From Compliance to Transformation: How Australia’s AML Reforms Are Reshaping Financial Crime Strategy

Part 1 of 3: Australia regulatory reform webinar insights series

Australia’s financial crime landscape is undergoing its most significant transformation in nearly two decades. With landmark AML/CTF reforms set to take effect from 31 March 2026 for existing entities and July 2026 for newly regulated entities (tranche 2). Alongside with the introduction of mandatory scam codes, financial institutions face a pivotal question: Will these changes be treated as a compliance checkbox exercise, or as an opportunity to modernise financial crime capabilities?

In a recent webinar hosted by SymphonyAI alongside Deloitte and AMP, industry leaders explored this critical juncture. What emerged was a clear message: the organisations that thrive will be those that view reform not as a burden, but as a gateway to building next-generation financial crime prevention.

The reform landscape: more than just compliance

The Australian regulatory environment is evolving faster than ever. The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 represents the most substantial overhaul of the AML/CTF framework since its inception, introducing outcomes-based obligations that require a focus for regulated businesses to demonstrable effectiveness in managing money laundering and terrorism financing risks.

As Lisa Dobbin, Partner and Australia and APAC Financial Crime Lead at Deloitte, noted during the webinar, “This is an opportunity for generational transformation of the way we do financial crime. I see it as an invitation to take advantage of what we’ve theoretically always had, which is a risk-based regime, but to really make that real in a way that’s going to create long-term value.”

The reforms bring several critical changes. From 1 July 2026, approximately 80,000 new businesses across Tranche 2 sectors—including real estate agents, lawyers, conveyancers, accountants, and dealers in precious metals and stones—will come under the Australian AML/CTF/PF regime. For existing reporting entities, the shift to outcomes-based compliance means moving beyond checkbox exercises to prove their programs are genuinely effective at preventing financial crime.

Compliance or transformation? A mixed bag across the industry

When asked whether organisations are treating reforms as compliance exercises or transformation opportunities, Dobbin observed a “mixed bag” across the industry. Some larger entities have already begun modernisation journeys and see reforms as acceleration opportunities. Others had intended to pursue transformation but face constraints around timing, budget pressures, and cost control demands—particularly challenging given that implementation will likely cost more than budgeted.

For many organisations, especially those playing catch-up from weaknesses under the old regime, getting to the starting line means meeting minimum requirements. Yet even these organisations are trying to “make space for it in the future,” as Dobbin explained. “They’re recognising the invitation, the opportunity, and they’re trying to create space and start the conversation with leadership that says this gives us an opportunity to do this in the future.”

The challenge is particularly acute given timing pressures. With most changes taking effect in just months, organisations must balance urgent short-term compliance needs against building sustainable, long-term capabilities.

Technology as a transformation enabler

The role of technology—particularly artificial intelligence—emerged as central to moving beyond compliance toward genuine transformation. Craig Robertson, Financial Crime and Compliance SME – APAC at SymphonyAI, framed the opportunity clearly: “You need to get away from process, and you need to get closer to risk management.” Robertson pointed to a fundamental problem: organisations with “armies of people handling just the lowest level of follow the bouncing ball process” will never achieve true risk management. While not underselling the importance of these roles, he noted that “there’s a lot of effort, management and oversight and risk time consumed to make that work.”

The solution? Use AI and automation to shift capacity toward smarter detection and prevention. “It’s not all about automation, but that will be a key unlocker to divert capacity to do other things,” Robertson explained. This change must enable decision-makers to shift from worrying about compliance complexity to seeing insights that help make informed decisions about financial crime risk.

This perspective aligns with broader industry recognition that technology investment is critical. AUSTRAC CEO, Brendan Thomas, has signalled that smarter investment may mean not just headcount, but better use of intelligence and automation—a clear departure from simply throwing more people at problems.

Investment priorities: detection, automation, and customer experience

Where should financial crime investment focus? When asked to choose between detection capability, automation, or customer experience, Robertson was unequivocal: “If I’ve got to pick one of the three, I’m going to say detection.”

His reasoning was straightforward. The AML/CTF and scam prevention frameworks exist to stop harm. “If you can’t detect that harm, what’s the point? You’d just be caught in a loop of process and data and things and alerts that don’t make a difference.”

However, automation remains the “gateway to making a change,” while customer experience isn’t really a choice—it’s a given that must be integrated into everything. “Whatever you do has to have customer experience connected to it because at the end of the day you’re a service or product provider,” Robertson noted.

