Tranche 2 for Trust and Company Service Providers: Summary Highlights
Tranche 2 for trust and company service providers will apply from 1 July 2026 to in scope professional and corporate services that meet the definition of designated services.
Trust and company services are viewed as high risk for money laundering due to poor transparency of ownership and control and the ease with which complex structures can be created and layered.
Regulated TCSPs must enrol with AUSTRAC, maintain a written AML/CTF program, perform customer due diligence and report suspicious matters and certain threshold transactions.
Typical red flags for TCSPs include opaque ownership, nominee roles with no clear purpose, complex chains of entities, high risk jurisdictions and services that do not match the client’s stated business or wealth.
The biggest challenges for trust and company service providers are mapping services into designated services, building a coherent beneficial ownership framework and integrating AML checks into existing onboarding and company secretarial processes.
Specialist Tranche 2 for trust and company service providers consultants can help you design a risk based program, streamline CDD, deploy appropriate RegTech and prepare for AUSTRAC engagement without derailing client service.
Tranche 2 for Trust and Company Service Providers
Trust and company service providers sit at the heart of how wealth and ownership are structured. You form companies, establish and administer trusts, provide nominee directors and shareholders, and support cross border holding structures. That visibility makes your business commercially valuable. It also makes it a prime target for misuse.
Tranche 2 for trust and company service providers is therefore not a surprise. It is the Australian Government’s way of closing long acknowledged gaps in the AML/CTF regime and aligning with international standards that already apply in many peer jurisdictions.
From 1 July 2026, certain services provided by trust and company service providers will be regulated by AUSTRAC, with formal AML/CTF obligations that sit alongside your existing legal and regulatory duties.
This article sets out what that means in practice and how specialist Tranche 2 consultants can help you move from awareness to an efficient, audit ready compliance framework.
The new Tranche 2 landscape for TCSPs
The policy shift
For many years AUSTRAC has regulated banks, remitters, gambling operators and a small number of other sectors that provide designated services.However, trusts and companies have been repeatedly identified as vehicles used to disguise beneficial ownership, layer funds and move illicit money through the financial system.
The AML/CTF Amendment Act 2024 and associated reforms introduce Tranche 2 obligations for designated non financial businesses and professions, including trust and company service providers.
AUSTRAC’s AML/CTF Reform hub confirms that businesses providing certain professional services will become reporting entities where they provide newly defined designated services with a link to Australia.
Key references you should bookmark on AUSTRAC’s site:
About the reforms – overview of AML/CTF reform and Tranche 2 timetable
(search: “AUSTRAC AML/CTF Reform – About the reforms”)New industries and services to be regulated (Reform) – lists trust and company service providers and other Tranche 2 sectors
(search: “AUSTRAC new industries and services to be regulated”)Professional services (Reform) – explains relevant designated services for professional firms, including many TCSP activities
(search: “AUSTRAC professional services reform”)
What counts as a trust and company service provider
The term “trust and company service providers” is used broadly in AUSTRAC and Home Affairs material. It generally covers businesses that provide any of the following on a commercial basis:
forming or arranging for the creation of a company or other body corporate
acting as, or arranging for another person to act as, a director or secretary of a company
acting as, or arranging for another person to act as, a trustee of an express trust
providing a registered office, business address or correspondence address for a company or trust
acting as, or arranging for another person to act as, a nominee or shareholder for another person or entity
selling or transferring shelf companies and other pre incorporated entities.
If your business provides these services in or from Australia, Tranche 2 for trust and company service providers is almost certainly relevant, and AUSTRAC’s “check if you may be regulated” tool is the logical starting point.
Tranche 2 timelines for trust and company service providers
The reform timetable is now clear and public.
Now to early 2026
AUSTRAC is releasing reform guidance, sector resources and risk insights for Tranche 2 entities, including professional services and TCSPs.By 31 March 2026
AUSTRAC expects newly regulated entities to begin enrolment through AUSTRAC Online, in line with reform guidance on when to enrol and register.From 1 July 2026
Tranche 2 obligations commence for entities providing new designated services, including trust and company service providers.Within 28 days of first providing a designated service
A newly regulated TCSP must enrol with AUSTRAC and keep its details current, as set out in AUSTRAC’s Summary of obligations (Reform) and Tranche 2 factsheet.
In practice, this means TCSPs should spend 2025 and early 2026 building and testing their AML/CTF frameworks, not simply planning them.
