Suspicious Matter Reports under AML/CTF Act: AUSTRAC Compliance Guide 2026

In Australia, the reporting of suspicious activity to AUSTRAC (the Australian Transaction Reports and Analysis Centre) is governed by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act). Reporting entities — which include banks, insurers, gambling providers, remittance dealers, and digital currency exchange (DCE) providers — must lodge a Suspicious Matter Report (SMR) with AUSTRAC when they have reasonable grounds to suspect that a customer or transaction is linked to money laundering, financing of terrorism, or a range of other serious criminal offences. The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 expanded the regime to professional services firms (lawyers, accountants, and real estate agents) from 31 March 2026. This guide covers the SMR filing requirements, Threshold Transaction Reports (TTRs), the Privacy Act 1988 framework, and the penalties for non-compliance.

Regulatory disclaimer: This guide is for informational purposes only. AML/CTF obligations in Australia are subject to ongoing amendment. Seek qualified legal advice for specific situations.

When must an SMR be filed with AUSTRAC?

The obligation to lodge an SMR arises under section 41 of the AML/CTF Act when a reporting entity has "reasonable grounds to suspect" that a customer or a financial service provided to that customer is connected to:

• Money laundering (Division 400 of the Criminal Code Act 1995)
• Financing terrorism (Division 103 of the Criminal Code Act 1995)
• Financing a foreign political organisation or government
• An offence under Australian law carrying a penalty of 2 or more years' imprisonment

The standard "reasonable grounds to suspect" is objective and context-dependent. In Crimes (Money Laundering) Act 2007 case law, Australian courts have confirmed it requires more than a vague feeling but less than a reasonable belief — it is enough that a reasonable person in the same position would form a suspicion on the basis of available facts.

The 2024 amendments also broadened the "tipping-off" offence and introduced mandatory risk assessment requirements for high-risk customer segments, particularly politically exposed persons (PEPs) and correspondent banking relationships.

Who must lodge SMRs: the expanded reporting entity list

This 2024 expansion — commonly referred to as "Tranche 2" — aligned Australia with the FATF Recommendations and closed a long-standing gap that had drawn criticism from the FATF in its 2015 and 2021 mutual evaluation reports.

Filing deadlines: 3 business days vs. 24 hours

The AML/CTF Act imposes differentiated deadlines:

Standard SMR: must be lodged within 3 business days after the day the reporting entity forms reasonable grounds for the suspicion.

Terrorism financing SMR: must be lodged within 24 hours after the entity forms reasonable grounds to suspect a link to terrorism financing. This shorter window reflects the operational urgency of terrorism investigations.

Both deadlines run from the moment the "reasonable grounds" are formed — not from the date of the suspicious transaction itself. Reporting entities should document the date they formed reasonable grounds separately from the transaction date.

Threshold Transaction Reports (TTRs)

Separate from SMRs, section 43 of the AML/CTF Act requires reporting entities to lodge a Threshold Transaction Report (TTR) for any physical currency transaction — cash or bullion — of A$10,000 or more (or its foreign equivalent). The TTR must be lodged with AUSTRAC within 10 business days of the transaction.

Structuring transactions to fall below A$10,000 — whether to avoid TTRs or SMRs — is a criminal offence under Division 400 of the Criminal Code Act 1995 and may itself require an SMR.

How to file: AUSTRAC Online portal

All SMRs and TTRs are submitted via AUSTRAC Online (austrac.gov.au). Reporting entities must register and complete a compliance program before lodging reports. Large institutions can use AUSTRAC's direct reporting API for high-volume batch submission.

A complete SMR should include:

1. Customer information: full name, date of birth, address, Tax File Number (TFN) or ABN for businesses, nationality and Australian passport or state/territory driver licence number
2. Transaction information: date, amount, currency, account numbers, nature of the financial service
3. Grounds for suspicion: a specific, factual narrative — AUSTRAC guidance emphasises that narratives must be detailed enough for analysts to understand without accessing the reporting entity's internal systems
4. Action taken: whether the entity proceeded with or declined the transaction, and why

CheckFile supports over 3,200 document types across 32 jurisdictions, enabling Australian reporting entities to centralise their AML/CTF evidence files with automated document verification. The CheckFile KYC verification platform verifies Australian identity documents — passports, driver licences, and ImmiCards — using multi-layer analysis that detects structural and metadata inconsistencies indicative of forgery.

