This month, we examine the release of Australia's comprehensive new AML/CTF Rules, analyse AUSTRAC's enforcement approach through a recent penalty, and explore valuable intelligence resources from New Zealand's FIU. These developments offer practical lessons for financial crime professionals across both markets, particularly as regulatory approaches continue to evolve and enforcement expectations become increasingly clear.
Story 1: Australia's New AML/CTF Rules – A Complete Regulatory Overhaul
The much-anticipated publication of Australia's new AML/CTF Rules has finally occurred, marking a fundamental transformation in the compliance landscape.
A Shift Towards Outcomes-Focused Compliance
AUSTRAC describes the Rules as a complete overhaul designed to align with the recently amended AML/CTF Act. The regulator emphasises that the new framework prioritises setting up systems to mitigate money laundering and terrorism financing risks whilst aligning Australia's laws with global best practices.
This represents a decisive shift from tick-box compliance models towards a risk-based, outcomes-focused framework. The timing proves particularly significant given Australia's upcoming FATF mutual evaluation, with the introduction of tranche 2 entities highlighting the Rules' comprehensive scope.
Universal Impact Beyond Tranche 2
Whilst tranche 2 entities capture headlines, these changes extend far beyond new market entrants. Existing reporting entities face substantial modifications to their compliance obligations that demand careful analysis and decisive action.
The breadth of change means every financial institution must assess how these Rules affect their specific operations. Generic guidance provides valuable context, but cannot replace detailed analysis of your organisation's unique risk profile and compliance requirements.
What This Means for Reporting Entities
With compliance dates approaching rapidly (31 March for existing entities and 1 July for tranche 2 organisations), immediate action becomes essential. AUSTRAC has signalled that whilst perfect compliance isn't expected on these dates, entities must demonstrate substantial progress towards full compliance with clear implementation plans.
The regulator's message remains uncompromising: they will take firm action against organisations that fail to make genuine compliance efforts.
Our key advice is straightforward: read and understand the Act and Rules together to determine how they affect your business. If internal resources cannot manage this comprehensive assessment, seek advice from external advisors immediately.
AUSTRAC will publish additional guidance in October, with targeted assistance following for tranche 2 reporting entities. However, sufficient information exists now to begin meaningful preparation work.
At Jade ThirdEye, we partner with you and your advisors to provide the tools and expertise needed to implement regulatory changes effectively. We cannot advise on programme requirements, but we deliver the technical solutions that bring your compliance strategy to life.
Story 2: AUSTRAC's Clear Message Through Revolut Penalty
AUSTRAC's recent $187,800 infringement notice against Revolut for late IFTI submissions delivers unambiguous messages about regulatory expectations and enforcement priorities.
The Ten-Day Rule Remains Absolute
Regulations state clearly that IFTIs must be reported within 10 working days of the transaction date. Revolut self-disclosed their failure to submit IFTIs within this mandatory timeframe, demonstrating the consequences of inadequate reporting processes.
AUSTRAC CEO Brendan Thomas reinforced the critical importance of timely reporting: "We take late reporting seriously because timely reports are critical to help us detect and disrupt financial crime – to strike while the iron is hot."
Consequences Extend Beyond Financial Penalties
At first glance, $187,800 may not appear significant for a company like Revolut, but the consequences extend far beyond the dollar figure. The penalty likely reflects Revolut's self-disclosure and subsequent remediation efforts, including implementing processes to submit late reports and fixing controls to prevent repeat failures.
Reputational damage often proves far more costly than regulatory fines. Client and prospect reactions to enforcement news resist easy quantification, but lost business can exceed penalty amounts significantly. The remediation work required to address control failures represents additional operational costs and management attention that could be better directed towards business growth.
Proactive Compliance as Competitive Advantage
The situation reinforces that 10 working days represents a hard limit with no flexibility for operational challenges. Organisations should maintain processes that ensure IFTI submission well before the 10-day deadline. Effective reporting management makes submitting reports in the first few days no more challenging than waiting until the final day—whilst dramatically reducing compliance risk.
Story 3: Maximising Value from New Zealand's FIU Intelligence Resources
Moving beyond current regulatory updates, New Zealand's Financial Intelligence Unit website contains extensive resources that can significantly enhance your ability to detect and report financial crime—resources that many organisations underutilise.
Comprehensive Intelligence Library
The FIU website offers valuable resources under 'FIU Reports' that provide insights into current risks and strengthen detection capabilities. Beyond the national risk assessment, recent Cash Reports (despite the name suggesting narrow focus) address diverse current topics with practical relevance for detection and reporting.
Historical reports provide equally valuable insights. The 2013 report on co-mingling with business revenue demonstrates how certain laundering techniques remain relevant across decades. We often discuss the changing financial crime landscape and criminal adaptation, but substantial elements remain constant. Understanding these enduring methods strengthens your ability to identify suspicious patterns regardless of technological evolution.
Global Relevance of Local Intelligence
Whilst this information targets New Zealand reporting entities, it offers substantial value for entities in any jurisdiction. The same principle applies to information from other countries and organisations such as the FATF. Money laundering, terrorism financing, and proliferation financing methods transcend national boundaries. Local regulatory specifics vary, but criminal methodologies demonstrate remarkable global consistency.
Strengthening Your Detection Capabilities
Regular engagement with intelligence resources sharpens your awareness of current and emerging threats. This enhanced understanding directly improves your ability to design effective detection scenarios and strengthens your team's capability to recognise and report suspicious activity.
The regulatory regime's fundamental purpose centres on detecting and reporting financial crime. Better understanding the risks your business faces represents a crucial step towards making the regime work more effectively for your organisation, clients, and country.
What This Means for ANZ Financial Institutions
These developments highlight several critical themes for financial crime professionals:
The new Australian Rules demand immediate attention and comprehensive preparation. Enforcement examples demonstrate that operational challenges do not excuse compliance failures, whilst New Zealand's FIU resources demonstrate how intelligence can strengthen detection capabilities beyond national boundaries.
Stay vigilant and stay ahead. Join us next month for more insights from The FinCrime Connection, brought to you by Jade ThirdEye.
This blog is based on the September 2025 episode of The FinCrime Connection ANZ, hosted by Jamie, Head of Customer Success, and Colin Dixon, CAMS-certified AML Solution Specialist. Jamie leads Jade ThirdEye's customer success initiatives, whilst Colin has been with Jade ThirdEye since its inception in 2012 and works closely with clients to help them maximise their platform capabilities.