AML Compliance Is Expanding: What the 2026 Workforce Reforms Signal for Regulated Businesses

Australia’s 2026 workforce due diligence reforms are a warning sign for every regulated business: AML expectations are expanding beyond customer checks into governance, accountability, and workforce integrity.

Every compliance professional knows the feeling. You build the program. You define the controls. You document the policy framework. You train the teams. Then a new requirement lands: workforce due diligence. And suddenly the first question becomes: what now?

What needs to be screened? How often? Who is in scope? What systems need to change? These are reasonable questions. But they are not the most important ones.

Because Australia’s 2026 AML workforce due diligence reform is not just another compliance update. It is the visible tip of a much larger compliance iceberg. Beneath it sits a broader shift in regulatory thinking, one that is expanding AML expectations beyond customer due diligence and transaction monitoring into governance, documented controls, workforce integrity, and ongoing oversight.

The reform matters not only because it introduces a new obligation, but because it reveals where AML regulation is heading next. Regulators are looking more closely at how organizations govern risk, connect controls across the business, and demonstrate that compliance is not just designed, but operating effectively.

‍

Key Takeaways

• AML compliance is shifting from isolated controls to integrated compliance frameworks, where organizations must demonstrate how onboarding, due diligence, workforce oversight, and governance operate together.
  
• Regulators are expanding expectations beyond customer risk to include workforce integrity and decision-making accountability, making employee due diligence a more visible component of AML compliance programs.
  
• Merchant onboarding is evolving into an end-to-end lifecycle process, from initial data capture through to ongoing monitoring within a connected compliance framework.
  
• AML compliance requirements increasingly prioritize continuous monitoring and evidence-based decision-making, requiring organizations to show how risk decisions are made, approved, and maintained over time.
  
• Global AML regulatory trends are increasing complexity across jurisdictions, requiring organizations to design flexible AML compliance frameworks that maintain consistency in governance and controls.

‍

How Is AML Compliance Evolving Globally?

Across major jurisdictions, regulators are moving beyond traditional customer due diligence and transaction monitoring into broader forms of oversight. The direction is clear. It shows how AML regulation is changing: stronger governance, stronger evidence, and broader accountability.

Regulators are increasingly focusing on:

• Stronger internal governance with defined accountability for senior managers
• Documented, evidence-based controls that can withstand scrutiny
• Workforce integrity and competence as core compliance pillars
• Continuous monitoring replacing periodic, point-in-time checks
• Cross-sector expansion bringing previously unregulated professions into the AML net

These changes reflect a fundamental shift toward holistic AML compliance frameworks, where organizations must demonstrate effective oversight across every layer of their operations, from customer onboarding through to internal decision-making and workforce integrity.

‍

The Compliance Iceberg Beneath the Reform

When thinking about how AML regulation is changing, it is useful to consider a simple model: the iceberg.

Above the waterline sit the familiar landmarks of AML compliance: customer due diligence, transaction monitoring, and suspicious matter reporting. These are the requirements every compliance professional knows, the ones that fill policy manuals and training modules. They’re visible, measurable, and reasonably well understood. For many businesses, these visible controls have historically defined the scope of their AML program.

Below the waterline sits the larger, less visible structure: governance frameworks, accountability models, documented decision-making, and the integrity of the workforce operating the system. These elements have always existed, but they have not always been treated as core compliance obligations. 

This fragmentation is becoming a growing point of regulatory concern.

Regulators are no longer assessing compliance based only on whether controls exist. They are assessing whether organizations can demonstrate how those controls work together: how merchant onboarding decisions connect to risk assessments, how workforce integrity supports compliance execution, and how governance provides consistent oversight across the full framework.

The 2026 workforce due diligence reforms do not introduce a separate layer of compliance. They make it clear that workforce integrity, governance, and operational accountability can no longer sit alongside customer controls as isolated processes. These elements must be integrated into a single AML compliance framework, where merchant onboarding, customer due diligence, workforce integrity, and governance operate as a connected system.

For organizations still operating with siloed AML controls, the risk is no longer just inefficiency. It is the inability to demonstrate a complete and connected compliance system under regulatory scrutiny.

‍

Five Signals Hidden in the Reform

This shift toward integrated, system-level AML compliance is already visible in how regulators are reshaping specific requirements.

The 2026 workforce due diligence reforms provide a clear example. While they appear focused on personnel screening, they reveal broader expectations about how AML programs should be structured, governed, and operated.

