AML/CTF red flags in accounting: 20+ warning signs for Australian accountants

Being able to identify money laundering or AML red flags in accounting is a critical part of a firm's legal obligations. Criminals target accounting practices for a reason: a trust deed, a company structure or a registered office address lends their money a veneer of legitimacy that a suitcase of cash never could.  

That’s why accountants have become one of the first lines of defence against money laundering. From 1 July 2026, Australian accounting firms will become reporting entities under the Anti-Money Laundering and Counter-terrorism Financing Act. It is now their legal obligation to monitor their clients and report suspicious transactions and behaviours.

This guide helps client-facing staff, compliance officers and practice teams in accounting firms to identify suspicious clients in practice and how to proceed when something doesn’t add up.   

Key takeaways 

• A red flag is a warning sign, not proof: it signals higher risk and triggers further assessment, not an automatic report. 
• Red flags cluster in five areas: communication, documentation, business structure, transactions, and client history. 
• Context decides everything: one serious flag or several minor ones together can justify escalation. 
• An accountant’s job is to spot and escalate: record the facts and pass them to your Compliance Officer (CO) to investigate and report. 
• Tipping off is a criminal offence: you cannot tell a client you’re suspicious or that a report may follow. 

Accounting services are a useful avenue for anyone trying to legitimise illicit funds. Trust and company structures can obscure who really owns an asset, and registered office services put distance between a criminal and their entities.  

These aren’t just hypothetical scenarios. AUSTRAC has repeatedly cited accounting services as a money laundering channel. That’s why Tranche 2 reforms bring accountants under AML/CTF Act, and the consequences for non-compliance are serious. 

Accountants who miss any red flags risk unknowingly facilitating money laundering or terrorism financing. Civil penalties for serious breaches reach up to $33 million per breach for a body corporate.  

Beyond just the legal repercussions, accounting firms will have to deal with reputational damage, loss of client trust, personal professional liability, and the societal impact of letting money laundering slip through the cracks. The case for getting this right makes itself. 

Accountant’s legal AML/CTF obligations include: 

• Identify suspicious activity when you onboard a client. 
• Continuous behaviour and transaction monitoring. 
• Escalate any suspicion to your CO. 
• Report suspicious matters to AUSTRAC when the threshold is met. 
• Never tip off a client that you suspect them or have reported them. 

Being able to identify red flags is one piece of a wider picture. For how onboarding, monitoring and reporting fit together, see our guide to the 3 AML workflows for accountants. 

Red flags are not a one-off box you tick at onboarding. It’s part of the firm’s responsibility to continuously monitor their clients.  

Suspicious activity indicators surface at three points across the relationship. Identifying suspicious clients, for accountants, means watching all three: 

At onboarding 

A new client who is evasive about their business, reluctant to provide identification, or vague about ownership is showing warning signs before you’ve done any work. 

During the ongoing relationship 

A dormant company that suddenly comes alive, a sharp change in transaction patterns, or an unexplained change of beneficial owner all warrant a closer look. 

In specific service requests 

Sometimes the request itself is the flag. Rapid entity creation with no clear purpose, a registered office with no real business behind it, or urgent advice on moving funds offshore are all causes for suspicion. 

Here are the money laundering warning signs in accounting to train your eye on, grouped into five categories. Few clients show just one. It’s the combination that matters. 

Communication and transparency red flags 

• Evasive about their business when asked direct questions 
• Vague about the source of their funds or wealth 
• Reluctant to meet in person or by video 
• Uses several different phone numbers, emails, or addresses 
• Representatives change frequently with no explanation 
• Asks for unusual levels of confidentiality or secrecy 

Documentation and identity red flags 

• Provides incomplete or poor-quality identity documents 
• Documents look altered, forged or inconsistent 
• Details conflict across documents 
• Repeatedly delays providing documents without good reason 
• Will not or cannot provide beneficial ownership details 
• Trust deeds or company documents are unusually complex or opaque 

Business structure red flags 

• Unnecessarily complex structures with multiple layers 
• Offshore companies or trusts with no clear commercial reason 
• Beneficial owners based in high-risk jurisdictions 
• Shell companies with no real activity or assets 
• Nominee directors or shareholders are used extensively 
• Several related entities with unclear relationships 

Financial and transaction red flags 

• A cash-intensive business with no reasonable explanation 
• Transactions that don’t match the known business 
• Large or unusual transactions with no clear purpose 
• Frequent international transfers to or from high-risk countries 
• Round-figure amounts that suggest structuring below thresholds 
• Wealth that doesn’t match known income 

Client history and background red flags 

• A history of regulatory issues or sanctions 
• Services previously terminated by other professionals 
• Known links to high-risk individuals or entities 
• Negative media coverage for fraud or financial crime 
• Matches Politically Exposed Person (PEP) criteria 

AML red flags specific to accounting services 

Accountants should be vigilant when rendering specific accounting services that are more likely to be used by money launderers.  

