Key points

• The Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2026 (the Bill) establishes a new framework for the Australian Transaction Reports and Analysis Centre (AUSTRAC) Chief Executive Officer (CEO) to restrict or prohibit, via legislative instrument, a reporting entity from using high-risk mechanisms to provide designated services.
• The proposed framework responds to growing concerns about the risks of cryptocurrency being exploited for money laundering, scams and money mule activities.
• The Bill also amends the meaning of ‘financing of terrorism’ in the AML/CTF Act to:
  • include new offences created by the Criminal Code Amendment (State Sponsors of Terrorism) Act 2025 for financing a state sponsor of terrorism and state terrorist acts
  • provide regulation-making powers to prescribe offences against the Charter of the United Nations Act 1945 and the Autonomous Sanctions Act 2011, or their respective regulations.
• The Bill further makes technical amendments to address issues that have emerged since the enactment of the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024, including provisions relating to customer due diligence requirements, definitions for domestic politically exposed person and foreign politically exposed person, and legal professional privilege claims.
• At the time of writing, the Bill had not been referred to or reported on by any parliamentary committees.

Introductory Info

Date of introduction: 12 March 2026
House introduced in: House of Representatives
Portfolio: Home Affairs
Commencement: Schedule 1 will commence on 1 January 2027.
Schedule 2 will commence 28 days after Royal Assent.
Parts 1, 2, 5 and 7 of Schedule 3 will commence on the later of 31 March 2026 and the day after Royal Assent.
Parts 3 and 6 of Schedule 3 will commence on the later of 1 July 2026 and the day after Royal Assent.
Part 4 of Schedule 3 will commence on the day after Royal Assent.

Purpose of the Bill

The purpose of the Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2026 (the Bill) is to amend the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) to establish a new framework for the Australian Transaction Reports and Analysis Centre (AUSTRAC) Chief Executive Officer (CEO) to restrict or prohibit, via legislative instrument, a reporting entity from using a product, service, delivery channel or thing (the high-risk mechanism) to provide a designated service.

Structure of the Bill

The Bill is comprised of 3 schedules:

Schedule 1 establishes a new framework, which empowers the AUSTRAC CEO to restrict or prohibit, via legislative instrument, reporting entities from using high-risk mechanisms to provide designated services.

Schedule 2 amends the meaning of ‘financing of terrorism’ in the AML/CTF Act to:

• include new offences introduced into the Criminal Code Act 1995 (section 112.4 and Division 113) by the Criminal Code Amendment (State Sponsors of Terrorism) Act 2025 for financing a state sponsor of terrorism and state terrorist acts
• provide regulation-making powers to prescribe offences against the Charter of the United Nations Act 1945 and the Autonomous Sanctions Act 2011, or their respective regulations.

Schedule 3 makes technical amendments identified through the implementation of the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (AML/CTF Amendment Act).

Background

Australia’s AML/CTF regime is based on international standards developed by the global money laundering and terrorist financing watchdog—the Financial Action Task Force (FATF) (p. 12). The FATF Standards comprise 40 recommendations (the FATF Recommendations), which set out a framework of measures for countries to implement in order to combat money laundering and terrorist financing, as well as the financing of proliferation of weapons of mass destruction (p. 7).

The AML/CTF Act was amended in 2024 by the AML/CTF Amendment Act to modernise Australia’s AML/CTF regime and ensure it meets relevant international standards set by FATF, including by:

• introducing new designated services into the AML/CTF Act, meaning that lawyers, accountants, dealers in precious stones and metals, and real estate agencies (amongst others) who provide such services will now be regulated by the Act
• introducing a new ‘reporting group’ structure, which creates mandatory obligations and enhanced liability for lead entities in reporting groups
• regulating the treatment of AML/CTF information subject to legal professional privilege, including by requiring reporting entities to set out privilege claims in a new form
• introducing new coercive powers, including a new examination process which will allow AUSTRAC to obtain information and documents to make enforcement decisions.

At the time of writing, these amendments are still in a transitional phase, with many significant changes not coming into effect until 31 March 2026 or 1 July 2026. The Department of Home Affairs and AUSTRAC are also finalising transitional rules to support the implementation of the reforms.

