From 31 March 2025, Australia’s anti-money laundering landscape is tightening with a new criminal offence under the AML/CTF Act: tipping off.
If you’re a reporting entity — or even an employee or agent of one — understanding the new tipping off rules is critical to protecting investigations and avoiding serious penalties.
Let’s break down what’s changing, what tipping off means, and how you can safeguard your business.
What Is Tipping Off?
Tipping off means disclosing protected information to someone else in a way that could reasonably be expected to prejudice an investigation — whether that investigation exists yet or not.
It’s now a criminal offence carrying up to 2 years’ imprisonment or 120 penalty units, or both.
Importantly, you can breach the law even if you didn’t know an investigation had begun. The key is whether the disclosure could prejudice a current or future investigation.
What Kind of Information Is Protected?
Tipping off protections cover:
- Information about Suspicious Matter Reports (SMRs) — even just the fact that you submitted one.
- Information about responding to AUSTRAC notices under sections 49 and 49B of the AML/CTF Act.
- Information about Suspect Transaction Reports (SUSTRs) under the old Financial Transaction Reports Act (for activities before 7 January 2025).
Examples: How Tipping Off Might Happen
Let’s look at a few examples — different from AUSTRAC’s — to help bring this home:
Example 1: Digital Bank Investigating Cryptocurrency Transfers
Jess works at a digital bank and notices that a customer, Ryan, is frequently transferring funds to new cryptocurrency wallets just under AUSTRAC’s reporting threshold.
Jess’s team lodges an SMR.
During a casual customer service call, Ryan asks about delays with his account. Jess — trying to be helpful — mentions that “extra checks” are happening due to “unusual transactions” and hints that law enforcement might be involved.
Even without saying the words "SMR" or "investigation", Jess's comments could tip off Ryan that he’s under scrutiny, encouraging him to shift or hide his funds.
Takeaway: Staff must avoid revealing anything that could suggest suspicion or regulatory involvement.
Example 2: Law Firm Discussing Client Activities
A law firm representing a property investor notices odd payment patterns and lodges an SMR.
A junior solicitor, unaware of tipping off risks, later mentions in an email that “your recent payments are under a lot of attention from regulatory bodies”.
This casual comment could be enough to tip off the client, breaching the law and undermining an active investigation.
Takeaway: All team members — not just compliance staff — need proper training on the new rules.
Example 3: Remittance Business Outsourcing Risk
A remittance provider outsources its transaction monitoring to an offshore vendor in a country with weak privacy laws.
The vendor shares customer transaction patterns loosely within their network, and the subject eventually hears whispers that his transactions have been flagged.
Takeaway: You must ensure third parties have tight controls to prevent indirect tipping off.
What Disclosures Are Not Tipping Off?
Some disclosures are safe, including:
- Sharing information internally to manage ML/TF risks.
- Engaging lawyers or consultants for advice or remediation work.
- Complying with legal obligations under Australian law (e.g. scam prevention).
- Responding appropriately to law enforcement requests.
- Conducting standard enhanced customer due diligence (CDD) without mentioning suspicion.
However, even in these cases, care must be taken not to reveal that an SMR has been lodged or an investigation is underway.
Key Changes for Businesses
Starting 31 March 2025:
- Businesses must put controls in place to prevent tipping off.
- From 31 March 2026, preventing tipping off must be embedded in your AML/CTF Program.
- Controls might include:
- Restricting access to SMR-related information.
- Training all relevant staff regularly.
- De-identifying information where possible.
- Using standard scripts when interacting with customers.
- Conducting due diligence on third-party service providers.
- Keeping audit trails of who accesses sensitive information.
Practical Tips: Customer Communications
When asking a customer for more information or terminating a relationship, never mention suspicion or investigations.
Instead, frame your communications around:
- Routine compliance checks.
- Need for up-to-date records.
- Policy changes or commercial decisions.
For instance:
✅ “We’re conducting a routine update of customer profiles in line with our regulatory obligations.”
✅ “Due to changes in our risk management framework, we will be unable to continue providing services.”
Why These Changes Matter
Tipping off allows criminals to:
- Conceal evidence
- Escape prosecution
- Adjust their operations to stay undetected
By following the new rules, businesses help maintain the integrity of Australia's financial system — and protect themselves from serious penalties.
✅ Tipping Off Prevention Checklist
To help your business prepare, here’s a simple checklist to reduce the risk of tipping off under the new rules.
Remember:
Tipping off can happen easily — often with just a throwaway comment.
Getting ready now, updating policies, and training your team are the best defences you have.
Stay alert. Stay compliant. Stay ahead.
