Sanctions Screening in Australia: Obligations for Banks and Financial Institutions
Sanctions compliance in Australia is governed by two separate regulatory frameworks that operate alongside each other. The Autonomous Sanctions Act 2011 and the Charter of the United Nations Act 1945 impose the substantive sanctions obligations: the prohibition on dealing with designated persons and entities, the asset-freeze requirements, and the criminal liability for breaches. AUSTRAC's AML/CTF framework imposes the screening programme obligations: the requirement to have a customer identification and transaction monitoring programme that detects sanctions-related activity and triggers reporting.
Financial institutions that understand only one of these frameworks operate with compliance gaps. An institution that screens the Consolidated List but has no process for filing suspicious matter reports when a match is detected has satisfied DFAT's sanctions rules but failed AUSTRAC's AML/CTF programme requirements. An institution that files suspicious matter reports diligently but screens only against the OFAC list because it processes USD transactions has satisfied its AUSTRAC reporting obligations but is exposed to domestic sanctions breaches under Australian law.
This guide covers both frameworks, the lists Australian institutions must screen against, and where compliance programmes commonly fall short.

The two regulatory frameworks
Australian Sanctions Office (ASO) and DFAT: The Department of Foreign Affairs and Trade, through the Australian Sanctions Office, administers Australia's autonomous sanctions regime under the Autonomous Sanctions Act 2011. DFAT maintains the Consolidated List: a list of persons and entities subject to targeted financial sanctions under Australian law. Breaches of sanctions obligations under the ASA are criminal offences. The Australian Federal Police and the Australian Border Force enforce criminal breaches.
AUSTRAC: AUSTRAC is Australia's AML/CTF regulator and financial intelligence unit. Under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, reporting entities must have AML/CTF programmes that identify and manage the risk of providing services to sanctioned parties. AUSTRAC does not administer the sanctions lists, but it requires institutions to have screening programmes capable of detecting sanctions-related transactions and to file suspicious matter reports when a suspected sanctions breach is identified. AUSTRAC's examination focuses on whether the institution's AML/CTF programme is fit for purpose, not on whether specific transactions breached sanctions law.
Understanding the division is important for designing a compliance programme: DFAT/ASO governs what you cannot do (transact with designated parties), while AUSTRAC governs how you must detect and report when you suspect you may be doing it.
The Consolidated List and other required lists
DFAT Consolidated List: The primary list for Australian institutions. DFAT's Consolidated List brings together persons and entities subject to targeted financial sanctions under Australian law, drawn from UN Security Council resolutions implemented in Australia under the Charter of the United Nations Act 1945, and Australia's autonomous sanctions under the Autonomous Sanctions Act 2011. The Consolidated List is available on the DFAT website and is updated when new UN Security Council resolutions are adopted or when Australia imposes autonomous sanctions.
Autonomous sanctions in Australia can apply to specific countries (Ukraine/Russia-related sanctions, Myanmar, Iran, North Korea) or to specific persons and entities designated under country-specific regimes. The autonomous sanctions component of the Consolidated List is distinct from the UN-mandated component: institutions must screen both.
UN Security Council consolidated list: Institutions with significant cross-border exposure frequently screen the UN lists directly, in addition to DFAT's Consolidated List, to ensure they hold the most current UN designations without depending on DFAT's update cycle. Australia implements UNSC resolutions under the Charter of the United Nations Act 1945, but there can be a brief lag between a UNSC resolution and DFAT's Consolidated List update.
OFAC SDN list: Australian banks with US correspondent banking relationships, USD-clearing, or US-person customers screen the OFAC Specially Designated Nationals and Blocked Persons list as part of their sanctions programme. OFAC compliance in this context is driven by the correspondent banking relationship: a USD transaction involving a sanctioned party creates enforcement risk for the US correspondent, which creates relationship risk for the Australian institution.
Other lists based on business profile: Institutions with significant European transactions or EU-person customers include the EU consolidated list. Institutions with operations or correspondent relationships in Canada or the UK may include OSFI and OFSI lists respectively. The appropriate scope follows the institution's risk assessment of its transaction flows.
Who must comply
Under the Autonomous Sanctions Act and the Charter of the United Nations Act, the obligations apply broadly to persons and entities in Australia. In the financial sector, this means all deposit-taking institutions, payment service providers, remittance services, and financial intermediaries.
AUSTRAC's AML/CTF programme requirements apply to reporting entities under the AML/CTF Act, which covers banks, credit unions, building societies, payment service providers, foreign exchange dealers, bullion dealers, and digital currency exchange providers.
The Tranche 2 reform significance: Australia's AML/CTF reforms are extending obligations to lawyers, accountants, and real estate agents. For existing financial institutions, Tranche 2 means that counterparties they deal with may begin to have AML/CTF obligations for the first time. Financial institutions receiving funds from Tranche 2 entities need to consider whether those entities have adequate sanctions screening in their own onboarding. For more on the reforms, see our Tranche 2 AML reforms guide.
What the screening programme must cover
Real-time transaction screening: AUSTRAC's AML/CTF Rules require payment providers and banks to screen transactions before processing, not in a retrospective batch. For international wire transfers, this means screening originator and beneficiary details before the transaction is released. AUSTRAC examination focuses on whether the institution's transaction screening runs within the payment cycle.
Customer screening at onboarding and ongoing: Institutions must screen customers against the Consolidated List at the point of onboarding. Customers who screened clean at onboarding may subsequently be designated; ongoing screening of the active customer base is required. Most institutions run a daily batch screen of all active customers against the Consolidated List. DFAT updates the list when new designations are made: the interval between a designation and the institution's screening database reflecting that designation is the period of exposure.
Beneficial owner screening: Screening the named account holder is insufficient where a corporate customer has a designated beneficial owner. CDD processes must capture beneficial ownership, and beneficial owners must be screened alongside the legal entity. This is a specific AUSTRAC examination focus for corporate accounts.
Suspicious matter reporting: When an institution detects or suspects a sanctions match, it is required to file a suspicious matter report with AUSTRAC and, in the case of a confirmed match, notify DFAT. The suspicious matter report is required even if the match turns out to be a false positive on investigation, provided the institution had reasonable grounds to suspect a connection. The reporting obligation runs separately from the freeze obligation: freezing assets does not substitute for reporting to AUSTRAC.
Documentation of screening decisions: When a potential match is reviewed and concluded to be a false positive, the decision must be documented. AUSTRAC's examination of AML/CTF programmes includes a review of how institutions handle alerts, not just whether alerts are generated.

