For more than two decades, Australia’s Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) regime applied primarily to banks, financial institutions, casinos and remittance providers. That is about to change fundamentally. Amendments to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), passed in December 2024, extend mandatory AML/CTF obligations to a wide range of professional services — including lawyers, accountants, real estate agents, conveyancers, and trust and company service providers — from 1 July 2026. These are commonly referred to as the Tranche 2 reforms.

The reforms are designed to align Australia with international standards set by the Financial Action Task Force (FATF) and to close long-identified gaps in Australia’s financial crime defences. Non-compliance carries serious regulatory and criminal consequences. Understanding your obligations now is essential.

Key Compliance Dates
31 Mar 2026
Enrolment with AUSTRAC opens for newly regulated Tranche 2 entities. Existing reporting entities must already comply with the reformed AML/CTF Rules from this date.
1 Jul 2026
All Tranche 2 obligations commence — including customer due diligence (CDD), AML/CTF program implementation, suspicious matter reporting, and record-keeping.
29 Jul 2026
Latest date by which Tranche 2 entities must be enrolled with AUSTRAC (within 28 days of commencing a designated service).

Who Is Captured Under Tranche 2?

The AML/CTF Act does not regulate entire professions. Instead, it captures specific designated services — defined activities that pose genuine money laundering and terrorism financing risks. Whether your business is regulated depends on what you actually do, not simply on your professional title or firm size. Even sole practitioners and small firms are captured if they provide a designated service.

From 1 July 2026, designated services relevant to legal, accounting and trust professionals include:

  • Receiving, holding, controlling or managing client money or property as part of a transaction
  • Buying or selling real estate on behalf of a client
  • Brokering, planning or executing the sale, purchase or transfer of real estate
  • Assisting clients with equity or debt financing transactions
  • Creating, restructuring or administering companies, trusts, partnerships or other legal arrangements
  • Acting as, or arranging for someone to act as, a director, trustee, partner, nominee shareholder or similar role for a client
  • Providing a registered office address or principal place of business for an entity

AUSTRAC has clarified that obligations can arise before a transaction is completed — including during preparatory or organisational steps taken to advance a transaction. If you are uncertain whether your services are captured, AUSTRAC provides an online tool at austrac.gov.au to help you assess your obligations.

Your Core Obligations as a Reporting Entity

Once you are captured as a reporting entity, the AML/CTF Act imposes a structured set of obligations. AUSTRAC’s guidance identifies the following core requirements:

1. Enrol with AUSTRAC

You must enrol via the AUSTRAC Business Portal. Enrolment opens from 31 March 2026 and must be completed within 28 days of commencing a designated service. Enrolment cannot occur earlier than 31 March 2026 for Tranche 2 entities. Criminal penalties apply for failing to enrol before providing a regulated service.

2. Develop and Maintain an AML/CTF Program

Every reporting entity must have a written, risk-based AML/CTF program in place before 1 July 2026. This program must include:

  • A ML/TF risk assessment — identifying and assessing your exposure to money laundering, terrorism financing and proliferation financing risks
  • AML/CTF policies, procedures, systems and controls tailored to manage and mitigate those risks
  • Appointment of a designated AML/CTF compliance officer with oversight responsibility
  • Ongoing staff training and personnel due diligence

AUSTRAC has released sector-specific Program Starter Kits for legal practitioners, conveyancers, accountants and other newly regulated professions to help businesses develop compliant programs. These kits are available on the AUSTRAC website and are designed to be customised to reflect your firm’s specific operations and risk profile.

Important

A Starter Kit is a starting point, not a complete solution. It must be reviewed, customised and approved by senior management before 1 July 2026. A generic, unmodified program is unlikely to satisfy AUSTRAC’s regulatory expectations.

3. Conduct Customer Due Diligence (CDD)

From 1 July 2026, you must verify the identity of your clients — and identify the beneficial owners of any legal structures — before providing a designated service. This is the professional equivalent of the “Know Your Customer” (KYC) process that banks have applied for many years.

For legal structures such as trusts and companies, this requires you to:

  • Verify the identity of all named clients and their authorised representatives
  • Identify and verify the beneficial owners of the structure (i.e. the natural persons who ultimately own or control it)
  • Take reasonable steps to understand the nature and source of the client’s wealth where required by your risk assessment
“At the end of the day, everyone in that transaction has confidence that they know who they’re dealing with. All of this must happen before settlement…KYC is really about knowing who your customer is and being confident you understand who you’re dealing with.” — Brendan Thomas, CEO, AUSTRAC

CDD applies to all new clients and new legal structures established or restructured from 1 July 2026. Importantly, you are not required to retain copies of every document reviewed — but you must maintain a record showing that verification was carried out and how it was done.

4. Report Suspicious Matters

You must submit a Suspicious Matter Report (SMR) to AUSTRAC if, during the course of providing a designated service, you form a suspicion that a matter may be related to money laundering, terrorism financing, tax evasion or other serious offences. SMRs must be lodged through the AUSTRAC Business Portal.

Signs that may indicate suspicious activity include clients who are reluctant to provide identification, transactions that appear to lack a legitimate commercial purpose, complex ownership structures with no apparent business rationale, or instructions that seem designed to avoid reporting thresholds.

5. Maintain Records

All records related to customer identity verification, transactions, and your AML/CTF program must be retained for a minimum of seven years. These records provide evidence of your due diligence and compliance should AUSTRAC conduct a review.

