ARTICLE
17 July 2026

Incoming AML/CTF Changes: Are You Ready?

K
Kennedys

Contributor

Our lawyers handle both contentious and non-contentious matters, and provide a range of specialist legal services, for many industry sectors including insurance and reinsurance, aviation, banking and finance, construction and engineering, healthcare, life sciences, marine, public sector, rail, real estate, retail, shipping and international trade, sport and leisure, transport and logistics and travel and tourism. But we have particular expertise in litigation and dispute resolution, especially in defending insurance and liability claims.
Law firms, real estate agents, property developers, conveyancers, accountants, trust and company service providers and precious commodities dealers (Tranche 2 entities), will need to comply with reporting entity obligations under the Anti-Money Laundering/ Counter-Terrorism Financing 2006 (Cth) (AML/CTF Act) from 1 July 2026. They will also need to enrol with AUSTRAC by 29 June 2026.
Australia Insurance
Llinos Kent’s articles from Kennedys are most popular:
  • in United States
Kennedys are most popular:
  • within Media, Telecoms, IT, Entertainment and Transport topic(s)

This article was co-authored by Jericha De Vera, Law Graduate. Originally published 04/05/2026.

Key takeaways

  • Law firms, real estate agents, property developers, conveyancers, accountants, trust and company service providers and precious commodities dealers (Tranche 2 entities), will need to comply with reporting entity obligations under the Anti-Money Laundering/ Counter-Terrorism Financing 2006 (Cth) (AML/CTF Act) from 1 July 2026. They will also need to enrol with AUSTRAC by 29 June 2026.
  • Tranche 2 entities will be required to comply with the obligations set out under the AML/CTF Act including specified record keeping and reporting obligations as well as the implementation of a AML/CTF program aimed at minimising an entity’s risk exposure to AML/CTF activities and use of its services and or products to facilitate same.
  • Failure to comply with these obligations could result in significant civil penalty orders and other means of enforcement available to AUSTRAC.

AML/CTF reforms

From 1 July 2026, additional designated service providers will be subject to obligations set out by the AML/CTF Act. This includes procedural, record-keeping and reporting obligations as required under the Act. These new AML/CTF changes are aimed at ensuring that Australia’s AML/CTF regime is strengthened and meets international standards, as set by the Financial Action Task Force (FATF).1 

The reforms are expected to capture tens and thousands of additional businesses into the regulatory net, so service providers who expect to be subject to the new reforms should begin preparing now rather than waiting for the commencement date.

Who are Tranche 2 entities?

The expanded ‘designated services’ includes real estate agents and property developers, dealers in precious stones, metals and products (e.g. jewellers), lawyers, conveyancers, accountants and trust and company service providers will now be regulated under AML/CTF law.2 The expansion may also capture businesses who provide the above services and have a geographical link to Australia.3 

See the below chart to determine whether your business is now considered a Tranche 2 entity:

1818402a.jpg

For example, a boutique law firm specialising in property transactions and conveyancing is a Tranche 2 entity even if that firm is a sole practitioner. AUSTRAC’s educational resources regarding the reforms here are a helpful reference point and includes a risk assessment and customer due diligence webinars . The Law Society of NSW has also released an AML/CTF implementation guide to help sole practitioners and small practices navigate the new requirements.4

Compliance for newly regulated entities: a go-to cheat sheet 

Steps for Tranche 2 entities to follow to assist with AML/CTF compliance include:

