Australian regulators and lawmakers aim to provide a clear regulatory and legal framework to enable fintech businesses to operate and flourish in the Australian market. Fintech businesses wanting to operate in Australia must adhere to and comply with the obligations under those regulatory and legal frameworks. This includes complying with the anti-money laundering and counter-terrorism financing (AML/CTF) law in Australia. This article explores how the AML/CTF law may apply to your fintech business and summarises some obligations your fintech business must comply with if the AML/CTF law applies.
What is AML/CTF Law?
AML/CTF law refers to Australia’s anti-money laundering and counter-terrorism financing law. One main piece of Australian legislation sets out the anti-money laundering and counter-terrorism financing law: the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (the Act) and its related AML/CTF Rules.
Purpose of AML/CTF Law
The purpose of the AML/CTF law is to prevent money laundering and terrorism financing from occurring in Australia. It requires Australian providers (“reporting entities”) of certain services (“designated services”) to comply with several obligations under the Act, including:
- supplying information to the Australian Transaction Reports and Analysis Centre (AUSTRAC) about financial transactions occurring by way of their services;
- conducting know-your-customer (KYC) checks on their customers; and
- implementing surveillance and reporting mechanisms and systems.
When Does the AML/CTF Law Apply?
Any person providing services considered a “designated service” must register with AUSTRAC and comply with the AML/CTF law. The Australian AML/CTF legislation provides a list of designated services in Australia. The Australian law recognises these services as posing a greater risk of money laundering and terrorism financing.
Examples of the designated services include, among others:
- banking services, like enabling a person to open a bank account, accepting money as a deposit and issuing a debit card;
- lending money in the course of a lending business, including factoring receivables;
- supplying goods by way of hire-purchase or finance lease;
- enabling the acquisition and disposal of products, such as security, derivatives and foreign exchange contracts; and
- digital currency exchange services.
AML/CTF Obligations
Some of the AML/CTF obligations include:
- enrolling or registering with AUSTRAC as a provider of designated services;
- having in place an AML/CTF program (see more on this below);
- collecting and verifying certain know-your-customer information about a customer’s identity before providing the designated services;
- reporting to AUSTRAC of any suspicious activities that come to the reporting entities’ attention. Note that AUSTRAC can impose heavy penalties on reporting entities that do not report suspicious activities to AUSTRAC;
- reporting to AUSTRAC of any currency transfer of over $10,000 or all international fund instructions; and
- complying with the relevant Australian privacy law (see more on this below).
AML/CTF Program
Each reporting entity must prepare and maintain an AML/CTF program. The program is a document that addresses how the reporting entity will comply with AML/CTF law. The AML/CTF Rules, a secondary legislative instrument, set out what must be included in the AML/CTF program. The program will vary depending on the designated services of the reporting entity and its customers.
At a high level, an AML/CTF program should include the following:
- process for identifying, mitigating and identifying money laundering and terrorism financing risks associated with the designated service the reporting entity is providing;
- process to complete know-your-customer checks on the customers;
- procedure of screening workers before employment;
- process to train and ensure the reporting entity’s staff are aware of AML/CTF risks and obligations;
- mechanism to ensure the reporting entity remains compliant with AML/CTF laws; and
- mechanisms to ensure customers are monitored on an ongoing basis to ensure the reporting entities can identify and report any suspicious activities to AUSTRAC.
Privacy Obligations of Reporting Entities
All reporting entities must comply with the Australian privacy law when handling personal information collected in compliance with AML/CTF law. Generally, a small business with a turnover of less than $3 million is exempted from complying with these privacy laws. However, this exemption does not apply where that small business provides a designated service.
Some of the privacy obligations that reporting entities must comply with include the following:
- reporting entities must only collect information that is strictly necessary to comply with the AML/CTF law;
- generally, information on the customers must be collected directly from them;
- the reporting entities must tell the customers how the information will be used and disclosed; and
- reporting entities must take reasonable measures to ensure the personal information is secure and not misused, lost or subjected to unauthorised access. If there is a data breach, the reporting entities must inform the customers and AUSTRAC, where customers are likely to face serious harm from the data breach.

After proving your startup’s success in your home country, you may be thinking about the next step for growth — expanding overseas.
This free guide aims to introduce startup founders to the Australian startup market.
Key Takeaways
The Australian anti-money laundering and counter-terrorism financing law are intended to track and deter money laundering and terrorism financing in Australia. Any person providing any services recognised as a designated service in Australia must comply with the AML/CTF law. Obligations include:
- completing know-your-customer checks on customers before delivering services;
- ongoing reporting obligations to AUSTRAC; and
- monitoring customers for any suspicious activity.
If you want to know more about AML/CTF law and how it may affect your fintech business, our experienced fintech lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 1300 544 755 or visit our membership page.
Frequently Asked Questions
AML/CTF law refers to Australia’s anti-money laundering and counter-terrorism financing law. The main piece of legislation is the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (the Act). The AML/CTF law aims to prevent money laundering and terrorism financing from occurring in Australia.
Any person providing services that are considered a “designated service” is obligated to register with AUSTRAC and comply with the AML/CTF law. The Australian AML/CTF legislation provides a list of designated services in Australia.
We appreciate your feedback – your submission has been successfully received.