If you run a business in Australia right now, the regulatory environment has never been more switched-on. Regulators are better funded, better coordinated, and far less patient with organisations that treat compliance as a footnote rather than a foundation.
The old approach — waiting for a fine before fixing something — carries consequences that no board wants to face in 2026. Penalties are heavier. Enforcement is faster. And for the first time in a long while, individual executives are being held personally accountable alongside the companies they lead.
This guide breaks down where Australia's major regulators are focusing their attention right now — and what your business should be doing about it.
The Regulatory Landscape Has Shifted — Permanently
A few years ago, the enforcement conversation in Australia was largely reactive. A significant incident would occur, a royal commission or investigation would follow, and new obligations would trickle through over time.
That model is gone. What's replaced it is a posture of active, anticipatory enforcement. Regulators are now prioritising the lived experiences of consumers and members over merely reviewing documented compliance systems, and recent enforcement measures have led to unprecedented fines, with major institutions incurring penalties reaching as high as $240 million.
That's not a number in a risk register anymore. That's a business-ending figure for most Australian organisations. If you haven't yet mapped your organisation's exposure to the enforcement areas outlined below, the time to start is right now — not after a regulator knocks.
The ACCC: Competition, Consumer Trust, and Digital Manipulation
The Australian Competition and Consumer Commission entered 2026 with a very deliberate message to Australian businesses. ACCC Chair Gina Cass-Gottlieb framed the year's priorities around two fundamental principles: protecting and promoting competition, and strengthening consumer trust in markets — noting that "competition alone is not enough" and that "markets only deliver when people trust them."
What does that mean in practice? A lot.
Misleading Pricing Is the Year's Flashpoint
Supermarkets, retailers, telcos, and energy providers are under particularly sharp scrutiny for how they present discounts and pricing claims to consumers. The ACCC conducted major sweeps of retailers' Black Friday and Boxing Day sales advertising and will continue to do so — targeting misleading 'site-wide' and 'store-wide' claims and misleading claims of 'up to a percentage amount off' where the discount applies to very few products.
This matters beyond the big retailers. Any business that runs promotional pricing — including small businesses in e-commerce — needs to think carefully about how discounts are calculated and presented. If your marketing team produces sale campaign copy without a compliance review, 2026 is the year to change that habit.
Dark Patterns and Subscription Traps
The ACCC's areas of focus explicitly include subscription traps and other 'dark patterns' that manipulate consumer behaviour and unfairly impact consumer choice. If your website makes it harder to cancel a subscription than it is to sign up for one, that's not just a UX problem. In 2026, it's a regulatory risk.
This is one of the more significant shifts — the ACCC is now directly targeting digital design choices that nudge users toward decisions they wouldn't otherwise make. Businesses operating subscription models, automatic renewals, or tiered digital services should review their entire customer journey against this lens. Your developers and your compliance team need to be in the same room for this conversation.
The New Mandatory Merger Control Regime
The new mandatory merger control regime commenced on 1 January 2026, with the ACCC as the primary decision-maker on notified acquisitions. Any business contemplating an acquisition this year needs to understand this is no longer a voluntary process. The ACCC has been clear it will not hesitate to take enforcement action against mergers that fail to be notified — including serial acquisitions that individually fall below thresholds.
ASIC: Financial Services, Accountability, and a Focus on Pricing
The Australian Securities and Investments Commission has significantly ramped up its operational pace. ASIC has notably increased its enforcement operations, resulting in twice as many investigations and legal proceedings, and organisations should expect more rapid escalation of regulatory issues and a higher frequency of litigation.
For financial services businesses, this isn't background noise — it's a direct operational risk.
Misleading Pricing in Financial Products
Consistent with the broader regulatory theme for 2026, ASIC has added misleading pricing practices as a priority focus in the financial products and services space. The introduction of misleading pricing practices as a top priority in 2026 reflects ASIC's response to broader economic conditions and consumer vulnerability, with rising living costs driving regulators to prevent deceptive pricing that erodes consumer trust.
