Australia's AML/CTF reforms introduce new compliance obligations for businesses across various sectors. This guide explains the key changes, reporting requirements, risk management expectations, and practical steps organisations can take to meet regulatory requirements and strengthen financial crime prevention measures.
For almost two decades, Australia's anti-money laundering and counter-terrorism financing regime applied mainly to banks, credit unions, casinos, and remittance providers. That era is over.
The most significant expansion of Australia's financial crime laws in a generation is now live. And if your business falls under the new rules — as a law firm, accounting practice, real estate agency, or trust and company service provider — the clock has already started.
This guide breaks down exactly what's changed, who it affects, what it requires, and how businesses should respond.
Australia has long been criticised internationally for a gap in its financial crime framework. While banks and financial institutions operated under strict Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) obligations, a significant portion of professional services sat entirely outside the regulated perimeter.
The Financial Action Task Force (FATF) — the global standard-setter for AML/CTF frameworks — had flagged this as a material weakness in Australia's defences against financial crime. Lawyers facilitating property transactions, accountants managing trust accounts, and real estate agents handling high-value deals were all operating without the customer verification and suspicious matter reporting obligations that financial institutions had carried for years.
According to AUSTRAC, financial crime costs Australia up to $82 billion a year, and much of the money being laundered through Australian systems is linked to harmful crime including illicit tobacco, environmental destruction, corruption, child exploitation, and human trafficking.
The reforms were designed to close those gaps — and align Australia more closely with international standards.
Australia's AML/CTF regime has historically been divided into two stages. Tranche 1, which commenced in 2006, brought banks, financial institutions, casinos, and remittance providers into the regulated framework. Per AUSTRAC's 2024–25 reporting, more than 17,000 reporting entities have been operating under that Tranche 1 regime.
Tranche 2 is the long-delayed extension of the same regime to a much larger group of professional service providers, including lawyers, conveyancers, accountants, real estate professionals, dealers in precious metals and stones, and trust and company service providers.
The legal foundation for these reforms is the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024, which received Royal Assent in December 2024. The obligations themselves began rolling out from early 2026.
The reform timeline is specific, and missing these milestones carries real consequences.
Existing reporting entities — those already regulated under Tranche 1 — faced updated obligations from 31 March 2026. Enrolment opened for Tranche 2 entities from that same date, with obligations for newly regulated businesses commencing 1 July 2026.
Existing reporting entities had until 30 May 2026 to notify AUSTRAC of their AML/CTF Compliance Officer. Newly regulated Tranche 2 businesses and newly regulated virtual asset service providers have until 29 July 2026 to complete that notification.
The full transition to new threshold transaction and suspicious matter reporting forms takes effect later in 2026, and virtual asset service providers must implement the travel rule for virtual asset transfers from 1 July 2026.
These are legislated dates, not indicative targets. The AUSTRAC reforms page is the definitive source for up-to-date timelines and guidance as transitional rules continue to evolve.
From 1 July 2026, AML/CTF obligations apply to certain services typically provided by real estate professionals — such as real estate agents, buyer's agents, and property developers — as well as legal practitioners, accountants, conveyancers, and trust and company service providers.
The scope is service-based rather than profession-based. A solicitor who provides general legal advice, for example, is not automatically a reporting entity. The obligations attach when a professional provides a "designated service" — which typically involves managing client funds, facilitating property transactions, or creating or restructuring legal arrangements like trusts or companies.
AUSTRAC has clarified that obligations apply from the point at which a professional acts on instructions in relation to a relevant transaction — typically when two or more parties to a transaction exist, or when preparatory steps are taken to create or restructure a corporate body or legal arrangement.
For real estate specifically, obligations are triggered by brokering, planning, or executing the sale, purchase, or transfer of real estate.
If you're unsure whether your services fall within scope, AUSTRAC's online tool allows businesses to check their regulatory status directly.
Whether you're an existing reporting entity adapting to reformed obligations or a newly regulated Tranche 2 business, the core compliance framework covers the same fundamental requirements.
Tranche 2 entities must enrol with AUSTRAC, appoint an AML/CTF Compliance Officer at management level, and implement an AML/CTF program tailored to their specific risk profile. The program must include initial customer due diligence before services are provided, ongoing customer due diligence, and enhanced due diligence for high-risk customers such as politically exposed persons.
Beyond that, businesses must report certain transactions — including threshold transaction reports for cash transactions above the relevant threshold and suspicious matter reports when activity raises financial crime concerns. Record-keeping obligations require documentation of customer due diligence decisions, program details, and training completion for specified periods.
