What is Tranche 2 AML/CTF reform in Australia?

Tranche 2 expands Australia's AML/CTF regulations to gatekeeper professions — real estate agents, lawyers, accountants, conveyancers, and TCSPs — with compliance obligations starting 1 July 2026. These businesses must enrol with AUSTRAC, implement AML/CTF programs, conduct customer due diligence, and submit suspicious matter reports.

Who needs AML compliance software in Australia?

Under Tranche 2, AML compliance software is needed by real estate agencies, law firms, conveyancing practices, accounting firms, trust and company service providers (TCSPs), and other gatekeeper professions that must comply with AUSTRAC regulations from July 2026.

What KYC checks are required for AML compliance?

Required KYC checks include: identity document verification (passport, driver's licence), biometric face matching, PEP and sanctions screening, proof of address verification (council rates, water bill, strata bill), source of wealth documentation, and ongoing monitoring of business relationships.

What is an SMR (Suspicious Matter Report)?

A Suspicious Matter Report (SMR) is a mandatory report to AUSTRAC when a reporting entity suspects a person may be involved in money laundering, terrorism financing, or other criminal activity. SMRs must be submitted within 24 hours under the AML/CTF Act 2006.

How does AML Workflow use AI?

AML Workflow uses Anthropic's Claude AI models for four key functions: PEP disambiguation (Haiku 4.5), risk assessment generation (Sonnet 4.6), enhanced due diligence analysis (Opus 4.6), and SMR drafting assistance. All AI outputs are marked as drafts requiring human review — the platform never auto-decides compliance outcomes.

AML/CTF Rules and Obligations Under Tranche 2: A Complete Guide for Reporting Entities

Complete guide to AML/CTF rules and obligations for Tranche 2 reporting entities

The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) is the legislative backbone of Australia's financial crime defences. The AML/CTF Rules, made under the Act, provide the detailed operational requirements that reporting entities must follow. With Tranche 2 extending these obligations to lawyers, accountants, real estate agents, and other gatekeeper professions, understanding the Rules is no longer optional — it is a legal requirement.

The Legal Framework: Act, Rules, and Regulations

Australia's AML/CTF regime — also covered in our guide to AML compliance obligations — operates on three levels:

The AML/CTF Act 2006 — establishes the overarching legal framework, sets out obligations — requiring each entity to implement an AML/CTF program for reporting entities, and defines AUSTRAC's powers
The AML/CTF Rules — made by the AUSTRAC CEO under section 229 of the Act, these provide detailed operational requirements on how to comply with the Act. They are legally binding
The AML/CTF Regulations — made by the Governor-General, covering matters such as customer identification exceptions and correspondent banking

Breaching a Rule made under the Act carries the same penalties as breaching the Act itself. The Rules are not guidance — they are law.

The Transitional Rules for Tranche 2

Recognising that newly regulated sectors need time to build compliance capability, the government introduced AML/CTF Transitional Rules 2026. These provide a phased approach:

Reporting entities must enrol with AUSTRAC by 29 June 2026
AML/CTF programs must be in place by 1 July 2026
Customer identification and ongoing due diligence obligations apply from commencement
Certain reporting obligations (e.g., threshold transaction reports) may have extended timeframes as specified in the transitional rules

The transitional rules are designed to make the shift manageable — but they do not delay the core obligation to enrol and have an AML/CTF program.

The Core Obligations at a Glance

1. Enrolment (Section 5 of the Act)

All reporting entities must enrol with AUSTRAC via AUSTRAC Online before providing a designated service. Enrolment requires your ABN, details of your AML/CTF Compliance Officer, and a description of your designated services.

2. AML/CTF Program (Section 81–82)

Every reporting entity must develop, implement, and maintain an AML/CTF program consisting of:

Part A — ML/TF Risk Assessment identifying the risks your business faces across services, customers, channels, and countries
Part B — Policies, procedures, systems, and controls to mitigate the risks identified in Part A

The program must be approved by your governing body (board or senior management) and be subject to regular independent review.

3. Customer Due Diligence (Chapter 5–11 of the Rules)

CDD is the operational core of the AML/CTF framework. Before providing a designated service, you must:

Identify the customer (individual or entity) using reliable, independent documentation
Verify the customer's identity using government-issued ID, ASIC records, or equivalent
Identify any beneficial owners with 25% or more ownership or control
Understand the nature and purpose of the business relationship
Apply Enhanced CDD (ECDD) where the customer is a foreign PEP, located in a high-risk jurisdiction, or where the transaction is unusually complex or large

4. Ongoing Customer Due Diligence (Chapter 15–17 of the Rules)

CDD is not a one-time event. You must:

Monitor customer transactions to detect unusual or suspicious patterns
Review and update customer risk profiles as circumstances change
Re-verify customer identity when doubts arise or when a material change occurs
Conduct enhanced ongoing due diligence for high-risk customers

5. Reporting Obligations (Sections 41–45 of the Act)

Reporting entities must submit the following to AUSTRAC:

Suspicious Matter Reports (SMRs) — submit within 24 hours if terrorism financing is suspected, or within 3 business days for other ML/TF suspicion. Tipping-off offences apply — never inform the customer
Threshold Transaction Reports (TTRs) — report cash transactions of A$10,000 or more within 10 business days
International Funds Transfer Instructions (IFTIs) — report cross-border transfers of funds or property within 10 business days
Annual Compliance Reports — submit to AUSTRAC by 31 March each year detailing your compliance performance

6. Record Keeping (Section 106–114 of the Act, Chapter 8–10 of the Rules)

Records must be kept for a minimum of 7 years and be retrievable within a reasonable timeframe on AUSTRAC request. This includes:

Customer identification records and CDD documentation
Transaction records (including for transactions not reported)
AML/CTF program documents (including all versions)
Staff training records and independent review reports
Copies of all SMRs, TTRs, and IFTIs submitted

Penalties for Non-Compliance

The consequences of failing to meet AML/CTF obligations are substantial:

Individual: maximum A$6.6 million per contravention and/or imprisonment
Body corporate: maximum A$33 million per contravention
Civil penalties: enforceable undertakings, remedial directions, and infringement notices
Reputational damage: AUSTRAC enforcement actions are public and attract significant media attention

Where to Find the Official Rules

The complete AML/CTF Rules are published on the Federal Register of Legislation and AUSTRAC's website. For newly regulated businesses, AUSTRAC's "Your Obligations" page is the best starting point. The CPA Australia and Law Society factsheets are also excellent plain-English resources specifically written for Tranche 2 entities.

The key to compliance is simple in principle: know your customer, monitor for suspicious activity, report when required, and keep records. The complexity lies in doing this consistently and systematically — which is where technology platforms and professional compliance tools provide the greatest value.