Australia Tranche 2: AML Hits Professional Services

For decades, Australian lawyers, accountants, and real estate agents operated in a regulatory blind spot. Banks had KYC. Crypto exchanges had KYC. The firm helping a client structure a property acquisition, move funds into a trust, or sell a commercial building worth tens of millions of dollars? Nothing.

That changes on 1 July 2026.

AUSTRAC's Tranche 2 reforms bring Australia's professional services sector under the Anti-Money Laundering and Counter-Terrorism Financing Act for the first time. Around 100,000 entities — roughly six times the existing regulated population — will become reporting entities. Most have never written an AML/CTF program, trained staff on suspicious matter reporting, or onboarded a customer through a formal identity verification workflow.

Twenty-seven days from now, that matters.

Who Is Caught by Tranche 2?

The reform targets designated non-financial businesses and professions (DNFBPs) — the category that FATF has long identified as the primary gap in global anti-money laundering frameworks. Real estate transactions, trust creation, and professional fund management have been the preferred laundering vehicle for criminal proceeds across Australia's major cities for years. Tranche 2 closes that gap.

Sector	Designated Services	Monetary Threshold
Real estate agents & conveyancers	Sale, purchase, transfer of real property	None
Lawyers & barristers	Holding client property; equity/debt financing; entity management	None
Accountants	Trust/company creation, administration, fund handling	None
Precious metals & stones dealers	Buying or selling covered goods	None
Trust and company service providers	Formation, administration, directorship services	None

The absence of a monetary threshold is deliberate. A $90,000 apartment purchase triggers the same identity verification obligation as a $90 million commercial portfolio transaction. The designated service is what matters, not the deal size.

Unlike the EU's parallel reform — the AMLR, which extends similar obligations to real estate and professional services from July 2027 — Australia's Tranche 2 applies to all professional services without sector-specific thresholds. The compliance bar is uniform and it is high.

The Five Core Obligations

1. Enrolment with AUSTRAC

AUSTRAC enrolment opened on 31 March 2026 and must be completed by 29 July 2026. Providing a designated service before enrolling is itself a contravention of the AML/CTF Act — not a technical infringement, a standalone offence with its own penalty exposure.

Critically, enrolment is the beginning of the compliance process, not the end of it. A firm that enrolls on 1 July and has no program, no KYC workflow, and no trained staff will have satisfied the administrative step while remaining substantively non-compliant.

2. A Written AML/CTF Program

Every reporting entity must have a written AML/CTF program approved by the firm's principal or board before it begins providing designated services. The program must document how the firm:

• Identifies and assesses money laundering and terrorism financing risks specific to its client base and service profile
• Verifies customer identity before providing any designated service
• Conducts ongoing customer due diligence throughout the client relationship
• Manages and reports suspicious activity

AUSTRAC will evaluate programs for substance. A template downloaded from a law society website and minimally adapted is not a defensible program. The regulator expects the risk assessment to reflect the firm's actual geographic exposure, client concentration, and transaction channels.

3. Customer Identification and Verification

Before providing a designated service, reporting entities must collect and verify prescribed identification information. For individual customers this means full name, date of birth, and residential address verified against reliable, independent sources. For entities it means ABN or ACN, registered address, and — critically — identification of the beneficial owners behind any corporate or trust structure.

This is where most firms will encounter the steepest operational challenge. An accountant who has administered a family trust for fifteen years still needs to formally map and verify the beneficial ownership chain in a format that meets AUSTRAC requirements. The informal professional familiarity that has characterised these relationships does not substitute for documented identity verification.

For a thorough understanding of what a compliant KYC process involves — from document collection through to risk-based ongoing monitoring — any firm starting from scratch should treat that as the baseline specification for its program build.

4. Suspicious Matter Reporting

When a reporting entity forms a suspicion that a transaction involves proceeds of crime or is related to terrorism financing, it must submit a suspicious matter report (SMR) to AUSTRAC within three business days. The obligation attaches when suspicion is formed — not when a transaction closes.

A real estate agent who develops a concern about a buyer's funding source during due diligence must report that suspicion even if the sale never proceeds. The reporting obligation applies to the suspicion, not the transaction.

5. Seven-Year Record Retention

All identification records, transaction records, and AML/CTF program documentation must be retained for seven years. This applies to records of transactions that did not ultimately proceed, as well as completed ones.

What Changes for Each Sector

Real Estate

Property has long been recognised as the primary mechanism for laundering criminal proceeds in Australia. Complex ownership structures, large cash-adjacent transactions, and the near-total absence of formal identity checks created an environment where due diligence was effectively optional. The Australian Criminal Intelligence Commission has repeatedly identified real estate as a principal vulnerability.

