What is Tranche 2 AML/CTF reform in Australia?

Tranche 2 expands Australia's AML/CTF regulations to gatekeeper professions — real estate agents, lawyers, accountants, conveyancers, and TCSPs — with compliance obligations starting 1 July 2026. These businesses must enrol with AUSTRAC, implement AML/CTF programs, conduct customer due diligence, and submit suspicious matter reports.

Who needs AML compliance software in Australia?

Under Tranche 2, AML compliance software is needed by real estate agencies, law firms, conveyancing practices, accounting firms, trust and company service providers (TCSPs), and other gatekeeper professions that must comply with AUSTRAC regulations from July 2026.

What KYC checks are required for AML compliance?

Required KYC checks include: identity document verification (passport, driver's licence), biometric face matching, PEP and sanctions screening, proof of address verification (council rates, water bill, strata bill), source of wealth documentation, and ongoing monitoring of business relationships.

What is an SMR (Suspicious Matter Report)?

A Suspicious Matter Report (SMR) is a mandatory report to AUSTRAC when a reporting entity suspects a person may be involved in money laundering, terrorism financing, or other criminal activity. SMRs must be submitted within 24 hours under the AML/CTF Act 2006.

How does AML Workflow use AI?

AML Workflow uses Anthropic's Claude AI models for four key functions: PEP disambiguation (Haiku 4.5), risk assessment generation (Sonnet 4.6), enhanced due diligence analysis (Opus 4.6), and SMR drafting assistance. All AI outputs are marked as drafts requiring human review — the platform never auto-decides compliance outcomes.

Implementing an Effective AML Program: A Step-by-Step Guide for Australian Businesses

Building an effective AML/CTF program — step-by-step guide for Australian businesses

Creating an effective AML program is crucial for Tranche 2 compliance. It acts as a shield against financial crime, strengthens trust with regulators and customers, and is a legal requirement before providing any designated service.

The Core Components of an AML/CTF Program

Under the AML/CTF Act, every reporting entity's program has two parts:

Part A: ML/TF Risk Assessment — identifying and assessing the money laundering and terrorism financing risks your business faces
Part B: Policies, Procedures, Systems and Controls — the operational measures to mitigate those identified risks

Step 1: Know Your Customer (KYC)

Customer Due Diligence (CDD) forms the bedrock of any AML program. KYC practices help verify the identity of clients and assess associated risks before you provide services:

Collect and verify identity documents (passport, driver licence, ASIC extract)
Identify beneficial owners behind corporate entities and trust structures
Apply Simplified CDD for low-risk customers where permitted
Escalate to Enhanced CDD (ECDD) for high-risk scenarios — foreign PEPs, complex structures, high-risk jurisdictions

Step 2: Transaction Monitoring

Ongoing monitoring of customer transactions is equally vital. This involves tracking financial activities for suspicious patterns and unusual behaviour:

Deploy automated systems to flag transactions that deviate from expected patterns
Investigate flagged transactions promptly and document findings
Adjust customer risk ratings based on monitoring outcomes

Step 3: Staff Training

An AML program is only as strong as the people implementing it. Regular training ensures that staff understand their roles in preventing money laundering:

Conduct onboarding AML training for all new staff
Run refresher training at least annually
Provide role-specific training for AMLCO, senior management, and front-line staff
Keep training records for regulatory review

Step 4: Suspicious Matter Reporting

Businesses must report suspicious activities to AUSTRAC promptly. Prompt reporting supports the wider financial crime prevention effort:

Establish clear internal escalation procedures
Train staff to recognise "reasonable grounds for suspicion"
Submit SMRs within statutory timeframes (24 hours for terrorism financing, 3 business days otherwise)
Never tip off the customer about the SMR submission

Step 5: Independent Review and Audit

AUSTRAC expects reporting entities to regularly test the effectiveness of their AML programs:

Conduct independent reviews of your AML/CTF program at regular intervals
Document findings, recommendations, and remediation actions
Report material program weaknesses to the governing body

Building a Culture of Compliance

Strong AML programs are rooted in a culture of compliance, supported by leadership commitment. They adapt to regulatory changes and leverage technology, ensuring operational efficiency while meeting obligations. In the Tranche 2 era, compliance is not a cost centre — it is a strategic asset that builds trust with clients and regulators alike.