According to the ACFE 2024 Report to the Nations, manual detection reaches only 37% of fraud cases with a mean lag of 87 days. Automated document checks shift detection to the onboarding stage, improving the quality of the SMR narrative.

The AML red flags and suspicious activity indicators guide covers typologies relevant to Australian reporting entities.

Privacy Act 1988 and the Australian Privacy Principles (APPs)

The Privacy Act 1988 and its Australian Privacy Principles (APPs) govern the collection, use, and disclosure of personal information by Australian entities with an annual turnover above A$3 million. The AML/CTF Act reporting obligations are recognised as a statutory exception to APP 6 (use and disclosure of personal information), meaning reporting entities do not require customer consent to disclose information in an SMR.

However, reporting entities must still:

• Collect only the personal information reasonably necessary for AML/CTF purposes (APP 3)
• Retain AML/CTF records securely and destroy them when no longer required (APP 11)
• Have a privacy policy that discloses how personal information is collected and used for compliance purposes (APP 5)

The Attorney-General's Department has indicated that proposed Privacy Act reforms — expected to pass in late 2026 — will raise the small business turnover threshold and expand the definition of "sensitive information" to include biometric data, which has implications for DCE and neo-bank onboarding workflows.

Penalties for non-compliance

Civil penalties under the AML/CTF Act: failure to lodge an SMR is a strict liability civil penalty offence. The maximum penalty for a body corporate is A$18 million per contravention (as indexed to 2024-25 levels). Individual officers may face personal civil liability.

Criminal penalties under Division 400 of the Criminal Code Act 1995: willful failure to report suspicious transactions linked to money laundering carries a maximum penalty of 5 years' imprisonment and/or substantial fines for individuals.

AUSTRAC enforcement: AUSTRAC can issue remedial directions, accept enforceable undertakings, and apply to the Federal Court for injunctive relief. Australia's largest AML enforcement action — a record A$1.3 billion penalty against a major bank — demonstrates that AUSTRAC treats systemic reporting failures as serious regulatory misconduct.

Frequently Asked Questions

What is the difference between an SMR and a TTR in Australia?

A Suspicious Matter Report (SMR) is filed when there are reasonable grounds to suspect money laundering or terrorism financing, with no minimum dollar threshold. A Threshold Transaction Report (TTR) is filed automatically for any cash transaction of A$10,000 or more, regardless of suspicion. Both can apply to the same transaction.

Do the new Tranche 2 obligations from March 2026 apply immediately?

Yes, with a transition period. Lawyers, accountants, and real estate agents who were not previously reporting entities under the AML/CTF Act are subject to the new obligations from 31 March 2026, but AUSTRAC published a 12-month "low-touch" supervisory approach for the first year to allow time for compliance program implementation.

Can a reporting entity withdraw or amend a lodged SMR?

Once lodged, an SMR cannot be withdrawn. Reporting entities can supplement an existing SMR with additional information by lodging a new, linked SMR. Contact AUSTRAC's reporting entity services if an SMR contains material factual errors.

Does the tipping-off prohibition apply to lawyers under the new Tranche 2 rules?

Yes. Section 123 of the AML/CTF Act (as amended) extends the tipping-off prohibition to all reporting entities, including lawyers. Privilege exceptions remain for communications that fall within legal professional privilege, but the fact that a matter has been reported to AUSTRAC cannot be disclosed to the client.

How long must AML/CTF records be retained in Australia?

Section 114 of the AML/CTF Act requires reporting entities to retain records for 7 years from the date of the transaction or the end of the customer relationship. This is longer than most comparable jurisdictions and reflects Australia's longer statute of limitations for money laundering offences.