If your financial product's fee structure or promotional rate isn't being communicated in a way that a reasonable consumer would clearly understand, that's precisely what ASIC is looking for right now. Ensuring your disclosure documents, fee schedules, and advertising are reviewed against current obligations should be a non-negotiable priority this year.
Senior Executive Accountability Is No Longer Theoretical
There is a pronounced shift toward outcome-focused compliance, with heightened focus on criminal prosecutions and longer sentences for serious offences.
While no individual has yet been prosecuted under the Financial Accountability Regime (FAR), the risk of personal enforcement is expected to rise significantly in light of parliamentary and public pressure on regulators to pursue senior executive accountability.
The FAR, which extends beyond banks to insurers and superannuation funds, places obligations on individual executives to be clearly identified as responsible for specific functions. That's a significant cultural shift for organisations accustomed to diffusing accountability across teams. If your executives haven't been mapped against their accountability obligations, that gap needs closing.
Greenwashing Remains Alive Despite a Lower Profile
Some businesses made the mistake of reading ASIC's 2026 priority list and concluding that greenwashing was no longer a concern. That misreads the situation entirely. ASIC Deputy Chair Sarah Court affirmed that ASIC remains 'alert' to the risk of deceptive ESG claims, and while greenwashing may have matured into an ongoing compliance expectation rather than an acute enforcement target, that does not mean enforcement has stopped.
The Federal Court's penalty against Active Super for investments that contradicted its stated ESG screens sends a clear message: what you say publicly about your sustainability commitments must match what you actually do. Teams handling marketing, investor communications, and product disclosure statements all need to understand this boundary.
Understanding your organisation's environmental obligations is increasingly a workforce-wide competency. The Environmental and Sustainability Compliance course at the Australian Compliance Institute provides structured, practical training on Australian ESG and sustainability obligations — covering what compliance actually requires at an operational level, not just at board level.
AUSTRAC: The Most Consequential Change of 2026
If there is one single compliance shift that will affect the broadest range of Australian businesses in 2026, it is the expansion of the AML/CTF regime to new sectors.
AUSTRAC has published guidance on AML/CTF reforms which came into effect on 31 March 2026 for currently regulated businesses and on 1 July 2026 for businesses in the legal, accounting, real estate, and jewellery sectors that are newly coming under regulation.
This is a generational change. Lawyers, accountants, real estate agents, and dealers in precious metals — professions that have long operated outside AUSTRAC's oversight — are now reporting entities with all the obligations that status carries.
A conveyancing firm in Brisbane that has never thought about AML obligations now needs a compliance program, a designated officer, customer due diligence processes, and suspicious matter reporting capability. For these newly regulated businesses, the transition isn't optional and it isn't gradual. The obligations are real from day one.
AUSTRAC has indicated a continued focus on digital currency businesses and cash-intensive sectors that present heightened money laundering risks, and targeted enforcement is likely in response to the potential misuse of AI to facilitate money laundering and related financial crime.
For any business in or near the newly regulated sectors, the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) course at the Australian Compliance Institute covers the full framework — customer due diligence, suspicious matter reporting, transaction monitoring, and how the FATF global standards connect to Australia's specific obligations. It is intermediate-level training designed for the professionals now facing these obligations for the first time.
Safe Work Australia and Psychosocial Hazards: The WHS Frontier
Work health and safety enforcement in 2026 has expanded well beyond the physical. The model code of practice for managing psychosocial hazards has put workplace mental health squarely within the compliance framework, and state regulators are beginning to enforce it with genuine teeth.
Psychosocial hazards include excessive workload, poor role clarity, interpersonal conflict, isolation (particularly for remote workers), and traumatic event exposure. The obligation on employers isn't simply to acknowledge these risks — it's to actively assess and control them, the same way they would a forklift or a chemical spill.
For managers who have never had to think about compliance in these terms, this is genuinely unfamiliar territory. Performance management processes, rostering practices, incident response procedures, and even communication styles can all come under regulatory scrutiny if a worker is harmed by psychosocial factors.
