How Does the Tipping Off Offence Impact AML Independent Review & Compliance

Introduction

On 31 March 2025, significant changes to Australia’s anti-money laundering and counter-terrorism financing (AML/CTF) laws introduced a new tipping off offence. Under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act), it is a criminal offence for reporting entities to disclose information that could reasonably be expected to prejudice an investigation, fundamentally altering risk management for financial crime.

These new rules directly impact how an organisation must approach its mandatory AML independent review. This article explains how the tipping off offence reshapes compliance obligations and the practical steps reporting entities must take to ensure their independent review adequately tests these critical new risks.

Note: Australia’s AML/CTF laws were substantially reformed from 31 March 2026. This article reflects the pre-reform framework, which may still be relevant depending on your business, timing, and transitional rules.

Interactive Tool: Check Your AML Independent Review & Tipping Off Compliance

Understanding the Tipping Off Offence under the AML/CTF Act

Tipping Off Offence Under Section 123

Under Section 123 of the AML/CTF Act (Cth), it is a criminal offence to disclose certain information to another person if that disclosure would or could reasonably be expected to prejudice an investigation. Furthermore, this new tipping off offence, which commenced on 31 March 2025, is based on the potential harm a disclosure could cause.

The offence applies regardless of whether an investigation has actually started. According to Section 123(3) of AML/CTF Act (Cth), you must consider the potential consequences of disclosing information on a future investigation.

Prejudicing an investigation involves negatively affecting it, for instance, by causing a suspect to alter their behaviour to avoid detection. Ultimately, the maximum penalty for this criminal offence is imprisonment for two years, 120 penalty units, or both.

What Information Is Protected by the Tipping Off Rules

The tipping off rules apply to specific categories of protected information. A disclosure of this information may constitute a tipping off offence if it is reasonably expected to prejudice an investigation. According to Section 123(2) of the AML/CTF Act (Cth), this protected information includes:

• Suspicious Matter Reports (SMRs): Any information that you have submitted, or are required to submit, an SMR to the Australian Transaction Reports and Analysis Centre (AUSTRAC). This also covers the report itself, any copies, or any document that sets out the information contained within an SMR.
• AUSTRAC Notices: Information revealing that you have received a notice under Section 49 or Section 49B of AML/CTF Act (Cth) to provide information or produce documents. In addition, this protection extends to the fact that you have responded to such a notice.
• Suspect Transaction Reports (SUSTRs): Information related to reports made under the Financial Transaction Reports Act 1988 (Cth). Although this Act was repealed as of 7 January 2025, information about forming a suspicion or providing a SUSTR to AUSTRAC remains protected.

Who the Tipping Off Offence Applies To

The obligation to prevent tipping off applies broadly and is enduring, covering both current and former individuals and organisations. Section 123(1)(a) of the AML/CTF Act (Cth) specifies that the offence applies to:

• A reporting entity, both current and former;
• An officer, employee, or agent of a reporting entity, whether they are currently employed or were in the past; and
• Any person who has been required by a notice under Section 49 or Section 49B of AML/CTF Act (Cth) to provide information or produce documents.

AML Independent Review Obligations & Importance of Tipping Off

Core Requirements of an AML/CTF Independent Review

Under the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1) (Cth) (AML/CTF Rules), Part A of your AML/CTF program must be subject to regular independent review. Furthermore, the person conducting the review must not have been involved in the design, implementation, or maintenance of the program to ensure their independence.

According to Rule 8.6.5 of the AML/CTF Rules (Cth), the review’s purpose is to assess several key areas of your anti-money laundering framework. Specifically, the review must evaluate:

• Overall effectiveness: the Part A program in light of the specific money laundering and terrorism financing (ML/TF) risks your organisation faces;
• Regulatory compliance: whether the Part A program is compliant with the requirements set out in the AML/CTF Rules (Cth);
• Effective implementation: if the Part A program has been effectively implemented across your business operations; and
• Internal compliance: the extent to which your organisation has complied with its own Part A program.

Why Tipping Off Is Now a Core Area for AML/CTF Compliance Testing

Tipping off risks are frequently present in routine customer interactions and internal business procedures. As a result, these risks can emerge in situations such as:

• Customer due diligence: requesting further information to satisfy these requirements;
• Enhanced due diligence: applying these additional measures; or
• Ending a relationship: making the decision to end a business relationship.

