If your business provides legal, accounting, real estate, precious metals, or trust and company services in Australia, your compliance world is about to change permanently. From 1 July 2026, approximately 90,000 businesses across these sectors will become reporting entities under Australia’s Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) regime for the first time — known as Tranche 2.
This guide covers everything you need to know: who is affected, what the obligations are, critical deadlines, and how to build a compliant AML/CTF framework before the clock runs out.
⏰ Key Deadlines
IMPORTANT DATES AT A GLANCE: Enrolment opens 31 March 2026 | Obligations commence 1 July 2026 | Enrolment & Compliance Officer notification deadline 29 July 2026
What Is Australia’s AML/CTF Tranche 2?
Australia’s AML/CTF Act has long regulated financial institutions — banks, credit unions, remittance providers and digital currency exchanges. These were ‘Tranche 1’ entities. Tranche 2 extends the same obligations to designated non-financial businesses and professions (DNFBPs), bringing Australia into line with FATF (Financial Action Task Force) international standards that most comparable countries adopted years ago.
The AML/CTF Amendment Act received Royal Assent on 10 December 2024. AUSTRAC tabled the new Anti-Money Laundering and Counter-Terrorism Financing Rules 2025 in Parliament on 29 August 2025, followed by comprehensive regulatory guidance in October 2025. There is no further delay — 1 July 2026 is the hard commencement date.
Professional service firms are targeted because international evidence shows they are frequently exploited to launder the proceeds of crime — facilitating property purchases, establishing corporate structures, and managing trust accounts on behalf of clients who may not be who they claim to be.
Who Is a Tranche 2 Reporting Entity?
You are a Tranche 2 reporting entity if you provide one or more ‘designated services’ within the following sectors, and those services have a geographical link to Australia.
| Sector | Who Is Covered | Typical Designated Services |
| Legal Professionals | Solicitors, barristers, conveyancers, licensed settlement agents, foreign lawyers | Conveyancing & property transfers, trust account management, company/trust formation, litigation & dispute resolution involving funds |
| Accountants & Bookkeepers | Chartered accountants, CPAs, tax agents, BAS agents, management accountants | Tax return preparation involving significant funds, SMSF administration, financial statement preparation for trusts/companies, trust account management |
| Real Estate Professionals | Real estate agents, buyer’s agents, property developers, property managers (in certain circumstances) | Buying or selling real property, leasing arrangements above a threshold, property development services |
| Dealers in Precious Metals & Stones | Jewellers, bullion dealers, gemstone traders, dealers in precious metal products | Buying or selling precious metals (gold, silver, platinum, palladium), precious stones (diamonds, rubies, sapphires, emeralds), or products containing these |
| Trust & Company Service Providers (TCSPs) | Registered agents, corporate secretarial firms, professional trustees | Forming companies or trusts, acting as or arranging for nominee directors/shareholders, providing registered office or business address services, managing client assets |
💡 Tip
Not sure if you are a reporting entity? If you provide any of the above services with a geographical link to Australia — even partially — you are likely required to enrol. When in doubt, assume you are covered and seek advice.
The Seven Core AML/CTF Obligations
Once captured as a reporting entity, your business must comply with seven interconnected obligations under the AML/CTF Act and the new AML/CTF Rules 2025. These are not optional — each carries separate civil and criminal penalties for non-compliance.
1. Enrolment and Registration with AUSTRAC
Every reporting entity must enrol on AUSTRAC’s Reporting Entities Roll. Enrolment opened on 31 March 2026 and must be completed by 29 July 2026 — just 28 days after obligations commence on 1 July 2026. Failing to enrol is itself a criminal offence.
To enrol you will need to provide:
- Your Australian Business Number (ABN) or ACN
- Business contact details and address
- Details of the designated services you provide
- Details of your appointed AML/CTF Compliance Officer (see below)
AUSTRAC has indicated a risk-based approach to early enforcement for genuinely good-faith businesses that enrol and engage proactively — but this tolerance has limits. Do not delay enrolment.
2. Develop and Maintain an AML/CTF Program
This is the cornerstone obligation. Every reporting entity must have a written, risk-based AML/CTF program in place by 1 July 2026 — or use an AUSTRAC-approved Program Starter Kit as your foundation. Your program must be approved by senior management and overseen by your governing body.
