Countdown to Tranche 2: Preparing for Australia's New AML/CTF Regulations

Australia’s Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (AML Amendment Act) was passed on 29 November 2024. It extends the country’s anti-money laundering and counter-terrorism financing (AML/CTF) obligations to lawyers, real estate professionals, accountants and trust and company service providers, and dealers in precious stones and metals (Tranche 2 entities) from 1 July 2026.
Tranche 2 businesses that provide certain designated services will be required to register with Australia’s AML/CTF regulator, AUSTRAC (Australian Transaction Records and Analysis Centre) by 31 March 2026. They must also implement risk management Programs, conduct customer due diligence, monitor customer behaviour and transactions for potentially suspicious activity, and report on these from 1July 2026.
Self-check if you’ll be regulated
Key dates for Tranche 2 compliance
The new Tranche 2 AML/CTF rules take effect for existing reporting entities on 31 March 2026. New reporting entities have until 1 July 2026 to fully comply. Reporting entities that are affected by the new regime should start familiarising themselves with the draft Rules and consider how these might affect their AML/CTF Programs.
If you fall under the new AML/CTF regime, you should start preparing now for the transition in 2026, including understanding what your obligations are, conducting risk assessments, and implementing appropriate compliance measures.
Key date 1: 31 March 2026
Enrolment with AUSTRAC opens for Tranche 2 entities and businesses covered by the new AML/CTF regime.
Key date 2: 1 July 2026
AML/CTF obligations begin for Tranche 2 entities. From this date, reporting entities that provide designated services must comply with all AML/CTF obligations. This includes having an AML/CTF Program, conducting customer due diligence, reporting suspicious matters and other transactions to AUSTRAC, and keeping relevant records.
Tranche2 timeline and roadmap
Here is One AML’s recommended timeline to become compliantwith the Tranche 2 obligations.
1. Now. Appoint or hire an AML/CTF Compliance Officer.This role must be at management level and it’s responsible for making sure your business complies with its AML/CTF obligations. If you’re a sole trader or small business, you can get help or advice from an independent adviser like One AML, but you remain responsible for AML/CTF compliance.
2. July to December 2025. Develop your AML/CTF Program: All reporting entities must develop, implement, and maintain a tailored AML/CTF Policy and Risk Assessment.
3. October 2025 to February 2026. Conduct staff training: All reporting entities must implement AML/CTF risk awareness training for employees who provide designated services and whose roles pose a money laundering (ML) or terrorism financing (TF) risk. Training should be tailored to the employee’s role and the specific ML/TF risks they may encounter.
4. 31 March 2026. Enrol with AUSTRAC and keep registration information up to date.
5. February to June 2026. Implement Customer Due Diligence (CDD) and Know Your Customer (KYC): Reporting entities must have processes in place to ensure they understand who their customers are and can effectively manage money laundering (ML) and terrorism financing (TF) risks. This includes deciding on a CDD provider.
- Initial CDD: Identify and verify customer and beneficial owners before providing a service
- Risk-based approach: Assess and rate ML/TF risk for every customer
- Ongoing CDD: Monitor transactions and update CDD as needed
- Enhanced/simplified CDD: Enhanced for high-risk, simplified for low-risk situations
- PEP and sanctions screening: Identify PEPs and assess sanctions exposure
- Purpose/nature of relationship: Collect information on business relationship purpose
- Record-keeping: Maintain CDD records for at least seven years.
6. 1 July 2026 onwards. Ensure ongoing AML/CTF compliance: Review your AML/CTF Program to make sure it remains effective and up to date with current risks and regulatory expectations.
Note: There are civil penalties for non-compliance.

Remove the complexity from your AML compliance
We work with you to implement an independent and effective AML risk assessment and Program, including functional policies, procedures and controls tailored to your business.
Navigating the complex Tranche 2 obligations successfully is crucial for maintaining compliance and safeguarding your business against regulatory risks. One AML understands that each organisation faces unique challenges and needs specific AML advice to effectively manage these risks. Talk to us today.