Since the 2024 amendments, there have been significant developments relating to the evolution of the financial crime environment and state sponsored terrorism in Australia. New and emerging technologies are increasingly being exploited by transnational, serious and organised crime actors to generate illicit profits and launder the proceeds of crime (p. 7). Digital currencies such as cryptocurrency (crypto) have been described as ‘a magnet for money laundering and criminal conduct’ due to the anonymity involved and limited regulatory oversight.

Following intelligence reports about heightened money laundering risks posed by crypto, AUSTRAC established an internal cryptocurrency taskforce in September 2024 to ensure crypto ATM providers comply with Australia’s anti-money laundering regime and reduce the risks of crime. Since then, AUSTRAC has refused to renew a crypto ATM operator’s registration and imposed operating conditions on other crypto ATM providers, including a $5,000 limit on cash deposits and withdrawals.

Australia is reported to have the highest number of crypto ATMs in the Asia Pacific region—2,000 as of October 2025. AUSTRAC estimates that almost 150,000 transactions totalling over $275 million occur annually using crypto ATMs. Of these transactions, 99 percent are cash deposits for the purchase of cryptocurrencies, which makes it difficult to trace and increases the risks of cryptocurrency being exploited for money laundering, scams and money mule activities.

In June 2025, the Australian Federal Police (AFP) revealed that ReportCyber (Australia’s online cybercrime reporting system operated by the Australian Cyber Security Centre) received 150 unique reports of scams involving crypto ATMs between 1 January 2024 and 1 January 2025, with an estimated loss of more than $3 million. The AFP notes that this is a conservative estimate as scams involving crypto ATMs are vastly underreported. On a broader scale, the Australian Institute of Criminology estimates that serious and organised crime cost Australia between $35.5 billion and $82.3 billion in 2023–24.

In an address to the National Press Club on 16 October 2025, the Minister for Home Affairs announced that the Government was drafting amendments to the Act to provide AUSTRAC with new powers to restrict or prohibit high-risk products, services or delivery channels, with a focus on crypto ATMs.

In November 2025, the Criminal Code Act was amended by the Criminal Code Amendment (State Sponsors of Terrorism) Act 2025 to prescribe new offences connected with state terrorist acts and dealings with a state sponsor of terrorism. The new offences are yet to be reflected in the definition of ‘financing of terrorism’  in the AML/CTF Act.

Recommendation 6 of the FATF Recommendations requires countries to implement targeted financial sanctions regimes to comply with United Nations Security Council (UNSC) resolutions relating to the prevention and suppression of terrorism and terrorist financing. This includes UNSC Resolution 1373 (2001) and UNSC Resolution 1267 (1999). Whereas the former is currently included in the definition of financing of terrorism through the reference to section 20 or 21 of the Charter of the United Nations Act, the latter is yet to be included.

Australia was rated compliant with Recommendation 6 in its last mutual evaluation report (p. 144) and is due to undergo its next mutual evaluation process from 2026-2027.

The Department of Home Affairs undertook public consultation on proposed reforms to the AML/CTF Act between December 2025 and January 2026.

Policy position of non-government parties/independents

At the time of writing there does not appear to be any comment from non-government parties or independents on the Bill.

Key issues and provisions

Regulating the use of high-risk mechanisms

Item 1, Schedule 1 inserts new Part 6B into the AML/CTF Act, which vests the AUSTRAC CEO with new powers to regulate the use of high-risk mechanisms by reporting entities to provide designated services. A reporting entity is defined in section 5 as a person who provides any of the designated services listed in section 6, which currently include certain kinds of financial, bullion and gambling services.

The exchange of digital currency for money (and vice versa) is currently regulated under the AML/CTF Act, but will be expanded to include additional virtual asset-related services from 31 March 2026. All references to digital currency will also be changed to ‘virtual asset’ as part of the virtual asset services reforms under the AML/CTF Amendment Act (Schedule 6).

According to the Explanatory Memorandum (EM), an example of a high-risk mechanism that can be regulated under new Part 6B is a crypto ATM (p. 8).

