In March 2026, the Australian Transaction Reports and Analysis Centre (AUSTRAC) issued a targeted letter to the wealth management sector, signalling a significant uplift in regulatory scrutiny. The message was stark, and the data behind it even more so. The question is no longer whether your firm will be scrutinised. It is whether you will be ready when it happens.
AUSTRAC has signalled a major escalation in regulatory scrutiny of the wealth management sector. With the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) reforms now in effect, wealth management businesses must act quickly to ensure their compliance frameworks meet the new risk-based, outcomes-focused requirements. Below is a snapshot of what you need to know.
Need to know:
- AUSTRAC’s supervisory campaign identified critical compliance gaps across the wealth management sector.
- The reformed AML/CTF Act commenced on 31 March 2026, replacing the prescriptive program structure with a risk-based model requiring tailored controls aligned to each business’s risk profile.
- Wealth businesses should ensure they develop a tailored AML/CTF program that complies with the reforms, embed high-risk customer identification processes both at onboarding and throughout the customer lifecycle, enhance transaction monitoring capabilities, and invest in staff training to meet AUSTRAC’s expectations.
AUSTRAC’s concerns
Australia’s AML/CTF Amendment Act 2024 is one of the most significant reforms to the financial services sector since 2006. The reforms represent more than a procedural update, they require a shift in how AML/CTF compliance programs are designed, governed, and executed. See our previous article on how the reforms impact advice businesses.
AUSTRAC has expressed serious concern about the state of AML/CTF compliance across the wealth management sector, citing widespread failure to identify high-risk customers and a near-total absence of suspicious matter reporting (SMR). Approximately 98% of enrolled wealth businesses submitted zero SMRs in 2025, 64% of all wealth sector SMRs were submitted by just three businesses, and 92% of wealth businesses reported having no high-risk customers.
AUSTRAC has taken the view that this is not evidence of a low-risk sector, but rather a sector that is blind to its obligations. The submission of quality SMRs and the identification of high-risk customers are indicative of a well-functioning and effective AML/CTF program, competent staff, and an engaged and informed Board and Executive team. Conversely, in AUSTRAC’s view, the absence of SMRs submitted by a business indicates that something is fundamentally wrong with the detection capability of the business.
What should you be doing?
The reformed AML/CTF Act commenced on 31 March 2026 for existing reporting entities, meaning the revised/enhanced obligations already apply to most wealth management businesses.
AUSTRAC expects effective systems and controls to be in place to manage and mitigate money laundering, terrorism financing and proliferation financing (ML/TF/PF) risks at client onboarding and during the entire customer lifecycle. AUSTRAC expects all regulated businesses to be:
- Developing and maintaining an AML/CTF Program that is tailored to its risk appetite;
- Conducting customer due diligence;
- Reporting suspicious matters to AUSTRAC; and
- Maintaining accurate records.
What can you do to uplift your current processes?
1. Review your AUSTRAC enrolment
You should review your business activities to ensure you are enrolled with AUSTRAC for the correct “designated services”. Many wealth advisory firms, for example, are only enrolled for designated service #54 in circumstances where they are likely providing other designated services as well (for example, if they operate their own MDA service).
2. Review and strengthen your AML/CTF program
You should review your current AML/CTF program and identify areas for improvement in the design and effectiveness of the program. Under the new regulations, AML/CTF programs need to be risk-based and outcomes-focused. Financial advice firms are no longer merely required to have a Part B program. Instead, this structure has been replaced by a risk-based model that is tailored to the business. Changes may include:
- Standardised processes of consistent identification of high-risk scenarios and customers when onboarding.
- Detailed explanation of your firm’s practices and process to ensure compliance at all levels of the business.
- Documented process to ensure that detected high-risk scenarios are investigated in a timely manner and, where appropriate, escalated for further review.
3. Embed high-risk customer identification
The new reforms have created greater requirements for businesses to identify high-risk customers. Indicators that should trigger enhanced due diligence include customers with unexplained sources of funds inconsistent with their profile, use of complex trust or company structures with unclear beneficial owners, holding assets or interests in tax havens, and customers identified in adverse media or linked to known criminal organisations. High-risk customer identification must occur at onboarding and throughout the customer lifecycle.
The new rules have created a more structured Customer Due Diligence (CDD) framework, which comprises two separate obligations – initial CDD and ongoing CDD. Businesses must implement distinct initial and ongoing CDD procedures tailored to the customer’s risk profile. An approach where every customer type is considered low risk is unlikely to demonstrate strong compliance with the risk assessment criteria. Onboarding questionnaires and templated fact finds are not likely to be sufficient to identify the risk level of a customer.
Risk frameworks should not be static. They should constantly evolve in light of your firm’s services, customers and delivery channels. Your risk assessment process also must be able to respond to changes in customer behaviour. A “set and forget” risk assessment is not only unsuitable, but non-compliant.
4. Enhance transaction monitoring
Businesses must have the capability to identify and submit Suspicious Matter Reports to AUSTRAC, provide relevant information in those SMRs and include a clear description of the matter in the grounds of suspicion.
You should create and implement systems to identify and detect potentially suspicious matters. Businesses need to consider what constitutes “reasonable grounds” for suspicion, identify who in the business is responsible for making that determination, and document steps to complete and submit the SMR within the required timeframe.
Critically, businesses do not need to have evidence of an offence being committed in order to submit an SMR or to designate a customer as high-risk.
5. Invest in staff training
Businesses are required to appoint an AML/CTF Compliance Officer who is responsible for AML/CTF compliance. The AML/CTF Compliance Officer should be given adequate resources and support to implement the policies and procedures throughout the business.
AUSTRAC requires senior management to be involved in the development and maintenance of the AML/CTF program by being responsible for approving key compliance decisions. Your business should keep the AML/CTF program up-to-date, reflecting any significant changes to your business or customers. Staff in these roles need to understand what the requirements are under the new regulations, what needs to be reported and when, and how to identify and escalate ML/TF risks.
Annual role-appropriate training should form part of the training and CPD requirements of operating a wealth management business. Advisers and other staff interacting with clients are the first line of detection and should be trained to know what to look for.
6. Review of AML/CTF program
Businesses must review and, if necessary, update their AML/CTF program and practices regularly, and at least every three years. It is important to continuously look for defects and compliance issues in your firm’s management of its AML/CTF obligations.
AUSTRAC has made it clear they will be actively monitoring the wealth management sector throughout 2026 to assess whether there has been a material increase in compliance. AUSTRAC expects each wealth business to consider its current program/procedures, identify areas for improvement and ensure it has the necessary resources and capabilities to comply.
Wealth businesses that are too slow to act risk regulatory enforcement action.
Our Financial Services team advises fund managers, advice firms, trustees, platforms and financial services intermediaries on AML/CTF compliance, regulatory strategy, and reform readiness. We can assist with AML/CTF program reviews, gap analyses against AUSTRAC’s expectations, Board briefings, planning and implementation.
For more information, please contact Simon Carrodus, Samantha Shields, Jaime Lumsden, Chris Deeble or Nicholas Pavouris.
