Resources
Australian Sanctions Guidance: A plain-English summary for Accountants, Lawyers, and Real Estate Professionals
31 March, 2026
Disclaimer: The content on this website is general and is not legal advice. Before you make a decision or take a particular action based on the content on this website, you should check its accuracy, completeness, currency and relevance for your purposes. You may wish to seek independent professional advice.
This article reflects guidance available as of March 2026. ASO guidance continues to evolve - reporting entities should monitor ASO’s website for updates.
If you work in accounting, law, or real estate, you've probably spent the last year getting your head around the new Anti-Money Laundering (AML) regulations. There's a lot to absorb before businesses need to start complying on the 1st of July 2026. But one obligation that often gets overlooked is sanctions screening.
Most accounting, legal, and real estate professionals understand that sanctions lists exist. Far fewer have a clear process for when to screen, what to do with a match, or how sanctions obligations connect to the AML program they're currently building. Knowing you need to screen is one thing. Doing it well in practice is another.
The Australian Sanctions Office (ASO) has recently released three new sector-specific sanctions guidance notes, one each for accountants, legal professionals, and real estate agents, to spell out exactly what sanctions obligations look like in practice for each sector.
This post walks through what the guidance says, sector by sector, and what you should do about it.
Sanctions ≠ AML
Sanctions and AML/CTF are not the same thing. They intersect, but they are governed differently and enforced separately.
Different regulator, different legislation
Australia's sanctions framework is administered by the ASO, which sits within the Department of Foreign Affairs and Trade (DFAT). AUSTRAC administers AML/CTF. These are separate agencies operating under separate legislation.
Different purpose
- AML/CTF is about detecting and disrupting money laundering and terrorism financing.
- Sanctions are targeted foreign policy measures, restrictions imposed on specific individuals, entities and countries in response to things like armed conflict, human rights abuses etc.
These distinctions matter because sanctions obligations have strict liability.
Australia maintains a Consolidated List of designated persons and entities. These are individuals, entities and vessels subject to sanctions. If someone on that list is involved in a transaction you're facilitating:
- you must not proceed with the transaction
- you may need to freeze assets you hold or control that belong to a designated person
- you must report the transaction to the ASO and the Australian Federal Police
These are strict liability offences for organisations. Penalties can reach $3.3 million for an entity, or three times the value of the transaction involved, whichever is greater.
The ASO's approach is cooperative. It wants to help regulated entities comply, not catch them out. But that goodwill doesn't reduce the legal obligations.
New sanctions guidance - sector by sector
The guidance is consistent in principle, but the exposure points differ depending on what you actually do. Click below to jump to your industry.
Accounting
What it's about
For accountants, sanctions risk shows up wherever money or financial control is involved.
What it means in practice
- Screen before you engage.
Before providing a service, verify your client's identity and check them and any beneficial owners against the Consolidated List. This is how you exercise the "reasonable precautions and due diligence" defence that the guidance allows. - Understand what "dealing" means.
Managing funds, signing off on transactions, or providing advice that facilitates a sanctioned transaction can all equal a prohibited dealing. The obligation applies to what you do, not just who you act for. - Document your process.
How you conduct a screening check, decide why you will accept or decline an engagement, and any escalation procedures for red flags you identify should all be logged. - Report if something doesn't look right.
If you suspect a sanctions breach by a client or anyone else, report it to the ASO. The guidance is explicit that self-reporting and cooperation are viewed favourably when enforcement decisions are made.
Example
An accounting firm is engaged to manage the accounts of a new corporate client. The shareholder >25% of the company returns a potential match on the Consolidated List. The firm pauses the engagement, investigates the match, documents its findings, and if confirmed as a positive hit, does not proceed and reports the matter to the ASO. All records and decisions are documented.
Legal sector
What it's about
Legal professionals sit at a critical junction. You establish structures, move assets, and act on behalf of clients. This creates direct exposure to sanctions risk, particularly in transactions and corporate work.
One notable element in the guidance is a class-based permit, allowing legal professionals to provide advice, representation, and supporting services to designated persons in certain defined circumstances. Without a permit, even providing legal advice to a sanctioned individual could be a prohibited service.
What it means in practice
- Screen before accepting instructions.
A law firm acting on a property transaction, a corporate restructure, or an estate administration needs to confirm that the clients involved are not designated persons, including beneficial owners of corporate clients. - Build screening into matter intake.
