ARTICLE
29 September 2025

Emerging trends in the Australian regulatory environment

CC
Corrs Chambers Westgarth

Contributor

Corrs Chambers Westgarth logo
With over 175 years of experience and a team of over 1000 talented professionals, we offer exceptional legal services for major transactions, projects, and disputes. Our client-focused approach and commitment to excellence ensure success for our clients. We connect with top lawyers globally for the best results.
Explore Firm Details
Organisations operating in Australia should ensure adequate resources to meet their compliance obligations.
Australia Corporate/Commercial Law
Abigail Gill,Eugenia Kolivos, and Caroline Marshall
Your Author LinkedIn Connections
Abigail Gill’s articles from Corrs Chambers Westgarth are most popular:
  • within Corporate/Commercial Law topic(s)
  • with Senior Company Executives, HR and Finance and Tax Executives
  • in United Kingdom
  • with readers working within the Banking & Credit, Business & Consumer Services and Chemicals industries

Balancing appropriate regulatory restrictions without stifling innovation or constraining productivity is a perennial challenge for law and policymakers.

As Australia's regulatory environment continues to evolve, recent developments – including expanded anti-money laundering and counter-terrorism financing (AML/CTF) laws, stricter foreign bribery legislation, a new scams prevention framework and enhanced data privacy measures – require organisations to meet new and expanded compliance requirements while preparing for future regulatory shifts and technological change.

In the lead up to the 2025 federal election, the Australian Government pursued an ambitious law reform agenda, despite a backdrop of global uncertainty and instability. While many of these reforms harmonise the Australian regulatory environment with regimes overseas, the re-elected government has recently acknowledged that long-term economic prosperity is at risk due to a persistent slowdown in productivity growth. The Productivity Commission has also cautioned that the increasing complexity and burden of regulatory compliance in Australia is becoming 'a significant brake on productivity growth'.

At the other end of the regulatory life cycle, several of Australia's key enforcement authorities are expanding the approach taken in recent successful enforcement outcomes to new sectors, while also targeting broader systemic issues and instances of customer harm that could have been mitigated by a robust compliance culture. Notable examples include AUSTRAC pursuing enforcement action in the betting and cryptocurrency sectors, and ASIC bringing stepping stone liability claims against directors for breaches of their duties. ASIC has also initiated industry-wide reviews in the superannuation and insurance sectors focused on customer claims handling, as well as in the private capital sector.

The Government's Economic Reform Roundtable was held in August 2025 and concluded with agreement to cut compliance costs and streamline regulation. The Treasurer has since written to all major regulators seeking feedback on how this might be achieved. The Finance Minister has also announced plans to introduce a regulatory reform bill this year, which will focus on reducing red tape and introducing a 'tell us once' principle - meaning businesses would only need to provide information to government once, rather than to multiple agencies. Separately, ASIC issued a report considering regulatory simplification, and seeking input on how corporate, markets and financial regulation can be streamlined.

As debate about the impact of Australia's current regulatory settings on productivity and innovation continues, the last two years have produced a wave of reforms that place a greater regulatory and compliance burden on companies to protect consumers and the community from malicious and criminal actors. Against this backdrop, organisations operating in Australia will inevitably be required to allocate additional resources to meet new and emerging regulatory obligations in the short to medium term – even if the government slows the pace of future reforms.

AML/CTF reforms (modernisation and tranche 2)

The far-reaching reforms to AML/CTF laws aim to simplify, modernise and expand the regulatory framework to better address emerging threats in illicit financing and money laundering, and to protect Australians from such harms. This includes an extension of the existing regime to new high-risk professions, including accountants, lawyers, real estate and precious stone and metal dealers, and an overhaul of the current AML/CTF regime to bring it in line with the Financial Action Task Force (FATF) expectations.

