Remittance providers (money transfer businesses)
- Digital currency exchange providers (crypto exchanges) regulated since 2018
- Gambling and gaming services (casinos, wagering providers, and certain clubs)
- Bullion dealers and precious metal traders
- Insurance providers offering specific designated products
These entities are required to enrol with AUSTRAC, implement an AML/CTF program, conduct customer identification and verification (Know Your Customer, or KYC), screen customers against relevant databases, monitor transactions on an ongoing basis, and report threshold transactions and suspicious matters to AUSTRAC.
Under the reformed regime, existing reporting entities must also update their AML/CTF programs by 31 March 2026, when new obligations under the AML/CTF Rules 2025 come into effect. This includes transitioning to a more outcomes-focused, risk-based compliance model, updating governance structures, and ensuring fit and proper AML/CTF compliance officers are appointed.
Tranche 2 Reforms — Who Will Soon Be Covered?
The Tranche 2 reforms represent the most significant expansion of Australia’s AML/CTF regime. From 1 July 2026, the following professions and businesses will become reporting entities for the first time:
- Lawyers and conveyancers (when providing certain designated services)
- Accountants and tax advisers
- Real estate agents (when acting on the buying and selling of real estate)
- Trust and company service providers
- Dealers in precious metals, jewels, and stones
- Insolvency practitioners
Enrolment with AUSTRAC for Tranche 2 entities oapens on 31 March 2026, with full compliance obligations commencing on 1 July 2026. Businesses in these sectors must be enrolled by 29 July 2026.
AUSTRAC estimates the Tranche 2 reforms will bring approximately 80,000 to 90,000 new businesses under regulation, bringing Australia in line with the Financial Action Task Force (FATF) standards. Australia faces a FATF mutual evaluation in 2026, and the reforms are partly designed to close the regulatory gaps that have seen Australian professional services sectors identified as high-risk pathways for money laundering.
For businesses in these sectors, the time to prepare is now, not July 2026. Designing an AML/CTF program, training staff, and implementing customer screening processes takes time. Businesses that leave it until enrolment opens will be unprepared, and AUSTRAC has made clear that wilful ignorance of obligations will be an enforcement priority after the commencement date.
AML Screening Requirements Under Australian Law
Understanding AML screening requirements means understanding what the AML/CTF Act and the AML/CTF Rules 2025 actually require. The reformed framework, effective from 31 March 2026 for existing entities and 1 July 2026 for Tranche 2 entities, introduces a risk-based, outcomes-oriented model that places greater emphasis on governance and genuine risk management rather than purely procedural compliance.
Customer Due Diligence (CDD) Obligations
Customer due diligence is the foundation of AML screening requirements. Under the reformed AML/CTF Act, CDD is divided into initial CDD and ongoing CDD.
Standard CDD requires reporting entities to collect and verify customer identity information before providing a designated service. This includes verifying the customer’s name, date of birth, and address, and confirming the identity of any beneficial owners.
Enhanced Due Diligence (EDD) is required for higher-risk customers and transactions. This includes Politically Exposed Persons, customers in high-risk jurisdictions, customers with complex ownership structures, and situations where a customer’s source of funds or wealth cannot be easily verified. EDD requires more detailed information gathering, additional verification steps, and senior management sign-off in many circumstances.
Ongoing CDD requires reporting entities to regularly review and update customer information throughout the business relationship, not only at onboarding. The frequency and depth of ongoing CDD should be proportional to the risk the customer presents.
Under the new framework, the CDD threshold for certain gambling services has also been lowered from $10,000 to $5,000, effective 31 March 2026.