The following are high-risk accounting services and potential red flags: 

• Trust and company services: setting up a trust with offshore beneficiaries for no clear tax or estate-planning reason, buying a shelf company right before a large transaction, or repeated trust variations with no commercial reason. 
• Tax and advisory: structures that seem designed to obscure rather than optimise, urgent requests to move assets offshore, or a client who wants aggressive structuring with no sound reasoning. 
• Registered office services: a client with no genuine business presence at the address you provide. AUSTRAC specifically flags the misuse of registered offices as a form of money laundering. 

Remember, a single red flag doesn’t necessarily prove wrongdoing. But the more they stack up, the stronger the case for a closer look. 

Industry-related AML red flags  

Some sectors carry elevated money-laundering risk because large cash volumes and cross-border activity are common. Also, asset values are subjective in some sectors, making it easy to over- or under-invoice. Accountants should always monitor clients in these industries with extra care. 

High-risk industries and activities:

• Cash-intensive businesses (hospitality, retail, car washes, gaming) 
• Cryptocurrency and virtual asset businesses 
• Money services businesses (remittance, currency exchange) 
• Import and export, especially high-value goods 
• Precious metals and stones dealers 
• Real estate development and investment 

A high-risk industry is not a red flag on its own. It simply raises the baseline, so ordinary-looking anomalies deserve a closer look than they would in a low-risk client. 

Here are some examples of these red flags in a real situation you might encounter as an accountant. 

Example 1: The urgent trust restructure 

A long-standing family trust client asks you to urgently prepare distribution resolutions to new offshore beneficiaries. When you ask why, the answers are evasive. The new beneficiaries sit in a high-risk jurisdiction. 

The red flags:  

• There is urgency with no business rationale.  
• The offshore beneficiaries are in a high-risk country.  
• Clients are evasive when questioned. 
• There is a change that reduces transparency over who benefits. 

What to do: Document your concerns, escalate to your Compliance Officer, and let them run enhanced due diligence on this client. A suspicious matter report may follow if the suspicion holds. 

Example 2: The dormant company that wakes up 

A company has sat dormant on your books for years. The client suddenly wants it activated, with large transactions flowing through it and offshore counterparties involved. The actual business activity is unclear. 

The red flags:  

• A sudden jump from dormant to high activity with no clear explanation. 
• Offshore transactions. 
• A company being used as a vehicle rather than a genuine trading entity. 

What to do: Ask for a detailed explanation of the new activity and run fresh customer due diligence, since this is effectively a new designated service. Escalate if the explanation doesn’t stack up. 

Example 3: The registered office with nobody home 

A client uses your practice’s registered office but has no real presence in Australia. No mail arrives, no one responds, and there is no business activity. The address exists only for ASIC registration. 

The red flags:  

• The client has no genuine business presence. 
• The registered office is used to establish legitimacy. 
• The client remains unreachable. 

What to do: Review whether you should keep providing the registered office service and escalate the matter to your Compliance Officer. You may consider terminating the registered office.

Spotting a red flag is the start. It is merely a warning sign that this client needs a closer look that may lead to a reportable suspicion. It really depends on whether you find reasonable grounds to suspect money laundering or terrorism financing. 

Most red flags never become reports.  

Either way, here are 5 steps to take when you find a red flag: 

1. Document what you saw 

Make sure to record the specific red flag and include the date, behaviour, or transaction that triggered the concern. Also, outline why it looks suspicious to you.  

Remember to stick to the facts. Do not embellish. This information will likely be included in any reports that may be filed. 

2. Escalate to your Compliance Officer 

Don’t investigate on your own and don’t discuss it more widely than you need to. The next course of action is to hand your documented concerns to the firm’s Compliance Officer and let them take the next steps. 

If you’re a sole practitioner, you can be the Compliance Officer so long as you are properly trained on how to perform this role. 

Either way, make sure to escalate to the firm’s CO when several red flags appear together, a high-risk jurisdiction is involved, or the client matches a sanctions or PEP list.  

3. Let the Compliance Officer assess 

The CO will review the evidence provided, run any extra checks such as media and sanctions screening, and decide whether the suspicion meets the reporting threshold.  

If needed, enhanced due diligence may be triggered. The Compliance Officer (CO) will also work with the firm’s Partner to decide whether to proceed with the client or decline the engagement altogether. 

If the firm proceeds to engage the client, it must appropriately mitigate or manage any money laundering or terrorism financing risk. 

