What is Tranche 2 AML/CTF reform in Australia?

Tranche 2 expands Australia's AML/CTF regulations to gatekeeper professions — real estate agents, lawyers, accountants, conveyancers, and TCSPs — with compliance obligations starting 1 July 2026. These businesses must enrol with AUSTRAC, implement AML/CTF programs, conduct customer due diligence, and submit suspicious matter reports.

Who needs AML compliance software in Australia?

Under Tranche 2, AML compliance software is needed by real estate agencies, law firms, conveyancing practices, accounting firms, trust and company service providers (TCSPs), and other gatekeeper professions that must comply with AUSTRAC regulations from July 2026.

What KYC checks are required for AML compliance?

Required KYC checks include: identity document verification (passport, driver's licence), biometric face matching, PEP and sanctions screening, proof of address verification (council rates, water bill, strata bill), source of wealth documentation, and ongoing monitoring of business relationships.

What is an SMR (Suspicious Matter Report)?

A Suspicious Matter Report (SMR) is a mandatory report to AUSTRAC when a reporting entity suspects a person may be involved in money laundering, terrorism financing, or other criminal activity. SMRs must be submitted within 24 hours under the AML/CTF Act 2006.

How does AML Workflow use AI?

AML Workflow uses Anthropic's Claude AI models for four key functions: PEP disambiguation (Haiku 4.5), risk assessment generation (Sonnet 4.6), enhanced due diligence analysis (Opus 4.6), and SMR drafting assistance. All AI outputs are marked as drafts requiring human review — the platform never auto-decides compliance outcomes.

The Role of Risk Assessment in AML Compliance: A Practical Framework

ML/TF risk assessment framework — identify, assess, mitigate, monitor

Risk assessment is central to effective AML compliance. It helps institutions and businesses identify potential vulnerabilities to money laundering and terrorism financing. By understanding these risks, businesses can implement targeted, proportionate measures to mitigate them.

Why Risk Assessment Matters

Every business is unique, facing specific risks based on its structure, operations, customer base, and the services it provides. A thorough risk assessment evaluates multiple factors, enabling businesses to tailor their AML strategies — a key requirement of any effective AML/CTF program — rather than adopting generic, off-the-shelf approaches.

The Four Dimensions of ML/TF Risk

AUSTRAC requires businesses to assess risk across four categories:

1. Services (Designated Services)

Which designated services do you provide? Each service — whether conveyancing, trust account management, company formation, or property transactions — carries inherent ML/TF risk that must be documented.

2. Customers

Who are your customers? Politically Exposed Persons (PEPs), customers with complex corporate or trust structures, those using cash-intensive payment methods, and clients from high-risk jurisdictions all require elevated scrutiny.

3. Channels

How do you deliver services? Online, in-person, and through third-party intermediaries each present different risk profiles that your AML program must address.

4. Countries

Which jurisdictions do you deal with? FATF-blacklisted countries, sanctioned jurisdictions, and countries with weak AML controls represent heightened geographic risk.

The Risk Assessment Lifecycle

A well-executed risk assessment follows a continuous cycle, not a one-off exercise:

Identify inherent risk — pinpoint weaknesses before any controls are applied
Assess inherent risk — evaluate how exploitable those weaknesses are and the potential impact
Evaluate and prioritise — determine which risks need attention first
Apply controls and mitigate — implement policies, procedures and systems to reduce residual risk
Monitor and review — continuously update as your business, customers, and the threat landscape evolve

Practical Next Steps

If you are newly regulated under Tranche 2, start your risk assessment now. Document your services, assess your customer base, map your delivery channels, and identify the countries you interact with. This risk assessment forms Part A of your AML/CTF Program and is the foundation on which all other compliance measures are built.