Sanctions and PEP Screening
Australian reporting entities must screen customers against:
- The Australian Government’s consolidated sanctions list, administered by the Department of Foreign Affairs and Trade (DFAT)
- United Nations Security Council sanctions lists
- Other relevant international sanctions regimes, including those imposed by partner jurisdictions
- PEP registers, which identify current and former senior government officials, judiciary members, military leaders, and their close associates and family members
Sanctions screening must occur at onboarding and be repeated whenever there is a material change in the customer relationship, and in response to updated sanctions designations. A match against a sanctions list can trigger an obligation to refuse or freeze a transaction, and in some circumstances, to report to relevant authorities. Providing services to a sanctioned party is a serious criminal offence.
PEP screening does not automatically disqualify a customer, but it triggers enhanced due diligence requirements and requires closer ongoing monitoring of the business relationship.
AML Screening and Monitoring Requirements
One of the most common misconceptions about AML compliance is that screening is a once-at-onboarding event. Under Australian law, AML screening and monitoring are ongoing obligations that extend throughout the entire customer relationship.
Ongoing monitoring requires reporting entities to scrutinise transactions to ensure they are consistent with the customer’s risk profile and the nature of the business relationship. Any transactions that are inconsistent with what is known about the customer must be investigated.
Transaction monitoring systems are used by reporting entities to automatically flag transactions based on risk rules, For example, structuring patterns, unusual cross-border transfers, or high-value cash transactions. These systems must be calibrated to the entity’s specific risk profile and regularly reviewed for effectiveness.
Suspicious Matter Reports (SMRs) must be submitted to AUSTRAC when a reporting entity suspects on reasonable grounds that a transaction or customer is connected to money laundering, terrorism financing, or other serious crimes. SMRs must be submitted as soon as practicable after the suspicion arises, and in some circumstances, within 24 hours.
DFAT’s consolidated sanctions list is updated frequently, and reporting entities must ensure their screening processes capture updates in a timely manner. Screening against an outdated database is not a defence.
Strengthen Your AML Framework
Professional AML/CTF compliance services tailored for regulated businesses.
How AML Screening Works in Practice
Understanding the mechanics of AML screening helps businesses design processes that are genuinely effective, not just technically compliant. Here is how an effective AML screening process operates in practice.
Step-by-Step AML Screening Process
Step 1: Collect Customer Information
Before providing a designated service, the reporting entity must collect identity information from the customer. For individuals, this typically means full legal name, date of birth, residential address, and identification document details. For businesses and entities, it extends to company registration details, beneficial ownership information, and the identity of key controllers. This information forms the foundation of the customer’s risk profile.
Step 2: Screen Against Databases
The collected information is checked against relevant databases, which include the DFAT consolidated sanctions list, UN Security Council lists, AUSTRAC and international watchlists, PEP databases, and adverse media sources. The screening process looks for name matches, associated entities, and flags that suggest elevated risk. Sophisticated screening tools use fuzzy matching algorithms to catch variations in name spelling, aliases, and transliterations, reducing the risk of false negatives.
Step 3: Risk Assessment and Escalation
Where screening produces a match or a potential match, a human compliance review is required. The compliance team assesses whether the match is a true positive or a false positive, considers the context of the customer relationship, and applies the entity’s risk assessment methodology. High-risk customers and confirmed matches are escalated for enhanced due diligence, senior management review, and where required SMR reporting to AUSTRAC. All decisions are documented.
Step 4: Ongoing Monitoring
Screening is not a one-time event. Customer profiles are periodically re-screened, and transaction monitoring systems continuously flag unusual activity. When customers’ circumstances change a business relationship evolves, a PEP’s status changes, or a new sanctions designation is issued the entity must respond with updated screening and, if required, updated risk assessments.
Manual vs Automated AML Screening Tools
For small or early-stage businesses, manual AML screening using government databases and internal checklists can be a starting point. However, manual processes are slow, inconsistent, and difficult to scale. As transaction volumes grow, manual screening becomes a compliance risk in itself it cannot keep pace with real-time onboarding requirements, database updates, or the volume of ongoing monitoring required.