An AML independent review cannot properly assess the effectiveness of an AML/CTF program without thoroughly testing the controls designed to prevent tipping off. Furthermore, Rule 8.6.5(1) of the AML/CTF Rules (Cth) mandates that a review must assess a program’s effectiveness concerning the entity’s ML/TF risk.

Ultimately, because tipping off can prejudice an investigation and is a significant compliance risk, evaluating the controls that manage it s an essential part of AML/CTF compliance.

How Tipping Off Shapes AML Independent Reviews

Shifting From a Disclosure Prohibition to a Judgment-Based Risk Assessment

The tipping off offence under Section 123 of the AML/CTF Act (Cth) fundamentally changes how compliance is tested. An independent review is no longer a simple check to see if information about a SMR was disclosed; instead, the focus has shifted to a more complex, judgment-based risk assessment.

Under Section 123(1)(d), a disclosure becomes a criminal offence if it “would or could reasonably be expected to prejudice an investigation.” Furthermore, this applies even if an investigation has not yet commenced, as stated in Section 123(3).

Consequently, an independent review must now assess the reasonableness of judgments made by staff. Ultimately, the reviewer needs to determine whether employees appropriately considered the potential for a disclosure to negatively affect an investigation before communicating with customers or other parties.

Expanding What an AML Independent Review Needs to Test

The harm-based test for the tipping off offence expands the scope of what an AML independent review must cover. The review must now examine a broader range of operational processes to assess whether they have been effectively implemented to manage tipping off risks, a core requirement under Rule 8.6.5 of the AML/CTF Rules (Cth).

Therefore, this expanded testing should include a detailed examination of the following areas:

• Customer communication: reviewing standardised scripts, forms, and templates used when making enquiries or conducting enhanced customer due diligence to ensure they do not inadvertently disclose suspicion.
• Internal escalation procedures: assessing the processes for how suspicious matters are identified, discussed, and escalated internally to prevent leaks of protected information.
• Relationship exit decisions: analysing the procedures and communications used when ending a customer relationship to confirm that the reasons provided do not tip off the customer about a suspicion or SMR filing.

Increased Importance of Testing Staff Behaviour & Training

Tipping off can occur through informal or careless communication, not just formal procedural failures. An AML/CTF independent review must therefore place greater emphasis on testing actual staff behaviour and the effectiveness of the organisation’s training program. Simply having a policy is not enough; the review must verify that employees understand and apply their legal obligations in practice.

For instance, a careless conversation between employees that is overheard could lead to a disclosure. In addition, common examples of high-risk behaviours include providing vague hints to a client about “regulatory flags” or accidentally forwarding an internal email about an SMR. To assess these risks, a review should include:

• Sampling interactions: reviewing real-world staff communications, such as emails or call recordings.
• Evaluating training: assessing the content and delivery of employee training programs on the tipping off offence.
• Conducting scenario-based testing: observing how customer-facing staff respond to difficult questions without disclosing protected information.

Managing Third-Party & Outsourcing Tipping Off Risks

A reporting entity’s responsibility to prevent tipping off extends to its external service providers. An AML independent review must assess the controls governing these third-party relationships. This is a critical part of ensuring the AML/CTF program is effective, as required by Rule 8.6.5 of the AML/CTF Rules (Cth).

When a reporting entity discloses information to an external provider for functions like transaction monitoring or compliance support, it must ensure the disclosure itself would not reasonably be expected to prejudice an investigation. The independent review should verify that the organisation has adequate controls over these arrangements, including assessing whether the reporting entity has:

• Conducted due diligence: confirming that external providers have their own suitable controls to prevent tipping off.
• Established enforceable undertakings: creating legally binding agreements to maintain the confidentiality of protected information.
• Considered foreign legal frameworks: ensuring the laws in any foreign country where a service provider operates are consistent with obligations under the AML/CTF Act (Cth).

