Skip to content

Get your free Risk Assessment and free staff training today. No obligation. Zero cost.

Get your free Risk Assessment and free staff training today. No obligation. Zero cost.

Get your free Risk Assessment and free staff training today. No obligation. Zero cost.

Get your free Risk Assessment and free staff training today. No obligation. Zero cost.

What triggers an AML/CTF investigation in Australia?

Published June 8, 2026

For many businesses, especially Tranche 2 businesses at the beginning of their AML journey, the idea of an AML/CTF investigation feels distant. You might have heard about enforcement action in the news over the years, but given most Tranche 1 entities are large corporations, it’s easy to assume that investigations only apply to them. In reality, AML investigations are triggered by behaviours and gaps in compliance (not just deliberate wrongdoing), and no business under the AML regulations is immune.

As Australia’s AML/CTF regime expands under Tranche 2 in July 2026, more businesses will fall within scope, and so understanding what triggers an AML investigation is essential for everyday professional services.

So what actually leads to an investigation, and how can businesses reduce the risk?

What is an AML/CTF Investigation?

An AML/CTF investigation is a process where a regulator examines whether a business has complied with its obligations under Australia’s Anti-Money Laundering and Counter-Terrorism Financing framework.

When people ask what is an AML investigation, they’re usually referring to a review of whether a business has:

Importantly, an investigation is not always about proving criminal intent.

In many cases, it’s about assessing whether a business has appropriate systems and controls in place, and whether those controls are actually being followed.

What governing body conducts AML investigations?

In Australia, AML/CTF investigations are conducted by AUSTRAC (the Australian Transaction Reports and Analysis Centre). AUSTRAC is both Australia’s financial intelligence agency, and the regulator responsible for enforcing AML/CTF laws. AUSTRAC has broad powers to:

While high-profile cases involving organisations like Crown, Westpac and Star have made headlines, AUSTRAC’s role extends far beyond large institutions.

As Tranche 2 comes into effect, small to mid-sized businesses in industries like real estate, conveyancing, legal and accounting will also be subject to oversight.

What are the common triggers for AML investigations?

AML investigations are rarely triggered by a single event. More often, they result from patterns or indicators that suggest a business may not be meeting its obligations. Some of the common patterns that trigger an investigation include:

Gaps in reporting suspicious activity

One of the most common triggers is a failure to report Suspicious Matter Reports (SMRs). If AUSTRAC identifies suspicious activity through other channels (such as financial intelligence or law enforcement), but no corresponding report has been lodged, it raises immediate questions.

Inconsistent or weak customer due diligence

Another trigger is inadequate customer due diligence (CDD). This might include incomplete identification processes, failure to verify beneficial ownership, or reliance on outdated information.

Unusual transaction patterns

Patterns such as high-value transactions that don’t align with a client profile, repeated overseas involvement, or rapid asset transfers can prompt further review.

Poor record-keeping

If records are incomplete or difficult to retrieve, businesses may struggle to demonstrate compliance (even if the right steps were taken). This is why comprehensive record-keeping is so important from day one, as you will be required to produce records at AUSTRAC’s request.

Lack of a functioning AML/CTF program

Having a program that is generic, outdated or not followed in practice is a key trigger for regulatory attention.

Intelligence and external reporting

Investigations may also be triggered by information from law enforcement, other reporting entities or international regulators.

How AUSTRAC investigations typically begin

The AML investigation process often begins with a request for information rather than immediate enforcement action. AUSTRAC may review your AML/CTF program, risk assessment, customer files and reporting history. If issues are identified, the matter may escalate depending on severity.

For most businesses, the focus is on demonstrating that reasonable steps have been taken (not achieving perfection - AUSTRAC has been quite upfront about this, provided legitimate effort to comply is made).

How can businesses reduce the risk of investigations?

Reducing the risk of AML investigations comes down to structure and consistency. Businesses should ensure they have a clear AML/CTF program, apply customer due diligence consistently (and in line with their program), monitor activity, report suspicious matters where required, and maintain proper records.

As explored in our AML/CTF Act overview and money laundering guides, compliance is about understanding and managing risk, not eliminating it entirely.

Frequently Asked Questions

What is an AML investigation?

An AML investigation is a regulatory review conducted by AUSTRAC to assess whether a business is complying with its AML/CTF obligations, including risk management, customer due diligence and reporting requirements.

What triggers AML investigations in Australia?

AML investigations are typically triggered by patterns such as failure to report suspicious activity, weak customer due diligence, unusual transaction behaviour, poor record-keeping or gaps in AML/CTF programs.

What is the AML investigation process?

The AML investigation process usually begins with a request for information from AUSTRAC. This may involve reviewing your AML program, customer records and reporting history. In more serious cases, it may escalate to enforcement action.

Can small businesses be investigated by AUSTRAC?

Yes. While large institutions often make headlines, AUSTRAC oversees all reporting entities. With Tranche 2 reforms, small and medium-sized businesses will increasingly fall within scope.

How can businesses avoid AML investigations?

Businesses can reduce the risk by implementing a structured AML/CTF program, training staff, maintaining accurate records, monitoring transactions and reporting suspicious activity when required.

Reducing your business’s risk starts with the right structure

As Tranche 2 approaches, the focus is shifting from awareness to implementation. Understanding what triggers AML investigations is a useful step, but reducing your risk comes from putting the right systems and processes in place.

easyAML helps businesses build and maintain their AML/CTF framework. From risk assessments and customer due diligence to monitoring, reporting and record-keeping, we’re here to help you with your complete AML compliance, all in one place.

You can get started for free, with no lock-in contracts, no credit card required and no commitments at https://easyaml.com/get-started/