Home / Compliance / AU
Compliance · AU

Australian sanctions compliance — autonomous and UN sanctions

In short

Australia operates two overlapping sanctions regimes: UN Security Council sanctions (implemented via the Charter of the United Nations Act 1945) and autonomous sanctions (Autonomous Sanctions Act 2011 (Cth)). DFAT maintains a consolidated list of designated persons and entities. This guide walks through 10 obligations every AU business and law firm should observe.

Build compliance into your firm — free trial
Who must comply

Coverage

Every person in Australia, every Australian person overseas, and any entity incorporated in Australia. Law firms acting for any client with cross-border activity need to run sanctions screening as a standard intake step. Directors and officers can be personally liable.

Legal basis

Autonomous sanctions are imposed under the Autonomous Sanctions Act 2011 (Cth) and Autonomous Sanctions Regulations 2011 (Cth). UN sanctions are implemented via the Charter of the United Nations Act 1945. DFAT's Australian Sanctions Office (ASO) administers both regimes.

10 obligations

The obligations

1

Screen all counterparties against the DFAT consolidated list

Before any transaction or advice, screen all parties against the DFAT consolidated list (available via the ASO website). Include beneficial owners, directors, and related parties.

DFAT consolidated list (updated regularly)
2

Do not make assets available to designated persons

It is an offence to make an asset available to or for the benefit of a designated person or entity — including legal services, funds, goods, or any other economic resource.

Autonomous Sanctions Regulations 2011 (Cth) reg 14
3

Freeze controlled assets

If assets controlled by a designated person are identified, freeze them immediately and do not allow them to be dealt with except under a DFAT permit. Hold-and-notify is the standard response.

Autonomous Sanctions Regulations 2011 (Cth) reg 14
4

Observe country-specific sanctions

Country-specific sanctions (Russia, Iran, North Korea, Syria, Myanmar, Zimbabwe, and others) impose additional restrictions on specific sectors — financial services, defence, oil and gas, luxury goods. Check the relevant country page on the ASO website.

Autonomous Sanctions Regulations 2011 (Cth) Part 2
5

Do not export sanctioned goods or services

Trade restrictions apply to military goods, dual-use items, and sector-specific goods and services for sanctioned countries. Defence Trade Controls Act 2012 (Cth) operates alongside.

Autonomous Sanctions Regulations 2011 (Cth) reg 4
6

Apply for a permit where a sanction affects a permitted activity

DFAT may grant a permit authorising conduct that would otherwise breach a sanction — typically for humanitarian, legal, or medical reasons. Permits must be applied for before the conduct and include detailed documentation.

Autonomous Sanctions Act 2011 (Cth) s 18
7

Maintain a written sanctions compliance program

DFAT expects businesses in exposed sectors (finance, shipping, commodities, legal, accounting) to maintain a documented sanctions compliance program with screening, training, escalation, and board oversight.

DFAT Guidance Note — Sanctions Compliance
8

Report suspected breaches promptly

Self-reporting a suspected breach before DFAT becomes aware is a mitigating factor. Legal advisers should coordinate reporting with privilege considerations in mind.

DFAT Guidance on voluntary disclosure
9

Train staff on red flags

Staff handling transactions, onboarding, payments, or legal work must be trained to recognise sanctions red flags — routing through high-risk jurisdictions, unexplained intermediaries, requests to obscure beneficial ownership.

DFAT Guidance Note — Sanctions Compliance
10

Integrate sanctions screening with AML/CTF program

The AML/CTF program (Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth)) and the sanctions regime operate in parallel. Customer due diligence should pick up sanctions hits — the two frameworks should be run together.

AML/CTF Act 2006 (Cth); DFAT sanctions framework
Penalties

What happens if you do not comply

Criminal: up to 10 years imprisonment and fines of $825,000 (individuals) or 3x value of the transaction or $3.3 million (corporations, whichever is greater). Civil penalties also apply. Directors and officers may be personally liable. Reputational exposure is significant.

Reporting requirements

No periodic reporting, but suspected breaches should be voluntarily disclosed to ASO. Frozen asset reports must be lodged with ASO when controlled assets are identified. Permit applications are lodged through the ASO online portal.

Practical steps

What firms should do today

  • Subscribe to DFAT ASO update emails — the list changes frequently
  • Integrate sanctions screening into client onboarding and every payment instruction
  • Screen beneficial owners and related parties — not just the counterparty name on the paper
  • Run a sanctions training session annually for client-facing staff
  • Document the screening decision in the file for every transaction
  • Maintain a permit application template and escalation playbook for frozen-asset scenarios
Use with Quillio

Compliance with Quillio

Quillio drafts sanctions screening memos, permit applications, and internal compliance policies with the current DFAT consolidated list and regulations cited. See /practice-areas/commercial-lawyers or start a free trial.

This guide is general information about the Australian sanctions regime — not legal advice. Sanctions compliance is fact-specific and the DFAT consolidated list changes frequently. Obtain specialist sanctions advice before any transaction touching a sanctioned jurisdiction or designated person.

Build compliance into your stack.

Quillio is built around AU compliance from the ground up — SOC 2 Type II + ISO 27001 + Australian data sovereignty. The free trial requires no credit card.

Start your free trial