Making the legislative instrument

The AUSTRAC CEO may, by legislative instrument, restrict or prohibit a reporting entity from using such high-risk mechanisms to provide designated services, if the CEO is satisfied that:

• using the high-risk mechanism has caused, will cause or is likely to cause, significant harm to either the financial system or the Australian community, or both; and
• the restriction or prohibition is necessary in the public interest (proposed subsection 77A(1)).

In applying the public interest test, proposed subsections 77A(2)–(3) require the AUSTRAC CEO to consider the following matters:

• the nature and extent of the harm that has been, will be, or is likely to be caused by the use of the high-risk mechanism
• the effect the proposed restriction or prohibition is likely to have on that harm
• the existence of alternative mechanisms that may be used to provide the designated service
• any other matter prescribed by the regulations
• any other matter the CEO considers relevant.

Before making the legislative instrument, the AUSTRAC CEO must undertake consultation with the following for a period of at least 30 days, unless exceptional or urgent circumstances justify making the instrument without consultation:

• persons who are reasonably likely to be affected by the instrument; and
• the Commonwealth, state or territory agency responsible for the administration of any law regulating a high-risk mechanism that will be impacted by the restriction or prohibitions (if applicable) (proposed subsections 77B(1)–(3)).

Exceptional or urgent circumstances could include

where the AUSTRAC CEO is satisfied that a high-risk mechanism is primarily being used for illicit financing purposes, and no other controls can urgently mitigate, disrupt or deter the risk or prevent the harm identified (EM, p. 10).

Although consultation is intended to be mandatory, a failure to consult would not invalidate the instrument (proposed subsection 77B(5)). The EM explains that this is appropriate as

any instrument made without consultation will only be in force for a limited period [discussed below], and any extension of that instrument must be subject to the consultation process. This will preserve the intent of the framework while enabling it to be used, in specific circumstances and for short periods, to respond to high-risk mechanisms that have caused, will cause or is likely to cause, significant harm to either or both of the financial system and the Australian community, where the restriction or prohibition is necessary in the public interest. (p. 11)

Without limiting how consultation may be undertaken, proposed subsection 77B(4) provides that the CEO is taken to comply with the requirement to consult with persons who are reasonably likely to be affected by the instrument by publishing, on AUSTRAC’s website, a document setting out details of the proposed instrument, including the proposed restrictions (if any) and inviting the public to comment. Given the specific consultation requirements, proposed subsection 77B(6) clarifies that section 17 of the Legislation Act (which provides that rule‑makers should consult before making legislative instruments) does not apply to the making of the instrument.

The EM notes that the use of legislative instruments is to ensure parliamentary oversight and scrutiny of decisions made under proposed subsection 77A(1) since decisions made by legislative instrument are subject to the requirements of the Legislation Act 2003 (p. 9).

Restrictions or prohibitions

The AUSTRAC CEO may impose restrictions that are in the public interest, including those listed in proposed subsection 77A(4), which according to the EM (p. 9) are modelled on the conditions that may be imposed on the registration of reporting entities on the Remittance Sector Register and the Digital Currency Exchange Register (to be renamed the Virtual Asset Service Provider Register from 31 March 2026) (sections 75E and 76G respectively). The restrictions imposed may relate to, but are not limited to:

• the volume or value of funds remitted, virtual assets exchanged or physical currency or property transferred
• the method of remittance, exchange or transfer
• the destination of the remittance, exchange or transfer
• requiring the reporting entity to provide certain information or do certain things to mitigate risk.

The duration of a restriction or prohibition in the first instance would depend on whether consultation was undertaken prior to making the instrument—no more than 6 months if no consultation was undertaken and no more than 3 years if consultation was undertaken (proposed section 77C).

The AUSTRAC CEO may extend a restriction or prohibition, by legislative instrument, if the CEO is satisfied of the matters required to make an instrument and has undertaken consultation on terms similar to the requirements for making the instrument (proposed section 77D).

An instrument may also be repealed (proposed subsection 77C(4)).

Offence provisions

A person subject to a restriction or prohibition commits an offence if:

• the person engages in conduct that breaches the restriction or prohibition (proposed subsection 77E(1))
• the person offers to use a product, service, delivery channel or thing to provide a designated service where that use would breach the restriction or prohibition (proposed subsection 77F(1)).