A compliant AML/CTF program must address:
- Money laundering, terrorism financing, and proliferation financing (ML/TF/PF) risk assessment — identifying how your business, clients, products, services and geographic reach create risk
- Policies, procedures, systems and controls designed to manage and mitigate those risks
- Governance arrangements — board oversight, senior management accountability, and compliance officer responsibilities
- Customer due diligence (CDD) procedures for initial and ongoing customer relationships
- Enhanced due diligence (EDD) procedures for higher-risk customers and transactions
- Employee screening and background check procedures
- Staff AML/CTF training program and records
- Suspicious matter identification and reporting procedures
- Record-keeping policies
- Program review and independent evaluation schedule
AUSTRAC has published sector-specific Program Starter Kits for small, low-complexity businesses in legal, accounting, real estate, and precious metals sectors. These are a useful starting point but must be customised to your business’s specific risk profile before they constitute a compliant program.
📋 Program Maintenance
The program is a living document — it must be regularly reviewed and updated to reflect changes in your business, client base, services offered, and the evolving risk environment. An independent evaluation is required at least every three years.
3. Appoint an AML/CTF Compliance Officer
Every reporting entity must appoint an AML/CTF Compliance Officer and notify AUSTRAC of this appointment by 29 July 2026. The Compliance Officer must be a senior person with sufficient seniority, authority, and resources to carry out the role effectively.
The Compliance Officer’s responsibilities include:
- Overseeing day-to-day AML/CTF compliance across the business
- Communicating with AUSTRAC and acting as the primary regulatory contact point
- Reporting to the governing body on the effectiveness of the AML/CTF program
- Ensuring staff training is completed and records maintained
- Reviewing and escalating suspicious matters
- Keeping the AML/CTF program up to date
In small businesses, this may be a principal, partner or director. In larger firms, a dedicated senior manager should hold this role. Personal liability for compliance failures means the appointee must be both empowered and competent.
4. Customer Due Diligence (CDD)
Customer due diligence is the process of identifying and verifying who your clients are — and understanding the risk they present. The reformed regime sets out clearer, more structured CDD requirements than ever before.
Initial CDD — Before Providing a Designated Service
Before you provide a designated service (with limited exceptions), you must complete initial CDD. This involves:
- Collecting the customer’s full legal name, date of birth (individuals) or company/trust name and registration details (entities)
- Verifying that identity against reliable, independent source documents (e.g. passport, driver’s licence, ASIC records, trust deed)
- Identifying and verifying beneficial owners — individuals who ultimately own or control the customer entity (generally those with 25%+ ownership or effective control)
- Identifying and verifying senior managing officials of the entity
- Understanding the nature and purpose of the business relationship
- Assessing the ML/TF/PF risk associated with the customer before providing services
Ongoing CDD — Throughout the Relationship
CDD does not end at onboarding. You must monitor the customer relationship throughout its duration to ensure:
- Transactions and activities are consistent with your understanding of the customer’s risk profile
- Identification and verification information remains current and accurate
- Any changes in risk profile are promptly identified and acted upon
Enhanced Due Diligence (EDD) — High-Risk Customers
Where your risk assessment identifies a customer or transaction as higher risk, enhanced due diligence measures must be applied. Higher-risk indicators include:
- Politically exposed persons (PEPs) — foreign or domestic government officials, their family members and close associates
- Customers from or transacting through high-risk or sanctioned jurisdictions
- Complex corporate or trust ownership structures with no clear commercial rationale
- Transactions that are unusually large, complex, or inconsistent with the customer’s known profile
- Customers who are reluctant to provide identification or explain the source of funds
EDD measures may include obtaining additional identification documents, understanding the source of wealth and funds, seeking senior management approval, and increasing monitoring frequency.
Simplified due diligence may be applied in limited, low-risk circumstances. Your AML/CTF program must document when simplified CDD is permitted and the rationale for that assessment.