By adopting a risk-based approach, rather than a strict rules-based compliance model, businesses have greater flexibility to adapt to evolving threats while optimising resource utilisation. This strategic focus on higher-risk areas can streamline compliance processes and lead to more proactive identification of potential financial crimes.
Businesses that dismiss these obligations as administrative bureaucracy need to understand the consequences.
If you don't meet your obligations under AML/CTF law, AUSTRAC can apply significant penalties — up to $6,600,000 for individuals and $33,000,000 for a body corporate.
For law firms and accounting practices, the exposure is compounded. AUSTRAC publishes enforcement actions, and a finding against a legal or accounting firm carries professional consequences with the relevant regulator — the Law Society, CPA Australia, or CA ANZ — on top of the AUSTRAC penalty.
A boutique conveyancing firm that continued processing property transactions after 1 July 2026 without having enrolled with AUSTRAC or established a CDD process would be in contravention of the Act from day one of its first transaction. The firm wouldn't need to have knowingly facilitated money laundering — just not having the program in place is itself a breach.
That distinction is important: compliance is a proactive obligation, not a reactive one.
If your business was already regulated under the original AML/CTF regime, don't assume the reforms don't apply to you. The reforms took effect for existing reporting entities from 31 March 2026, with updated obligations that require review and adjustment to existing programs.
One notable change for existing entities is the lowering of the initial customer due diligence threshold for certain gambling services from $10,000 to $5,000, which applied from 31 March 2026.
Existing entities should also review their AML/CTF programs against the updated Anti-Money Laundering and Counter-Terrorism Financing Rules 2025, which form the regulatory instrument underpinning the reformed regime.
The reform can feel overwhelming if you're approaching it for the first time. The practical sequence is straightforward, even if the implementation takes effort:
First, determine whether your services are designated services under the amended Act. Use AUSTRAC's online check tool, and seek professional advice if the answer isn't clear.
Second, enrol with AUSTRAC through AUSTRAC Online. The Law Society of NSW has released an AML/CTF implementation guide specifically for sole practitioners and small practices — a useful reference point for legal professionals navigating these requirements for the first time.
Third, appoint your AML/CTF Compliance Officer and build your risk assessment and AML/CTF program. The program needs to reflect your actual business risk — not just a template downloaded from somewhere online.
Fourth, train your staff. Every person involved in providing designated services needs to understand what customer due diligence looks like in practice, what triggers a suspicious matter report, and what record-keeping the organisation is required to maintain.
Organisations that invest in the policy documentation but skip meaningful staff training consistently struggle when AUSTRAC scrutiny arrives. AML/CTF programs are only as effective as the people implementing them.
If you're a real estate agent learning how to conduct identity verification on property buyers for the first time, or an accountant trying to understand when a trust establishment engagement triggers reporting obligations, you need structured training — not a policy PDF.
The AML/CTF Compliance course from the Australian Compliance Institute is built specifically around Australian obligations and AUSTRAC's expectations. It covers customer due diligence, suspicious matter reporting, transaction monitoring principles, and the FATF framework that underpins Australia's reformed regime. If your business needs to get its team compliance-ready before the July 2026 obligations bite — this is where you start. Enrol your team today and build the compliance confidence that AUSTRAC will be looking for.
The reforms are not just about avoiding penalties. They reflect a broader global trend toward closing the gaps that allow financial crime to operate through professional intermediaries.
Australia's reforms align with changes already implemented across the UK, the EU, Canada, and New Zealand — all of which brought professional service providers under AML/CTF frameworks years ahead of Australia. The FATF's mutual evaluation process has assessed Australia's framework, and the Tranche 2 reforms directly address longstanding evaluation findings.
For Australian businesses, embracing these obligations is not just about legal compliance — it's about being part of a system that protects communities from serious harm. The businesses that build genuine compliance cultures, rather than minimum viable programs, will be far better positioned when AUSTRAC's supervision of newly regulated entities intensifies in 2027 and beyond.
AML Compliance
Money laundering and terrorism financing are often grouped together under AML/CTF regulations, but they serve very different purposes. This guide explains the key differences, common...
diversity and inclusion
Inclusive leadership is essential for building high-performing, diverse, and respectful workplaces. This guide outlines 10 practical inclusive leadership practices every manager should know, including communication...
Australian employers
This practical guide helps Australian employers understand their Privacy Act obligations and implement effective privacy practices. Learn how to manage personal information, strengthen data protection,...
