Simplifying ML/TF Risk Reporting
ML/TF Risk-Based Reporting
AUSTRAC Reforms to ML/TF Risk-Based Reporting: Existing reporting entities commence from 31 March 2026. Businesses must demonstrate a risk-based and outcomes focused unified AML/CTF Program.
Australia's ML/TF Risk-Based Reforms
If your business is an existing captured entity under Australia's AML/CTF laws, ML/TF risk-based reforms commence on 31 March 2026. Learn about ML/TF Risk-Based Outcomes.
AML/CTF Risk-Based Reforms Commence: 31 March 2026
The newly introduced reforms to the AML/CTF Act, are set to take effect from 31 March 2026 for existing business entities and from 31 and 1 July 2026 for ‘new’ business entities.
At the heart of this overhaul — led by the Australian Transaction Reports and Analysis Centre (AUSTRAC) — is a decisive shift from a compliance-checklist model to a risk-based approach aimed at more effectively identifying and mitigating the dynamic threats posed by financial crime. AUSTRAC ML/TF risk-based approach.
These ML/TF risk-based reforms enable businesses (referred to as ‘reporting entities) to target their resourcing to the areas that present the greatest vulnerability to ML/TF occurring.
Why Reform Was Needed
For years, critics of the Australian AML/CTF framework have pointed out that the regulations were overly prescriptive, focusing on formal compliance rather than on genuinely preventing crime. The previous system required reporting entities to meet specific technical obligations — often without adequately considering whether those obligations matched the real threat profile of the business in question.
Central Tenets of the Risk-Based Approach
At its core, a Money Laundering/Terrorism Financing (ML/TF) risk-based approach requires entities to:
Identify and assess ML/TF risks specific to their operations, customers, transactions and delivery channels.
Focus resources on higher-risk areas, tailoring controls and monitoring to where the greatest threats lie.
Apply proportionate risk mitigation strategies, including enhanced due diligence for high-risk cases and simplified procedures for low-risk scenarios.
This replaces the previous “tick-the-box” mentality with one that emphasises outcomes over formality, aligning Australia with international best practice as set by the Financial Action Task Force (FATF).
What Does ML/TF Risk-Based Modelling Look Like?
Under the reformed ML/TF regulatory framework, AML/CTF Programs must be based on a comprehensive assessment of the entity’s real exposure to ML/TF risks. Businesses can no longer rely on a checklist ‘one-size fits-all’ approach. Money laundering/terrorism financing risk assessments must inform business-specific ML/TF threats.
Customer due diligence (CDD) becomes more flexible. Entities may apply simplified CDD where risks are low and enhanced CDD where risks are elevated. In order to ensure informed ML/TF risk-based decision making, business entities must apply a customer risk rating model. AUSTRAC Reforms: Customer Risk Ratings.
Ongoing monitoring of ML/TF compliance risk evaluations apply to customer / client ML/TF risks, as well as ensuring the business money laundering/terrorism financing risk assessment remains current. Business entities must update the business ML/TF risk assessment following sector and national risk reports published by AUSTRAC.
Governance and accountability require senior management and governing executives, including board members, to have oversight and sign off on risk assessment outcomes. This includes ensure informed decision-making when evaluating the ML/TF compliance status.
AUSTRAC’s Regulatory Expectations
AUSTRAC has made it clear that it expects reporting entities — both current and those newly regulated from mid-2026 — to embed risk management deeply into their compliance frameworks.
Entities must not only have risk assessments in place but also demonstrate they are effectively managing the risks they identify.
Importantly, AUSTRAC’s supervisory approach will concentrate efforts where money laundering/terrorism financing risks are highest and where controls are weakest, fostering greater flexibility and proportionality in its enforcement powers.
AML360™ provides you a secure Cloud account from where you easily navigate and complete a risk-based AML/CTF business risk report.
Click on the above link to learn summary information of the AUSTRAC reforms commencing from 31 March 2026 for existing reporting entities.