When examined closely, five signals emerge. Each reflects how regulators now expect organizations to move beyond siloed controls and operate a connected compliance framework.

‍

First, the perimeter is expanding. 

Australia's Tranche 2 expansion brings lawyers, accountants, real estate agents, and dealers in precious metals into the AML net from July 2026. The logic is simple: criminals follow the path of least resistance. If banks tighten their controls, illicit funds flow toward professionals who have historically operated outside formal AML regimes. 

The workforce reform reflects this logic internally. If your frontline AML controls tighten, the pressure point shifts to the people operating them. Regulators now expect you to scrutinize everyone in the compliance chain—not just customers, but the humans making decisions about customers.

The message is broader than customer risk. Regulators are widening the perimeter of accountability, and that includes the people who design, operate, and approve AML controls.

‍

Second, compliance must be evidenced, not just documented. 

AUSTRAC’s reform direction makes one thing clear: the era of “box-ticking” compliance is over.

The reform reflects a clear shift toward an outcomes-based approach.

This isn’t semantic. A tick-box approach asks whether you have a workforce due diligence policy. An outcomes-based approach asks for documented evidence that you assessed each individual's integrity before engagement, consistent with modern AML compliance frameworks, and evidence of when and how you reassessed them throughout their employment. 

The shift is simple: policy is no longer enough. Organizations must show how decisions were made, who approved them, and what evidence supported them.

Third, governance is no longer abstract. 

The reforms embed AML/CTF governance directly within the program. The governing body, senior managers, and the AML/CTF compliance officer now have defined and non-delegable responsibilities that must be reflected in the AML/CTF program.

This changes how failures are assessed. When workforce due diligence breaks down, it is no longer an HR issue or a process gap. It is a governance failure with named individuals accountable.

At the point of merchant onboarding, this means decisions cannot be treated as operational outputs. They are governance decisions. Approval, risk acceptance, and escalation must be clearly linked to accountable roles.

Governance is no longer adjacent to AML compliance. It is part of how compliance is assessed.

‍

Fourth, continuous monitoring has replaced periodic monitoring. 

The workforce reform requires due diligence before engagement and throughout employment. This mirrors a broader regulatory shift. 

Customer due diligence is moving toward continuous monitoring, with approaches rising such as perpetual KYC becoming more widely adopted. Transaction monitoring is becoming more immediate. Risk assessment is evolving into a dynamic, event-driven process.

This changes the role of merchant onboarding. It is no longer a single control point. It begins at the first interaction, when a merchant starts providing information through application forms, and continues across the full merchant lifecycle as risk is assessed, approved, and monitored within a holistic AML compliance framework.

The implication is clear. AML controls must remain visible after the initial decision, not just at the point they are first applied.

‍

Fifth, the end-to-end model is becoming the standard. 

For too long, compliance functions have operated in silos. Merchant onboarding, customer due diligence, workforce screening, and governance are often managed across separate systems and teams.

The workforce reform challenges this directly. Merchant onboarding can no longer be treated as a discrete process. It must be understood as an end-to-end journey, from initial data capture through to verification, decision-making, and ongoing monitoring within a broader AML compliance framework.

This requires compliance teams performing KYB, KYC, and AML checks to operate with shared visibility across onboarding, risk, and operational teams, ensuring that data, decisions, and controls remain aligned throughout the process.

It also means the individuals responsible for onboarding decisions must be directly connected to the information they assess, the checks performed, and the governance structures overseeing them.

Integration is no longer an efficiency objective. It is becoming a regulatory expectation. If controls do not connect, the framework cannot be demonstrated as effective.

‍

A Global Pattern Emerging

These signals aren’t uniquely Australian. They echo across major jurisdictions, reflecting broader AML regulatory trends. What is emerging is not a series of isolated local reforms, but a consistent global shift in how AML compliance is structured and enforced.

Europe has entered the AMLA era. The European Anti-Money Laundering Authority is now centralizing supervision across 27 member states, addressing the fragmentation that has long allowed criminals to exploit national boundaries. AMLA Chair Bruna Szego has described the objective as "a Single Rulebook, advancing supervisory convergence, and strengthened FIU cooperation." This is a clear example of how AML regulation is changing globally. It reflects a shift toward unified oversight, where controls must operate consistently across the full compliance lifecycle. For firms, that increases the importance of connected operating models, including onboarding processes where customer and merchant data is first captured and must remain visible to due diligence, decision-making, and governance throughout the lifecycle.

