(07) 5618 8618 support@ezyshield.com.au
ezyshield
LEARN

AUSTRAC Compliance for Payments: What Changes in 2026

Australia's new AML/CTF legislation replaces the 2006 Act with broader coverage, simplified obligations, and significantly higher penalties. Here is what is changing, who is affected, and how to prepare.

New Act effective March 2026
Tranche 2 from July 2026
Penalties up to $50M

What is changing?

The new Anti-Money Laundering and Counter-Terrorism Financing Act replaces the AML/CTF Act 2006. After nearly two decades, the original legislation has been overhauled to reflect the current threat landscape, align with international standards (particularly FATF recommendations), and bring Australia in line with comparable jurisdictions.

The intent is twofold: simplify compliance for businesses that are already doing the right thing, and broaden coverage to close gaps that criminals have exploited. For existing reporting entities, the core obligations remain but the framework is clearer and more principles-based. For businesses in newly covered sectors, compliance requirements apply for the first time.

For a broader overview of AML/CTF fundamentals, obligations, and how payment verification supports compliance, see our AML/CTF compliance guide. This page focuses specifically on the 2026 reforms and what they mean in practice.

Key dates

The reforms roll out in stages. Here are the dates that matter.

1

March 2026: New Act commences

The new AML/CTF Act takes effect, replacing the 2006 legislation. Existing reporting entities must comply with the updated framework, including revised customer due diligence requirements and enhanced beneficial ownership obligations.

2

July 2026: Tranche 2 entities come into scope

Real estate agents, lawyers, conveyancers, accountants, and trust and company service providers become reporting entities for the first time. These businesses must have AML/CTF programs in place and begin meeting their compliance obligations.

3

Ongoing: Transition and enforcement

AUSTRAC has indicated a practical approach to transition, with education and guidance before enforcement. But the regulator has also made clear that businesses are expected to be actively preparing now, not waiting until deadlines arrive.

Who is affected?

The 2026 reforms affect both existing reporting entities and businesses coming into scope for the first time.

Existing reporting entities

  • Banks and financial institutions
  • Remittance and payment service providers
  • Gambling and wagering providers
  • Digital currency exchange providers
  • Bullion dealers

New Tranche 2 entities (from July 2026)

  • Real estate agents and agencies
  • Lawyers and law firms
  • Conveyancers
  • Accountants and tax agents
  • Trust and company service providers

Key changes in the new framework

The 2026 reforms are not just about adding more businesses to the regime. The framework itself has changed.

Principles-based approach

The new Act moves from prescriptive rules to principles-based obligations. Businesses have more flexibility in how they meet their obligations, but they must be able to demonstrate that their approach is effective and proportionate to their risk profile.

Enhanced customer due diligence

CDD requirements are strengthened. Businesses must take a risk-based approach to verifying customers, with enhanced due diligence for higher-risk relationships. Ongoing monitoring is no longer optional for any reporting entity.

Beneficial ownership transparency

New requirements to identify and verify beneficial owners of legal structures. Businesses must look through trusts, companies, and partnerships to understand who ultimately owns or controls the entity. This aligns with FATF recommendations.

Increased penalties

Maximum civil penalties increase to $50 million or three times the benefit gained, whichever is greater. Criminal penalties also increase. Directors and officers face personal liability for systemic compliance failures.

Simplified reporting

Reporting obligations are streamlined. The aim is to reduce the compliance burden for businesses while improving the quality and usefulness of the intelligence AUSTRAC receives.

Technology-neutral obligations

The new framework is designed to accommodate emerging technologies and business models. Obligations apply regardless of how a service is delivered, whether in person, online, or through a platform.

How payment verification supports the new compliance requirements

The 2026 reforms strengthen the emphasis on knowing who you are dealing with and being able to prove it. Payment verification tools directly support several of the new obligations, particularly around customer due diligence and ongoing monitoring.

Customer due diligence requires verifying the identity of the people and businesses you deal with. Automated verification that checks identity documents biometrically, validates ABN/ASIC registration, and confirms bank account ownership through live Confirmation of Payee directly supports these requirements.

Ongoing monitoring means verification is not a one-off event. The new framework expects businesses to maintain current information about their customers and counterparties. Automated re-verification before every payment catches changes that would otherwise go unnoticed until something goes wrong.

Record keeping obligations require businesses to maintain verifiable records of due diligence activities. A tamper-proof audit trail that logs every verification, including the result and evidence, provides exactly the kind of documentation the new framework expects.

How ezyshield helps you prepare

ezyshield does not replace a formal AML/CTF program. It automates the verification and due diligence steps that sit at the heart of the new compliance requirements.

Automated CDD

Identity verification, business validation, and bank account ownership checks run automatically for every payee. Supports the enhanced due diligence the new framework requires.

Ongoing monitoring

Re-verification before every pay run ensures payment details remain current. Changes to bank details, business registration, or identity information are caught automatically.

Audit-ready records

Every verification is logged in a tamper-proof audit trail with timestamps and evidence. Export PDF reports for auditors, regulators, or insurers to demonstrate due diligence.

See How ezyshield Works

Frequently asked questions

What is changing with AUSTRAC compliance in 2026?
The new Anti-Money Laundering and Counter-Terrorism Financing Act replaces the 2006 legislation. It simplifies compliance obligations, broadens coverage to include more business types (Tranche 2 entities from July 2026), introduces enhanced customer due diligence requirements, and increases penalties for non-compliance.
Who are Tranche 2 entities?
Tranche 2 brings new business types under AUSTRAC reporting obligations from July 2026. This includes real estate agents, lawyers, conveyancers, accountants, and trust and company service providers. These businesses will need to establish AML/CTF programs, conduct customer due diligence, and report suspicious matters.
What are the new penalties for non-compliance?
The 2026 reforms significantly increase penalties. Maximum civil penalties rise to $50 million or three times the benefit gained from the contravention, whichever is greater. Criminal penalties also increase, with potential imprisonment for serious offences. Directors and officers face personal liability for systemic failures.
Does my business need to comply if we are not a reporting entity?
If your business is not currently a reporting entity and is not in a Tranche 2 category, you are not legally required to have a formal AML/CTF program. However, strong payment verification practices protect your business from the same risks the legislation addresses. And if your industry is brought into scope later, you will be better prepared.
How does ezyshield help with the 2026 changes?
ezyshield automates key components of customer due diligence: identity verification, business validation (ABN/ASIC), bank account ownership confirmation, and ongoing re-verification. These are the practical steps that sit at the heart of the new compliance requirements. ezyshield does not replace a formal AML/CTF program, but it strengthens the verification and record-keeping layers.

Related content

LEARN

AML/CTF Compliance Guide

The complete guide to AML/CTF obligations, AUSTRAC, and payment verification in Australia.

 LEARN

Supplier Verification

How to verify every supplier before adding them to your payment system.

 PRODUCT

How ezyshield Works

Automated verification that supports due diligence and compliance requirements.

 STATS

Payment Fraud Statistics

The latest Australian fraud data showing why stronger compliance matters.

Prepare for 2026 compliance requirements

ezyshield automates the verification and due diligence steps at the heart of the new AML/CTF framework. See it in action.

Book a Demo AML/CTF Guide