AML/CTF Penalties for Accountants — What Happens If You Don't Comply?

From 1 July 2026, Australian accountants who fail to meet their AML/CTF obligations face a penalty regime that is, by design, severe. AUSTRAC has been explicit: non-compliance is not treated as a minor administrative oversight. The penalties are structured to hurt — financially, operationally, and reputationally.

This article sets out the real numbers, the enforcement tools AUSTRAC has available, what actually triggers action, and — critically — what you can do to reduce your risk right now.

The headline numbers

Maximum civil penalty for a firm: $31.3 million per breach. Maximum civil penalty for an individual: $6.26 million per breach. Daily penalty for failing to enrol: $18,780 per day. Criminal penalties for serious offences: up to life imprisonment. These penalties apply per contravention — a systemic failure across many clients can be treated as thousands of separate breaches.

The Penalty Numbers

$31.3M

Max per breach

Maximum civil penalty for a corporate entity (firm) per contravention of the AML/CTF Act

$6.26M

Individual max

Maximum civil penalty for an individual accountant or sole practitioner per contravention

$18,780

Per day

Daily accruing penalty for failing to enrol with AUSTRAC after obligations commence

These are maximum figures — in practice, penalties are determined by the Federal Court based on the severity and nature of the breach. But the key point is that penalties apply per contravention. A firm that fails to conduct CDD on 200 clients has not committed one breach — it has potentially committed 200 separate breaches, each attracting its own penalty calculation.

"AUSTRAC doesn't need to prove intent or knowledge — only that a violation occurred. Even well-intentioned firms with compliance programs can face significant penalties for systemic failures."

AUSTRAC's Enforcement Tools

AUSTRAC has a wide range of enforcement powers — from informal education through to Federal Court proceedings. Here is how the escalation ladder works:

📋

Remedial Direction

A written instruction to take specific steps to fix a compliance failure. AUSTRAC's first response for lower-level breaches. Non-compliance with a direction is itself a serious offence.

🔔

Infringement Notice

An on-the-spot fine for specific breaches — for example, failing to lodge an annual compliance report on time can result in fines of up to $16,500 for companies. Infringement notices may be made public.

🤝

Enforceable Undertaking

A formal commitment from your firm outlining specific actions you will take to achieve compliance. Undertakings are published publicly. Breaching an undertaking allows AUSTRAC to apply to the Federal Court.

🔍

External Audit

AUSTRAC can appoint an independent external auditor to review your ML/TF risk management and AML/CTF compliance at your expense. This is a significant operational and financial imposition.

⚖️

Federal Court Civil Penalty Order

AUSTRAC's most powerful tool. Applied for when breaches are serious or systemic. The Court determines the penalty amount — which can run to tens of millions of dollars. Recent examples: Crown ($450M), SkyCity ($67M), Westpac ($1.3B).

What Triggers Enforcement Action?

AUSTRAC's enforcement actions are not random. They are triggered by specific patterns of non-compliance that its intelligence systems detect. Understanding these triggers is the most practical way to manage your risk.

Failure to enrol

Not enrolling with AUSTRAC after obligations commence is one of the clearest and most easily detected breaches. Daily penalties of $18,780 for firms and $3,756 for individuals apply for each day you remain unenrolled. With tens of thousands of new reporting entities entering the regime, AUSTRAC will be monitoring enrolment rates closely.

No AML/CTF program in place

Providing designated services without a documented AML/CTF program is a direct breach of the Act. AUSTRAC's initial approach for newly regulated Tranche 2 entities is education-focused — but only for firms that are making genuine documented efforts to comply. Having done nothing at all is the worst position to be in.

Failure to file Suspicious Matter Reports

Reporting violations account for approximately 70% of AUSTRAC enforcement actions. Failure to lodge Suspicious Matter Reports (SMRs) within the required timeframe — 24 hours for terrorism financing suspicions, three business days for others — is one of the most common triggers for escalated enforcement.

Inadequate customer due diligence

Systemic CDD failures — where a firm has not properly verified client identities or risk-rated its client base — are treated seriously. Because penalties apply per contravention, a firm with 150 clients and no CDD process could face 150 separate breach calculations.

Failure to lodge annual compliance report

AUSTRAC applied for civil penalty orders against two entities in December 2025 for failing to lodge their compliance report for the 2023 calendar year — demonstrating that even administrative reporting failures are actively pursued.

