AML Compliance Timeline for New Businesses in Australia

⚡ Direct Answer:  New businesses providing designated services in Australia must have their AML/CTF program in place before commencing operations and must apply to enrol with AUSTRAC within 28 days of starting. For businesses newly regulated under the Tranche 2 reforms (1 July 2026), enrolment must be completed by 29 July 2026. This timeline guide covers what needs to be done and when, from pre-launch through to ongoing compliance.

Why Getting the Timeline Right Matters

AML/CTF compliance is not something you can defer until after you have launched. Under the AML/CTF Act, your program must be in place before you start providing designated services — and your enrolment application must be submitted within 28 days of commencement. This means compliance planning must begin well before your launch date.

Businesses that launch first and think about compliance later frequently end up in breach of the Act from day one. Even if no actual ML/TF incident has occurred, operating without an AML/CTF program or without enrolling with AUSTRAC is a contravention with potential civil penalty consequences.

The AML Compliance Timeline: Stage by Stage

Stage 1: Pre-Launch (3–6 Months Before Commencing Services)

This is the most important stage — the foundation of your compliance framework must be built here.

  • Determine reporting entity status: Identify all services you plan to provide and confirm whether any are designated services under the AML/CTF Act (including the new designated services from 1 July 2026 if applicable).
  • Understand your obligations: Review the AML/CTF Act, Rules, and AUSTRAC’s guidance relevant to your industry. Consider engaging an AML/CTF specialist to brief you on what is required.
  • Conduct your ML/TF risk assessment: Assess the money laundering, terrorism financing, and proliferation financing risks specific to your planned business model — customer types, services, channels, and geographies.
  • Begin developing your AML/CTF program: Start drafting your policies, procedures, and controls based on the risk assessment. Allow plenty of time — a genuine program cannot be put together in a few days.
  • Select your CDD and monitoring systems: Identify the technology or processes you will use for identity verification, ongoing monitoring, and reporting.

Stage 2: One to Two Months Before Launch

Your compliance framework should be taking shape by this stage.

  • Finalise your AML/CTF program: Ensure all required elements are covered — risk assessment, CDD procedures, reporting, record keeping, training, independent review framework.
  • Obtain senior management approval: The program must be approved by a senior manager before commencing services.
  • Implement CDD systems: Test your identity verification and screening systems to ensure they work as intended.
  • Train your team: Ensure all relevant staff receive AML/CTF training before they start working with customers. Document training completion.
  • Set up AUSTRAC Online: Create your account in AUSTRAC Online so you are ready to enrol and submit reports from day one.

Stage 3: At Launch (Day 1 of Designated Services)

Your compliance program should be fully operational from the moment you start providing services.

  • AML/CTF program is in place and approved.
  • CDD is conducted on your first customers before providing services.
  • Staff understand their obligations and internal procedures.
  • Reporting systems are operational — you are ready to submit SMRs, TTRs, and other reports if required.
  • Record-keeping systems are active.

Stage 4: Within 28 Days of Launch

  • Submit your AUSTRAC enrolment application through AUSTRAC Online.
  • If you are a remittance dealer or virtual asset service provider: also submit your registration application.
  • Confirm your enrolment details are accurate and complete.

Do not wait until day 28 to begin the application. Technical issues, missing information, or incomplete preparation can cause delays. Begin the process in week one or two.

Stage 5: First 3 Months of Operations

  • Ensure SMR, TTR, and other reporting obligations are being met in real time.
  • Begin building your records — transaction records and CDD files must be complete from day one.
  • Identify and address any operational gaps in your CDD or reporting processes.
  • Confirm that your AML/CTF program is being followed in practice, not just on paper.

Stage 6: Ongoing (12 Months and Beyond)

  • Conduct periodic reviews of your ML/TF risk assessment — update it when your business changes.
  • Review and update your AML/CTF program at least annually, or when material changes occur.
  • Schedule your first independent program evaluation — for most businesses, within the first 12–24 months of operations.
  • Conduct refresher training for all relevant staff.
  • Monitor AUSTRAC’s guidance and publications for updated expectations and regulatory changes.
  • Review your AUSTRAC enrolment details and update if anything changes.

Key Compliance Milestones at a Glance

  • 3-6 months before launch: Determine reporting entity status, conduct risk assessment, begin program development.
  • 1-2 months before launch: Finalise program, get senior manager approval, train staff.
  • Day 1 of operations: AML/CTF program active, CDD in place, reporting systems operational.
  • Within 28 days of launch: Enrol with AUSTRAC (and register if required).
  • Ongoing: Reports as required (SMRs within 24hrs/3 days, TTRs within 10 days), annual reviews, independent evaluation.

Special Considerations for the 2026 Reforms

If your business is in one of the newly regulated sectors (accounting, legal, real estate, trust and company services), the timeline is:

  • 1 July 2026: New designated services commence. Your AML/CTF program must be in place from this date.
  • 29 July 2026: Deadline to apply to enrol with AUSTRAC (28 days after commencement).

This means businesses that have not started their AML/CTF preparations by April 2026 will be very short on time. The recommendation is to begin the process now — not in June 2026.

What Happens If You Miss a Deadline?

Missing the enrolment deadline or commencing services without an AML/CTF program in place are both contraventions of the Act. AUSTRAC can take enforcement action — including civil penalties — even if no actual ML/TF incident has occurred. The obligation is met by having the framework in place, not just by the absence of a crime.

If you have already commenced services and have not enrolled or do not have a program in place, you should:

  1. Seek legal advice immediately.
  2. Take urgent steps to develop and implement an AML/CTF program.
  3. Apply to enrol with AUSTRAC as soon as possible.
  4. Consider whether voluntary disclosure to AUSTRAC is appropriate given the circumstances.

Frequently Asked Questions

Can I start providing services while my AUSTRAC enrolment is being processed?

The Act requires you to apply to enrol within 28 days of commencing designated services. This means you start providing services first, then enrol — not the other way around. However, your AML/CTF program must be in place before you commence. Do not wait until enrolment is confirmed to implement compliance.

What if my business grows and I start providing new designated services?

You must update your AUSTRAC enrolment to reflect the new services. You may also need to update your ML/TF risk assessment and AML/CTF program to address the risks associated with the new services.

Is there a compliance grace period for new businesses?

No. The obligations under the AML/CTF Act apply from the day you commence providing designated services. AUSTRAC does not offer a formal grace period. The 28-day enrolment window is an enrolment deadline, not a compliance grace period.

How long does it take to build a compliant AML/CTF program from scratch?

For a simple, low-risk business: 4-8 weeks with professional assistance. For a more complex business: 3-6 months. This underscores why compliance preparation should begin well before your launch date.

📣 Need expert AML/CTF support? 

👉 Get AML compliance support from day one: contact us

👉 Check if you need to enrol with AUSTRAC: Do I need AML?

👉 Read the complete AML compliance guide: AML Compliance Australia – Complete Guide (2026)

👉 Read more:

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by