How AUSTRAC Audits Money Transfer Businesses: What Inspectors Look For

If you run a remittance or money transfer business in Australia, staying on the right side of AUSTRAC is not optional — it is the foundation of operating legally. But what actually happens when AUSTRAC decides to take a closer look at your business? Understanding the audit process can make the difference between a smooth review and a serious regulatory consequence.

This guide breaks down how AUSTRAC approaches inspections of money transfer businesses, what compliance officers examine during an audit, and the practical steps you can take to keep your operation audit-ready at all times.

What Is an AUSTRAC Audit?

AUSTRAC — the Australian Transaction Reports and Analysis Centre — is the government’s financial intelligence regulator. It oversees businesses that provide designated services under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), and remittance providers sit squarely within that framework.

An AUSTRAC audit, sometimes called a compliance assessment, is a formal examination of whether your business is meeting its legal obligations. These can be triggered by a range of factors: patterns in submitted reports, intelligence from partner agencies, complaints, or simply routine sector-wide reviews. The key thing to understand is that AUSTRAC does not always announce an audit in advance. Operating as though inspectors could arrive at any time is not paranoia — it is sound business practice.

To understand the broader regulatory context, it helps to first be clear on what a money transfer licence in Australia involves and why it is required.

The Core Areas AUSTRAC Inspectors Examine

1. Your AML/CTF Program

The first thing inspectors want to see is your Anti-Money Laundering and Counter-Terrorism Financing program. This is a documented, risk-based framework that every registered remittance provider must have in place. Your program needs to be:

• Tailored to the specific risks of your business (not a generic template)
• Up to date and reviewed regularly
• Actively implemented — not just written and filed away
• Accessible to staff and used as part of day-to-day operations

Inspectors will look at whether your program reflects realistic risk assessments relevant to your customer base, transaction volumes, and the countries you transfer funds to or from. A program that has never been updated since registration is a red flag.

2. Customer Identification and Verification Records

Know Your Customer (KYC) procedures are central to every AUSTRAC audit. Inspectors will check whether your business correctly identifies and verifies customers before providing services. This means reviewing:

• Proof of identity documents collected and retained
• Verification steps taken (and documented)
• How your business handles customers who cannot provide standard ID
• Enhanced due diligence for higher-risk customers or transactions

Gaps in customer records — missing documents, incomplete verification, or failure to apply enhanced checks where required — are among the most common findings during audits. A thorough understanding of KYC and Customer Due Diligence requirements for money transfer businesses is essential before an inspector walks through your door.

3. Transaction Monitoring and Suspicious Matter Reporting

AUSTRAC expects businesses to actively monitor transactions for unusual patterns. Inspectors will examine whether your monitoring systems are fit for purpose and whether your staff know how to identify and escalate suspicious activity.

They will also check your Suspicious Matter Report (SMR) history. A business that has never filed an SMR despite handling high volumes of international transfers may attract scrutiny — not because filing more reports is always better, but because the absence of any reports can suggest monitoring systems are not functioning effectively.

Alongside SMRs, your Threshold Transaction Reports (TTRs) will be reviewed. These are required for cash transactions of $10,000 or more. Inspectors will check that TTRs have been submitted accurately and on time. For a detailed breakdown of these reporting obligations, see this guide to AUSTRAC reporting requirements for money transfer businesses.

4. Politically Exposed Persons (PEPs) and Sanctions Screening

Inspectors will look at how your business screens customers and transactions against PEP lists and international sanctions registers. This is a growing area of focus for AUSTRAC, particularly for businesses processing transfers to and from higher-risk jurisdictions.

Your screening process needs to be documented, consistent, and effective. Ad hoc or manual-only checks are unlikely to satisfy inspectors if your transaction volumes are significant. Understanding the obligations around PEP and sanctions screening for Australian remitters is an important part of audit preparedness.

5. Record-Keeping Practices

Under the AML/CTF Act, businesses must retain transaction and customer records for a minimum of seven years. AUSTRAC inspectors will test whether your record-keeping systems are reliable, organised, and complete.