Implications for Tranche 2 entities
Lawyers and conveyancers
Lawyers and conveyancers play a crucial role in property transactions and financial dealings, and they’re often sought out by criminals to create complex legal structures, establish trusts, and provide advice on financial transactions. This makes them potential facilitators of money laundering, particularly if they fail to conduct adequate due diligence or turn a blind eye to suspicious activity.
Tranche 2 demands that they become more vigilant in identifying and reporting suspicious activities, particularly those related to property transactions. Although legal professionals already adhere to stringent regulations, the expanded AML regime means they will have to meet additional requirements to ensure they remain compliant.
Real estate professionals
Australia’s real estate sector has long been recognised as a prime target for money laundering for some time, due to the high value of transactions, how easy it is to conceal illicit funds through complex ownership structures, and the potential for inflating property values. The use of shell companies, anonymous trusts, and offshore accounts can further obscure the true source of funds and beneficial ownership.
Under new Tranche 2 laws, real estate agents, buyers’ agents, and property developers must perform extensive background checks on buyers and sellers.
Accountants
Accountants are involved in a wide range of financial activities, including tax preparation, financial planning, and auditing. This gives them access to sensitive financial information and the ability to manipulate financial records, which makes them potential facilitators of money laundering.
With the new obligations in place, accountants will have to carefully review their clients' activities, especially if there are any unusual or large transactions.
Trust and company service providers
Accountants, trust and company service providers, and other professionals can be used to create shell companies, obscure beneficial ownership, and move funds across borders. Tranche 2 of Australia’s AML/CTF laws represent a significant expansion of the regulated sectors. Its objective is to close loopholes that have been exploited by money launderers and terrorists to ‘wash’ illicit funds.
The Tranche 2 regime aims to mitigate these risks by requiring these professionals to conduct enhanced due diligence on their clients, monitor transactions, and report suspicious activity.
Dealers in precious stones, metals and products
These dealers are included in expanded Tranche 2 AML/CTF laws because high-value items like jewellery, precious stones and metals, antiques and collectibles, fine art, yachts, and luxury cars are attractive to criminals who want to convert illicit cash into tangible assets that are easier to transport and less likely to arouse suspicion.
The anonymity of cash transactions and the subjective nature of valuing these goods make this sector vulnerable to exploitation.
What Tranche 2 affected entities will need to do
AUSTRAC outlines the obligations that reporting entities will need to comply with. If you’re a reporting entity, you will need to:
1. Enrol and register with AUSTRAC
Reporting entities must enrol with AUSTRAC by 31 March 2026. This involves providing basic information about your business, such as structure, services, key personnel, and contact details. You must also update your details when they change.
2. Develop and maintain a tailored AML/CTF Program
An AML/CTF Program, comprising an AML/CTF Policy and Risk Assessment, will protect your business from criminal exploitation through money laundering (ML), terrorism financing (TF), and proliferation financing (PF). It helps you meet your AML/CTF obligations and contributes to a safer financial system.
All reporting entities must develop, implement, and maintain a tailored AML/CTF Program that addresses:
- The identification, assessment, and mitigation of money laundering and terrorism financing risks
- Employee due diligence to screen staff members who may facilitate ML/TF
- Training of all relevant employees, so they understand their AML/CTF obligations and the risks faced by the business
- Customer due diligence (CDD), including customer identification and verification
- Ongoing monitoring of transactions and business relationships
- Reporting of suspicious matters and threshold transactions
- Record-keeping for at least seven years
- Regular independent reviews of your AML/CTF Program every three years.
Your AML/CTF Program must be documented and approved by a senior manager of your business. It must be kept up to date to reflect significant changes to your business and relevant ML/TF/PF risk products released by AUSTRAC. It must also be independently evaluated at least every three years.
It must also be subject to appropriate governance arrangements. This includes oversight by a governing board or senior management, and the appointment of a fit and proper person as an AML/CTF compliance officer to oversee day-to-day implementation. If you are a sole trader, you can take on these responsibilities yourself.
Your AML/CTF Program must contain an ML/TF/PF risk assessment and AML/CTF policies.
3. Conduct customer due diligence
Customer due diligence (CDD) helps you understand who your customers are and the ML/TF/PF risks they may expose your business to. The AML/CTF Act establishes obligations for initial CDD, ongoing CDD, enhanced CDD, and simplified CDD.
