The Latest AML/CTF Changes and What They Mean For Businesses Providing Virtual Addresses

Introduction

In August 2025, new Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) rules were introduced. Depending on the classification of services provided, these changes and the obligations for the affected entities commence on 31 March 2026 (for existing reporting entities) or 1 July 2026 (for entities newly covered by these changes).

The aim of this updated framework is to strengthen compliance measures across the financial services industry. However, it is not only those who provide financial services that are impacted by these changes. These changes also impact other industries due to the growing concern around the use of online structures and services to conceal illicit financial activity.

As such, AML/CTF obligations now extend to businesses that provide virtual address services or offshore business arrangements, now known as designated services. These businesses that provide registered office addresses or principal places of business for entities, will be required to register and report to AUSTRAC and ensure that they maintain robust systems to identify and verify their customers’ true locations and beneficial ownership.

This article will explore what the AML/CTF changes involve and the implications for businesses providing virtual address services.

Changes for Virtual Address Businesses

The use of virtual addresses has increased significantly alongside the growth of online businesses and remote working arrangements. As a result, there is a growing need to regulate the industry.

Virtual office services can be exploited to obscure the true identity or location of individuals engaged in illicit financial activity and transactions covered under AML/CTF laws. These new rules have been introduced to allow AUSTRAC to close regulatory gaps and improve the traceability of funds moving within Australia through virtual address and office services.

Key AML/CTF Obligations for Virtual Address Businesses

As the provision of virtual addresses, a registered office address or principal place of business for entities is now classed as a designated service, the following AML/CTF obligations apply:

1. Enrol with AUSTRAC within 28 days of providing a designated service. For those providing virtual address services who have not previously been covered by these laws, this will likely be 29 July 2026;
2. Keep all enrolment details with AUSTRAC up to date;
3. Develop and maintain an AML/CTF program. This program contains 2 components:
4. A money laundering, terrorism financing and proliferation financing risk assessment that can be used to help identify and assess risks the business may face; and
5. AML/CTF policies that relate to ensuring compliance with AML/CTF obligations;
6. Appoint an AML/CTF compliance officer to oversee the day-to-day compliance of AML/CTF obligations and who communicates with AUSTRAC;
7. Carry out internal reviews and independent evaluations of the AML/CTF programs in certain circumstances, and at a minimum, every 3 years;
8. Conduct customer due diligence on all customers;
9. Submit reports to AUSTRAC in relation to certain types of transactions and suspicious matters; and
10. Maintain accurate and complete records in relation to the AML/CTF program and activities. These records must be kept for 7 years.

This is not an exhaustive list and you should review the relevant information provided by AUSTRAC to confirm the extent and specifics of your obligations.

Customer Due Diligence

One of the main obligations under the AML/CTF laws is the need to conduct customer due diligence to determine who your customers are and determine whether they pose any risk in relation to money laundering, terrorism financing and proliferation financing when providing the services.

There are 3 types of customer due diligence that will need to be conducted:

1. Initial customer due diligence. This involves establishing information about a client including conducting background checks on the entity’s management and key personnel, verifying their identity, researching the entity’s history and track record and verifying their contact details;
2. Ongoing customer due diligence. This involves monitoring and managing risks through the customer relationship including monitoring transactions and behaviours for suspicious activity, reviewing and re-verifying information and performing regular audits of customer records; and
3. Pre-commencement customer due diligence. For customers who were a customer prior to you being subject to AML/CTF laws, you do not need to conduct initial or ongoing due diligence until you are required to file a suspicious matter report in relation to the customer with AUSTRAC or there is a significant change in the nature and purpose of business of the customer that involves an increased risk of money laundering, terrorism financing and proliferation financing. This type of due diligence is intended to reduce the regulatory burden associated with pre-existing customers while ensuring they are still subject to due diligence measures when risks arise.

Conclusion

These new AML/CTF changes have been introduced to reinforce AUSTRAC’s continued focus on transparency and accountability. Businesses that provide these virtual address services should take proactive steps to ensure compliance and to ensure they are meeting their obligations under the new AML/CTF laws.

Contracts E-commerce Small Business

The Importance of Website Disclaimers: Safeguarding your Business and Managing User Expectations

This article will explore what a website disclaimer is and why every website owner should have one on their website to ensure that both your interests and the interests of your users / visitors are safeguarded.

Read more

Corporations Small Business

How the PPSR protects purchasers of personal property

What is the PPSR? The Personal Property Securities Register (PPSR) is a national, electronic register of security interests in personal property. The PPSR was established on 30 January 2012 with the aim of protecting buyers of personal property where an existing security interest exists in the purchased property and where...

Read more