AUSTRAC Enrolment Explained: What It Is, Why It Matters, and What You Need to Do

If your business has recently been swept up in Australia's landmark anti-money laundering reforms or if you've been watching the headlines and wondering whether they apply to you, this guide is for you.

AUSTRAC enrolment is one of the most significant new compliance obligations facing thousands of Australian businesses. Understanding what it is, who it applies to, and what it requires of you is no longer optional. It's the law.

people meeting


What Is AUSTRAC?

The Australian Transaction Reports and Analysis Centre (AUSTRAC) is Australia's financial intelligence agency and anti-money laundering (AML) regulator. Its primary role is to protect the Australian financial system from exploitation by criminals — including money launderers, terrorism financiers, and those seeking to move illicit funds through legitimate businesses.

AUSTRAC sits at the intersection of financial regulation and law enforcement. It collects, analyses, and shares financial intelligence with domestic and international law enforcement agencies. The data AUSTRAC receives from regulated businesses forms a critical layer of national security infrastructure.

What Is AUSTRAC Enrolment?

Enrolment is the formal process by which a business registers itself as a reporting entity under Australia's Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (the AML/CTF Act). It is the gateway to AUSTRAC's regulatory ecosystem.

When you enrol with AUSTRAC, your business is officially recognised as a provider of one or more designated services; financial, property, legal, accounting, or other services that carry a risk of exploitation for money laundering or terrorism financing. Enrolment places you on the AUSTRAC Roll and unlocks access to AUSTRAC Online, the portal through which you will submit reports, update your details, and manage your ongoing compliance obligations.

Put simply: enrolment is how AUSTRAC knows you exist, what you do, and how to hold you accountable.

Why Do You Have to Enrol?

The Legal Requirement

If your business provides a designated service with a geographical link to Australia, enrolment is a legal obligation, not a choice. The AML/CTF Act makes this clear, and failure to enrol can expose your business to significant civil and criminal penalties.

The Tranche 2 Reforms

For many businesses, this obligation is new. Australia's AML/CTF reform program introduced via the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024, which received Royal Assent on 10 December 2024 dramatically expanded the scope of who must enrol.

For the first time, Tranche 2 entities are now regulated. This brings a wide range of previously unregulated professions and industries into the AML/CTF framework, including:

  • Real estate agents and agencies (buying, selling, and leasing)
  • Lawyers and law practices
  • Accountants and bookkeepers
  • Financial advisers
  • Dealers in precious metals and stones
  • Trust and company service providers
  • Virtual asset service providers (expanded categories)

Enrolment for Tranche 2 entities opened on 31 March 2026, with full AML/CTF obligations commencing from 1 July 2026. Businesses must submit their enrolment application within 28 days of commencing a designated service.

Why It Matters Beyond Compliance

Australia's previous AML/CTF regime was widely acknowledged as falling short of international standards set by the Financial Action Task Force (FATF), the global body that sets AML benchmarks. The FATF identified major deficiencies in Australia's regulation of designated non-financial businesses and professions, the very sectors now captured under Tranche 2.

Non-compliance put Australia at risk of being placed on international monitoring lists, which can have serious consequences for Australian businesses operating globally, including increased scrutiny of international transactions and reputational damage at a national level.

By enrolling and complying, your business is not just meeting a legal obligation. You are actively contributing to Australia's financial integrity and helping protect the broader economy from criminal exploitation.

What Does Enrolment Actually Involve?

Enrolment is completed through the AUSTRAC Online portal. The process requires you to provide detailed information about your business, including:

  • Business name, structure, and registration details
  • The specific designated services you provide
  • Details of key personnel, including your governing body and compliance officer
  • Contact information for regulatory correspondence

Once enrolled, you receive an AUSTRAC account number, which also determines the timeline for certain obligations such as your first independent evaluation (at least three years from commencement).

If your business is a remittance or virtual asset service provider, enrolment alone is not sufficient, you must also separately register with AUSTRAC, which involves a more detailed assessment process.

If you are yet to enrol or simply need support navigating the the Visibl team can help. 

Key Obligations After Enrolment

Enrolment is the beginning, not the end. Once you are on the AUSTRAC Roll, a suite of ongoing obligations applies to your business. These obligations are designed to ensure that your business actively manages its exposure to money laundering and terrorism financing risk.

1. Develop and Maintain an AML/CTF Program

Every reporting entity must have a written AML/CTF program; a living document that sets out how your business identifies, assesses, and manages its money laundering and terrorism financing risks.

The program must include:

  • A risk assessment specific to your business, customers, products, services, channels, and geographic exposure
  • Policies, procedures, systems, and controls to mitigate the risks you identify
  • Governance arrangements, including the roles of your governing body, senior managers, and AML/CTF compliance officer

The new framework under the 2024 reforms takes a risk-based, outcomes-oriented approach, moving away from tick-box compliance toward genuine risk management. Your program must be proportionate to the nature, size, and complexity of your business.