Common compliance gaps
Treating DFAT and AUSTRAC obligations as separate programmes: Institutions that manage their DFAT sanctions screening under a separate legal/compliance team from their AUSTRAC AML/CTF programme create integration gaps. The suspicious matter reporting requirement, which sits with AUSTRAC, and the freeze obligation, which arises under the ASA, need to be connected in the institution's response workflow.
Autonomous sanctions not covered: Institutions that screen only UN Security Council lists miss Australia's autonomous sanctions, which can include designations not replicated in UNSC lists. Australia's Ukraine-related and Myanmar-related autonomous sanctions have at times included designations not on the UNSC list. The Consolidated List covers both; institutions screening only UN sources have a gap.
Delayed Consolidated List updates: DFAT updates the Consolidated List when new designations are made. Institutions that download updates weekly rather than on the day of publication have a gap during any designation made mid-cycle. Automated list feeds address this.
Crypto and digital asset providers not screening: AUSTRAC-registered digital currency exchange providers are reporting entities and are required to screen customers and transactions. Compliance programme quality at some DCE providers lags behind the institutional banking sector on sanctions screening.
How FinCense supports sanctions screening compliance in Australia
FinCense's screening module covers DFAT's Consolidated List, UN Security Council lists, OFAC, and additional sources based on the institution's business profile. List updates are incorporated automatically on publication, eliminating the gap between a new designation and the institution's screening database.
Name matching uses NLP-based fuzzy matching to handle name variants, transliterations, and aliases that exact-string matching misses. Matching thresholds are configurable and documented, allowing compliance teams to demonstrate to AUSTRAC examiners that the programme is calibrated for detection quality, not just false positive reduction.
Transaction screening runs in real time before settlement. Beneficial owner screening is built into the CDD workflow. When a match is identified, FinCense's case management environment connects the alert, the investigation documentation, the freeze action, and the suspicious matter report workflow in a single record, covering both the AUSTRAC reporting obligation and the DFAT/ASO freeze requirement.
For broader AML/CTF programme requirements under AUSTRAC, see our AUSTRAC transaction monitoring guide. For equivalent obligations in Malaysia, see our sanctions screening guide for Malaysia.
To see how FinCense handles sanctions and AML/CTF compliance for AUSTRAC-regulated institutions, book a demo with our Australia team.
Frequently asked questions
What is the difference between DFAT and AUSTRAC's roles in Australian sanctions compliance?
DFAT, through the Australian Sanctions Office, administers the Consolidated List and enforces the substantive sanctions laws (the prohibition on dealing with designated parties and the asset-freeze obligation). AUSTRAC requires financial institutions to have AML/CTF programmes that screen for sanctions-related activity and file suspicious matter reports when a suspected breach is detected. DFAT governs what you cannot do; AUSTRAC governs how you must detect and report it.
What is the DFAT Consolidated List?
DFAT's Consolidated List brings together all persons and entities subject to targeted financial sanctions in Australia, drawn from UN Security Council resolutions implemented under the Charter of the United Nations Act 1945, and Australia's autonomous sanctions under the Autonomous Sanctions Act 2011. It is maintained by the Australian Sanctions Office and available on the DFAT website.
Are payment service providers and fintechs subject to the same sanctions screening obligations as banks?
Yes. Reporting entities under AUSTRAC's AML/CTF Act, which includes payment service providers, foreign exchange dealers, remittance services, and digital currency exchange providers, must have AML/CTF programmes that include sanctions screening. The substantive obligations under the Autonomous Sanctions Act apply broadly to persons and entities in Australia.
What happens when a confirmed sanctions match is identified?
The institution must freeze the matched party's assets under the Autonomous Sanctions Act and the Charter of the United Nations Act, file a suspicious matter report with AUSTRAC, and notify DFAT in the case of an asset freeze. The response workflow must connect all three actions: freeze, AUSTRAC report, and DFAT notification.
Does the OFAC list need to be screened in Australia?
It is not required under Australian law, but institutions with US correspondent banking relationships, USD-clearing, or US-person customers screen OFAC as part of managing correspondent banking risk. A USD transaction involving an OFAC-sanctioned party creates enforcement risk for the US correspondent, which in turn creates relationship risk for the Australian institution.
How does Tranche 2 affect sanctions screening obligations?
Tranche 2 extends AML/CTF obligations to lawyers, accountants, and real estate agents. For existing financial institutions, this means counterparties they receive funds from will begin to have their own screening requirements. Institutions should also assess whether payments from newly covered Tranche 2 entities carry any elevated sanctions risk.
Experience the most intelligent AML and fraud prevention platform
Experience the most intelligent AML and fraud prevention platform
Experience the most intelligent AML and fraud prevention platform
Top AML Scenarios in ASEAN

The Role of AML Software in Compliance

The Role of AML Software in Compliance