5. Reporting Obligations to AUSTRAC
Reporting entities must submit three categories of reports to AUSTRAC. Failure to report when required is a serious offence.
| Report Type | When Required | Timeframe |
| Suspicious Matter Report (SMR) | When you know, suspect, or have reasonable grounds to suspect that a matter is related to money laundering, terrorism financing, tax evasion, or proceeds of crime. The threshold is suspicion — not proof. | As soon as practicable, generally within 24 hours of forming suspicion (3 business days for other suspicious matters) |
| Threshold Transaction Report (TTR) | Cash transactions of AUD 10,000 or more (or foreign currency equivalent). Multiple transactions that together meet the threshold may also trigger reporting. | Within 10 business days of the transaction |
| Annual AML/CTF Compliance Report | An annual report to AUSTRAC covering your compliance activities, including the outcomes of program reviews, any compliance issues identified, and your risk assessment findings. | By 31 March each year, covering the previous calendar year |
⚠️ Important Warning
TIPPING OFF PROHIBITION: It is a criminal offence to tip off a customer or any other person that a suspicious matter report has been, or is about to be, submitted to AUSTRAC. Do not disclose the existence of an SMR — including to the subject of the report.
6. Record Keeping
Reporting entities must create and maintain detailed records to demonstrate compliance and support any AUSTRAC investigation or audit. Required records include:
- All CDD documentation — identification documents, verification records, beneficial ownership information, and risk assessments for each customer
- All transaction records for designated services, including the nature, amount, currency and parties to each transaction
- All reports submitted to AUSTRAC (SMRs, TTRs, annual compliance reports)
- AML/CTF program documents and all versions, including review records and independent evaluations
- Staff training records — who was trained, when, and on what content
- Customer correspondence and instructions relevant to designated services
Records must generally be retained for seven years from the date they are created or the end of the business relationship.
7. Staff Training and Awareness
All relevant staff must receive AML/CTF training appropriate to their role. Training must cover:
- The nature of money laundering and terrorism financing — how it works and how your sector is exploited
- Your business’s AML/CTF program, policies, and procedures
- Customer due diligence requirements and red flag indicators
- How to identify and escalate suspicious matters
- Staff obligations under the tipping-off prohibition
- Legal consequences of AML/CTF non-compliance
Training must be delivered before staff engage in activities involving designated services and refreshed regularly. All training must be documented with records kept for at least seven years.
Sector-Specific Considerations
Legal Professionals
Lawyers and conveyancers face some of the most complex CDD requirements, particularly around trust account management and property conveyancing. The risk profile is elevated because lawyers can act simultaneously for buyers and sellers, and because trust accounts present an attractive mechanism for integrating illicit funds.
Key considerations for law firms and conveyancers:
- CDD must be completed before receiving client funds into trust or commencing conveyancing work
- Beneficial ownership verification for company and trust purchasers is mandatory
- Source of funds and source of wealth checks are often required for high-value property transactions
- Firms must consider whether litigation funding arrangements constitute a designated service
- Professional privilege does not override AML/CTF obligations in most circumstances
Accountants and Bookkeepers
Accounting firms are targeted because they often act as gatekeepers to financial systems — preparing financial statements, managing SMSF assets, and establishing corporate and trust structures. AUSTRAC’s Accounting Program Starter Kit is available for small, low-complexity practices.
Key considerations for accountants:
- Tax return preparation for high-net-worth clients or complex structures requires heightened scrutiny
- SMSF audit and administration services are designated services requiring CDD on SMSF trustees and beneficial owners
- Company and trust formation services require identifying and verifying all beneficial owners from commencement
- Bookkeepers managing client funds or operating as signatories on client accounts are likely to be reporting entities
Real Estate Professionals
Real estate remains one of the most common vehicles for large-scale money laundering globally. AUSTRAC’s designated services for real estate cover buying, selling, and in some cases leasing real property on behalf of clients.
Key considerations for real estate professionals:
- CDD must be completed on all parties (buyers and sellers) for property transactions above prescribed thresholds
- Buyer’s agents must conduct CDD on the party they represent, and be aware of the other side’s identity
- Property developers selling off-the-plan are likely captured where they are directly managing the sale without a licensed agent
- Payment source verification — agents must understand and document the source of deposit and purchase funds
- Foreign investor transactions and FIRB-linked purchases attract heightened scrutiny
Dealers in Precious Metals and Stones
High-value, portable, and easily tradeable, precious metals and gemstones have long been exploited for money laundering. Jewellers, bullion dealers and gemstone traders will be regulated where they buy or sell above threshold values.