Criminal Penalties — The Serious End

Beyond civil penalties, the AML/CTF Act and the Criminal Code Act 1995 create criminal liability for serious offences. These are not theoretical risks — they represent the regime's response to deliberate or reckless non-compliance.

Tipping off — alerting a client that they are the subject of a suspicious matter report or AUSTRAC investigation: up to 2 years imprisonment
Structuring — deliberately structuring transactions to avoid reporting thresholds: up to 5 years imprisonment
Money laundering — actively assisting in laundering proceeds of crime: up to life imprisonment for the most serious offences under the Criminal Code

These criminal offences require proof of intent or recklessness — they are not triggered by accidental administrative failures. But they serve as a reminder that the AML/CTF regime is not just about paperwork. The underlying purpose is to prevent serious crime.

Beyond Fines — The Broader Consequences

The financial penalties are only part of the picture. AUSTRAC can strip your registration, freeze your accounts, and publicly name your business as non-compliant. For an accounting firm, the reputational consequences of a public enforcement action can be devastating — far exceeding the financial penalty itself.

Additional consequences include:

Loss of professional membership — CA ANZ and CPA Australia are expected to treat serious AML/CTF non-compliance as a professional conduct matter
Client loss — business clients who are themselves reporting entities may be required to terminate relationships with non-compliant service providers
Legal costs — defending an AUSTRAC enforcement action requires specialist AML lawyers, with fees commonly running to hundreds of thousands of dollars
Management distraction — an AUSTRAC audit or investigation is an enormous operational burden for a small firm

What cooperation looks like in practice

When an accounting firm discovered historical CDD failures during an internal audit, they immediately reported the issues to AUSTRAC and implemented a comprehensive remediation plan.

The proactive approach reduced a potential $4.2 million penalty to $1.1 million — still significant, but a fraction of the maximum exposure. AUSTRAC consistently rewards genuine cooperation and self-reporting with substantially reduced penalties.

AUSTRAC's Approach to New Tranche 2 Entities

AUSTRAC has publicly stated that its initial approach to newly regulated Tranche 2 entities — including accountants — will be education-focused, provided firms are making genuine efforts to comply. This does not mean the penalties won't apply. It means AUSTRAC will generally seek to educate before it prosecutes — for firms that are visibly trying.

The factors AUSTRAC and courts consider when determining penalties include:

The nature and extent of the breach — isolated incident vs systemic failure
Whether the breach was intentional, reckless, or inadvertent
The firm's compliance history — first offence vs repeat non-compliance
The level of cooperation with AUSTRAC during the investigation
Steps taken to remediate the breach once identified
The harm caused to the integrity of the financial system

💡

The single most important thing you can do: Start now and document everything. A firm that has made genuine, documented efforts to comply — even if imperfect — is in a fundamentally different position to a firm that has done nothing. AUSTRAC will treat those two situations very differently.

⚠

Size is not a defence. AUSTRAC has been explicit that the obligations apply equally to sole practitioners and small firms. "I'm too small to matter" is not a position AUSTRAC will accept. The regime is designed to catch the full spectrum of professional services — including the smallest practices.

What You Should Do Right Now

The good news is that the path to compliance is clear. Most small accounting practices can meet their obligations without engaging expensive compliance consultants — AUSTRAC's free Accounting Program Starter Kit provides a ready-made framework, and tools like SimpleAML make day-to-day CDD management straightforward.

Confirm whether your services are designated services — use our guide to check
Enrol with AUSTRAC from 31 March 2026 — do not wait until July
Download and customise AUSTRAC's free Accounting Program Starter Kit
Set up your CDD process before 1 July — read our CDD guide
Train all relevant staff before obligations commence
Keep records of everything — every CDD step, every review, every training completion

The compliance investment required for most small practices is modest. The cost of non-compliance is not.

Don't give AUSTRAC a reason to call.

SimpleAML helps you build and maintain the CDD records, compliance documentation, and audit trail that protect your practice. Free for small accounting firms.

Get Compliant Free

Further reading: Do I need to register with AUSTRAC? · What is an AML/CTF Program? · Key Deadlines · What is CDD?

AML/CTF Penalties for Accountants — What Happens IfYou Don't Comply?