AML Red Flags: Suspicious Activity Indicators for Australian Compliance Teams

AML red flags are behavioural, transactional or documentary indicators that suggest a customer relationship or financial transaction may be connected to money laundering, terrorist financing or another serious financial crime. Under Australian law, identifying these indicators and acting on them is a legal obligation under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), enforced by AUSTRAC (Australian Transaction Reports and Analysis Centre). Reporting entities that fail to maintain adequate systems for detecting and reporting suspicious matters face civil penalties in the hundreds of millions of dollars — the Commonwealth Bank enforcement outcome of 2018 resulted in a AUD $700 million penalty, the largest civil penalty in Australian corporate history at the time.

AUSTRAC oversees one of the world's most comprehensive AML/CTF reporting regimes, with regulated entities spanning banking, insurance, gambling, remittance dealers, digital currency exchanges, and — following the 2024 reforms — legal practitioners, accountants and real estate agents.

This article is provided for informational purposes only and does not constitute legal, financial or regulatory advice. Regulatory references are accurate as of the publication date. Consult a qualified legal professional for guidance tailored to your organisation's circumstances.

What Are AML Red Flags Under Australian Law?

An AML red flag is any indicator that, individually or in combination with others, gives a reporting entity reasonable grounds to suspect that a transaction or customer relationship may be connected to money laundering, terrorist financing or sanctions evasion. A red flag does not establish guilt: it triggers an obligation to investigate further and, where suspicion is formed, to submit a Suspicious Matter Report (SMR) to AUSTRAC.

The AML/CTF Act requires reporting entities to submit an SMR when they form a suspicion on reasonable grounds that a transaction is connected to an offence, involves proceeds of crime, or is designed to evade AML/CTF Act obligations. The FATF 40 Recommendations provide internationally recognised typologies of red flags that inform AUSTRAC's guidance materials and sector risk assessments.

The 2024 AML/CTF Amendment Act significantly expanded the scope of reporting entities to include "Tranche 2" professions — lawyers, accountants, real estate agents, and dealers in precious metals and stones — aligning Australia's framework with FATF standards. These new reporting entities must enrol with AUSTRAC and implement AML/CTF programs by the applicable transition dates.

Categories of AML Red Flags

Red flags fall into four primary categories. The table below provides a structured overview for Australian compliance teams to use as a baseline framework.

When red flags from multiple categories appear together, the overall risk level increases materially and must trigger a formal internal review and likely SMR submission, regardless of the relationship's commercial importance.

For a broader view of documentary compliance obligations that sit alongside these indicators, see our document compliance guide.

Sector-Specific Red Flags

Banking and Authorised Deposit-Taking Institutions (ADIs)

Banks, credit unions and building societies are designated reporting entities under the AML/CTF Act and subject to oversight by both AUSTRAC and the Australian Prudential Regulation Authority (APRA). Key indicators include:

• Frequent cash deposits just below AUD $10,000 across multiple branches or ATMs on the same day (threshold transaction reports trigger at exactly AUD $10,000).
• Accounts dormant for extended periods before suddenly processing high volumes of international transfers.
• Round-dollar wire transfers at consistent amounts — a classic structuring signal.
• Business accounts with cash-intensive transaction patterns inconsistent with the stated industry or business size.

The Threshold Transaction Report (TTR) requirement applies to cash transactions of AUD $10,000 or more, mandatory for all banks and financial institutions regardless of any suspicion. The International Funds Transfer Instruction (IFTI) report applies to international transfers of AUD $1,000 or more — a significantly lower threshold than most comparable jurisdictions, reflecting Australia's commitment to cross-border transaction transparency.