Key considerations for precious metals and stones dealers:
- All cash transactions of AUD 10,000 or more must be reported as threshold transactions
- Trade-in and buy-back transactions require CDD even where the customer is known
- International bullion transactions may trigger additional obligations under AML/CTF correspondent relationships
- Online precious metals platforms with Australian customers must enrol regardless of where the operator is based, provided there is a geographical link to Australia
Trust and Company Service Providers (TCSPs)
TCSPs are considered very high risk internationally because they directly create and manage corporate structures that obscure beneficial ownership. TCSPs have faced FATF scrutiny for years, and the Australian regime reflects the heightened expectations.
Key considerations for TCSPs:
- Every new corporate or trust structure established requires full beneficial ownership identification and verification from the outset
- Nominee director and shareholder arrangements require enhanced due diligence on the ultimate beneficial owner
- Ongoing monitoring obligations are particularly intensive — corporate structures change, and you are responsible for keeping beneficial ownership records current
- Registered agent services trigger obligations even where the TCSP has limited visibility into the entity’s activities
Penalties for Non-Compliance
Non-compliance with AML/CTF obligations carries severe consequences. The Australian regime operates two distinct penalty frameworks — civil and criminal — and AUSTRAC has demonstrated a willingness to pursue large penalty outcomes in Federal Court.
| Penalty Type | Who It Applies To | Maximum Penalty |
| Civil Penalty — Corporations | Body corporate / company | Up to 100,000 penalty units (~$33 million) per breach |
| Civil Penalty — Individuals | Individual, director, compliance officer | Up to 20,000 penalty units (~$6.6 million) per breach |
| Infringement Notice — Corporation | Body corporate | Approximately $16,200 per notice |
| Infringement Notice — Individual | Individual | Approximately $3,300 per notice |
| Criminal Penalty | Individuals (serious/deliberate violations) | Imprisonment and/or significant fines |
| Remedial Direction | Any reporting entity | Court-ordered compliance steps, independent audits, undertakings |
Civil penalties apply per breach — meaning systemic failures across multiple clients create exponentially larger financial exposure. AUSTRAC also considers cooperation with the regulator, remediation steps taken, and the entity’s compliance history when determining appropriate penalties. The courts have imposed penalties exceeding $1 billion in high-profile Tranche 1 cases.
⚠️ Reputational Risk
AUSTRAC does not need to wait for a criminal conviction to impose civil penalties. Regulatory action, including enforceable undertakings, remediation orders and public naming and shaming, can significantly damage a professional firm’s reputation even where penalties are ultimately moderate.
Your AML/CTF Compliance Roadmap: What to Do Now
With obligations commencing 1 July 2026, every Tranche 2 business should be taking action immediately. Here is a practical step-by-step roadmap:
Step 1: Determine whether you are a reporting entity
Review the designated services list carefully. If you provide any service listed above with a geographical link to Australia, you are almost certainly a reporting entity. Seek professional advice if you are uncertain.
Step 2: Conduct a ML/TF risk assessment
Before you can design your AML/CTF program, you must understand your risk exposure. Assess your client base, services, transaction types, delivery channels, and geographic reach against ML/TF risk factors.
Step 3: Enrol with AUSTRAC
Enrolment opened 31 March 2026. Log into AUSTRAC Online and complete your enrolment. You have until 29 July 2026, but earlier is better — do not leave this to the last minute.
Step 4: Develop your AML/CTF program
Build or adopt a risk-based AML/CTF program covering governance, risk assessment, CDD procedures, EDD triggers, reporting, record-keeping and training. AUSTRAC’s Starter Kits are a useful but insufficient starting point for anything beyond a very simple, low-complexity business.
Step 5: Appoint your Compliance Officer
Identify and formally appoint a senior person as AML/CTF Compliance Officer. Document their role, responsibilities, and authority in your program. Notify AUSTRAC by 29 July 2026.
