Anti-money laundering and counter-terrorism financing (AML/CTF) legislation has operated in Australia since 2006. The focus of the Australian regulation has historically been on banks and financial services providers.
From July 2026, the AML/CTF law will for the first time in Australia extend to certain designated services provided by a range of service providers considered to be at high-risk for criminal exploitation.
Service providers which are covered by the new requirements and are known as ‘tranche 2 entities’ include:
- Real estate professionals including real estate agents, buyer’s agents and property developers
- Dealers in precious stones, metals and products
- Lawyers
- Conveyancers
- Accountants
- Trust and company service providers
Businesses which provide virtual asset-related services and intermediary transfer message services will also be subject to AML/CTF law.
While service providers operating in these industries are regulated in other jurisdictions they have not historically been regulated under Australian AML/CFT law. The changes are designed to bring Australian regulation into line with regulation in comparable overseas jurisdictions.
Designated services are services listed in section 6 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) which have been identified as posing a risk for money laundering, terrorism financing (ML/TF) and have a geographical link to Australia. These include a range of business activities in the financial services, bullion, gambling, remittance, virtual asset service providers, real estate, professional services and dealers in precious metals, stones and products sectors.
On 22 January 2026, AUSTRAC announced that it is working with the Department of Home Affairs to finalise transitional rules to support a smooth implementation of the AML/CTF reform for relevant entities (Transitional Rules).
This update provides an outline of key obligations under tranche 2 entities should be aware of.
What are your key AML/CTF obligations as a tranche 2 entity?
If you are a tranche 2 entity and provide designated services which have a geographical link to Australia, you are required to comply with the following obligations when providing such services:
How:
Register with AUSTRAC by providing:
(a) details about your business structure;
(b) the services your business provides;
(c) your business’s most recent financial statement;
(d) details of your business’s key personnel;
(e) your business’s contact information; and
(f) details of any criminal, civil or enforcement action relating to your business or key personnel.
When:
Existing businesses/professionals: Open from 31 March 2026 and by no later than 29 July 2026.
New businesses/professionals commencing after 1 July 2026: Within 28 days of providing a designated service.
Ongoing: If there are any changes to your enrolment details, notify AUSTRAC within 14 days of such changes.
How:
Your AML/CTF program must:
(a) comprise of 2 components:
(i) a risk assessment which identifies and assesses your business’s ML/TF and proliferation financing risks;
(ii) AML/CTF policies with procedures, systems and controls to manage your business’s ML/TF risks;
(b) be documented and approved by a senior manager of your business;
(c) be updated and reflect changes to your business and relevant ML/TF risks from time to time; and
(d) be independently reviewed every 3 years.*
When:
Ongoing from 1 July 2026.
*The independent evaluation of policies has been extended by the Transitional Rules and will be staggered at 6 months intervals starting from 1 July 2029. Each reporting entity will receive the extended deadline based on their AUSTRAC account number.
How:
Your business must:
(a) conduct personnel due diligence to ensure the person performing the AML/CTF functions in your business has the right skills, knowledge, expertise and integrity to perform the relevant functions;
(b) appoint an AML/CTF officer who manages day-to-day AML/CTF compliance and ensures relevant policies and procedures are implemented;
(c) ensure senior management approves key AML/CTF compliance decisions (including the AML/CTF program);
(d) ensure that its governing body empowers the AML/CTF officer and oversees compliance at the highest level; and
(e) must undertake staff training relating to AML/CTF obligations and compliance.
When:
Ongoing from 1 July 2026.
Details of the AML/CTF compliance officer must be provided to AUSTRAC by no later than 29 July 2026
How:
Before providing any designated services, businesses/professionals should conduct initial CDD by:
(a) identifying and verifying the client’s identity using reliable and independent documents such as passport or driver’s licences (for individuals);
(b) where the client is not an individual (such as company, association or trust), identify and verify the beneficial owners of the relevant entity;
(c) assessing the ML/TF risk profile of the client; and
(d) assessing whether the client is subject to targeted financial sanctions or a politically exposed person (being a person who holds a prominent public position in a government body or international organisation) or is a family member or close associate or such person.
Once the initial CDD has been completed, ongoing CDD should be performed including by:
(a) monitoring transactions and behaviours for suspicious activity;
(b) updating the client’s ML/TF risk profile when appropriate; and
(c) reviewing, updating and re-verifying information when required.
During initial CDD and ongoing CDD, businesses/professional should conduct enhanced CDD when:
(a) the client’s ML/TF risk is high;
(b) the business/professional is required to submit a suspicious matter report in relation to the client and intends to continue to provide a designated service to the client;
(c) the client requests a designated service involving unusual, large or complex transaction, transaction with no apparent economic/legal purpose or there is an unusual pattern of transactions; or
(d) the client is a foreign politically exposed person; or
(e) the client is located or formed in a high-risk jurisdiction.
For any existing clients which your business provides designated services before 1 July 2026, you are not required to undertake initial CDD and ongoing CDD until:
(a) you are required to file a suspicious matter report relating to the client with AUSTRAC (see reporting obligations below); or
(b) there is a significant change in the nature and purpose of the business relationship with the client which will result in the ML/TF risk profile of the client being assessed as medium or high.
When:
Ongoing from 1 July 2026.
How:
Report to AUSTRAC:
(a) any transaction or activity that appears suspicious (SMR), for example you suspect a person isn’t who they claim to be or you have information relevant to criminal activity;
(b) an individual transaction that involves cash of AUD$10,000 or more (or equivalent amount in foreign currency) (TTR); or
(c) international funds transfer instructions (IFTI) to transfer money/property into or out of Australia*; and
(d) cross-border movement transaction (CBM) that involves carrying physical currency (cash) or other monetary instruments in Australian or foreign currency valued at AUD$10,000 or more into or out of Australia; and
(e) compliance report (CR) on how your business complies with its AML/CTF obligations for the previous year.
Note: Exceptions may apply to legally privileged information.
*IFTI will be replaced by international value transfer service (IVTS) reporting post 2029 under the Transitional Rules.
When:
Ongoing from 1 July 2026 and where the reporting matter is:
(a) a SMR involving TF: within 24 hours of suspicion being formed;
(b) all other SMR: within 3 business days of suspicion being formed;
(c) a TTR: within 10 business days after the date of the transaction occurring;
Ongoing from 1 July 2026 and where the reporting matter is:
(a) a SMR involving TF: within 24 hours of suspicion being formed;
(b) all other SMR: within 3 business days of suspicion being formed;
(c) a TTR: within 10 business days after the date of the transaction occurring;
(d) an IFTI: within 10 business days after the day instruction was sent or received;
(e) a CBM: before you pass through customs when arriving or departing Australia, before a monetary instrument is sent or within 5 business days of receipt; and
(f) CR: annually between 1 January and 31 March.
How:
Make and maintain accurate business records relating to compliance with your AML/CTF obligations for up to 7 years including:
(a) your business’s AML/CTF program;
(b) CDD records;
(c) transaction records relating to designated service; and
(d) documents evidencing AML/CTF compliance such as staff training sessions.
When:
Ongoing from 1 July 2026.
With the AML/CTF law starting to apply to designated services provided by tranche 2 entities on 1 July 2026, it is important that you consider whether the AML/CTF law applies to your business and, if applicable, begin to put in place compliance procedures and processes.
If you require any advice or assistance in ensuring compliance, please contact us.
This article was written by JiaWen Poh, Senior Associate.