Gambling and Casinos

The gambling sector is a high-risk AML/CTF area in Australia, as documented in multiple AUSTRAC risk assessments and reflected in the Star Entertainment and Crown Casino enforcement actions. Key red flags include:

• Patrons conducting large cash buy-ins followed by immediate cash-outs with minimal gaming activity (chip-walking or smurfing).
• Multiple patrons pooling funds to purchase chips, then splitting cash-out proceeds.
• Requests for cheque payments or EFTs in lieu of cash winnings beyond reasonable amounts.
• VIP program members transacting at levels inconsistent with their disclosed wealth or income.

Casinos are designated reporting entities and must maintain customer due diligence programs calibrated to the specific risks of the gambling environment, including enhanced due diligence for high-value patrons.

Remittance Dealers and Digital Currency Exchanges

Australia's large diaspora communities make the remittance sector significant. AUSTRAC-registered remittance dealers and digital currency exchanges must apply risk-based monitoring. Sector-specific red flags include:

• High volumes of outbound transfers to countries with limited AML oversight.
• Customers using multiple agents or outlets to break transactions below threshold amounts.
• Cryptocurrency transactions to or from addresses associated with sanctioned entities or darknet markets.
• Customers refusing to disclose the source of funds relative to the scale of transactions.

Digital currency exchanges became reporting entities under the AML/CTF Act in 2018 following the FinTech reforms, requiring AUSTRAC registration and full SMR and TTR reporting obligations.

Real Estate (Post-2024 Reforms)

Australian real estate has been identified in successive AUSTRAC risk assessments as highly vulnerable to money laundering, particularly in major metropolitan markets. Following the 2024 AML/CTF Amendment Act, real estate agents are now required reporting entities. Key red flags include:

• Purchases using third-party funds with no disclosed relationship to the buyer.
• Transactions conducted with significant cash components.
• Buyers who show minimal interest in property characteristics but urgency in completing the transaction.
• Corporate or trust vehicle structures where beneficial owners cannot be identified.

Legal and Accounting Professionals (Post-2024 Reforms)

The 2024 amendments extend AML/CTF obligations to lawyers and accountants when they facilitate certain "designated services." Red flags in these professions include:

• Clients who are evasive about the source of funds for transactions the professional is facilitating.
• Instructions that appear designed to create a paper trail without genuine commercial substance.
• Requests to hold client funds for purposes unconnected to the underlying legal or accounting matter.

Australian Legal Framework: AML/CTF Act and SMR Obligations

The primary Australian AML/CTF legislative framework consists of the AML/CTF Act 2006, the AML/CTF Rules 2007 (as amended), and AUSTRAC's compliance and enforcement guidance. The AUSTRAC website provides sector-specific risk assessments and guidance.

The AML/CTF Act requires reporting entities to submit an SMR as soon as practicable — and in any case within 3 business days — after forming a suspicion on reasonable grounds. Where the suspicious matter relates to terrorist financing, the report must be submitted within 24 hours.

Key AUSTRAC reporting requirements:

• Threshold Transaction Reports (TTRs): cash transactions of AUD $10,000 or more, mandatory regardless of suspicion.
• International Funds Transfer Instructions (IFTIs): international transfers of AUD $1,000 or more, incoming or outgoing, mandatory regardless of suspicion.
• Suspicious Matter Reports (SMRs): any transaction or attempted transaction where reasonable grounds to suspect exist — no minimum threshold.

SMRs are submitted to AUSTRAC via the AUSTRAC Online portal. The tipping-off offence under section 123 of the AML/CTF Act makes it a criminal offence to disclose that an SMR has been submitted or that an investigation related to the SMR is being conducted. Contraventions carry penalties of up to two years' imprisonment.

Civil penalties for AML/CTF Act contraventions can be substantial: the maximum civil penalty for a single contravention by a body corporate is AUD $222 million (as indexed). AUSTRAC can also pursue remedial directions, enforceable undertakings and injunctions. The Australian Transaction Reports and Analysis Centre publishes its enforcement actions, providing public benchmarks for regulatory expectations.

From Detection to SMR Submission: the Internal Process

Effective management of AML red flags follows a structured AML/CTF program. AUSTRAC compliance assessments consistently identify the absence of a clear internal escalation workflow as a key gap in smaller reporting entities.