The United States presents a useful counterpoint. The Investment Adviser AML Rule has been delayed from 2026 to 2028, reflecting a slower pace of regulatory implementation. For global organizations, this increases complexity. Firms must operate across jurisdictions with different timelines and expectations, making it critical to design flexible, end-to-end compliance frameworks that can connect customer due diligence, workforce decision-making, governance, and onboarding processes consistently across markets.

Across Asia-Pacific, regulators are expanding perimeters and raising standards. Singapore has strengthened its regime for corporate service providers. Hong Kong has introduced enhanced due diligence for virtual asset service providers. New Zealand is consulting on similar expansions. Together, these developments point in the same direction: broader scope, higher expectations, and the need for compliance frameworks that connect onboarding, due diligence, and ongoing monitoring. For organizations, this means fragmented processes are becoming harder to defend, because they cannot support the visibility, control, and consistency regulators increasingly expect.

The implication is clear. AML compliance can no longer be managed in silos. It must operate as an integrated, end-to-end framework.

‍

What Lies Beneath

The implications for compliance leaders are clear: fragmented compliance frameworks are no longer viable. Organizations that maintain separate systems for customer onboarding, transaction monitoring, sanctions screening, fraud detection, and workforce due diligence will find it harder to meet growing expectations for integration, evidence, and oversight. They will be navigating by the visible tip while the submerged mass continues to shape regulatory risk.

Consider merchant onboarding, the critical point where customer relationships begin. This is where visible controls meet the deeper structure beneath them: customer due diligence must now operate alongside the governance frameworks, evidence trails, and oversight models that regulators increasingly expect. Modern onboarding platforms are evolving in response, bringing together digital onboarding, KYB/KYC verification, AML screening, underwriting, and ongoing customer due diligence within a single workflow. Not for convenience, but because fragmented systems cannot produce the unified, auditable, risk-based framework that regulators now expect.

This is the direction modern onboarding models are moving in across regulated payments, fintech, and financial services. OnBoard by MVSI reflects that approach as an end-to-end merchant onboarding and compliance platform for regulated payments, fintech, and financial services, combining digital onboarding, KYB, AML screening, underwriting, and ongoing customer due diligence in one system. 

But customer onboarding is only one part of the compliance equation. The submerged mass also includes the people operating the controls, their integrity, their competence, and their ongoing fitness to perform AML functions. That requires not only process discipline, but specialist expertise in areas such as Know Your Employee (KYE) and AML workforce screening.

This is a distinct capability domain, with its own regulatory and operational demands. Workforce screening requires appropriate accreditation, experience with integrity assessment, and frameworks designed for ongoing due diligence rather than one-off hiring checks. It is specialized work, and it requires specialized processes and tools.

Within the broader MVSI ecosystem, TalentScreen by MVSI supports this layer through workforce screening and probity services designed for regulated environments, including ongoing due diligence requirements for individuals performing AML functions.

Together, these capabilities reflect the kind of connected control environment regulators increasingly expect, where customer onboarding, workforce integrity, governance, and ongoing monitoring operate as part of a broader compliance framework.

‍

Summary: Why AML Compliance Is Expanding Beyond Customer Due Diligence

AML compliance is entering a new phase of integration and accountability. Across jurisdictions, AML regulatory trends show a clear shift in how AML regulation is changing, with increasing emphasis on connected AML compliance frameworks rather than isolated controls.

This evolution is reshaping AML compliance programs in three key ways:

• From siloed processes to integrated, end-to-end AML compliance frameworks
  
• From point-in-time checks to continuous monitoring across the lifecycle
  
• From documented policies to evidenced, accountable decision-making

For organizations, the message is broader. AML controls can no longer be managed as separate processes owned by different teams. Customer due diligence, workforce integrity, governance, and ongoing monitoring must work as one connected framework.

The workforce reform may be the visible trigger, but it is only the tip of the compliance iceberg. The larger shift is toward integrated, evidence-based AML frameworks that connect customer controls, workforce integrity, governance, and ongoing monitoring.

‍

What Compliance Leaders Should Do Now

• Review where workforce due diligence sits within the AML framework.
  
• Test whether customer, workforce, and governance controls are evidenced across the full lifecycle.
  
• Identify where decisions are fragmented across systems or teams.
  
• Define how ongoing monitoring obligations will be operationalized.
  
• Ensure onboarding, screening, and governance data can be connected and defended under scrutiny.