Automated AML screening software solutions integrate directly into onboarding and transaction processing workflows, enabling real-time checks against multiple databases simultaneously, automated alert generation and case management, audit trails and documentation for regulatory reviews, and scalability without proportional increases in compliance headcount.
For fintechs and growing businesses, investing in fit-for-purpose automated screening tools is not just more efficient and it is increasingly expected by AUSTRAC as part of a proportionate and effective AML/CTF program.
Common AML Screening Mistakes Australian Businesses Make
Despite the clear legal obligations, certain compliance failures appear repeatedly in AUSTRAC enforcement actions and regulatory reviews. Understanding these common mistakes allows businesses to avoid them proactively.
Treating Screening as a One-Time Event
Perhaps the most pervasive mistake is screening customers at onboarding and considering the obligation discharged. AML/CTF law requires ongoing monitoring throughout the business relationship. A customer who passes initial screening may later be added to a sanctions list, become a PEP through a political appointment, or be identified in adverse media. Without continuous or periodic re-screening, these changes go undetected, and the business continues to service a customer it would otherwise not accept and exposing itself to regulatory and criminal liability.
AUSTRAC expects reporting entities to have documented policies for ongoing monitoring, including defined re-screening frequencies based on customer risk ratings.
Poor Record-Keeping and Documentation
The AML/CTF Act imposes strict record-keeping obligations. Reporting entities must retain records of customer identification and verification, transaction records, risk assessments, screening results, escalation decisions, and SMRs for a minimum of seven years. In enforcement proceedings, the absence of adequate records is itself a breach of the Act and it makes it nearly impossible to demonstrate that obligations were met.
Poor documentation also undermines independent audits and regulatory reviews. When AUSTRAC or an independent auditor requests evidence of compliance, the inability to produce records of screening decisions, risk ratings, and ongoing monitoring activity will be treated as a significant deficiency. Document everything, systematically.
Ignoring Tranche 2 Preparation
For lawyers, accountants, real estate agents, and other Tranche 2 entities, the temptation is to wait until formal guidance is finalised before taking action. This is a significant risk. Businesses that begin preparing their AML/CTF programs now understanding what designated services they provide, assessing their customer risk profiles, identifying screening requirements, and designing governance frameworks will be in a far stronger position than those scrambling after enrolment opens in March 2026.
AUSTRAC has been explicit: after 1 July 2026, it will prioritise enforcement against entities that wilfully ignore the obligation to enrol. The agency has also stated that being new to regulation is not an excuse for failing to manage risk. Proactive preparation is not just sensible and it is expected.
Trusted AML/CTF Compliance Experts
Specialist AML/CTF services for Australian businesses across regulated industries.
What Happens If You Fail AML Screening Obligations?
The consequences of failing to meet AML screening and broader AML/CTF obligations in Australia are severe, and AUSTRAC has demonstrated both the will and the capability to pursue enforcement action against businesses of all sizes.
Financial Penalties and Enforceable Undertakings
AUSTRAC can apply to the Federal Court of Australia for civil penalty orders against non-compliant reporting entities. For corporations, the maximum civil penalty is up to 100,000 penalty units per breach, which translates to substantial dollar amounts, with the penalty unit value periodically updated under Commonwealth law. For individuals, including compliance officers and directors, the maximum is up to 20,000 penalty units per breach.
High-profile enforcement outcomes illustrate the potential scale: Westpac was ordered to pay $1.3 billion in 2020, CBA paid $700 million in 2018, Crown paid $450 million in 2023, and SkyCity paid $67 million in 2024. While most businesses will not face enforcement at this scale, even smaller enforcement actions such as the $56,340 infringement notice and enforceable undertaking imposed on Cryptolink in October 2025 can require costly remediation programs and divert significant management resources.
AUSTRAC can also issue enforceable undertakings, remedial directions, and infringement notices, and can appoint external auditors to review a reporting entity’s compliance. For remittance providers and digital currency exchanges, AUSTRAC can refuse, cancel, or suspend registration.