The information you collect and verify to complete CDD will depend on the ML/TF/PF risk profile of the customer, with enhanced CDD applicable in higher risk scenarios and simplified CDD in low risk scenarios.
4. Monitor transactions
You must implement systems and processes to monitor transactions for suspicious activity. This involves analysing transaction patterns, identifying unusual or complex transactions, and investigating any red flags that may indicate money laundering or terrorism financing.
5. Report certain transactions and suspicious activity
Reporting certain transactions and suspicious activities maintains the integrity of the financial system and helps law enforcement to combat crime.
Reports you may need to submit to AUSTRAC are:
- Suspicious matter reports (SMR): When you suspect a person is not who they claim to be or that a matter is linked to criminal activity or proceeds of crime.
- Threshold transaction reports (TTR): For individual physical currency transactions valued at A$10,000 or higher.
- International value transfer service reports (IVTS): For all international transfers of value transactions.
- Cross-border movement reports: When carrying physical currency or bearer negotiable instruments payable to bearer valued at A$10,000 or higher into or out of Australia.
- Annual compliance reports: Submit an annual report summarising how you have met your AML/CTF obligations in the previous year.
6. Make and keep records
You must make and maintain accurate and complete records for at least seven years. These provide evidence of your due diligence, risk management practices, and compliance with AML/CTF obligations.
These records include documents related to your:
- AML/CTF Program
- customer due diligence
- transaction records
- staff training sessions
- audit results.
7. Maintain ongoing compliance and training
You are expected to set up and maintain robust AML/CTF Programs tailored to your specific business risks. You’re also required to provide regular employee training on AML awareness and reporting obligations, to make sure your compliance requirements are met.
8. Conduct independent AML/CTF evaluations
These are required every three years to assess the effectiveness of your AML/CTF Program. This will help identify any weaknesses or deficiencies in your Program and make sure it remains up-to-date and aligned with regulatory requirements.
Tranche 2 legislation enforcement and penalties
Tranche 2 entities will face a range of penalties for failing to comply with Australia’s expanded AML/CTF laws from 1 July 2026. These include:
- Infringement notices: For less serious breaches, AUSTRAC can issue infringement notices, which are fines for specific contraventions.
- Remedial directions: AUSTRAC can issue remedial directions requiring the entity to take specific actions to rectify non-compliance. This may include improving AML/CTF Programs, enhancing due diligence procedures, or providing additional training to staff.
- Enforceable undertakings: In some cases, AUSTRAC may accept an enforceable undertaking from the entity, which is a legally binding agreement outlining the steps the entity will take to achieve compliance.
- Civil penalty orders: For more serious or systemic breaches, AUSTRAC can seek civil penalty orders through the Federal Court. These orders can impose significant financial penalties on the entity, with the maximum penalty being millions of dollars.
- Criminal charges: In the worst cases of non-compliance, criminal charges can be brought against the entity and its responsible officers. These charges can result in imprisonment and substantial fines.
In addition to these penalties, an entity could face reputational damage, potentially leading to a loss of clients and business opportunities. Persistent or serious breaches can also lead to further regulatory scrutiny and, in extreme cases, restrictions on business operations.
The severity of the enforcement action will depend on various factors, including the nature and extent of the non-compliance, the entity's history of compliance, and its cooperation with AUSTRAC.
One AML can remove the stress from achieving AML compliance
If you’re affected by the new Tranche 2 AML/CFT laws, you should start preparing now to make sure you comply with the new regulations from 31 March 2026. You can benefit greatly from working with a leading independent AML/CFT compliance service provider like One AML to understand and meet your AML/CFT obligations.
We’re qualified to consult for all Phase 1 and 2 reporting entities across Australia, and we can help if you’re impacted by the new Tranche 2 AML/CTF regulations. We provide expert guidance to develop, review, and enhance AML/CFT policies and tailor them to cover your specific services and sector.
We also offer comprehensive training to educate your staff on AML/CFT obligations and ensure they’re equipped to identify and mitigate financial crime risks.
If you want robust, tailored, and cost-effective AML/CTF policies for your business or organisation, get in touch with our team today. Advisory resources are limited, and time is short.