Australia’s AML/CTF Tranche 2 Reforms

Why Tranche 2 reforms are happening

Australia’s AML/CTF regime has long covered banks, casinos, remitters, digital currency exchanges and bullion dealers. However, FATF and domestic reviews have repeatedly highlighted a major gap in coverage of “gatekeeper” professions such as lawyers, accountants and real estate professionals, which criminals use to move and hide illicit wealth. 

Several developments brought us to the current reforms.

• A statutory review of the AML/CTF Act and associated Rules recommended expanding the regime and making it more risk based and outcomes focused. 

• A Senate inquiry into the adequacy and effectiveness of Australia’s AML/CTF regime endorsed bringing lawyers, accountants, real estate and similar professions into scope. 

• Consultation rounds in 2023 and 2024 collected feedback from affected industries and helped shape the final design of the new law and rules. 

The result is the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 and a package of new and updated AML/CTF Rules that extend the regime to Tranche 2 and modernise obligations for all reporting entities.

What the Amendment Act actually does

The Amendment Act has three broad aims.

Extend the regime to additional high risk services.
The Act brings real estate, dealers in precious metals and stones, professional service providers such as lawyers, conveyancers, accountants and trust and company service providers into the AML/CTF regime when they offer specified designated services. 

1. Modernise the regulatory framework.
   It updates concepts around value transfer, the travel rule and digital assets, and introduces a simplified value transfer chain to capture money, virtual assets and property. 

2. Make obligations more risk based and outcomes focused.
   It replaces prescriptive tick box requirements with expectations that each reporting entity understands its own ML/TF and proliferation financing risks and designs an effective AML/CTF program around them.

3. In practice, this means Tranche 2 businesses must stop thinking of AML as an occasional identity check and start treating it as a structured risk management discipline that sits alongside professional ethics and regulatory duties.

Who is in Tranche 2 and what “designated services” mean

AUSTRAC regulates services, not job titles. You are caught if you provide a designated service that has a geographical link to Australia. 

Under the reforms, Tranche 2 covers the following broad groups. 

Real estate sector

If you work in real estate, you are likely to provide a designated service where you broker the sale, purchase or transfer of real estate as part of a business, whether or not there is monetary consideration. Both buyer and seller are your customers for AML/CTF purposes. 

AUSTRAC’s Real estate services (Reform) page explains how the definition of real estate and designated services apply, including clarifying that only leases longer than 30 years fall within scope. 

Dealers in precious metals, stones and related products

Dealers in gold, diamonds, jewellery and similar products are in scope where they provide certain high risk services, for example high value trading or dealing in precious metals and stones for investment or wealth storage purposes. AUSTRAC has separate reform guidance for precious metals, stones and products services. 

Professional services: lawyers, conveyancers, accountants and TCSPs

The professional services group is far broader than traditional financial services. It includes lawyers, conveyancers, accountants and trust and company service providers where they carry out services such as:

• Managing client money, client accounts or trust money.

• Creating, operating or managing companies, trusts or similar structures.

• Acting as or arranging for another person to act as a director, secretary, trustee or similar office holder.

• Helping plan or execute the sale, purchase or transfer of real estate as part of legal or conveyancing work. 

In other words, if your practice facilitates how client money and ownership structures move around, you are very likely to be performing designated services.

Timelines and reform milestones to 2026

The reforms are being phased in rather than switched on overnight. AUSTRAC’s AML/CTF Reform hub sets out the key milestones. 

Key dates for Tranche 2 are as follows. 

• Now to early 2026
  AUSTRAC is publishing detailed sector guidance, including “before you start” material and risk insight pages for accountants, legal professionals, real estate and dealers in precious metals and stones. 

• From 31 March 2026
  Newly regulated Tranche 2 entities can start to enrol with AUSTRAC, which is a prerequisite for providing designated services lawfully. 

• From 1 July 2026
  If you are providing an in scope designated service and it has a geographical link to Australia, you must comply with the AML/CTF Act and Rules from this date. That means you must have enrolled, assessed your ML/TF and PF risk, implemented an AML/CTF program and started applying customer due diligence and reporting obligations. 