From July 2026, agents and conveyancers acting in the sale, purchase, or transfer of real property must verify every party to the transaction — including the individuals behind corporate purchasers, trust vehicles, and multi-entity structures. The real estate KYC guide covers what identification and beneficial ownership verification looks like in practice for property transactions.

Law Firms

The regulation does not capture "legal advice" as a category. It captures specific designated services: receiving, holding, controlling, or managing property when assisting clients in planning or executing a transaction; assisting clients with equity or debt financing arrangements; creating, managing, or administering companies, trusts, or other legal structures; and acting as or arranging for someone to act as a director, secretary, or equivalent officer.

Conveyancing, corporate transactions, estate administration, and trust formation are in scope. Court representation and pure legal opinion are not. Firms will need an internal framework that identifies, at intake, whether a new matter or a continuing client relationship involves a designated service — and triggers the KYC workflow at that point rather than retrospectively.

Accounting Firms

For accountants, designated services track the same underlying logic: creation and administration of legal structures, handling or directing client funds, and services that give the firm a position of control over client assets. A family trust restructure, a corporate holding company administration, or the settlement of a deceased estate all trigger obligations.

Accountants face a distinct challenge beyond initial KYC: ongoing due diligence requirements apply to continuing relationships. A firm with hundreds of long-standing trust clients will need to apply Tranche 2 requirements not just to new engagements, but to existing relationships where the designated service continues to be provided.

Penalties Are Not Theoretical

AUSTRAC has both civil penalty and criminal enforcement powers. For body corporates, maximum civil penalties run into the tens of millions of dollars per contravention. AUSTRAC publishes its enforcement outcomes publicly — a finding against a legal or accounting firm carries professional consequences with the Law Society, CPA Australia, or CA ANZ on top of any AUSTRAC sanction.

The regulator's enforcement record is not reassuring for those hoping for a soft landing. The Commonwealth Bank settlement in 2018 (AUD 700 million) and the Westpac case in 2020 (AUD 1.3 billion) demonstrated that AUSTRAC uses its powers and that size does not confer protection. The approximately 100,000 entities entering the reporting population in July 2026 should not assume that the novelty of their regulated status will attract regulatory patience.

Building Compliance Infrastructure That Scales

A sole-practitioner solicitor and a national accounting network with 500 staff face the same fundamental compliance challenge: they have never done this before. The program, the KYC workflow, the reporting infrastructure, and the training all need to be built from zero.

The traditional model — bespoke compliance consulting, manual document collection, physical identity verification, spreadsheet record-keeping — will not work at the volume Tranche 2 creates. Firms that attempt to run KYC across large client portfolios entirely through manual processes will face inconsistency between offices, unsustainable operational drag, and an inability to demonstrate program effectiveness to AUSTRAC in an enforcement context.

Automated identity verification platforms compress the implementation timeline and dramatically reduce the error rate. Electronic verification against government data sources, automated beneficial ownership capture, continuous customer monitoring, and AI-driven risk-flag escalation reduce both cost and compliance exposure. Joinble's AI-powered compliance agents are designed specifically for ongoing, autonomous identity management — not point-in-time checks that satisfy the letter of the obligation but leave firms blind between verification events.

FAQ

When does Tranche 2 start?

The Tranche 2 AML/CTF obligations commence on 1 July 2026. AUSTRAC enrolment opened on 31 March 2026 and must be completed by 29 July 2026.

What if my firm misses the enrolment deadline?

Providing a designated service without enrolling is a standalone contravention of the AML/CTF Act. AUSTRAC can issue civil penalties, and non-enrolment may be treated as an aggravating factor in any subsequent enforcement action.

Do existing client relationships need to be re-verified?

Yes. Where a firm continues to provide designated services to an existing client, Tranche 2 KYC requirements apply to that ongoing relationship. For clients involving complex structures, this will require a formal beneficial ownership mapping exercise.

Is pure legal advice or standard tax return preparation in scope?

No. The regime captures specific designated services, not professional categories as a whole. Pure legal advice, unaccompanied tax return filing, and court representation are generally out of scope. The trigger is the specific transaction or structural service, not the professional relationship.

What is a suspicious matter report and when must it be filed?

A suspicious matter report (SMR) is a formal submission to AUSTRAC that must be made within three business days of forming a suspicion that a transaction involves proceeds of crime or is connected to terrorism financing. The obligation attaches to the suspicion, not to the completion of the transaction.

How long must KYC records be kept?

All identification records, transaction records, and AML/CTF program documentation must be retained for seven years, including records relating to transactions that did not ultimately proceed.