Strict liability applies to the person’s conduct (proposed subsections 77E(2) and 77F(2)), which is justified according to the EM because,

[r]equiring the prosecution to establish fault … would not be practical and would undermine the deterrent effect of this offence. The offence is intended to cover persons who continue to provide designated services through the use of high-risk mechanisms that have been restricted or prohibited, but who may be unaware whether the restriction or prohibition remains in place. The defence of mistake of fact under section 9.2 of the Criminal Code would still be available in relation to these elements. (pp. 13 [40], 14 [47])

The offences are punishable by a maximum penalty of imprisonment for 4 years or 1,000 penalty units ($330,000), or both. Although the penalty departs from the standard fine/imprisonment ratio in the Guide to Framing Commonwealth Offences, Infringement Notices and Enforcement Powers of 5 penalty units multiplied by the maximum prison term in months (in this case 4 years or 240 penalty units), it is consistent with similar penalties in sections 74 and 76A. The Government justifies this on the basis of deterrence as ‘[a] decision to restrict or prohibit a high-risk mechanism is intended to disrupt money laundering, terrorism financing, and other serious offences’ (EM, pp. 13-14 [42], 15 [49]).

Civil penalty

The Bill also inserts civil penalty provisions that prohibit a person subject to a restriction or prohibition from:

• engaging in conduct that breaches the restriction or prohibition (proposed subsections 77E(3)–(4))
• offering to use a product, service, delivery channel or thing to provide a designated service if the use would breach the restriction or prohibition (proposed subsection 77F(3)–(4)).

The maximum penalty is 100,000 penalty units ($33 million) for a body corporate and 20,000 penalty units ($6.6 million) for a person other than a body corporate (subsection 175(4) and (5)).

Items 2 to 5, Schedule 1 amend subsection 184(1A) and section 186A to allow for infringement notices to be given in relation to these contraventions.

Technical amendments

Schedule 3 makes technical amendments to the AML/CTF Act (as amended by the AML/CTF Amendment Act) to address issues that have emerged since the enactment of the AML/CTF Amendment Act relating to:

• customer due diligence requirements
• definitions for domestic politically exposed person and foreign politically exposed person
• legal professional privilege claims
• requirements for reporting entities to advise the AUSTRAC CEO of changes in enrolment and registrable details
• international value transfer services
• prescription of certain documents required to be provided in applications for registration on the Remittance Sector Register and Virtual Asset Service Provider Register
• the definition of designated infringement notice provision.

Please note that some of the provisions proposed to be amended are yet to commence and have not been incorporated in the AML/CTF Act at the time of writing.

Customer due diligence requirements

Part 1, Schedule 3 amends some of the initial, ongoing and enhanced customer due diligence (CDD) requirements for reporting entities introduced by the AML/CTF Amendment Act and due to commence on 31 March 2026. According to the EM, the amendments are intended to ‘simplify compliance and significantly reduce regulatory burden for reporting entities by removing requirements of reporting entities when meeting their CDD obligations’ and to more closely align Australia’s CDD requirements with the FATF Standards (p. 19).

In their submissions to the Senate inquiry into the Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2024, stakeholders such as the Australian Financial Markets Association (pp. 4–5) and the National Australia Bank (p. 3) had criticised the proposed CDD provisions for being too prescriptive and considered them likely to have a detrimental impact on customers.

Initial customer due diligence

Item 1 repeals and substitutes paragraph 28(2)(e), which would require a reporting entity to, before providing a designated service, establish on reasonable grounds whether the customer, any beneficial owner of the customer, any person on whose behalf the customer is receiving the designated service, or any person acting on behalf of the customer is either a politically exposed person ora person designated for targeted financial sanctions.

Under the proposed substituted provision, a reporting entity will not be required to establish whether any person acting on behalf of the customer is a politically exposed person. This is to align with the FATF Recommendations which do not require such assessment (EM, p. 19). A reporting entity would only be required to establish whether:

• the customer, any beneficial owner of the customer or any person on whose behalf the customer is receiving the designated service is a politically exposed person; or
• the customer, any beneficial owner of the customer, any person on whose behalf the customer is receiving the designated service, or any person acting on behalf of the customer is a person designated for targeted financial sanctions.