The guidance encourages firms to treat sanctions assessment the same way they treat conflict checks, something that happens at the start, not as an afterthought. - Watch how you receive funds.
Accepting fees from a sanctioned source can itself constitute a prohibited dealing. The source of the money matters, not just the identity of the person instructing you. - Know where privilege ends.
Legal professional privilege does not provide a blanket exemption from sanctions obligations. Firms should take legal advice on the interaction between privilege and reporting duties. The default position is that suspected contraventions should be escalated.
Example
A law firm is instructed to act on a commercial acquisition. During intake, the firm screens the purchasing entity and identifies that one of its directors is a close associate of a person on the Consolidated List. The firm escalates to its compliance officer, reviews whether the class-based permit applies, seeks external advice before proceeding, and documents the full decision trail.
Real estate
What it's about
Property is a well-known vehicle for storing and moving wealth. That makes real estate a natural exposure point for sanctions risk.
Real estate agents, buyers' agents, and related professionals can become caught up in sanctions risk without realising it. A purchaser who is a designated person. A vendor with links to a sanctioned entity. A transaction structured to move sanctioned assets into Australian property. These aren't hypothetical scenarios; they reflect the patterns regulators have seen in Australia already.
What it means for your agency
- Screen buyers, sellers, and beneficial owners.
Both parties within a property transaction, including the buyer, the seller and their ultimate beneficial owners, need to be checked against the Consolidated List. - Know the red flags.
The guidance points to indicators like unusual payment structures, reluctance to provide identification, or transactions with no clear commercial rationale. These warrant closer scrutiny before you proceed. - Stop if you get a match.
If screening returns any hits against the Consolidated List, you cannot proceed on the basis that it might be a false positive. Pause the transaction, investigate whether it is a true or false positive, seek advice, and document your decision-making. - Report as required.
A confirmed or suspected sanctions breach should be reported. An agent who identifies a potential issue and takes no action faces the same penalties as one who actively proceeds with a prohibited transaction.
Example
A real estate agency is handling the sale of a residential property. The prospective buyer is purchasing through a company. Screening the buyer’s company's shareholders returns a match against the Consolidated List. The agent pauses the transaction, does not accept or progress the offer, notifies their compliance officer, and reports the matter to the ASO.
How sanctions screening fits into your AML/CTF program
Sanctions screening isn’t a separate program. The AML/CTF Rules 2025 make this explicit. Part 5 of the Rules requires that your AML/CTF program include controls to ensure you identify any transactions with listed persons or their assets.
The key callout is to ensure your CDD workflow includes an explicit sanctions screening step and that you have a documented process for what happens when a match comes back.
Natural points for sanctions checking include:
- before client engagement
- during onboarding (CDD)
- when ownership or control changes
- when the risk profile of a transaction changes
Note that the same data you collect for Customer Due Diligence (CDD) - identity verification, understanding beneficial ownership, and assessing the purpose and nature of a business relationship - is what you use to screen against the Consolidated List.
Sanctions-related policies, controls and procedures
Refer to AUSTRAC’s starter kit guidance for your sector to incorporate sanctions-related policies, controls and procedures into your program and incorporate some of the risk assessment questions from the ASO’s Sanctions Risk Assessment Tool to help identify where sanctions risk is most likely to arise in your business.
What to do next
Operationalising sanctions checks
- Connect your sanctions process to your AML/CTF program build.
If you're writing policies and procedures ahead of 1 July, make sure they explicitly address targeted financial sanctions. The AML/CTF Rules already require it. The ASO guidance reinforces it. - Decide exactly where sanctions screening happens in your client intake process.
Who runs the check? When does it happen? Before the engagement letter, at the matter opening, or at contract exchange? What's the escalation path if a positive hit comes back? These questions need documented answers within your compliance program. - Start screening against the Consolidated List.
The list is publicly available and updated regularly. Manual screening is possible for low-volume businesses; automated screening via screening tools helps to reduce the risk of human error and missed matches significantly, particularly for high-volume businesses. - Train the staff who hold client relationships.
The obligation rests with the business, not just the compliance officer. Client-facing staff need to know what they're looking for, how to determine a true or false positive hit and who to escalate to when a positive hit is identified. - Document everything.
Screening checks, decisions, escalations, and outcomes. The ASO guidance consistently emphasises that the ability to demonstrate reasonable precautions and due diligence is central to how enforcement decisions are made. If your process exists but isn't documented, it doesn't exist.