For AMP, investment decisions aren’t driven by any single factor. Reinisch explained that regulatory landscape, customer protection, and cost efficiency all factor into their approach. The recent launch of AMP Bank Go—a new digital banking app—exemplifies how thinking future-focused can embed new regulation and technology that advances well beyond current regulatory regimes.

“The weighting really between those three shifts depending on the risk landscape,” Reinisch said. “Regulatory expectations set the tempo of how quick and when we need to comply. But we don’t stop at compliance. We always ask ourselves if we want to protect customers in ways that are scalable and intelligent, what does the automation lens and data-driven intelligence look like?”

For AMP and organisations like it, the imperative is clear: “We can’t keep just throwing people at our problems. We need to think about it in a much smarter way. When AUSTRAC talks to us about smarter investment, we don’t hear just hire more people. We take the lens of we must invest in better systems that have compliance inbuilt in them because otherwise we just can’t scale.”

Board-level realities: underappreciation and competing priorities

Despite the urgency, Dobbin observed that many boards may not fully grasp what reforms require. “While there’s been lots and lots of talk about the reforms, I do think there’s probably been a lack of really deep understanding at some boards of what that actually requires.”

This challenge is compounded by the perception that AML reforms primarily affect newly regulated sectors. For banks already under the regime, there’s sometimes a view that changes will be “pretty marginal.” Yet even “hygiene points” like getting data fields ready for complicated reporting and CDD changes, require significant effort and investment.

Boards that are well-engaged with financial crime teams are prioritising “foundational capability”—building blocks that serve immediate reform needs while enabling future capabilities. This includes tackling “big rock problems” like data storage, data quality, and gearing for automation journeys.

Dobbin pointed to genuine dynamic risk assessment as an emerging priority: “Once established, it allows you to kind of integrate what was previously multiple processes—you had CDD, KYC refresh, enhanced due diligence for high-risk customers, and transaction monitoring—all kind of in silos.”

Balancing urgency with sustainability

For operational leaders like Reinisch, the challenge is balancing the urgency to meet new obligations with building sustainable capability. “Compliance is the floor, not the ceiling,” she emphasised. “Meeting new obligations quickly is super critical, especially when regulatory settings and expectations are tightening. But if we focus on short-term fixes, we’re really just adding to the risk that we’re building into the system that we actually probably won’t be able to scale or adapt from.”

AMP’s approach involves two parallel layers: mobilising fast for immediate requirements—uplifting reporting, tightening CDD, refining governance—while simultaneously asking what capabilities will be needed in 12 months to be “not just compliant but resilient and customer centric.”

“For me that’s where transformation really comes from,” Reinisch explained. “We look at the data flows, how teams collaborate, the technology and the systems that we use can help reduce the friction. The goal is to embed controls that are intelligent, not just reactive.”

Currently, most organisations tend to have reactive rather than proactive controls in the financial crime space. The reform moment offers an opportunity to shift that balance—leveraging technology to automate simple tasks and free teams to focus on more complex, higher-value work.

The path forward: reform as forcing function and opportunity

As the March 2026 deadline approaches for existing entities, and July 2026 for newly regulated sectors, Australian financial institutions stand at a crossroads. The reforms represent both a mandated regulatory change and an invitation to reimagine financial crime prevention for the next decade.

The organisations most likely to succeed will be those that:

• Recognise the strategic imperative: Moving beyond viewing financial crime as purely a compliance function to understanding it as a strategic risk touching every part of the organisation
• Invest in foundational capabilities: Prioritising data infrastructure, dynamic risk assessment, and integration platforms that enable both immediate compliance and future innovation
• Embrace intelligent automation: Using AI and automation to shift human capacity from low-level process work to strategic risk management and detection
• Align leadership: Ensuring boards and executives understand both the true scope of what’s required in the AML Reforms and the opportunity it presents
• Think beyond 2026: Building for resilience and adaptability, not just getting across the compliance finish line

As AUSTRAC scales up to bring 80,000 new businesses under the regime and shifts from individual entity focus to sector-wide risk and behaviour, the message is clear: this is a regulatory shift from checking for compliance to focusing on substantive risks and harms.

The question for every financial institution is whether they’ll merely meet this moment—or seize it to build the financial crime capabilities that will define success for the decade ahead.

Coming Next: In Part 2 of this series, we’ll explore how organisations are operationalising AI across the financial crime lifecycle, from CDD to transaction monitoring, and examine what it takes to build genuinely risk-based approaches that satisfy both regulatory expectations and business needs.