Enforcement & Penalties FAQ

What penalties can apply if we fail to comply with AML/CTF obligations?

If a business fails to comply with AML/CTF obligations, AUSTRAC can take a range of enforcement actions depending on the seriousness of the breach. These may include issuing remedial directions, entering into enforceable undertakings, or applying for civil penalties through the courts. In more serious cases, criminal offences may apply.

Can AUSTRAC issue fines to newly regulated businesses?

Yes. AUSTRAC can seek significant civil penalties for breaches of the AML/CTF Act. These penalties can be substantial, particularly for systemic or ongoing non-compliance. The size of the penalty will depend on factors such as the nature of the breach, the level of risk, and whether the business took reasonable steps to comply.

Will AUSTRAC take action immediately if we are not fully compliant on day one?

AUSTRAC has indicated that it does not expect perfection from newly regulated entities from the start date. However, it does expect businesses to demonstrate genuine and proactive efforts to comply. This includes having a clear plan, making progress, and addressing risks appropriately.

What factors does AUSTRAC consider when deciding enforcement action?

AUSTRAC generally takes a risk-based and proportionate approach. It considers factors such as the seriousness of the breach, whether the business attempted to comply, how quickly issues were addressed, and the potential impact on money laundering or terrorism financing risks.

What happens if I make a mistake reporting to AUSTRAC?

AUSTRAC expects a best-effort approach, especially from newly regulated entities. While serious non-compliance can attract heavy fines, proactively resolving an honest error and strengthening your systems is viewed favorably. Ignoring the laws, however, carries severe legal consequences.

What are examples of serious non-compliance?

Examples may include failing to enrol with AUSTRAC, not having an AML/CTF program in place, not conducting customer due diligence, or failing to report suspicious matters within required timeframes. Ongoing or deliberate non-compliance is more likely to lead to enforcement action.

Can individuals be held responsible, or only the business?

In some cases, individuals such as directors, senior management, or compliance officers may also be held accountable, particularly where there has been serious misconduct or failure to meet legal responsibilities.

What is a remedial direction?

A remedial direction is an instruction from AUSTRAC requiring a business to fix specific compliance issues within a set timeframe. Failure to comply with a remedial direction can lead to further enforcement action.

What is an enforceable undertaking?

An enforceable undertaking is a formal agreement between a business and AUSTRAC where the business commits to taking specific actions to address compliance issues. If the business fails to meet these commitments, further regulatory action may follow.

Can non-compliance affect our business operations or reputation?

Yes. In addition to penalties, non-compliance can lead to reputational damage, increased regulatory scrutiny, and potential impacts on business relationships, including with banks and other partners.