AUSTRAC's powers to monitor, investigate, and enforce compliance with the AML/CTF regime have also been strengthened. Notably, since January 2025, AUSTRAC has been granted information and examination powers like those available to ASIC and the Australian Prudential Regulation Authority (APRA). It therefore seems unlikely that AUSTRAC's enforcement will slow. In fact, AUSTRAC has indicated it will increase its focus on individual accountability, including by joining individuals to enforcement proceedings.

In light of the significant penalties levied by AUSTRAC in recent years, organisations subject to the AML/CTF regime should be regularly monitoring the adequacy of their AML/CTF program and controls, particularly in sectors that AUSTRAC has identified as an enforcement priority, including non-bank lenders, remittance providers, digital currency exchanges and payments platform providers.

Foreign bribery and corruption legislation

The recently introduced strict liability corporate offence for failing to prevent foreign bribery committed by an 'associate' will fundamentally change the way foreign bribery enforcement is approached by Australian authorities. Mirroring the corporate offence introduced under the UK Bribery Act in 2010, the only defence to this new offence is to demonstrate the corporation had in place 'adequate procedures to prevent the foreign bribery'.

In contrast to the United Kingdom and United States, Australia has not introduced a deferred prosecution agreement (DPA) regime alongside the new offence. As a result, companies linked to allegations of foreign bribery will be compelled to contest those allegations through the courts, rather than resolving them through a negotiated DPA. A marked increase in enforcement activity in Australia in this area seems inevitable and would reflect trends observed in other jurisdictions. Australian companies that have not yet implemented or reviewed their policies to respond to foreign bribery laws should promptly take steps to uplift their compliance framework in line with the latest guidance from the Attorney-General's Department.

On the domestic bribery front, the National Anti-Corruption Commission (NACC) commenced operations in 2022 and has significantly increased its investigative efforts, with 37 corruption investigations underway and four matters before court. Other state-based corruption agencies are continuing investigative efforts related to state-based corruption. Whistleblowing laws and protections, and a greater focus on a corporate 'speak up' culture also make it more likely that misconduct will be identified and reported. ASIC continues to monitor the effectiveness of corporate whistleblowing programs through various surveillance activities and is reportedly investigating several alleged breaches of private sector whistleblower laws. It is therefore imperative that organisations ensure their practices in relation to management of misconduct allegations align to best practice, and that they have fostered the right environment to detect, investigate and remediate potential wrongdoing.

Scams Prevention Framework

The new Scams Prevention Framework requires technology companies, banks and certain digital platforms to take reasonable steps to prevent, detect, disrupt, respond to and report scams, which imposes a greater onus on these sectors to manage the risk of responding to scams, and requires that they implement internal and external dispute resolution mechanisms to resolve scams-related complaints.

There are related enforcement powers for the Australian Competition and Consumer Commission (ACCC), ASIC and Australian Communications and Media Authority (ACMA) to investigate potential breaches and take action where entities fail to take reasonable steps to prevent scams. The Australian Financial Complaints Authority (AFCA) will be appointed as the authority responsible for overseeing external dispute resolution of customer claims, and we expect companies facing claims to expend significant resources in defending them. With a two-tiered civil penalty regime underpinning the Framework, significant penalties are likely to be levied if digital platforms, banks and technology companies do not implement adequate controls to prevent and report scams.

Data protection and privacy laws

In response to several highly publicised mass data and privacy breaches and the growing use of personal and consumer data in the development of AI algorithms, the first tranche of privacy reforms were recently enacted in connection with data protection and privacy. These include strengthening existing obligations under Australian Privacy Policy (APP) 11 (which requires organisations to take 'reasonable steps' to protect personal information) to require implementation of technical and organisational measures as part of an organisation's security processes to discharge this requirement. We also saw the introduction of the statutory tort of serious invasions of privacy and new transparency obligations requiring that automated decision making be addressed in privacy policies.

We await the second tranche of privacy related reforms, which may include the introduction of a 'fair and reasonable test' which shifts away from a consent-based privacy model. Such reforms require companies to comprehensively review and update their compliance policies and frameworks to ensure the way they, and those they deal with, collect and use personal information complies with the more stringent privacy protections.

