AUSTRAC Issues New Guidance to Enhance AML/CTF Compliance Post Data Breaches

AUSTRAC Issues New Guidance to Enhance AML/CTF Compliance Post Data Breaches

The Australian Transaction Reports and Analysis Centre (AUSTRAC) has released important guidance to assist organisations under its oversight in meeting their Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) obligations following a data breach or external data breach that affects their services or customers.

AUSTRAC emphasises the need to review customer risk assessments and strengthen systems and controls in the wake of a data breach incident. The agency highlights that data breaches can heighten the risks of Money Laundering (ML) and Terrorist Financing (TF). These risks include identity theft, fraud, and cyber-enabled crimes, where criminals use stolen personal information or credentials to gain unauthorised access to accounts, systems, or networks.

To address these concerns, AUSTRAC encourages reporting entities to proactively identify data breaches that may affect them. This can be achieved through the following methods:

  1. Utilising Publicly Known Data Breaches: Reporting entities should examine publicly known data breaches to determine if their new or existing customers have had their personal information compromised.
  2. Information Sharing: Entities can stay informed about data breaches through various channels, including direct communication from affected organisations, publicly available materials, or registration with the Australian Signals Directorate’s (ASD) Alert Service.

AUSTRAC also recommends that reporting entities establish and maintain robust systems and controls. These measures could include vigilant monitoring for the following:

  • Changes to Customer Details: Keeping a watchful eye on alterations to customer information, such as mobile numbers, particularly before significant transaction requests that deviate from the customer’s typical profile.
  • Rapid Changes in Customer Contact Information: Instances where customers suddenly change their telephone numbers, email addresses, and physical addresses concurrently or in quick succession.
  • Red Flags During Onboarding: Identifying potential risks during customer onboarding, such as new customers using the same identification numbers or personal details as existing customers.

By providing these guidelines, AUSTRAC aims to help regulated entities respond effectively to data breaches and mitigate associated ML/TF risks. Compliance with these recommendations is expected to enhance the security of financial and business operations in Australia. Reporting entities are encouraged to implement these guidelines to ensure they meet their AML/CTF obligations effectively.

GRC Essentials can assist you with your AML program, operational controls and training for your staff.

GRC Essentials can help 

If you require any assistance, we can offer training for your personnel or a review of your compliance documents. Please don’t hesitate to contact us if you have any questions or if we can help you with any of your compliance matters. 

You may reach out to us via our website at in our “Contact Us – Get in touch” section and submit your inquiries, or you can send us an email at We are happy to respond to you as soon as possible.