Practical Steps for Designing Your AML/CTF Independent Review

Designing the Scope of the AML Independent Review

To comply with the requirements of Rule 8.6 of the AML/CTF Rules (Cth), the scope of your AML independent review broad. It should explicitly incorporate testing of the controls your organisation has implemented to manage the tipping off offence. Furthermore, the review’s scope must extend beyond traditional compliance checks to assess the practical effectiveness of your tipping off risk management, including evaluating:

• Policies and procedures: designed to prevent the disclosure of protected information;
• Communication frameworks: governing staff communication, such as standardised scripts and templates for customer interactions; and
• Employee training programs: focusing on the content and effectiveness of training regarding the tipping off offence.

Adopting a Safe Testing Approach to Disclose Information

The AML independent review process itself must be structured to avoid creating a tipping off risk. Therefore, reviewers should adopt testing methodologies that allow them to assess controls without disclosing information that could reasonably be expected to prejudice an investigation. To achieve this, safe testing approaches include several key practices:

• De-identified Case Sampling: using anonymised customer data to review how suspicious matters were handled, which prevents the identification of specific individuals;
• Scenario-Based Testing: presenting customer-facing staff with hypothetical situations to assess their understanding and application of tipping off rules without discussing live cases; and
• Generalised Analysis: focusing on trends and patterns of behaviour across the organisation rather than examining specific customer transactions in a way that could lead to a disclosure.

Governance & Reporting on Tipping Off Risks

Under Rule 8.6.6 of the AML/CTF Rules (Cth), the results of the independent review must be provided to senior management and the governing board. The findings related to tipping off controls are a critical component of this reporting, as the report should provide a clear assessment of the organisation’s resilience against tipping off risks.

Ultimately, the report must highlight key areas to ensure that leadership has the necessary information to address any deficiencies and demonstrate robust compliance oversight, as follows:

• Systemic weaknesses: identifying any flaws within the organisation’s processes;
• Problematic behavioural patterns: noting any patterns observed in staff; and
• Current controls: evaluating their overall effectiveness.

Common Mistakes to Avoid When Conducting an AML Independent Review

When conducting an AML independent review, certain common errors can undermine the assessment of an organisation’s tipping off controls. Therefore, avoiding these pitfalls is essential for effective risk management and compliance. Four frequent mistakes include:

• Treating tipping off as a minor compliance issue: The tipping off offence under Section 123 of the AML/CTF Act (Cth) is a serious criminal offence, and the consequences of non-compliance can include imprisonment. As a result, a review that downplays this risk fails to address a significant legal and reputational threat.
• Focusing only on the SMR submission process: A review must look beyond the simple act of filing an SMR. Furthermore, tipping off risks are present in many routine activities, including conducting enhanced customer due diligence, requesting further information, and communicating decisions to end a business relationship.
• Ignoring frontline staff behaviour: Careless communication by employees can easily lead to a disclosure that could prejudice an investigation. For instance, an untrained staff member might overhear a conversation about a suspicious customer and later mention it to them. Ultimately, an independent review must test the effectiveness of staff training and examine real-world interactions, rather than just written policies.
• Using unsafe testing methods: The review process itself must not create a tipping off risk. Discussing live SMR cases or specific customer details without proper information controls, such as in an open office, could lead to an inadvertent disclosure. Therefore, reviews should employ safe methods like de-identified case sampling to assess compliance without disclosing protected information.

How the AML/CTF Tipping Off Offence Operates in NSW

The AML/CTF Act (Cth) is a Commonwealth law, but its tipping off provisions have direct application within New South Wales (NSW). Furthermore, the offence is not limited to prejudicing federal investigations.

Under Section 123(1)(d)(i) of AML/CTF Act (Cth), the tipping off offence is committed if a disclosure would or could reasonably be expected to prejudice an investigation of an offence against a law of the Commonwealth, a State, or a Territory. This means that disclosing protected information in a way that could hinder an investigation by a state body, such as the NSW Police Force, constitutes a breach of the federal tipping off offence.

As a result, reporting entities in NSW must ensure their compliance frameworks account for investigations at both the state and federal levels.

Conclusion

The new tipping off offence effective from 31 March 2025 fundamentally alters AML compliance by focusing on whether a disclosure could prejudice an investigation. This requires reporting entities to ensure their independent review now assesses risk-based judgments and staff behaviours, moving beyond a simple technical check.

To ensure your organisation’s AML independent review effectively addresses these significant changes, contact our AML independent review lawyers at Click Legal. Our team can help you navigate these new legal obligations and strengthen your compliance framework today.

Frequently Asked Questions