Core AML/CTF obligations for trust and company service providers
Once you fall within Tranche 2 for trust and company service providers, you become a reporting entity and must comply with the same core pillars that apply to other sectors.
Enrolment with AUSTRAC
You must:
enrol as a reporting entity using AUSTRAC Online
describe your business, designated services and ownership structure
nominate key contacts and compliance officers
update this information when it changes.
AML/CTF program
AUSTRAC’s reforms guidance specifies that every Tranche 2 entity must develop and maintain an AML/CTF program that:
is based on a documented ML/TF and PF risk assessment
sets out policies, procedures, systems and controls to manage those risks
covers customer due diligence, monitoring, reporting, training and record keeping
is approved by the governing body or a senior manager
is regularly reviewed and updated.
This is often described as:
Part A: governance, risk assessment, controls and oversight
Part B: customer identification and verification procedures.
For trust and company service providers, the AML/CTF program should be tightly aligned with your company formation, trust establishment and administration workflows.
ML/TF/PF risk assessment
AUSTRAC expects a structured risk assessment that reflects the specific vulnerabilities of TCSP services, including:
the types of clients you serve, such as HNWIs, family groups, corporate groups, private equity and offshore investors
the services you provide, such as registered offices, nominee roles, trust establishment and ongoing company secretarial support
the delivery channels you use, for example face to face, online and through intermediaries
your exposure to foreign jurisdictions, particularly higher risk or secrecy jurisdictions.
AUSTRAC’s Money laundering in Australia national risk assessment and reform risk insights repeatedly highlight the vulnerability of opaque company and trust structures and the role of TCSPs in either enabling or preventing abuse.
Customer due diligence for TCSPs
Customer due diligence obligations apply when you provide a designated service. In TCSP language this includes:
establishing a company or other legal person
setting up or administering a trust or similar legal arrangement
providing a registered office or correspondence address
acting as a director, secretary, trustee or nominee.
Using AUSTRAC’s customer due diligence (Reform) and initial CDD for a trust guidance, a TCSP CDD framework should:
identify and verify the customer and, where relevant, the beneficial owners and controllers
understand the purpose and intended nature of the structure or service
collect information on source of funds and source of wealth for higher risk clients and structures
assign and document a risk rating for each client and service relationship
apply enhanced due diligence for higher risk clients, structures and jurisdictions
perform ongoing CDD so that ownership and control information remains current.
Monitoring and reporting
Trust and company service providers will be required to:
monitor customer relationships and services for unusual or suspicious activity
investigate red flags and document decisions
submit Suspicious Matter Reports (SMRs) where there is suspicion of ML/TF/PF or other serious offences
submit Threshold Transaction Reports (TTRs) for qualifying cash transactions, if relevant
comply with international funds transfer and cross border movement reporting where applicable.
Record keeping, training and independent review
You must also:
keep records of CDD, services provided, SMRs, TTRs and your AML/CTF program for at least the prescribed retention period
provide AML/CTF risk awareness training for staff who interact with clients, design structures or approve services
ensure independent evaluation of your AML/CTF program on a risk based cycle.
ML/TF/PF red flags for trust and company service providers
AUSTRAC’s reform risk insights and indicators for Tranche 2 entities, together with the national risk assessment, highlight a set of recurring ML/TF risk themes for TCSPs.
It is useful to group these red flags into four areas which mirror other sector guidance: kinds of clients, services, delivery channels and jurisdictions.
Client profile red flags
You should be alert where:
a client cannot clearly explain their source of wealth or provides vague or inconsistent stories
the beneficial ownership chain appears deliberately complex with no obvious commercial reason
the client has negative media involving fraud, tax evasion, corruption or organised crime
the client seeks nominee or trustee services where they remain hidden but retain effective control
the client is a politically exposed person (PEP) or closely linked party and wants to route assets through multiple layers.
Service and structure red flags
Risk is heightened when:
you are asked to create multiple companies or trusts in quick succession with similar names or purposes
the structure appears designed primarily to obscure ownership rather than support a real business or family need
there is frequent amendment of trust deeds or company constitutions in ways that reduce transparency
you are asked to provide nominee directors or shareholders who are not expected to exercise real control
entities are dormant or have no discernible economic activity despite complex arrangements.
Delivery channel red flags
Concerns increase where:
you onboard clients entirely through intermediaries and never interact directly with the underlying principals
instructions come from unrelated email domains, encrypted messaging apps or constantly changing contact points
clients resist video calls or other simple attempts to verify identity and control.
