SMR reporting deadlines: what you need to know

Suspicious Matter Reports are the primary intelligence tool through which AUSTRAC receives information about potential money laundering, terrorism financing, and other financial crimes. Under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, a reporting entity that suspects — on reasonable grounds — that a transaction or attempted transaction is related to a designated offence must submit an SMR to AUSTRAC. The obligation to report is triggered by suspicion, not by proof. If a reasonable person in the reporting officer's position would suspect, the obligation exists, regardless of whether the matter is ultimately referred for prosecution.

The deadline for submission depends on the nature of the suspicion. Where the reporting entity suspects that the transaction relates to terrorism financing — including the financing of a terrorist organisation or an individual who has committed or will commit a terrorist act — the SMR must be submitted within 24 hours of forming the suspicion. For all other suspicious matters, the deadline is three business days. This distinction matters enormously in practice. An AML compliance program that treats all SMRs as three-day matters is non-compliant for any terrorism financing suspicion. Software workflow design must enforce the 24-hour deadline for terrorism-related suspicions as a hard constraint, not a soft reminder.

The tipping-off prohibition is one of the most operationally significant aspects of the SMR regime. Section 123 of the AML/CTF Act makes it a criminal offence for a reporting entity or its employees to disclose to any person — including the subject of the report — that an SMR has been made, is being prepared, or is being considered. This prohibition extends to disclosures made within the same corporate group in some circumstances. The practical implication is that the SMR workflow must be completely isolated from ordinary business processes. Staff who handle the subject's account must not know an SMR exists. System access controls need to reflect this; the SMR record cannot be visible in the ordinary customer file view.

Manual workflows cannot reliably meet these obligations. An SMR workflow that depends on an employee emailing a compliance officer, the compliance officer reviewing and drafting the report, and someone submitting it through AUSTRAC Online — all within 24 hours, including for matters identified outside business hours — is a workflow that will fail when volume increases or when a matter arises on a Friday afternoon. Structured software workflows with mandatory escalation, status tracking, deadline enforcement, and submission logging are not a luxury for large financial institutions; they are the baseline operational requirement for any reporting entity that takes the 24-hour terrorism financing deadline seriously.

From 1 July 2026, Tranche 2 entities — including lawyers, accountants, and conveyancers — will be subject to these same obligations. Many of these firms have no experience operating SMR workflows and no existing compliance infrastructure. The first time a new reporting entity encounters a suspicious matter is not the right time to design the workflow from scratch. Pre-implementation planning, including selecting software that supports the AUSTRAC SMR workflow with appropriate access controls and deadline enforcement, should be treated as a prerequisite to commencing designated services — not as a post-launch compliance improvement.