  1. Enrol with AUSTRAC – enrolment with AUSTRAC will open be for Tranche 2 entities from 31 March 2026 and must be completed by 29 July 2026.
  2. Appoint an AML/CTF officer – the AML/CTF compliance officer must be at management level. They will be required to ensure compliance with the provider’s AML/CTF obligations. For sole traders and or SMEs, this will likely be the owner/principal of the business or someone in senior management
  3. Assess and Prepare – consider what policies, procedures and controls your business can implement to appropriately address the risk of money-laundering and terrorism financing exploitation. This will be dependent on the nature and size of your business but will generally include conducting initial customer due diligence prior to the provision of services. Your appointed AML/CTF officer will be responsible for this. Ensure that your assessment is predicated on a risk-based approach: consider what your likely business’ risk exposure is, considering the size and nature of it.
  4. Create an AML/CTF Program – after you have considered the above, start creating your business’ AML/CTF Program. You will also need to consider whether your business requires a standard AML/CTF program5 (if it is an individual operating provider) or joint program6 (if it is a member of a designated business group). The program is a written record of how your business will implement those policies, procedures and controls to minimise the risk of AML/CTF affecting your services and or products. The program must have two parts: Part A - the processes and procedures your business will adopt in order to identify, mitigate and manage AML/CTF risks that your business may encounter; and Part B – procedures to identify customers and beneficial owners including politically exposed persons (PEPs) and verify their identities.7 AUSTRAC has provided resources to assist with guiding your business in the right direction. Note that Part A will need to be reviewed regularly by an independent assessor.8 For legal practitioners, the key challenge will be building a compliant program that is also proportionate, workable and consistent with duties of confidentiality, privilege and professional conduct. Firms must urgently review policies, systems, training and governance well before commencement, building proactive risk management with defined senior responsibility.
  5. Keep Records – providers, as a part of their obligations, are required to maintain full and accurate records related to transactions, customer identification procedures and its AML/CTF program, either as hard or electronic copies stored at the premises or offsite which can be retrieved and audited.9 AUSTRAC has set out here, what documents are required, and not required, for these purposes.
  6. Report – Reporting entities have an ongoing obligation to report potentially at-risk or suspicious transfers. This includes:10
    1. Threshold Transaction Report - for transfers of AU$10,000 or greater in cash. The report must be submitted within 10 business days after the date of the transaction.
    2. International Funds Transfer Instruction Reports – for transfers made into or out of Australia that are either in electronic form or under a designated remittance arrangement. This report is due within 10 business days after the transaction instruction is sent or received.
    3. Suspicious Matter Reports – for circumstances where a provider develops a suspicion that a customer or transaction involves criminal activity. This needs to be reported within 24 hours of developing the suspicion if it concerns terrorism financial and 3 business days for other matters.
  7. Providers may also be required to submit compliance reports with AUSTRAC or Cross Border Movement Reports where there is physical transportation of currency over borders (into or out of Australia) of AU$10,000 or more.

>

Consequences for non-compliance

Non-compliance can see providers issued with civil penalty orders11 or any other enforcement action within AUSTRAC’s authority. An entity (body corporate) might be ordered to pay a penalty of up to 100,000 penalty units (c $33m) or 20,000 penalty units (c $6.6m) for persons other than a body corporate 12 Historically, AUSTRAC has obtained significant civil penalty orders for non-compliance with AML/CTF laws against a number of entities for non-compliance with AML/CTF obligations; in 2024,  penalty of $67m was awarded against SkyCity Adelaide.13 Other action can include enforceable undertakings, infringement notices and remedial directions.14

Where, Professional Indemnity Insurance (PII) policy will not generally indemnify a civil penalty is imposed against an entity. In the case where a director or officer of a company is imposed with the civil penalty, there are some instances where Directors & Officers (D&O) insurance cover such penalties. However, there have been instances where Courts have issued non-indemnification orders despite coverage being available under the D&O insurance at hand. In BlueScope,15 where a company executive was issued a penalty for the company’s conduct (the company was separately fined too) for his role in the contravening conduct, the Court handed down a non-indemnification order to prevent the executive from being granted indemnity under the company’s D&O insurance.

Conclusion

The AML/CTF changes will see a significant increase in the entities regulated by AUSTRAC. It is important to understand whether an entity falls within this new category of designated service providers to ensure compliance. AUSTRAC have detailed guides and website resources available to assist newly regulated business make sure they are compliant with their AML/CTF obligations. Tranche 2 entities will need to make sure they have appointed an AML/CTF compliance officer and implemented a two-part AML/CTF written program as required under the legislation.

In the case of company directors and officers, it is crucial that such personnel adequately familiarise themselves with these reforms (including the obligations which arise from same) and ensure that company procedures and policies are compliant with these changes. As civil penalties under the AML/CTF Act can be imposed against an individual, as well as their company. Entities and individual directors and officers should take care to understand the scope of the insurance cover available and speak with their broker is there are any concerns.

Footnotes

1 Explanatory Memorandum for the Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2024.

https://www.austrac.gov.au/amlctf-reform/check-if-you-may-be-regulated-reform.

3  Ibid.

4 To access the guide, practitioners will need their LawID).

5 See s 84 of the AML/CTF Act.

6 See s 85 of the AML/CTF Act.  

7 See ss 88 to 91 of the AML/CTF Act.

8 Part 8.6 of AML/CTF Rules Instrument 2007 (No. 1) made under s 229 of the AML/CTF Act.

9 See Part 7, Division 3 of the AML/CTF Act in respect of record-keeping obligations.

10  https://www.austrac.gov.au/business/core-guidance/reporting.

11 See S 175 of the AML/CTF Act.

12  Penalty unit being $330 (on or after 7 November 2024). See https://www.austrac.gov.au/business/core-guidance/consequences-not-complying.

13 CEO of AUSTRAC v SkyCity Adelaide Pty Ltd [2024] FCA 664. In this case, it was found that SkyCity, a casino, had contravened ss 36(1) and 81(1) of the AML/CTF Act, in failing to implement an appropriate AML/CTF program and carry out sufficient customer due diligence.

14 Ibid.

15 BlueScope Steel Limited v Australian Competition and Consumer Commission [2025] FCAFC 118.

Originally published 04/05/2026.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More