The civil penalty cap of A$22 million per breach is intimidating but unhelpful for SME planning — no AUSTRAC enforcement to date has approached that ceiling for a reporting entity below ASX-listed scale. The realistic cost ledger is more mundane and more probable.
The four likely cost lines
- Remediation cost — engaging external consultants to fix a flagged program: A$15,000–A$60,000.
- Lost client cost — institutional clients (developers, lenders) increasingly require AML attestation; failure means losing the panel position.
- Insurance premium impact — PI insurers are starting to ask AML questions at renewal.
- Reputation cost — AUSTRAC enforcement is published; trade press reads it.
The cheap insurance
A defensible program costs A$2,000–A$10,000 per year for an SME. Compared to any single line above, the ROI is unambiguous.