Jurisdiction and transaction red flags
You should pay close attention if:
structures involve secrecy jurisdictions or countries with weak AML regimes
assets or income streams are routed through multiple cross border layers with no clear tax or business driver
there are connections to regions of conflict, sanctions or proliferation concern
funds arrive from or are sent to accounts which appear unrelated to the underlying business or trust.AUSTRAC+2AUSTRAC+2
These indicators should be built into your AML/CTF program, CDD questionnaires and escalation procedures so that staff know when to slow down and seek advice.
Best practices for TCSPs under Tranche 2
To make Tranche 2 for trust and company service providers work in practice, you need more than a policy document. You need a risk based framework that fits the way you already work.
Start with a structured risk assessment
Use AUSTRAC’s reform guidance on ML/TF risk assessment and the national risk assessment on trusts and companies as your base.
Map out:
your client segments and the risk of each
your service lines, from simple company incorporations to complex trust and SPV structures
your exposure to high risk sectors and jurisdictions
your typical transaction patterns and payment flows.
This risk picture should drive customer risk ratings, CDD intensity and the design of transaction monitoring.
Build your AML/CTF program around your service lifecycle
Rather than bolting AML on at the side, align controls with the way you already deliver trust and company services. For example:
Initial enquiry and scoping
You decide if the proposed structure is within your risk appetite and whether it appears legitimate.Onboarding and CDD
You collect information on identity, ownership, control, purpose of the structure and source of funds or wealth.Formation and implementation
You review whether the implemented structure matches the original risk profile and whether any red flags have emerged.Ongoing administration and review
You monitor changes in ownership, control, asset mix and jurisdiction and refresh CDD when risk changes.
This makes the AML/CTF program a living framework rather than a static manual.
Take beneficial ownership seriously
Poor transparency of trusts and companies is a recurring concern in AUSTRAC’s risk work.
Practical steps include:
mapping ownership and control using AUSTRAC’s “determining ownership and control structures” guidance
using clear diagrams to show ultimate beneficial owners
documenting controllers as well as legal owners, particularly where nominees are involved
building rules about when you will and will not act in nominee roles.
Integrate sanctions, PEP and adverse media screening
Given the cross border nature of many TCSP clients, robust screening is essential. Align your approach with AUSTRAC guidance on PEPs, targeted financial sanctions and high risk countries.
At a minimum, you should:
screen clients, beneficial owners and key controllers at onboarding
re screen periodically and when circumstances change
document how you respond to matches and potential matches.
Use outsourcing and RegTech intelligently
You can outsource functions but not responsibility. AUSTRAC’s guidance on using outsourcing to help meet your AML/CTF obligations explains how to manage these arrangements.
For many TCSPs, cost effective solutions include:
electronic CDD and beneficial ownership tools
structured onboarding forms that feed data into practice management systems
workflow tools that capture SMR decision making.
Challenges in implementing Tranche 2 for trust and company service providers
Complex structures and global clients
Your business is built on complexity. Clients value your ability to design and maintain multi jurisdictional structures. That same complexity makes it difficult to standardise AML controls and keep ownership information up to date.
Culture and independence
TCSPs often sit close to tax, legal and advisory functions. This can create tension between commercial objectives and AML obligations, especially when high fee structures raise red flags. AUSTRAC’s 2025–26 priorities emphasise a shift towards focus on substantive risks and harms, not just technical compliance, which heightens this challenge.
Data quality and record keeping
Many providers still rely on fragmented spreadsheets, shared drives and legacy practice systems. This makes it hard to demonstrate a clear audit trail from initial CDD through to ongoing monitoring and reporting.
Interpreting overlapping regimes
TCSPs may already be licensed or supervised under corporate, tax or professional conduct regimes. Aligning those duties with Tranche 2 AML/CTF requirements and managing issues such as legal privilege and privacy can be complex.
How Tranche 2 consultants can help trust and company service providers
This article sits on the blog of a firm that focuses on AML/CTF for Tranche 2 entities, including TCSPs. Our job is to help you turn dense reform text into clear, manageable steps.
Typical support for Tranche 2 for trust and company service providers includes:
Scoping and readiness review
Mapping your services against AUSTRAC’s Professional services (Reform) and New industries and services to be regulated (Reform) guidance.
Confirming which parts of your business are in scope as reporting entities.
Highlighting priority gaps and early no regret improvements.
ML/TF/PF risk assessment and appetite
Conducting or refining your risk assessment using AUSTRAC’s reform guidance and national risk assessment insights.
