8 Emerging Regulatory and Investigation Trends

We examine 8 evolving regulatory, enforcement and litigation environment in Australia, with particular emphasis on emerging compliance risks, regulatory scrutiny and the practical implications of the AML and CTF Tranche 2 reforms.

1. The changing risk and enforcement environment

Australian businesses are operating within an increasingly complex risk environment. The current operating context was described as an age of interconnected crises, where economic volatility, geopolitical uncertainty, supply chain disruption and the accelerating use of artificial intelligence intersect with expanding regulatory and compliance obligations.

Regulatory and compliance risk now consistently ranks among the top enterprise risks for businesses across sectors. Directors and senior management are increasingly expected to manage non‑financial risks, including governance, culture and compliance, alongside financial performance. Regulatory failure can result in significant operational disruption, reputational damage and long‑term loss of enterprise value, as demonstrated by a number of recent high‑profile cases.

Australia’s regulatory landscape was described as highly fragmented, with multiple agencies and regimes operating in parallel. While each framework is designed for a specific purpose, the lack of alignment creates duplication, complexity and cost. The financial cost of compliance remains significant, with financial crime compliance alone estimated to cost Australian businesses several billion dollars annually. In challenging economic conditions, organisations that underinvest in compliance face heightened exposure to enforcement action, with internal decision‑making and governance failures representing a primary risk.

See Regulatory Spotlight, a series from our Australian Regulatory Team, offering focused insight into the regulatory issues shaping the insurance and corporate landscape.

Regulatory Spotlight

2. Key emerging regulatory focus areas

2.1 Sanctions

Australia’s autonomous sanctions framework has expanded considerably in recent years and is now characterised by significant legislative complexity. Navigating overlapping instruments and rapidly evolving regimes presents an ongoing challenge for regulated entities. Although enforcement action in Australia has historically been limited compared with overseas jurisdictions, recent government reviews have identified the need for simplification and more effective monitoring and enforcement. This signals a clear shift toward a more active enforcement posture in the future.

2.2 Privacy and data governance

Reforms to the Privacy Act introduced in late 2024 have materially strengthened the enforcement powers of the Office of the Australian Information Commissioner. These changes bring ASIC‑style powers that allow for examinations, infringement notices and civil penalties. Organisations also face more onerous obligations when transferring personal information offshore and increased scrutiny over data governance frameworks.

Additional developments include the introduction of a statutory tort for serious invasion of privacy and forthcoming requirements for transparency around artificial‑intelligence‑driven decision‑making systems from December 2026. While regulatory attention has so far focused on large corporates, enforcement is expected to extend progressively to organisations of all sizes.

2.3 Modern slavery

The Federal Government has agreed in principle to strengthen the Modern Slavery Act following its independent review. Proposed reforms include the introduction of civil penalties for non‑compliance, more detailed reporting obligations, mandatory due diligence requirements and expanded powers for the Anti‑Slavery Commissioner. Although the timing of legislative change remains uncertain, the direction of reform indicates a future shift from disclosure‑based reporting to enforceable compliance expectations.

3. AML and CTF Tranche 2 reforms

3.1 Background and rationale

Rebecca Kelly addressed the extensive reforms to Australia’s anti‑money laundering and counter‑terrorism financing regime. Australia’s framework has long been criticised for falling short of international standards, particularly due to the exclusion of key gatekeeper professions. The growing scale and economic cost of organised crime has reinforced the need for reform and regulatory expansion.

3.2 A shift to a risk‑based framework

The reformed regime represents a significant move away from prescriptive compliance toward a risk‑based and outcomes‑focused approach. Organisations are given greater flexibility in structuring their AML programs, provided they can demonstrate that risks are properly identified, managed and mitigated. Boards and senior executives are expressly accountable for AML oversight and effectiveness.

All regulated entities are required to appoint a fit and proper AML Compliance Officer, with no exemptions for smaller organisations. Enhanced and ongoing customer due‑diligence obligations are a core feature of the reforms, requiring continuous monitoring rather than one‑off verification at onboarding.

