Australia’s AML Overhaul: What AUSTRAC’s New Rules Mean for Compliance Teams
AUSTRAC’s latest draft rules signal a defining moment for AML compliance in Australia.
With growing pressure to address regulatory gaps and align with global standards, AUSTRAC has released a second exposure draft of AML/CTF rules that could reshape how financial institutions approach compliance. These proposed updates are more than routine tweaks, they are part of a strategic pivot aimed at strengthening Australia’s financial crime defences following international scrutiny and domestic lapses.
Background: Why AUSTRAC Is Updating the Rules
AUSTRAC’s policy overhaul comes at a critical time for the Australian financial sector. After years of industry feedback, regulatory incidents, and repeated warnings from the Financial Action Task Force (FATF), Australia has faced growing pressure to modernise its AML/CTF framework. This pressure intensified after the Royal Commission findings and the high-profile Crown Resorts case, which exposed systemic failures in detecting and reporting suspicious transactions.
The second exposure draft released in July 2025 reflects AUSTRAC’s intent to close key compliance loopholes and bring the current system in line with global best practices. It expands on the earlier draft by incorporating industry consultation and focuses on more granular obligations for customer due diligence, ongoing monitoring, and sanctions screening. These changes aim to strengthen Australia’s position in the face of a rapidly evolving threat landscape driven by digital finance, cross-border transactions, and sophisticated laundering techniques.
What’s Changing: Key Highlights from the Exposure Draft Rules
The second exposure draft introduces several new requirements that directly impact how reporting entities manage risk and monitor customers:
1. Clarified PEP Obligations
The draft now defines a broader set of politically exposed persons (PEPs), including foreign and domestic roles, and mandates enhanced due diligence regardless of source of funds.
2. Expanded Ongoing Monitoring
Entities must now monitor customers continuously, not just at onboarding, using both transaction and behavioural data. This shift pushes compliance teams to move from static checks to dynamic, risk-based reviews.
3. Third-Party Reliance Rules
The draft clarifies when and how financial institutions can rely on third parties for KYC processes. This includes more specific provisions for responsibility and liability in case of failure.
4. Sanctions Screening Expectations
AUSTRAC has proposed more stringent guidelines for sanctions screening, especially around name-matching and periodic list updates. There is also an increased focus on ultimate beneficial ownership.
5. Obligations for Fintechs and Digital Wallet Providers
The draft recognises the role of digital services and imposes tighter onboarding and monitoring standards for high-risk products and cross-border offerings.

Comparing ED2 with Tranche 2 Reforms
While Tranche 2 reforms remain on the horizon with a broader mandate to include lawyers, accountants, and real estate agents under the AML/CTF regime, the second exposure draft zeroes in on tightening the compliance expectations for existing reporting entities.
Unlike Tranche 2, which aims to expand the scope of regulated professions, the exposure draft rules focus on strengthening operational practices such as ongoing monitoring, customer segmentation, and enhanced due diligence for existing covered sectors. The rules also go deeper into technological expectations, such as maintaining audit trails and validating third-party service providers.
In short, ED2 is more about modernising the how of AML compliance, whereas Tranche 2 will eventually reshape the who of the regulated ecosystem.
Why It Matters for Financial Institutions
For compliance officers and risk managers, these proposed changes translate to increased scrutiny, more granular documentation, and an urgent need to improve monitoring practices. Institutions will be expected to maintain stronger evidence trails, adopt real-time monitoring tools, and improve their ability to detect behavioural anomalies across customer life cycles.
Moreover, the clear emphasis on risk-based ongoing due diligence means firms can no longer rely on periodic checks alone. Dynamic updates to risk profiles, responsive escalation triggers, and cross-channel data analysis will become critical components of future-ready compliance programs.
{{cta-first}}
Tookitaki’s Perspective and Solution Fit
At Tookitaki, we believe AUSTRAC’s second exposure draft offers an opportunity for Australian institutions to build more resilient, intelligence-driven compliance programs.
Our flagship platform, FinCense, is built to adapt to evolving AML obligations through its scenario-driven detection engine, AI-led transaction monitoring, and federated learning capabilities. Financial institutions can seamlessly adopt continuous risk monitoring, generate audit-ready investigation trails, and integrate sanctions screening workflows, all while maintaining high levels of precision.
Importantly, Tookitaki’s federated intelligence model draws from a community of AML experts to anticipate emerging threats and codify new typologies. This ensures institutions stay ahead of bad actors who are constantly evolving their methods.
What’s Next: Preparing for the New Rules
AUSTRAC is expected to finalise the rules following this round of industry consultation, with phased implementation timelines to be announced. Financial institutions should begin by assessing gaps in their existing AML controls, especially around ongoing monitoring, PEP screening, and documentation processes.
This is also a good time to evaluate technology infrastructure. Solutions that enable scalable monitoring, natural language audit logs, and flexible rule design will give institutions a distinct advantage in meeting the new compliance bar.
Conclusion
AUSTRAC’s second exposure draft marks a pivotal shift from checkbox compliance to intelligent, risk-driven AML practices. For financial institutions, the future of compliance lies in adopting flexible, technology-powered solutions that can evolve with the regulatory landscape.
The message is clear, compliance is no longer a static requirement. It is a dynamic, strategic pillar that demands agility, insight, and collaboration.
Experience the most intelligent AML and fraud prevention platform
Experience the most intelligent AML and fraud prevention platform
Experience the most intelligent AML and fraud prevention platform
Top AML Scenarios in ASEAN

The Role of AML Software in Compliance