• Beyond 2026
  AUSTRAC’s regulatory expectations and priorities for 2025–26 make clear that the focus will be on uplift, education and risk based supervision, but also that poor or wilfully non-compliant behaviour will attract stronger responses. 

The message is simple. You have time, but not enough to leave this until the last quarter. For many practices, this is an 18 to 24 month change programme, not a single policy update.

Core AML/CTF obligations for Tranche 2 entities

AUSTRAC’s Summary of AML/CTF obligations for tranche 2 entities sets out the main obligations. 

At a high level, Tranche 2 businesses must comply with the following requirements.

Enrol and, where required, register with AUSTRAC

Every reporting entity must enrol with AUSTRAC before providing designated services. Some businesses, such as remittance or virtual asset service providers, must also register. AUSTRAC’s “Enrol with us (Reform)” guidance explains the process step by step. 

Conduct and maintain an ML/TF and PF risk assessment

The Amendment Act introduces a clear requirement for each reporting entity to conduct, document and keep up to date a money laundering, terrorism financing and proliferation financing risk assessment. 

Your risk assessment must:

• Consider the nature, size and complexity of your business.

• Take into account the types of customers you serve, the designated services you offer, how you deliver them and the jurisdictions you deal with.

• Reflect relevant risks identified by AUSTRAC, such as those set out in its risk insights and sector guidance. 

AUSTRAC’s Step 2: Identify and assess your risks (Reform) shows how to approach this in a structured manner. 

Develop and implement an AML/CTF program

The old Part A and Part B program structure is being replaced with an outcomes based AML/CTF program requirement.

Your AML/CTF program must:

• Set out your governance framework, including the governing body, senior manager and AML/CTF compliance officer responsibilities. 

• Describe how you identify, mitigate and manage your ML/TF and PF risks, based on your risk assessment.

• Include policies, procedures and controls for customer due diligence, ongoing monitoring, reporting, record keeping and staff training. 

• Provide for regular review and update, and an independent evaluation of the program at appropriate intervals. 

AUSTRAC’s Your AML/CTF program (Reform) and related governance and record keeping pages offer detailed guidance on what a good program looks like. 

Customer due diligence (CDD) and ongoing monitoring

The Amendment Act creates an outcomes based customer due diligence framework centred on initial CDD before you provide a designated service and ongoing CDD throughout the relationship. 

You must:

• Collect and verify information to identify your customer and certain associated persons, using reliable and independent documentation or electronic data.

• Understand the nature and purpose of the relationship and the risks associated with providing your services to that customer.

• Assign a customer risk rating and use it to shape the level of monitoring and due diligence. 

• Apply enhanced CDD where higher risks are present such as complex structures, higher risk jurisdictions, PEPs or unusual activity. 

• Monitor transactions and behaviour to identify unusual patterns and respond appropriately, including reviewing customer information and filing suspicious matter reports where necessary. 

AUSTRAC provides reform guidance on initial customer due diligence and ongoing customer due diligence, including practical examples. 

Reporting to AUSTRAC

Tranche 2 entities will have to submit specific reports to AUSTRAC, via AUSTRAC Online, within prescribed timeframes. These include:

Suspicious matter reports where you suspect on reasonable grounds that a person or transaction relates to crime, ML/TF or other offences.

• Threshold transaction reports for cash transactions of ten thousand dollars or more.

• International funds transfer instruction reports where your business sends or receives funds across borders.

• Cross border movement reports for certain physical movements of currency and bearer negotiable instruments.

• Annual compliance reports, which give AUSTRAC a snapshot of your compliance posture.

AUSTRAC’s Reporting to AUSTRAC (Reform) and Suspicious matter reports (Reform) pages provide the detail.

Record keeping and staff training

You must keep specified records for minimum periods, including customer identification records, transaction records, risk assessments, program documents and training materials. 

You must also identify which roles require personnel due diligence and AML/CTF training and ensure staff receive appropriate and regular training tailored to their responsibilities. 

Sector-specific risk themes AUSTRAC wants you to understand

An important part of Tranche 2 is that AUSTRAC is telling you, clearly, the risk behaviours it expects you to watch for. In October 2025 it released a series of “risk insights and indicators of suspicious activity” pages for key Tranche 2 sectors. 