Step 1 – Detection. The red flag is identified through automated transaction monitoring, document verification tools, or by a staff member. CheckFile's platform flags 94% of fraudulent documents in under 2 seconds (CheckFile internal benchmark, March 2026), enabling compliance teams to identify documentary red flags at onboarding.

Step 2 – Internal escalation. The identifying staff member escalates to the AML/CTF Compliance Officer using the organisation's internal reporting procedures. All staff of reporting entities have individual obligations to report internally.

Step 3 – Investigation. The Compliance Officer reviews the transaction history, KYC file, open-source information, and sanctions screening results. The investigation must be documented fully, whether or not it results in an SMR.

Step 4 – SMR submission. If the suspicion cannot be resolved, the Compliance Officer submits the SMR via AUSTRAC Online within 3 business days (or 24 hours for terrorist financing matters). Where a transaction is pending, the reporting entity may need to consider whether to proceed.

Step 5 – Record retention. All supporting records must be retained for seven years from the date of the transaction or the end of the customer relationship — a longer period than many comparable jurisdictions — in accordance with section 106 of the AML/CTF Act.

Step 6 – Operational decision. The institution decides independently whether to continue or exit the relationship. An SMR submission does not automatically require account closure, but the risk assessment must be updated.

Our anti-money laundering compliance guide covers the governance requirements that underpin this process at an institutional level. Explore how CheckFile integrates document verification into AML/CTF compliance workflows, or review our pricing plans.

Common Questions from Compliance Forums

Is there a minimum transaction amount to submit an SMR?

No. Unlike Threshold Transaction Reports (AUD $10,000 cash) and IFTIs (AUD $1,000 international transfers), SMRs must be submitted whenever reasonable grounds to suspect arise, regardless of the dollar amount. A AUD $100 transaction can warrant an SMR if the surrounding circumstances are sufficiently suspicious. The thresholds trigger mandatory transaction reporting; suspicion triggers SMR submission.

What is the difference between a TTR, IFTI and SMR?

TTRs and IFTIs are mandatory transaction-based reports filed at specified thresholds regardless of any suspicion. SMRs are suspicion-based reports filed when the reporting entity forms a suspicion on reasonable grounds — they have no minimum dollar threshold and may be required for transactions well below TTR/IFTI thresholds.

Frequently Asked Questions

Who is required to report to AUSTRAC?

Current reporting entities under the AML/CTF Act include banks and authorised deposit-taking institutions, insurance companies, securities dealers, superannuation fund trustees, money transfer businesses, casinos and wagering providers, digital currency exchanges, and — following the 2024 reforms — real estate agents, lawyers (for designated services), accountants (for designated services), and dealers in precious metals and stones.

How does CheckFile support AML red flag detection?

CheckFile's document verification platform analyses the authenticity of identity documents, proof of address and financial records submitted during customer onboarding and ongoing due diligence. It identifies inconsistencies, alterations and documents originating from high-risk sources in real time. Our KYC solution for banking and financial services integrates verification into the onboarding workflow without adding friction for legitimate customers.

What are the penalties for AML/CTF Act non-compliance in Australia?

Civil penalties for serious and systemic contraventions can reach AUD $222 million per contravention. AUSTRAC can also impose remedial directions, seek injunctions and negotiate enforceable undertakings. Criminal penalties for tipping-off include up to two years' imprisonment. AUSTRAC's published enforcement outcomes — including the Commonwealth Bank (AUD $700M) and Westpac (AUD $1.3B) matters — illustrate the scale of penalties available for systemic failures.

Where can I find AUSTRAC's guidance on AML red flags?

AUSTRAC publishes sector-specific risk assessments, compliance guides, and typology reports that provide detailed red flag indicators for each reporting sector. Review our pricing plans to understand how CheckFile fits your compliance budget.