AUSTRAC Penalties: What Happens If You Don't Comply

AUSTRAC is not a paper tiger. Australia's AML/CTF regulator has a track record of pursuing major enforcement actions and imposing eye-watering penalties. With the Tranche 2 reforms bringing over 70,000 new businesses under its oversight from 1 July 2026, understanding the penalty framework is essential for every reporting entity.

How AUSTRAC Penalties Are Calculated

Australia's AML/CTF penalty framework is built on penalty units. As of 2024-25, one penalty unit equals $330. Penalties are expressed as multiples of this unit, and they escalate depending on the type of entity and the nature of the contravention.

Civil Penalties

| Entity Type | Maximum Per Contravention | |-------------|--------------------------| | Individual | 20,000 penalty units ($6.6 million) | | Body corporate | 100,000 penalty units ($33 million) |

These are per contravention figures. A single compliance failure that affects multiple transactions can result in multiple contraventions. In the Westpac case, 19 million individual contraventions were alleged — the mathematics of compounding penalties is what produces billion-dollar outcomes.

Criminal Penalties

AML/CTF non-compliance can also result in criminal prosecution. Criminal penalties apply for:

• Failure to enrol with AUSTRAC as a reporting entity
• Failure to have an AML/CTF program in place
• Failure to report suspicious matters to AUSTRAC
• Tipping off — Disclosing to a client that a suspicious matter report has been or will be made. This carries a penalty of up to 2 years imprisonment and/or fines
• Structuring — Deliberately breaking transactions into smaller amounts to avoid reporting thresholds

Criminal convictions carry imprisonment terms, personal fines, and permanent criminal records. For professionals such as lawyers and accountants, a criminal conviction typically means the end of their professional career.

Real Enforcement Case Studies

AUSTRAC's enforcement history demonstrates that it will pursue action regardless of the size or profile of the entity.

Commonwealth Bank of Australia — $700 Million (2018)

CBA was found to have failed to report over 53,000 suspicious transactions through its intelligent deposit machines. The bank also failed to conduct adequate due diligence on high-risk customers and did not monitor transactions for suspicious activity. The $700 million penalty was the largest in Australian corporate history at the time of settlement.

Westpac — $1.3 Billion (2020)

Westpac surpassed CBA's record with a $1.3 billion penalty for more than 19 million contraventions. The breaches included failures to report international funds transfer instructions, inadequate transaction monitoring, and failures to conduct proper due diligence on correspondent banking relationships. AUSTRAC alleged that some of the unreported transactions were linked to child exploitation in Southeast Asia.

SkyCity Adelaide — $67 Million (2024)

SkyCity was penalised for failures in its AML/CTF program, including inadequate customer due diligence, poor transaction monitoring, and failures to report suspicious matters. The case demonstrated that AUSTRAC's enforcement extends well beyond the big four banks.

Mounties Group — Civil Penalty Proceedings (Recent)

AUSTRAC commenced civil penalty proceedings against Mounties Group (a registered club operating poker machines), signalling that smaller entities and non-bank businesses are firmly within its enforcement scope.

AUSTRAC's Enforcement Powers

Penalties are just one tool in AUSTRAC's enforcement toolkit. The regulator also has the power to:

• Issue infringement notices — For less serious contraventions, AUSTRAC can issue on-the-spot fines without going to court
• Accept enforceable undertakings — Binding commitments from the entity to take specific remedial actions
• Issue remedial directions — Directing an entity to take specific steps to address compliance failures
• Appoint external auditors — AUSTRAC can require an entity to engage an independent auditor to review and report on its AML/CTF compliance, at the entity's expense
• Cancel or suspend registration — For the most serious failures, AUSTRAC can cancel an entity's registration, effectively preventing it from providing designated services
• Refer matters for criminal prosecution — Through the Commonwealth Director of Public Prosecutions

What Triggers AUSTRAC's Attention?

AUSTRAC uses a risk-based supervisory approach. Factors that may trigger closer scrutiny include:

• Failure to enrol by the deadline — This is the most visible non-compliance signal
• No AML/CTF program in place — AUSTRAC may request a copy at any time
• Pattern of non-reporting — If your industry peers are filing SMRs and you are not, AUSTRAC will notice
• Intelligence from other agencies — AUSTRAC works closely with the AFP, ATO, ASIC, and state police. Information from any of these agencies can trigger an AUSTRAC assessment
• Whistleblower reports — Disgruntled employees or concerned third parties can report non-compliance directly to AUSTRAC
• Sector-wide compliance campaigns — AUSTRAC regularly conducts targeted assessments across specific sectors

The Tipping Off Offence

One penalty that catches many businesses off guard is the tipping off offence. If you form a suspicion about a client and lodge (or intend to lodge) a suspicious matter report with AUSTRAC, you must not disclose this fact to the client or to anyone outside the minimum necessary personnel in your business.

Tipping off carries a penalty of up to 2 years imprisonment and/or fines. This applies even if the disclosure is inadvertent — for example, telling a client "we need to do some additional checks before proceeding" in a way that alerts them to your suspicion.

The Cost of Non-Compliance vs Compliance

The arithmetic is straightforward:

| Approach | Cost | |----------|------| | Building an AML/CTF program with ComplyReady | From $49/month | | Hiring a compliance consultant | $8,000–$25,000+ | | Minimum civil penalty (single contravention, individual) | Up to $6.6 million | | Maximum civil penalty (single contravention, corporation) | Up to $33 million | | Criminal conviction | Imprisonment + career destruction |

Non-compliance is not a cost-saving strategy. It is a gamble with catastrophic downside risk.

Don't Become the Next Case Study

AUSTRAC has publicly stated that Tranche 2 enforcement is a priority. The regulator has been given additional resources to supervise the newly regulated sectors, and the high-profile enforcement actions against CBA, Westpac, and SkyCity demonstrate its willingness to impose severe penalties.

The best protection is a compliant, well-documented, actively maintained AML/CTF program. Start building yours now.

Ready to simplify your AML/CTF compliance? Try ComplyReady free for 14 days.