These resources include:

• Risk insights and indicators of suspicious activity for accountants. 

• Risk insights and indicators of suspicious activity for legal professionals. 

• Risk insights and indicators of suspicious activity for the real estate sector. 

• Risk insights and indicators of suspicious activity for dealers in precious stones, metals and other products. 

To give a flavour:

• For accountants, AUSTRAC highlights clients with high value assets but no clear funding source, repeated unexplained changes of instructions, and activity that does not match the client’s stated financial position or business profile.

• For legal professionals, indicators include clients using complex structures with no genuine commercial reason, requests to act as a nominee owner and resistance to standard due diligence questions.

• For real estate, AUSTRAC points to rapid buy-sell cycles, unexplained cash payments, use of third party payers and buyers, and property transactions that are inconsistent with the client’s profile. 

• For dealers in precious metals and stones, red flags include repeated high value purchases in cash or using third parties, reluctance to provide identification and structuring purchases to avoid thresholds. 

These risk pages are essential reading and should feed directly into your ML/TF and PF risk assessment and transaction monitoring scenarios.

Practical challenges Tranche 2 businesses will face

Moving from a professional ethics mindset to a regulated AML/CTF regime is not just a matter of adding a few extra clauses to your engagement letters. Common challenges include the following.

1. Culture and mindset shift.
   Many professional firms see themselves as advisers, not gatekeepers. Bringing partners and staff to a point where they accept and live a risk based AML/CTF culture will require steady leadership and clear messaging.

2. Legacy systems and fragmented data.
   Real estate agencies, law firms and accounting practices often run multiple systems for practice management, trust accounting and CRM. Aligning these with AML/CTF data needs, or integrating them with RegTech tools, can be technically and commercially demanding.

3. Beneficial ownership and complex structures.
   Lawyers, accountants and TCSPs routinely deal with layered companies, trusts and cross border structures. Working out beneficial ownership in a consistent, documented way and evidencing that work for AUSTRAC is a non-trivial task.

4. Client experience and commercial friction.
   Existing clients may react badly to being asked for identification or source of funds information when they have dealt with your firm for years. Firms need carefully crafted communications to explain why AML/CTF checks are now mandatory.

5. Resource constraints in small and medium practices.
   Sole practitioners and small partnerships may lack in-house risk or compliance teams. They still need to meet the same obligations as larger firms, adjusted for their size and risk.

6. Consistency across networks and franchises.
   Real estate franchise networks and professional associations will need to decide how far they will drive a common standard and how far each office or firm will design its own program.

Recognising these challenges early in your project plan helps you avoid rushed decisions and patchy controls.

Best practice roadmap to Tranche 2 readiness

To keep this manageable, treat Tranche 2 readiness as a structured programme rather than a one-off project. A practical roadmap could look like this.

1. Confirm whether you are in scope.
   Work through AUSTRAC’s Check if you may be regulated (Reform) tool and the New industries and services to be regulated guidance to identify which parts of your business provide designated services. 

2. Map your services, products and client journeys.
   For each potential designated service, map how clients come to you, how you onboard them, how you handle funds or ownership changes and which systems and staff are involved.

3. Perform a formal ML/TF and PF risk assessment.
   Use AUSTRAC’s risk insight pages to identify how criminals might exploit your services, who might use you, and what their behaviour would look like. Document your risk methodology and ensure it considers customers, services, delivery channels and jurisdictions as required by the Amendment Act. 

4. Design an AML/CTF program that fits your business.
   Build your program around AUSTRAC’s Develop your AML/CTF program (Reform) guidance, tailoring governance, risk controls, CDD and monitoring to your practice size, service mix and risk profile. 

5. Select and implement enabling technology.
   Decide whether you will use manual processes, in-house tools or external RegTech or AML software. The choice must support robust KYC, screening, risk scoring, monitoring and reporting without overwhelming your staff. AUSTRAC’s pages for RegTechs and advisers give a sense of the ecosystem but do not endorse particular providers. 

6. Embed customer due diligence and ongoing monitoring into workflows.
   Redesign engagement letters, client take-on forms and file opening procedures so that identity verification and risk assessment occur before services start, except where delayed CDD is legitimately used. 