2. Appoint an AML/CTF Compliance Officer

From 31 March 2026 (for existing entities) or at the time of enrolment (for new entities), you must appoint a fit and proper AML/CTF compliance officer. This person is responsible for day-to-day compliance management, implementing your AML/CTF program, and serving as the primary point of accountability within your business.

You must notify AUSTRAC of your compliance officer's details. Existing reporting entities had until 30 May 2026 to complete this notification.

3. Conduct Customer Due Diligence (CDD)

Before providing a designated service, you must verify who you are dealing with. This is known as initial customer due diligence (CDD) and includes:

  • Identifying the customer and, where relevant, any beneficial owners
  • Verifying the customer's identity using reliable and independent sources
  • Checking whether the customer is a politically exposed person (PEP) or subject to targeted financial sanctions
  • Understanding the nature and purpose of the business relationship

Enhanced due diligence is required for higher-risk customers; for example, foreign nationals, high-net-worth individuals, or customers from jurisdictions with elevated AML risk.

4. Conduct Ongoing Due Diligence

Your obligations don't end at onboarding. You must monitor your customer relationships throughout their lifecycle, including:

  • Reviewing transactions for unusual or suspicious activity
  • Updating customer information when circumstances change
  • Applying enhanced scrutiny where risk indicators emerge

5. Report to AUSTRAC

Reporting entities must submit various reports to AUSTRAC, including:

  • Threshold transaction reports (TTRs): For cash transactions of A$10,000 or more
  • Suspicious matter reports (SMRs): When you have reasonable grounds to suspect a transaction or activity is related to money laundering, terrorism financing, or other criminal conduct
  • International value transfer reports: For instructions to transfer value into or out of Australia (replacing the previous IFTI report framework from 31 March 2026, with a transition period for existing entities)
  • Cross-border movement reports (CBMRs): For physical currency of A$10,000 or more moved across Australia's border
  • Annual compliance reports: A yearly self-assessment of how your business met its AML/CTF obligations

6. Keep Records

Reporting entities must create and securely store comprehensive records for seven years. This includes records of customer identification, transactions, due diligence decisions, and AML/CTF program documentation. These records must be available to AUSTRAC and law enforcement on request.

7. Train Your People

Preparing your personnel is a core obligation. Staff who perform AML/CTF functions must have the knowledge, skills, and integrity to do so. This means implementing AML/CTF training programs and conducting due diligence on employees in AML/CTF roles.

8. Undertake Independent Evaluations

Your AML/CTF program must be independently evaluated at least every three years. For newly regulated businesses, the deadline for the first evaluation will be set based on the AUSTRAC account number received at enrolment, but will be no earlier than 1 July 2029.

What Happens If You Don't Comply?

The consequences of non-compliance with AUSTRAC obligations are serious and far-reaching. AUSTRAC has broad enforcement powers, including:

  • Civil penalty orders from the Federal Court — up to 100,000 penalty units for a body corporate
  • Infringement notices for less serious contraventions
  • Remedial directions requiring specific corrective action
  • Enforceable undertakings committing your business to specific conduct
  • External auditor appointments to review your compliance
  • Reputational damage from public enforcement actions

Enforcement actions and infringement notices can be made public — meaning non-compliance isn't just a legal risk, it's a reputational one.

Getting Started: A Practical Checklist

If your business is newly regulated or approaching the enrolment deadline, here's where to focus:

  • Confirm whether your business provides a designated service - review AUSTRAC's updated list of designated services under the reformed Act
  • Enrol via AUSTRAC Online (within 28 days of commencing a designated service)
  • Conduct an enterprise-wide risk assessment to understand your ML/TF risk exposure
  • Develop your AML/CTF program - policies, procedures, and controls tailored to your business
  • Appoint and notify your AML/CTF compliance officer
  • Implement customer due diligence processes before you provide designated services
  • Set up transaction monitoring and reporting systems
  • Train your staff
  • Establish record-keeping systems to retain seven years of documentation

How Visibl Can Help

Navigating AUSTRAC enrolment and ongoing compliance is complex, particularly for businesses that have never operated in a regulated AML/CTF environment. At Visibl, we work with businesses across Australia's newly regulated sectors to simplify compliance and build the systems, policies, and processes they need to meet their obligations with confidence.

Whether you are starting from scratch or strengthening an existing compliance framework, our team can guide you through every stage of the journey - from risk assessment and program development, through to enrolment, training, and beyond.

Book a demo with the Visibl team today to discuss your AUSTRAC obligations and how we can help you meet them and save you money along the way. 

To understand the true cost of compliance read our latest article breaking down the varying approaches to managing your compliance obligations.