Quick decision / process chart
- Screen client and beneficial owners against the Consolidated List
- If no match >> proceed
- If a potential match >> pause and investigate
- If confirmed match >> do not proceed and report
- Document every step, decision and outcome
- Alongside that, train staff to recognise the situations where screening risk is higher.
Further reading
- Australia and sanctions | Australian Government Department of Foreign Affairs and Trade
- Guidance Note - Sanctions Compliance for Real Estate Professionals | Australian Government Department of Foreign Affairs and Trade
- Guidance Note - Sanctions Compliance for Legal Professionals | Australian Government Department of Foreign Affairs and Trade
- Guidance Note - Sanctions Compliance for Accountants | Australian Government Department of Foreign Affairs and Trade
- Guidance notes | Australian Government Department of Foreign Affairs and Trade
Frequently asked questions
What are sanctions and why do they matter for my firm?
Sanctions are government-imposed restrictions that prohibit dealings with specific individuals, entities and countries. The Australian government maintains a Consolidated List of designated persons and entities, which is updated regularly. If your business facilitates a transaction, provides a service or handles funds on behalf of someone on that list, you may be committing a criminal offence, even if you had no idea who they were. Penalties can reach $3.3 million per entity, or three times the value of the transaction involved, whichever is greater. As an accountant, lawyer or real estate professional, these obligations apply to you directly.
Are sanctions the same as AML, or are they a separate compliance obligation?
They are different, and this is one of the most common points of confusion. Australia's new AML/CTF legislation, which Tranche 2 businesses need to comply with from 1 July 2026, is administered by AUSTRAC and focuses on detecting money laundering and terrorism financing. Sanctions are a separate regime, administered by the Australian Sanctions Office (ASO) under the Department of Foreign Affairs and Trade. You need to comply with both. They have different rules, different regulators and different penalties. Building an AML program does not automatically satisfy your sanctions obligations, though the two overlap in useful ways, particularly around customer due diligence.
What is the Australian Consolidated List and how do I use it?
The Consolidated List is the Australian government's official register of individuals, entities and vessels subject to targeted financial sanctions. It is publicly available and updated regularly by the ASO. Before engaging a new client or proceeding with a transaction, you should check whether your client and any beneficial owners of companies they control appear on the list. A potential match means you pause and investigate before doing anything else. A confirmed match means you cannot proceed, and you must report the matter to the ASO and the Australian Federal Police.
Do these obligations apply to me even if I'm not a large firm?
Yes. Sanctions obligations apply to any business or individual facilitating transactions, providing services or handling funds on behalf of clients, regardless of firm size. There is no minimum threshold. A sole practitioner or small agency has the same obligations as a large firm, though the way you implement screening processes will naturally look different. For low-volume businesses, manual screening against the Consolidated List is possible. For higher-volume businesses, automated screening tools significantly reduce the risk of human error and missed matches.
What do I actually need to do to comply with Australian sanctions law?
Before taking on a new client or proceeding with a transaction, you need to check whether your client and any beneficial owners appear on the Australian Consolidated List. If you get a potential match, you pause, investigate and document your decision. If the match is confirmed, you do not proceed and you report the matter to the ASO and the Australian Federal Police. You also need a documented process covering when the check happens, who is responsible for running it and what the escalation steps are. The ASO's approach is cooperative, but the obligations are strict and the penalties for non-compliance are significant.
How does sanctions screening fit into my AML/CTF program?
Sanctions screening should be built directly into your client onboarding process, not treated as a separate exercise. The AML/CTF Rules 2025 require your AML/CTF program to include controls for identifying transactions involving designated persons. In practice, this means adding a sanctions screening step to your customer due diligence workflow, using the same identity and beneficial ownership information you are already collecting. You should document where in the process the check happens, who runs it and what happens if a match comes back. If you are currently writing policies and procedures ahead of 1 July 2026, sanctions needs to be addressed explicitly rather than assumed.
About First AML
First AML comes from the perspective of both a technology provider, but also as compliance professionals. Prior to releasing, First AML’s all-in-one AML workflow platform, we processed over 2,000,000 AML cases ourselves. Understanding the acute problem that faces firms these days as they try to scale their own AML, is in our DNA.
That's why First AML now powers thousands of compliance experts around the globe to reduce the time and cost burden of complex and international entity KYC. First AML stands out as a leading solution for organisations with complex or international onboarding needs. It provides streamlined collaboration and ensures uniformity in all AML practices.
Keen to find out more? Book a demo today!