7. Develop and deliver role based staff training.
   Use AUSTRAC’s reform guidance on personnel due diligence and training to build a training plan for partners, fee earners, operations staff and support teams. Training must cover both obligations and practical red flags relevant to each role. 

8. Set up reporting and record keeping processes.
   Decide who prepares and submits SMRs, TTRs and other reports, how they will be quality checked and how you will manage AUSTRAC Online access. Align this with a record keeping framework that satisfies retention requirements. 

9. Plan an early independent review.
   Once your program has been operating for a period, arrange for an independent review as described in AUSTRAC’s AML/CTF program reform guidance. For many Tranche 2 entities, an external reviewer will be the most practical option. 

10. Stay close to AUSTRAC updates.
    Subscribe to AUSTRAC’s InBrief newsletter and monitor the What’s coming soon to help you page so that you pick up new guidance, examples and tools as they are released. 

How Tranche 2 AML/CTF consultants can help

For many firms, bringing in a specialist Tranche 2 consultant is not about outsourcing responsibility. It is about buying speed, experience and a calm external view. A seasoned AML/CTF consultant familiar with the Tranche 2 reforms can help you in several ways.

1. Interpreting the law and rules in the context of your practice.
   Consultants can translate the Amendment Act, AML/CTF Rules and AUSTRAC guidance into practical impact statements that partners and management can quickly understand.

2. Mapping designated services and scoping your obligations.
   A structured review of your service catalogue can identify which services fall in scope, which are out of scope and where you may need to modify your business model to manage risk.

3. Designing risk assessments and AML/CTF programs.
   Experienced consultants can design ML/TF and PF risk assessments and AML/CTF programs that are proportionate, clearly documented and aligned with AUSTRAC’s expectations, while still reflecting how your firm actually operates.

4. Selecting and implementing technology.
   Consultants who understand both regulation and RegTech can help you evaluate screening tools, workflow platforms and reporting solutions, and integrate them into your existing systems and processes.

5. Developing policies, procedures and templates.
   They can draft policies, playbooks, checklists and KYC templates in plain language so that staff know exactly what to do in everyday scenarios.

6. Training partners and staff.
   Tailored training sessions for senior leaders, frontline staff and operations teams can bridge the gap between legal obligations and practical behaviour. Real case scenarios from AUSTRAC risk insights help make the risks real. 

7. Supporting independent reviews and remediation.
   Consultants can conduct or support independent AML/CTF program reviews and help you address any findings methodically before they become supervisory issues.

The right consultant should not merely hand you a thick policy document. They should leave your people more confident and your systems more capable of spotting and stopping suspicious activity.

Tranche 2 FAQs

What is the main change for Tranche 2 entities?

The main change is that certain services provided by lawyers, accountants, real estate professionals, dealers in precious metals and stones and trust and company service providers will now be treated as designated services under the AML/CTF Act. Providers of those services must enrol with AUSTRAC, assess their ML/TF and PF risks and operate a compliant AML/CTF program from 1 July 2026. 

Do all lawyers and accountants fall in scope automatically?

No. The regime applies when you provide specified designated services, such as managing client money, forming companies or trusts, or brokering property transactions. Firms that do not provide those services may fall outside scope, but they should carefully work through AUSTRAC’s “Check if you may be regulated (Reform)” material before concluding that they are out. 

Do we need to wait for final AUSTRAC guidance before starting?

You do not need to wait. AUSTRAC is already publishing extensive reform guidance, including obligations summaries, risk assessment support, AML/CTF program guidance and sector specific risk insights. These materials are intended to help you start now and refine your approach as further detail emerges. 

Will AUSTRAC expect perfection from day one?

AUSTRAC’s regulatory expectations emphasise a risk based approach and a focus on serious non-compliance. It is more interested in whether you have a coherent, risk based program that you actually follow than whether every paragraph is drafted perfectly. However, ignoring the reforms or treating them as a purely paper exercise is likely to attract attention.

What should we do this quarter?

This quarter, you can sensibly:

• Confirm whether you are in scope.

• Begin mapping your services and client journeys.

• Start drafting your ML/TF and PF risk assessment.

• Identify a project sponsor or steering group.

• Engage with an AML/CTF consultant or adviser if you know you will need external support.