Why Document Accuracy Is Now Critical

Financial institutions subject to AML/CTF obligations have, for some time, been scrutinising the legal documents presented to them with increasing rigour. Banks and other regulated entities are required to satisfy themselves that the documents they receive are consistent with their own KYC records. As Tranche 2 brings legal and accounting professionals into the same compliance framework, the same standard of care must now be applied to the documents those professionals prepare and rely upon.

Common defects that can trigger compliance issues with financial institutions include:

  • Missing or incorrectly spelled middle names
  • Use of anglicised versions of foreign-language names that differ from passport records
  • Missing hyphens or punctuation in hyphenated names
  • Name changes due to marriage or legal deed that are not reflected across all documents
  • Missing Australian Company Numbers (ACNs)
  • Incorrectly executed deeds or trust documents
  • Trust deeds dated before the incorporation of a corporate trustee
  • Missing execution dates on legal instruments

Under the new AML/CTF regime, defects of this nature can result in delays to bank account establishment, freezing of accounts, and delays in or failure of critical commercial settlements. What was previously a recommended correction has, from 1 July 2026, become a legal obligation for newly established structures.

Consequences of Non-Compliance

AUSTRAC has made clear that failure to meet AML/CTF obligations is a serious regulatory concern. The consequences for non-compliant entities can include:

  • Criminal penalties for failing to enrol with AUSTRAC before providing a designated service
  • Civil penalties for failing to maintain an adequate AML/CTF program
  • Regulatory enforcement action, including enforceable undertakings or licence conditions
  • Delays in client transactions, account establishment or settlement of property matters
  • Mandatory suspicious matter reports to AUSTRAC where defective or inconsistent documentation raises red flags

AUSTRAC’s regulatory approach will continue to be risk-based and outcomes-focused, with the agency’s stated priority being effective management of ML/TF risks rather than technical box-ticking. Nonetheless, AUSTRAC has signalled that it will take enforcement action where businesses fail to show sustained effort and genuine progress toward compliance.

Steps to Take Now

With 1 July 2026 approaching, AUSTRAC expects regulated entities to demonstrate meaningful preparation. The following steps reflect AUSTRAC’s published regulatory expectations for Tranche 2 entities:

  1. Determine whether you provide a designated service. Use AUSTRAC’s online tool and review the full list of designated services in the AML/CTF Act. Map your firm’s actual services against this list, including low-volume or one-off activities.
  2. Enrol with AUSTRAC from 31 March 2026. Complete enrolment via the AUSTRAC Business Portal. Nominate an AML/CTF compliance officer with clear delegated responsibility.
  3. Develop your AML/CTF program. Use AUSTRAC’s Starter Kits as a foundation. Customise the risk assessment and policies to reflect your firm’s specific operations, client base and risk exposure. Obtain senior management approval before 1 July 2026.
  4. Implement customer due diligence procedures. Establish processes for verifying client identity and identifying beneficial owners prior to providing designated services.
  5. Train your staff. Ensure all relevant personnel understand the firm’s AML/CTF obligations, can recognise indicators of suspicious activity, and know how to report concerns.
  6. Audit existing legal structures and documents. Review documents prepared for existing clients for defects that may create compliance issues under the new regime. Where defects are identified, seek correction through appropriate legal instruments such as confirming deeds.
  7. Establish record-keeping systems. Ensure your firm can retain identity verification and transaction records for the required seven-year period.
Do Not Assume You Are Too Small

The AML/CTF Act applies to sole practitioners and small firms as equally as it does to large organisations. If you provide a designated service, the legal obligation is yours — regardless of firm size, turnover or the number of transactions you handle. Size affects the complexity of your required program, not whether you need one.

Legal Professional Privilege

The amended AML/CTF Act includes protections for legal professional privilege (LPP). Nothing in the Act requires a lawyer to disclose information or produce a document that would otherwise be protected by LPP. However, the reforms introduce practical tensions between AML/CTF reporting obligations and confidentiality duties. AUSTRAC has published specific guidance on the interaction between the AML/CTF regime and LPP obligations, including when a LPP claim form must be submitted. Legal practitioners should review that guidance carefully and seek advice on specific matters where the overlap is unclear.

AUSTRAC Resources and Support

AUSTRAC has committed to providing comprehensive education and support resources throughout 2026, including sector-specific guidance, webinars, and a dedicated contact centre for newly regulated entities. Key resources available at austrac.gov.au include:

  • The AML/CTF Reform hub — with guidance on obligations, designated services and the enrolment process
  • Program Starter Kits for legal practitioners, conveyancers, accountants, real estate agents and precious metals dealers
  • The “Am I captured?” online self-assessment tool
  • AUSTRAC’s regulatory expectations statement (published July 2025)
  • Webinar recordings and upcoming education events

Industry associations — including law societies, CPA Australia, and relevant accounting and real estate bodies — are also working with AUSTRAC to develop tailored guidance for their members. Practitioners are encouraged to engage with their professional association’s AML/CTF resources in parallel with AUSTRAC’s own materials.

This article is prepared for general information purposes and reflects AUSTRAC’s published guidance as at March 2026. It does not constitute legal advice. The application of the AML/CTF Act depends on the specific circumstances of each entity. Practitioners are encouraged to seek independent legal advice and to consult AUSTRAC’s official guidance at austrac.gov.au to understand how the reforms apply to their particular situation.