3. CO will lodge a Suspicious Matter Report if required 

Where there are reasonable grounds to suspect money laundering, an SMR must be lodged according to AUSTRAC guidelines. 

How many red flags warrant an SMR? It could be one serious red flag like a sanctions list match, or multiple minor red flags. Context matters, and the CO will have to apply their professional judgement.  

Examples of reportable combinations:  

• Client in cash business + offshore structures + evasive behaviour + PEP involvement  
• Dormant company activated + large unexplained transactions + high-risk jurisdiction  
• Complex trusts + beneficial owners in high-risk jurisdiction 

Timelines for lodging are within 3 business days for suspicions of money laundering or within 24 hours for suspected terrorism financing. Proof isn’t required, just reasonable grounds.  

Tipping off prohibition: Importantly, no one is allowed to tip off the client or anyone else about the suspicion or report being filed. In fact, telling the client, or anyone outside the firm, that a report has been or may be made is a criminal offence under the AML/CTF Act. 

4. Record and keep monitoring 

You must keep clear records about the suspicion and report lodged, if any, for at least seven years. If the relationship continues, keep watching for further red flags.

Every member of your team who interacts with designated services and AML/CTF requirements must be adequately trained to spot AML red flags.  

As with most things, red flag training only sticks when it’s grounded in actual, day-to-day reality. Generic banking scenarios don’t translate to accounting services such as a trust restructure or a registered office request. Tailor the training accordingly. 

Make training real for your firm 

• Use accounting-specific examples, not generic ones. 
• Run anonymised case studies from real situations. 
• Use “what would you do?” exercises and role-play awkward client conversations. 
• Give staff a one-page quick-reference checklist they can keep at their desk. 

Create a red-flag vigilant culture 

Culture matters as much as content. Create a vigilant culture by encouraging a “when in doubt, escalate” habit and ensuring that no one is penalised for raising a concern, even if it turns out to be nothing.  

Over-escalating internally is fine. Under-reporting to AUSTRAC is not. Provide guides, checklists, and decision trees that staff can reference for red-flag identification and escalation procedures. 

Having a short monthly compliance meeting where the team talks through a real example and celebrates good catches will do more for building the habit than a single annual training day. 

Proper AML/CTF compliance training is also part of your legal obligation under the AML/CTF Act. For a deep drive, read our guide on AML Training for Accountants: Build a Tranche 2–Ready Program. 

This is where the right system earns its place. EngageAML builds red-flag identification into the workflow your team already uses, so spotting warning signs isn’t a separate task to remember. 

EngageAML helps your team: 

• Surface risk factors through a customer due diligence questionnaire built into onboarding. 
• Automatically screen for PEP and sanctions matches. 
• See high-risk clients at a glance on the Risk Radar dashboard. 
• Generate an SMR alert when multiple red flags stack up. 
• Route concerns to your Compliance Officer through an automatic escalation workflow. 

The point isn’t to replace professional judgement. It’s to make sure a red flag never slips through because someone was busy.  

What is an AML red flag in accounting? 

An AML red flag is a warning sign that a client, transaction, or structure may be linked to money laundering or terrorism financing. A red flag doesn’t prove anything illegal. It signals a higher risk and prompts you to look more closely at the client or escalate the concern to your Compliance Officer for assessment. 

What are the most serious AML red flags in accounting? 

The highest-priority AML red flags are a sanctions or PEP match, offshore structures in high-risk jurisdictions paired with evasive behaviour, a dormant entity suddenly handling large unexplained transactions, and a flat refusal to provide beneficial ownership details.  

How many red flags trigger a Suspicious Matter Report to AUSTRAC? 

There’s no fixed number. One serious red flag can justify a report, while several minor flags together might do the same. The test is whether there are reasonable grounds to suspect money laundering or terrorism financing. Your Compliance Officer makes that call. 

Can I ask a client about a red flag without tipping them off? 

Yes. Asking questions to understand a situation is part of customer due diligence. What you cannot do is tell the client you’re suspicious or that you may report them to AUSTRAC. Tipping off is a criminal offence, so keep your questions factual and professional and reveal nothing about any suspicion. 

Are offshore structures always a red flag? 

No. Offshore structures can be legitimate for tax planning, asset protection, or genuine international business. They become a red flag when they sit in a high-risk jurisdiction and appear alongside other warning signs. 

Money laundering red flags rarely announce themselves. Train your team to notice red flags, give them a clear path to escalate, and support this culture with a system that flags risks for further action. 

With a robust system in place to detect and address red flags, you can be confident about your AML/CTF obligations when they kick in on 1 July 2026. See how EngageAML can help you stay compliant.