Reputational Damage and Banking Restrictions
Beyond the direct financial impact, the reputational consequences of AUSTRAC enforcement can be devastating and particularly for fintechs, fintech-adjacent businesses, and SMEs whose business models depend on customer trust and banking relationships.
AUSTRAC publishes enforcement actions on its website. Being publicly named in an enforcement action signals to customers, partners, investors, and banking counterparties that the business has failed to meet its regulatory obligations. For fintechs seeking or maintaining banking-as-a-service (BaaS) partnerships, this can trigger relationship reviews or account closures. Institutional clients may have contractual rights to terminate on regulatory breach. Professional indemnity insurers may increase premiums or decline renewal.
For founders building businesses in regulated industries, a compliance failure early in the business lifecycle can undermine years of effort to build credibility and investor confidence. The cost of getting AML screening wrong is almost always greater than the cost of getting it right.
How to Implement Effective AML Screening in Your Business
Effective AML screening does not happen by accident. It is the product of deliberate program design, appropriate technology investment, and genuine senior management commitment. Here is what a structured implementation approach looks like.
Conducting an AML Risk Assessment
The foundation of any effective AML/CTF program is a thorough risk assessment. Under the reformed AML/CTF framework, reporting entities must identify and assess the money laundering, terrorism financing, and proliferation financing risks specific to their business and taking into account their customer types, the nature of the designated services they provide, their delivery channels, and the jurisdictions they operate in or with.
The risk assessment determines where AML screening resources are most needed, which customers require enhanced due diligence, and how frequently ongoing monitoring should occur. A generic, template-based risk assessment is unlikely to satisfy AUSTRAC’s expectation of a genuine, outcomes-focused risk analysis. The assessment must be tailored to your business and reviewed regularly.
Designing a Compliant AML/CTF Program
Once the risk assessment is complete, the findings must be translated into an AML/CTF program is a documented set of policies, procedures, and controls that manage and mitigate the identified risks. Under the AML/CTF Rules 2025, the program must include a risk assessment, AML/CTF policies appropriate to those risks, clearly defined roles and responsibilities for AML/CTF compliance, a fit and proper AML/CTF compliance officer, staff training, and provisions for independent review.
The new framework no longer requires a two-part program structure. Reporting entities can organise their programs in a way that suits their business, provided the program meets the substantive requirements of the Act. The emphasis has shifted from formal structure to genuine effectiveness in managing risk.
When to Engage an AML Consultant
Designing and implementing a compliant AML/CTF program is complex and particularly for businesses that are new to regulation, businesses transitioning to the reformed framework, and businesses undergoing AUSTRAC review or remediation. An experienced AML consultant can accelerate program design, identify gaps in existing controls, ensure alignment with current regulatory expectations, and provide the independent review that the AML/CTF Rules require.
Tranche 2 Consultants specialises in AML program design and implementation, independent AML/CTF program reviews, Tranche 2 readiness assessments for professional services firms, and AUSTRAC remediation support for businesses already in the enforcement pipeline. If you are unsure whether your current AML/CTF program meets AUSTRAC’s expectations or if you are preparing for Tranche 2 obligations speak with our team. Early engagement consistently produces better outcomes than reactive compliance.
AML Screening Is a Legal Obligation — Not an Optional Safeguard
AML screening is not a compliance nicety, it is a legislated requirement that sits at the core of Australia’s financial crime prevention framework. For existing reporting entities, the AML/CTF Rules 2025 and the reformed AML/CTF Act introduce significant changes that take effect from 31 March 2026. For Tranche 2 entities, lawyers, accountants, real estate agents, trust and company service providers, and others for full compliance obligations commence 1 July 2026.
AUSTRAC’s enforcement posture is clear. The regulator has a track record of pursuing significant penalties for serious and systemic non-compliance, and it has stated explicitly that it will prioritise enforcement against Tranche 2 entities that wilfully ignore their obligations after the commencement date. The financial penalties, reputational damage, and operational disruption that follow an enforcement action are avoidable with the right preparation.