Frontline training on this issue is now a genuine compliance obligation, not a wellbeing initiative. The Psychosocial Hazards & Mental Health in Construction course at the Australian Compliance Institute addresses these obligations directly for construction environments — one of Australia's highest-risk industries for psychosocial harm — and the principles extend meaningfully across other sectors. Separately, the Workplace Health and Safety course covers the broader WHS compliance framework for employees and managers at all levels.
The Privacy Act: Reform Is Here — Is Your Business Ready?
Australia's Privacy Act reform process has been long and much-discussed. By 2026, the direction is firm: stronger rights for individuals, tougher obligations for organisations, and a noticeably reduced tolerance from the Office of the Australian Information Commissioner for businesses that treat data protection as an afterthought.
The convergence with international standards — particularly the principles underpinning Europe's GDPR — means Australian businesses operating globally need to maintain a single high standard, not a local minimum.
What's sharpening in 2026 is the expectation around proportionality. Organisations are expected to collect only the data they genuinely need, retain it only as long as necessary, and protect it with controls proportionate to its sensitivity. A small healthcare provider that collects extensive patient data and stores it indefinitely on an unsecured system is exactly the kind of organisation the OAIC is now actively examining — not just the large corporations that make the front page.
Add artificial intelligence tools into the picture — which most Australian businesses are now using in some form — and the Privacy Act obligations become considerably more complex. How personal data flows into and out of AI systems is a live question that most organisations haven't properly answered yet.
The Privacy & AI Governance: Complying with the Privacy Act course at the Australian Compliance Institute addresses both dimensions in a single structured program — covering Australian Privacy Principles alongside the emerging obligations around AI data handling, making it one of the most relevant training investments for 2026.
Modern Slavery and Supply Chain Accountability
Modern Slavery Act reporting obligations continue to tighten in 2026 as the government reviews mandatory due diligence requirements and the adequacy of current reporting standards. What started as a disclosure exercise is evolving toward an expectation of genuine remediation.
Businesses that file modern slavery statements describing risks without demonstrating action to address those risks are increasingly exposed to scrutiny — from regulators, from institutional investors, and from the procurement teams of larger companies that require their suppliers to meet equivalent standards.
Understanding these obligations at a workforce level — particularly in procurement, HR, and supply chain roles — is now a genuine business need. The Modern Slavery Act Compliance course at the Australian Compliance Institute provides structured intermediate-level training aligned directly with Australian reporting obligations and practical workplace application.
What This All Means: Building a Compliance-Ready Organisation in 2026
The compliance priorities for 2026 aren't scattered. There's a clear thread running through all of them.
Regulators expect businesses to know their obligations, build systems that actually deliver on them, and have people accountable for outcomes — not just processes.
Steps organisations should take in response to this regulatory environment include proactively assessing risk management frameworks, implementing regular reviews to align with evolving regulatory standards, prioritising continuous improvement in operational processes, fostering transparency across all touchpoints, and empowering staff to challenge practices constructively.
Training plays a direct role in all five of those steps. Employees who understand why compliance matters — not just what the rules say — make better decisions in the moments that matter most. The full course library at the Australian Compliance Institute covers AML/CTF, WHS, privacy, aged care, ESG compliance, modern slavery, cybersecurity, and more — all-accredited, all built for Australian law, and all structured for self-paced completion that fits around real professional responsibilities.
Key Regulatory Deadlines Not to Miss in 2026
Several critical compliance milestones fall across 2026: mandatory climate-related financial disclosures for Group 2 entities apply for financial years starting on or after 1 July 2026; key AML/CTF obligations commence on 1 July 2026 for newly regulated tranche two entities including real estate service providers; and key AML/CTF obligations also commence on 1 July 2026 for lawyers under the reformed Anti-Money Laundering and Counter-Terrorism Financing Act.
Missing these is not a minor oversight. These are hard legislative commencement dates backed by regulatory bodies that have clearly demonstrated willingness to act quickly and publicly.