3.3 Expanded scope of regulated entities

From 1 July 2026, the AML and CTF regime will extend to a much broader group of designated non‑financial businesses and professions. This includes legal, accounting and conveyancing practices, trust and company service providers, real‑estate agents and developers, dealers in precious metals and stones, and virtual‑asset service providers. As a result, the number of regulated entities in Australia is expected to increase fivefold.

3.4 Transfers of value

The reforms modernise the framework by expanding the concept of regulated transactions beyond traditional banking. Obligations will apply to all transfers of value, including digital, non‑traditional and intermediary‑based mechanisms. This reflects the way value increasingly moves through modern financial systems and emerging technologies.

4. Practical compliance challenges

Newly captured businesses face a range of practical challenges as they adjust to the AML and CTF regime. These include completing AUSTRAC registration, implementing customer‑due‑diligence frameworks, managing suspicious‑matter reporting obligations, maintaining accurate and up‑to‑date records and embedding appropriate staff training and risk awareness. While regulators have indicated an initial focus on education and capability, sustained non‑compliance will attract enforcement attention.

5. Impact on insurers and the insurance market

The direct application of the AML regime remains limited primarily to certain life insurers engaged in designated services. General insurers generally remain outside the scope of direct regulation. Insurance intermediaries generally remain outside the regime for core activities, such as advising and placing policies, but may fall within the regime for other activities, such as premium funding.

However, life insurers fall within the regime, and AUSTRAC has identified specific money‑laundering risk indicators for life insurers. Key risk areas include customer‑identification issues and suspicious activities, such as unusual purchases of high‑value products, early surrenders, policy loans, ownership transfers and the structuring of annuity payments. These areas will continue to attract regulatory scrutiny.

The more significant impacts on insurers from the Tranche 2 reforms are likely to be indirect. Insurers underwrite risks for entities and individuals that are newly regulated under Tranche 2 and may face regulatory investigations, audits, enforcement action, regulatory sanctions for non‑compliance, disciplinary proceedings, third‑party claims (including securities class actions) and reputational damage.

Although these impacts are not expected to be immediate, underwriting assessments, pricing and coverage terms can be expected to take these new risks into account over time and require demonstrated AML capability and governance maturity across large and small organisations.

6. Insurance coverage and claims considerations

AML‑related regulatory activity gives rise to complex insurance‑coverage issues. Enforcement actions reflect a regulatory focus on organisations and individuals. Directors’ and Officers’ insurance, management‑liability policies and professional‑indemnity policies are most likely to be engaged.

While defence costs are commonly covered, investigation, remediation and compliance costs may be excluded or subject to sub‑limits. Exclusions may apply, including exclusions specifically excluding cover for losses and liabilities arising from non‑compliance with the AML/CTF Act.

Recent cases involving large banks demonstrate that the insurability of fines and penalties remains a live issue and depends on policy wording, the nature of the conduct and fines, and public‑policy considerations. Aggregation and allocation issues may arise where multiple insureds seek to access the same policy, putting pressure on policy limits. The claims‑made nature of policies reinforces the importance of early notification, disclosure and proactive claims management.

Co‑ordinated claims management is key to successful navigation of AML/CTF‑related claims. Brokers may face increased exposure where policies do not adequately respond to AML‑related risks or exclusions are not clearly explained.

7. Enforcement trends and outlook

Regulators including AUSTRAC and ASIC are increasingly focused on individual accountability, particularly at board and senior‑management level. While enforcement has historically targeted large institutions, experience suggests that regulatory scrutiny will cascade over time to medium and smaller enterprises. Regulators are expected to assess compliance based on the effectiveness of systems, controls and governance frameworks rather than formal documentation alone. Executive oversight is likely to remain a key regulatory focus.

Current conditions in the insurance market remain relatively favourable, creating a limited opportunity for organisations to review and optimise coverage before enforcement activity increases and market conditions harden.

8. Key messages for organisations

Organisations should act early to prepare for the expanded AML and CTF regime and the broader regulatory environment. Compliance readiness requires board‑level engagement, appropriate resourcing, effective training and regular review of systems and controls. Insurance arrangements should be reviewed in light of increased regulatory exposure. Organisations that treat compliance as a core governance capability rather than a regulatory obligation will be better placed to manage risk and respond to future enforcement activity.

Receive the latest Insurance & Reinsurance insights, events and expert commentary - direct to your inbox.

Subscribe