The businesses that navigate this environment successfully are those that treat AML screening and broader AML/CTF compliance as a genuine risk management discipline, not a bureaucratic burden. They invest in appropriate systems, appoint competent compliance officers, conduct genuine risk assessments, and engage expert guidance when the complexity of the regulatory environment exceeds their internal capability.
Tranche 2 Consultants is here to help Australian businesses whether they are fintech founders, compliance officers in established institutions, or professional services firms approaching regulation for the first time to build AML/CTF programs that are effective, proportionate, and aligned with AUSTRAC’s current expectations. The time to act is now.
"Precious metals and stones concentrate high value in small, easily transferable forms, making the sector inherently attractive to money laundering. Tranche 2 reflects AUSTRAC’s view that dealers now sit on the front line of financial crime prevention."
Frequently Asked Questions About AML Screening
What is AML screening in simple terms?
AML screening is the process of checking customers and transactions against a range of databases including sanctions lists, Politically Exposed Persons registers, watchlists, and adverse media to identify potential money laundering or terrorism financing risks. In Australia, it is a core component of an AML/CTF program required under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. It occurs at customer onboarding and continues throughout the business relationship.
Is AML screening mandatory in Australia?
Yes. AML screening is legally mandatory for reporting entities businesses that provide designated services under the AML/CTF Act. AUSTRAC oversees and enforces these obligations. Failure to conduct appropriate AML screening can result in civil penalties, enforceable undertakings, and reputational damage. The AML/CTF Amendment Act 2024 has expanded the scope of regulated entities, with Tranche 2 entities required to comply from 1 July 2026.
What are AML screening requirements for small businesses?
Small businesses that provide designated services under the AML/CTF Act must comply with the same substantive obligations as larger institutions, including conducting customer due diligence, screening against sanctions lists and PEP databases, monitoring transactions, and reporting suspicious matters to AUSTRAC. The requirements are applied in a risk-proportionate manner and smaller business with lower-risk customers and simpler transactions may have less complex screening obligations than a large institution but the obligations themselves are not reduced. All reporting entities must have a documented AML/CTF program.
What is the difference between AML screening and AML monitoring?
AML screening refers to checking customers and counterparties against specific databases sanctions lists, PEP registers, watchlists and typically at onboarding and at defined intervals. AML monitoring refers to the ongoing review of customer transactions and behaviour to detect patterns that may indicate money laundering or terrorism financing. Both are required under Australian AML/CTF law. Screening identifies who your customers are and whether they present known risk flags; monitoring tracks what they do throughout the relationship. Together, they form the customer risk management cycle at the heart of effective AML compliance.
Who must comply with AML laws under Tranche 2 reforms?
Under the AML/CTF Amendment Act 2024, the following sectors will become reporting entities from 1 July 2026: lawyers and conveyancers (when providing certain designated services), accountants and tax advisers, real estate agents, trust and company service providers, dealers in precious metals and stones, and insolvency practitioners. These businesses must enrol with AUSTRAC from 31 March 2026 and have an AML/CTF program in place by 1 July 2026. The reforms bring approximately 80,000 to 90,000 new entities into the regulated population.
How often should AML screening be conducted?
AML screening is not a one-time event. Initial screening must occur before or at the point of providing a designated service. Ongoing re-screening of existing customers should occur at intervals determined by the customer’s risk rating is higher-risk customers should be re-screened more frequently, while lower-risk customers may be screened on a longer cycle. Screening should also be triggered by material changes in the customer relationship, updated sanctions designations, or new adverse media. Transaction monitoring is a continuous, real-time process. AUSTRAC expects screening frequency to be defined in the entity’s AML/CTF program and applied consistently.
Specialist AML/CTF Compliance Support
AML program design, Tranche 2 readiness, independent reviews, and AUSTRAC remediation for regulated Australian businesses.
