Australian reporting entities have less than six months to design, build and test compliant solutions to meet new obligations commencing on 31 March 2026. These changes will have wide-reaching impacts, particularly for entities that have never before been subject to AML/CTF obligations.
Need to know
- From 31 March 2026, “value transfers” – including money, virtual assets and other property – will be subject to new information-sharing obligations.
- The reforms will capture a wide range of entities beyond banks, including remitters and virtual asset service providers (VASPs).
- Businesses should act now to map their payment flows, identify data gaps and prepare systems to comply within the timeline.
1. The Rule has broadened from “funds transfers” to “value transfers”
Currently, when financial institutions (like banks, building societies, and credit unions) transfer money electronically between bank accounts, there is a requirement for certain information to travel with the transfer.
Commencing 31 March 2026, there will be a new requirement for certain information to travel with a ‘transfer of value’, which applies to an electronic transfer of money, or a transfer of virtual assets or other property.
This is not a reporting requirement, this is a transparency of information requirement.
The travel rule will apply to financial institutions (like banks, building societies, credit unions), remittance providers and VASPs for both domestic and international transfers.
Who has what obligations and what information must travel depends on the role of the party in the value transfer chain whether they are an Ordering Institution, Intermediary Institution, Beneficiary Institution and the type of transfer.
Who does this impact?
Financial institutions will be captured by the travel rule, as well as entities that have never had to previously consider this kind of obligation e.g. remitters, VASPs, fintech payment facilitators, marketplaces holding customer funds, and bullion dealers accepting crypto.
2. Granular, role-based data obligations
At a high level, the now final AML/CTF Rules set out the following for travel information:
- Ordering Institution – must collect and verify certain information (except for merchant payments) and pass on information.
- Intermediary Institution – must monitor whether it has received certain information and pass on information. If the information has not been received, it must refuse the transaction or take another action.
- Beneficiary Institution – must monitor whether certain information has arrived and, if not, it must refuse the transaction or take another action.
- VASPs have additional obligations, including determining the nature of the virtual wallet to which, or from which, the virtual asset is being transferred. Ordering and beneficiary institutions must not provide the designated service if the transfer is to, or from, a person who is required to be licensed or registered under a law that gives effect to the FATF Recommendations but is not in fact so licensed or registered.
Recommendation: Map every payment rail your business uses against the requirements, identify data gaps – especially where legacy formats such as 18-character reference fields cannot carry the required information) and determine what change management you need to undertake.
3. Technology, privacy and industry collaboration
Interoperability remains a pain point – there is no common Australian messaging standard yet that replicates the ISO 20022-style data elements in the final Rules.
For VASPs, the Digital Economy Council of Australia (DECA) has convened a “Travel Rule” working group to design open-source technical solutions and coordinate pilot testing with AUSTRAC.
Recommendation: Join an industry group so your build aligns with emerging market standards and AUSTRAC’s evolving guidance.
4. Implementation timeline and readiness checklist
With 31 March 2026 fast approaching, suggestions from the panel included:
- Role and flow mapping – Chart all products, payment corridors and counterparties; classify each step into ordering/intermediary/beneficiary functions.
- Data gap analysis – Identify what payer/payee information you already hold and where you need enhanced collection, verification or message fields.
- Vendor and build decisions – Select or develop messaging, screening and monitoring tools capable of passing/retaining data in real time and at scale.
- Training and change management – Educate compliance, operations and customer-facing staff; run tabletop exercises to test escalation paths.
- Regulator engagement – Participate in AUSTRAC consultations and technical pilots; document all feedback and design decisions.
How we can help
Hamilton Locke’s Funds and Financial Services team can assist financial institutions, payment providers, fintechs, remitters and VASPs to understand their obligations under the AML/CTF reforms, conduct tailored readiness reviews and data-flow audits and draft or update AML/CTF Programs.
For more information, please contact Samantha Shields, Charmian Holmes and Jaime Lumsden.