Ongoing customer due diligence

Item 3 repeals and substitutes paragraph 30(2)(c)(i), which would require reporting entities to review and, where appropriate, update and reverify know your customer (KYC) information where they have doubts about the adequacy or veracity of the KYC information relating to the customer. The proposed substituted provision limits the due diligence to instances where there are reasonable grounds for the reporting entity to doubt the adequacy or veracity of the KYC information.

According to the EM,

This amendment will replace the current trigger for reviewing and, where appropriate, updating and reverifying KYC information with an objective test. This will make clear that the trigger at paragraph 30(2)(c)(i) is not intended to rely on the subjective view of the reporting entity, nor the actual arising of a doubt by the reporting entity in situations where such a doubt should, objectively, have arisen. (p. 20)

Enhanced customer due diligence

Item 5 repeals and substitutes paragraph 32(c) as a consequence of the amendment proposed by Item 1. Paragraph 32(c) requires reporting entities to apply enhanced customer due diligence measures appropriate to the ML/TF risk of a customer if the customer, any beneficial owner of the customer, any person on whose behalf the customer is receiving the designated service, or any person acting on behalf of the customer, is a foreign politically exposed person.

The proposed amendment omits the requirement to establish whether any person acting on behalf of the customer is a foreign politically exposed person in line with the FAFT requirements.

Politically exposed persons

The AML/CTF Amendment Act inserts definitions for a domestic politically exposed person, foreign politically exposed person and family member in section 5 of the AML/CTF Act. The EM notes that these definitions are ‘centred around the provision of designated services in Australia, rather than being centred around the jurisdiction where a permanent establishment is’ with the implication being that

… for reporting entities that provide designated services at or through a permanent establishment in a foreign country, the definition has the effect of treating an Australian politically exposed person as a domestic politically exposed person, rather than a foreign politically exposed person. This is an issue as it would impact the applicability for reporting entities to conduct enhanced CDD in line with their requirements under the AML/CTF Act, including requirements under subsection 32(c) of the AML/CTF Act that apply to foreign politically exposed persons. Further, it also means that for reporting entities that provide designated services at or through a permanent establishment in a foreign country, the definition has the effect of treating a politically exposed person for that country [as] a foreign politically exposed person, rather than a domestic politically exposed person, again impacting how CDD is conducted. (p. 21)

Accordingly, Part 2, Schedule 3 amends the existing definitions and inserts new definitions to ‘ensure the definitions apply appropriately when designated services are provided at or through a permanent establishment in Australia or a foreign country’ (EM, p. 21). The Bill inserts new definitions for:

• ‘Australian politically exposed person’ that replicates the current definition of domestic politically exposed person (Item 7)
• ‘non-Australian politically exposed person’ that replicates the current definition of ‘foreign politically exposed person’ (Item 12).

Items 8–11 make consequential amendments to the existing definitions for a domestic politically exposed person, foreign politically exposed person and family member to reference the newly inserted definitions.

Legal professional privilege claims

Section 49 allows certain agencies (including the AUSTRAC CEO) to request further information or documents about a matter reported to AUSTRAC in relation to various reporting requirements. Similarly, section 202 authorises specified persons to give written notice requiring a person to provide any information or document relevant to the provision of designated services in Australia.

The AML/CTF Amendment Act introduces new subsections 49(4) and 202(5), which provide that where a reporting entity is given a written notice under sections 49 and 202 respectively, and it reasonably believes that information or document is covered by legal professional privilege (LPP), the person must give the AUSTRAC CEO an LPP form in relation to the information or document within the period specified in the notice.

Items 14–16 and 20-22 amend subsections 49(4) and 202(5) respectively, to provide that LPP forms must be given to the agency that issued the notice, rather than the AUSTRAC CEO. The LPP forms would only be provided to the AUSTRAC CEO if the request was made by the CEO.

Items 17–19 make consequential amendments to section 176 to allow the agency that issued the written notice to apply for a civil penalty order in relation to that notice. Currently, only the AUSTRAC CEO can apply for a civil penalty order.