Defining your risk appetite for client types, jurisdictions, structures and services.
Designing practical risk rating methods that work in day to day operations.
AML/CTF program design
Drafting a tailored AML/CTF program covering governance, CDD, monitoring, reporting, training and record keeping.
Aligning policies with your existing client and entity lifecycle.
Creating templates, checklists and standard operating procedures for staff.
Beneficial ownership and structure transparency
Designing frameworks and tools to capture and maintain ownership and control data.
Advising on when to accept or decline nominee roles.
Aligning your approach with AUSTRAC’s expectations on transparency and beneficial ownership.
Technology enablement and outsourcing
Helping you choose and implement proportionate RegTech solutions.
Supporting outsourcing arrangements so that they comply with AUSTRAC’s outsourcing guidance.
Training, culture and independent review
Delivering targeted training for directors, senior management and client facing teams.
Supporting independent evaluations of your AML/CTF program.
Preparing you for AUSTRAC supervisory engagement and future reform updates.
"AUSTRAC is not asking TCSPs to abandon commercial judgement. It is asking for that judgement to be documented, risk-based and defensible, particularly where nominee roles, complex ownership chains or cross-border structures are involved."
FAQs on Tranche 2 for trust and company service providers
1. What is Tranche 2 for trust and company service providers in Australia?
Tranche 2 for trust and company service providers is the expansion of Australia’s AML/CTF regime to cover certain professional and corporate services that involve forming, managing or providing key roles to companies and trusts. These services will become designated services from 1 July 2026, which means TCSPs that provide them with a link to Australia become reporting entities regulated by AUSTRAC.
2. Which trust and company services will be captured by Tranche 2?
Although you should rely on AUSTRAC’s Professional services (Reform) guidance for exact definitions, Tranche 2 typically covers services such as forming companies, establishing and administering trusts, providing registered office addresses, acting as or arranging directors, secretaries or trustees, and selling or transferring shelf companies.
3. When do AML/CTF obligations start for TCSPs?
TCSP AML/CTF obligations under Tranche 2 are scheduled to commence on 1 July 2026. AUSTRAC expects newly regulated entities, including trust and company service providers, to enrol via AUSTRAC Online within 28 days of first providing a designated service, with enrolment windows described in the Find out when to enrol and register (Reform) guidance.
4. What AML/CTF obligations will apply to trust and company service providers?
Under Tranche 2 for trust and company service providers, in scope businesses must enrol with AUSTRAC, carry out a documented ML/TF and PF risk assessment, maintain a written AML/CTF program, perform customer due diligence and enhanced due diligence, monitor relationships and services, submit SMRs and any applicable TTRs or international transfer reports, keep records, train staff and arrange independent evaluations of their program.
5. Why are TCSPs seen as high risk for money laundering and terrorism financing?
AUSTRAC’s national risk assessment and other guidance highlight poor transparency of trusts and companies as a major money laundering vulnerability. TCSPs can create complex ownership chains, nominee roles and cross border structures that obscure the true beneficial owners and controllers of assets. Criminals and corrupt officials exploit these features to hide proceeds of crime or move funds offshore.
6. What are the main red flags for TCSPs under Tranche 2?
Red flags for TCSP AML/CTF compliance include clients who cannot explain their source of wealth, structures that serve no clear business or family purpose, frequent use of nominees, reliance on secrecy jurisdictions, unexplained cross border flows and resistance to basic due diligence checks. AUSTRAC’s Risks and indicators of suspicious activity (Reform) hub and professional services guidance provide indicator lists that TCSPs should build into their monitoring and escalation processes.
7. Do small trust and company service providers still need a full AML/CTF program?
Yes. All in scope businesses must have an AML/CTF program once they provide designated services, even if they are small. AUSTRAC allows proportionality, which means a modest TCSP can use a simpler framework, but it must still cover risk assessment, customer due diligence, monitoring, reporting, training and record keeping in a way that is effective for the business.
8. How can Tranche 2 consultants help with TCSP AML/CTF compliance?
Specialist Tranche 2 consultants for trust and company service providers help by mapping your service offerings to AUSTRAC’s designated services, completing risk assessments, designing and documenting AML/CTF programs, building beneficial ownership and CDD frameworks, advising on sanctions and PEP screening, choosing suitable RegTech tools, training staff and supporting independent program reviews. This gives you confidence that your TCSP AML obligations are met while you continue to deliver high quality corporate and trust services.