Step 6: Train your staff
Deliver AML/CTF training to all relevant staff before 1 July 2026 and keep detailed records. Ensure all staff understand their personal obligations.
Step 7: Implement CDD processes
Update your client intake procedures to incorporate initial CDD from 1 July 2026. Existing clients may need retrospective CDD as part of your ongoing monitoring obligations.
Step 8: Establish reporting channels
Set up your AUSTRAC Online account for submitting SMRs, TTRs and annual compliance reports. Ensure your Compliance Officer knows exactly how and when to report.
Step 9: Schedule your first program review
Plan your first internal review for no later than 12 months after commencement. Schedule your first independent evaluation to meet the three-year maximum requirement.
Frequently Asked Questions
Q: Do I need to conduct CDD on existing clients?
A: Yes. While initial CDD requirements apply to new clients from 1 July 2026, your ongoing CDD obligations require you to monitor all existing client relationships. Where you do not hold adequate identification and verification information for existing clients, you will need to collect it as part of ongoing CDD. Your AML/CTF program should include a plan for remediating gaps in existing client files.
Q: What if I provide services to other professionals — such as law firms referring conveyancing work?
A: Third-party reliance arrangements are recognised under the reformed regime. You may be able to rely on CDD conducted by another AUSTRAC-regulated entity, but this reliance must be documented and you retain ultimate responsibility for compliance. Clear contractual arrangements and due diligence on the reliability of the third party are essential.
Q: Are there any exemptions for small businesses?
A: There is no general small business exemption. However, AUSTRAC’s Program Starter Kits are designed for small, low-complexity businesses and provide a simplified framework. The scale and sophistication of your program can be proportionate to your risk profile — but proportionality does not mean non-compliance.
Q: What is the tipping-off prohibition?
A: Once you submit a Suspicious Matter Report (SMR), you must not disclose to the customer or any other person that a report has been made or is being considered. This applies even if the customer asks directly. The prohibition is a criminal offence. Train your staff to deflect such questions — for example, advising that they cannot comment on matters that are subject to legal professional privilege or regulatory requirements — without confirming or denying an SMR.
Q: What counts as a ‘high-risk jurisdiction’?
A: AUSTRAC’s guidelines identify jurisdictions that are subject to FATF blacklisting, greylisting, or have identified strategic deficiencies in their AML/CTF regimes. Common examples include jurisdictions with weak regulatory frameworks, high levels of corruption, or that are known transit points for illicit funds. You should subscribe to AUSTRAC’s regulatory updates and FATF mutual evaluation reports to stay current.
Q: Do I need a lawyer or consultant to build my AML/CTF program?
A: You are not legally required to engage external assistance, but for all but the simplest businesses, professional guidance significantly reduces the risk of costly errors. A poorly constructed program that fails an independent evaluation or leads to a regulatory breach will cost far more than building it properly in the first place.
Need Help Building Your AML/CTF Framework?
The AML Consultant specialises in helping Australian Tranche 2 businesses — lawyers, accountants, real estate professionals, precious metals dealers, and TCSPs — build practical, AUSTRAC-compliant AML/CTF frameworks from the ground up.
Our services include:
✓ ML/TF Risk Assessment tailored to your sector and client base
✓ AML/CTF Program design, drafting, and implementation
✓ Customer Due Diligence procedure development
✓ Compliance Officer coaching and support
✓ Staff AML/CTF training (face-to-face and online)
✓ AUSTRAC enrolment and registration guidance
✓ Independent program evaluation and health checks
✓ Ongoing compliance advisory and regulatory update monitoring
📧 theamlconsultant.com@gmail.com | 🌐 www.theamlconsultant.com
Don’t wait for 1 July 2026 to arrive and find yourself unprepared. Contact us today for a confidential, no-obligation discussion about your AML/CTF compliance needs.
About This Article
This guide has been prepared by The AML Consultant based on AUSTRAC’s published regulatory guidance, the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024, and the AML/CTF Rules 2025. It is current as of April 2026. This article is for general information purposes only and does not constitute legal or compliance advice. Requirements may change — always refer to AUSTRAC’s official guidance at austrac.gov.au for the most current information.