AI regulation

In September 2024, the Australian Government introduced a Voluntary AI Safety Standard which includes ten guardrails concerning safe and responsible use of AI and it is consulting with stakeholders on a proposal for 'mandatory guardrails' for the use of AI in high-risk settings.

The Productivity Commission has called for a pause on the development of the mandatory guardrails, cautioning that premature regulation could hinder innovation and limit the potential benefits of AI. It recommends first identifying gaps in existing laws and assessing whether these can be addressed through targeted amendments and refinements of, rather than by introducing dedicated AI regulation.

Modern slavery reforms

In July 2025, the Government announced a consultation to strengthen the Modern Slavery Act, which, amongst other measures, includes proposed new enforcement powers for failures to submit modern slavery statements and providing false or misleading information in a modern slavery statement. If these reforms are enacted, they will significantly elevate the risks attached to both non-compliance with reporting requirements and inadequate verification of the information reported, requiring reporting entities to evaluate whether reporting governance is 'fit for purpose' and does not result in misleading disclosures.

Australian companies engaged in overseas business activities are also exposed to the greater human rights compliance obligations that have already been enacted in other jurisdictions. For example, in the European Union, several countries have introduced mandatory human rights due diligence requirements and the European Union has passed the Corporate Sustainability Due Diligence Directive (CSDDD) mandating human rights and environmental due diligence for in-scope European Union and non-European Union companies. The CSDDD will require companies to conduct due diligence across their supply chain globally to ensure compliance with human rights and sustainability standards. This is also likely to have a trickle-down effect for Australian organisations trading with the European Union. The Australian Government has also indicated it will conduct targeted consultation on introducing mandatory due diligence obligations in respect of modern slavery risk.

What does the future of the Australian regulatory environment look like?

Given the Government's decisive election victory, the coming years are expected to mirror its previous term, with further law reform aimed at achieving policy objectives – albeit likely at a slower pace than in 2024/25. Unlike the United States, Australia is unlikely to shift towards de-regulation as a means of improving productivity. However, following the Government's much anticipated productivity roundtable there appears to be support for streamlining and harmonisation of some complex legislative frameworks and the associated regulatory burden. Increased scrutiny of the compliance burden and its impact on productivity in the context of future proposed reforms should also be expected.

Organisations operating in Australia should ensure adequate resources to meet their compliance obligations, particularly in areas identified as ongoing regulatory priorities. Staying ahead of these developments will be key to managing risk and maintaining operational efficiency in a continually shifting regulatory landscape.

Regulatory compliance: five important reminders

1.
Understand the organisation's key compliance risks, including both internal and
external factors that will influence its risk profile.
2. Evaluate both the financial and non-financial impacts of non-compliance and invest in fit for purpose compliance controls (i.e. policies and procedures that are designed to mitigate these risks as they apply to the organisation).
3. Don't set and forget. Most enforcement actions concern laws that have been in place for some time, suggesting a degree of compliance complacency may have crept into the organisation, or that the control environment did not evolve over time (e.g. as legal frameworks evolved). It is imperative to establish a system to regularly monitor the effectiveness of compliance controls and make adjustments where necessary.
4. Ensure active board engagement on new regulatory reforms and that directors clearly understand how the organisation is implementing a robust control environment to mitigate compliance risks. This is critical not only for demonstrating effective governance and oversight, but also for protecting directors from potential scrutiny and directors' duties breaches. This should include prompt reporting of potential non-compliance issues, including how these are addressed, what preventative measures are being implemented and the lessons learned to strengthen compliance in future.
5. Continue to follow the regulatory reform and harmonisation initiatives announced since the Government's productivity roundtable, and adapt compliance priorities, resourcing and frameworks accordingly.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Lawyers Weekly Law firm of the year 2021
 		Employer of Choice for Gender Equality (WGEA)
Authors
Photo of Abigail Gill
Abigail Gill
Photo of Eugenia Kolivos
Eugenia Kolivos
Photo of Caroline Marshall
Caroline Marshall
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More