The new year will hit Australian Financial Services licensees (AFSLs) with a succession of challenges that will be far from any “business as usual” compliance cycle, with Mintegrity chief executive Amanda Mark noting the impact that a convergence of factors will have throughout 2026.
Calling next year a “genuine regulatory stress-test for licensees”, Mark argued that AFSLs should look at getting ready for the next 12 months as a “strategic program, not a compliance tick-box, because the risk now is cumulative”.
“We are heading into the perfect storm driven by three forces. First, non-negotiable reform deadlines are landing in quick succession,” she said.
“Major legislative overhauls, most notably AUSTRAC’s AML/CTF rewrite and new privacy obligations, require substantial operational and policy change on fixed timetables. AUSTRAC’s new rules require current reporting entities to have updated, fully operational AML/CTF programs by 31 March 2026.”
Another key factor, Mark said, is the move from regulators to shift to a litigation-focused approach rather than leaning on guidance, noting that this is most evident in their utilisation of “expanded civil penalty powers in areas such as cyber resilience, consumer contracts and sustainability claims”.
“Recent greenwashing cases, including significant penalties against well-known firms, underline the scale of exposure for inaccurate or unverified ESG statements,” she said.
“Third, regulatory lines are increasingly blurred. A single product or technology decision can attract parallel scrutiny from ASIC, the ACCC and the OAIC, particularly around AI-enabled advice, client data use and ESG-labelled offerings.”
The strategic challenge, according to Mark, is not so much that any of the changes are overly burdensome, rather the cumulative effect of implementing all of them at once.
In line with this, she doesn’t believe misunderstanding the changes is the greatest risk, instead cautioning that stretched budget and technology resources across multiple reforms could lead to operational failures.
Enforcement risk is already immediate, Mark added, with AFSLs needing to be particularly cautious around unfair contract terms.
“Multimillion-dollar penalties now apply and the ACCC has flagged UCT enforcement as a priority. Clauses commonly embedded in advice agreements, such as automatic renewals or restrictive cancellation and termination rights, sit directly in scope,” she said.
“The danger for licensees is scale: a single clause used across an entire client base can trigger per-contract, per-clause penalties that become financially severe. If not already completed, firms should review all client service and advice agreements for UCT compliance and remediate templates quickly.”
Alongside immediate enforcement threats, Mark noted there are several non-negotiable projects that should already be underway.
“AUSTRAC’s AML/CTF reforms represent the single largest and most complex compliance build for AFSLs over the next 18 months,” she explained.
“This is not a tweak to an existing program but a full rewrite of risk assessment methodology, governance and controls, requiring senior management approval and documented implementation planning.
“AUSTRAC has signalled it expects to see sustained effort and a formal transition plan well before 2026, meaning firms that delay will struggle to demonstrate adequate governance. Licensees should draft a formal implementation plan now, commence new ML/TF risk assessments immediately, and begin drafting updated AML/CTF programs based on those risks.”
Another fixed deadline that Mark noted needed to be understood is related to the first tranche of Delivering Better Financial Outcomes reforms.
Legacy clients on ongoing fee arrangements predating 10 January 2025 must be migrated to the new consent model by 10 January 2026, she explained, and missing the deadline risks leaving firms “unable to legally collect ongoing fees from those clients”.
“The compliance load through 2026 is heavy. Deadlines from AUSTRAC, the OAIC, the ACCC and ASIC are not distant concepts; they are imminent and overlapping,” Mark said.
“Firms need to act early and treat readiness as a whole-of-business change program. Those who do will not only meet the requirements but can emerge resilient in a tougher enforcement era.”