This includes:

• Transaction records (sender and recipient details, amounts, dates)
• Customer identification files
• SMR and TTR lodgement records
• Internal audit and risk review documentation
• Staff training logs

Disorganised or incomplete records are a common source of compliance findings, even in businesses that are otherwise operating in good faith.

6. Staff Training and Awareness

Your AML/CTF obligations extend to your team. AUSTRAC inspectors will ask whether staff have received adequate training on identifying suspicious activity, applying customer identification procedures, and understanding their reporting obligations.

Training should be documented, refreshed regularly, and relevant to the roles of the people receiving it. Frontline staff handling transactions need practical knowledge, not just a policy document in a drawer.

7. Governance and Oversight

Inspectors look at who within your business is responsible for compliance. Is there a designated AML/CTF compliance officer? Are senior managers actively engaged with compliance obligations, or is it treated as an administrative afterthought?

Effective governance also means having a process for identifying and responding to changes in regulation, updating your program when your business model evolves, and conducting your own internal compliance reviews.

Common Compliance Gaps That Attract AUSTRAC Scrutiny

Based on AUSTRAC’s published enforcement activity and guidance, the following are recurring issues found during inspections of remittance businesses:

• Outdated or generic AML/CTF programs that do not reflect actual business operations
• Failure to conduct and document customer due diligence for all relevant transactions
• Delayed or missed TTR and SMR submissions
• Inadequate screening for PEPs and sanctioned individuals
• Poor record-keeping, including missing transaction details or incomplete customer files
• Insufficient staff training, particularly for businesses that have grown quickly

Many of these issues stem from the same root cause: treating compliance as a one-time setup task rather than an ongoing operational responsibility. For a closer look at where businesses most often go wrong, see this article on common compliance mistakes that money transfer businesses should avoid.

What Happens If AUSTRAC Finds Non-Compliance?

The consequences of an adverse AUSTRAC finding can be severe. Depending on the nature and seriousness of the breach, outcomes may include:

• Formal warnings and enforceable undertakings
• Suspension or cancellation of your remittance registration
• Civil penalties, which can reach into the millions of dollars for serious or repeated breaches
• Referral to law enforcement for criminal investigation

The risks of being found non-compliant go beyond financial penalties. Reputational damage, loss of banking relationships, and the inability to continue operating are real outcomes for businesses that fail to take their obligations seriously. This is explored further in the context of the risks of operating without proper licensing and compliance.

How to Keep Your Business Audit-Ready

Rather than scrambling when AUSTRAC makes contact, the most effective approach is to build compliance into the everyday rhythm of your business. Practical steps include:

• Review your AML/CTF program at least annually and whenever your business model, customer base, or transaction types change significantly.
• Conduct internal audits of your transaction monitoring, customer identification records, and reporting history before any external review.
• Keep training records current and ensure all staff — including new hires — complete AML/CTF awareness training relevant to their roles.
• Test your screening tools for PEPs and sanctions to confirm they are functioning correctly and covering the jurisdictions you operate in.
• Organise your records so that customer files, transaction logs, and SMR/TTR submissions can be retrieved quickly and completely.

If you are in the process of setting up your business and want to understand what the registration process involves end to end, this step-by-step guide to registering a money transfer business in Australia provides a solid foundation.

Businesses that operate across both domestic and cross-border transfer corridors should also be aware that compliance requirements can differ. The article on domestic versus international money transfer compliance covers those distinctions in detail.

Final Thoughts

An AUSTRAC audit is not something to fear if your business is genuinely compliant — but it is something to take seriously. Inspectors are experienced, thorough, and have access to transaction data that can surface inconsistencies quickly. The businesses that come through audits without issue are those that treat AML/CTF compliance as a living part of their operation, not a box ticked at registration.

If you are unsure whether your current program and records would withstand scrutiny, now is the time to review them — not when AUSTRAC is already at the door.

Frequently Asked Questions