Tranche 2 AML Reforms: Essential Checklist

Published on Sep 22, 2025

Tranche 2 AML Reforms: Essential Checklist 

Australia is entering a new phase of anti-money laundering (AML) regulation. Tranche 2 of the AML/CTF regime extends compliance obligations to so-called “gatekeeper professions”, including law firms, real estate agents, accountants, trust and company service providers, and dealers in precious metals/stones.   

These reforms close long-standing loopholes and bring Australia in line with International Financial Action Task Force (FATF) standards. See what’s changing, the key dates, and practical steps you can take to prepare.

Key dates

  • 31 March 2026 – AUSTRAC enrolment opens for Tranche 2 entities.  
  • 1 July 2026 – Obligations for newly covered sectors officially commence.  
  • Within 28 days of starting a designated service – Entities must enrol with AUSTRAC (for most firms, this means by 29 July 2026 at the latest). 

Objectives  

There are three key objectives set out in the Tranche 2 legislation.  


  1. Expansion of AML/CFT regime to Tranche 2 entities 
    Gatekeeper professions must enrol with AUSTRAC and implement AML/CTF controls, which means additional ongoing monitoring and reporting requirements. These professions are considered higher risk because they often handle funds, structure entities, or enable transactions. 
  2. Modernise regulation of virtual assets  
    The definition of “digital currency” will be broadened to “virtual assets,” covering stablecoins, NFTs, governance and some utility tokens. This primarily impacts exchanges, custodians, and wallet providers. Any business advising such clients should understand the expanded scope. 
  3. Modernisation of AML/CFT regime  
    The regime will be streamlined to clarify roles and responsibilities, provide greater flexibility, and improve alignment with global frameworks. This will help Australia strengthen its defences against financial crime and bolster its reputation as a trusted financial centre. 

     

Obligations

Newly regulated firms will need to meet the same obligations already being followed by banks and other financial institutions. These include: 
  • Enrolment with AUSTRAC  
    This is mandatory within 28 days of offering a designated service.  
  • Customer Due Diligence (CDD)  
    Organisations will need to verify client identity before providing services, screen against sanctions and Politically Exposed Person (PEP) lists, and identify beneficial owners. Enhanced due diligence will be required for higher-risk matters (e.g. PEPs, complex structures). Ongoing monitoring is required to keep client information up to date and accurate.  
  • Suspicious Matter Reporting (SMR)  
    Any suspicious transaction activity will need to be reported to AUSTRAC within 24 hours if the suspicion relates to terrorism financing and within 3 business days for other matters. Timing runs from when suspicion is formed.  
  • Threshold Transaction Reports (TTRs)  
    Any cash transaction of AUD 10,000 or more must be reported within 10 business days.  
  • Record-keeping  
    Records of CDD, transactions, training, and AML programmes must be maintained for at least seven years.  
  • AML/CTF Programme 
    A written, risk-based programme covering policies, procedures, systems, and controls must be developed and maintained. The programme must be independently reviewed at least every three years, or sooner if business circumstances change. An annual compliance report must be submitted annually that summarises how AML/CTF obligations have been met in the previous year.  

Image-Dec-23-2023-07-27-53-8018-AM

Impact on organisations

There is a significant impact on day-to-day operations for “gatekeeper professions”.  
  • Client Onboarding  
    Firms must build robust onboarding processes, collecting and verifying identity documents and beneficial ownership information. A risk-based approach is required. Higher-risk clients require enhanced due diligence (EDD).  
  • Governance and Oversight  
    Senior leadership is accountable for AML compliance. Each firm must appoint an AML/CTF Compliance Officer to manage day-to-day obligations and liaise with AUSTRAC.
  • Training  
    All staff, particularly those in client-facing or financial roles, need regular AML training to recognise red flags and understand reporting procedures. Training should be documented and updated as risks evolve.  
  • Technology and Resourcing  
    Firms, particularly smaller ones, will feel the strain of an increased workload. RegTech tools can reduce manual effort through automating onboarding, screening, and monitoring. Choosing a vendor with local expertise and one that enables efficient integration into existing systems is essential. However, utilising technology does not outsource responsibility. Firms remain ultimately accountable. 

The costs of non-compliance 

The cost of preparing for this new regime with the implementation of technology solutions and hiring compliance staff is outweighed by the risks of non-compliance. AUSTRAC can impose significant enforcement actions, including multi-million-dollar fines. Additionally, reputational damage can undermine client trust and professional credibility. 

 

How to prepare

As the deadline quickly approaches, there are number of steps organisations can take to ensure they are fully compliant for when the new obligations become active.  
  • Understand your obligations – Carefully review AUSTRAC’s resources and identify which of your services are captured.  
  • Conduct a risk assessment – Map existing processes, identify vulnerabilities, and assess client/service risks.  
  • Develop your AML/CTF Programme – Tailor policies, procedures, and controls to your firm. Assign responsibilities and secure senior approval.  
  • Leverage technology – Utilise digital onboarding, sanctions/PEP screening, and monitoring tools to automate compliance tasks. 
  • Implement internal controls – Ensure records can be securely stored for seven years, create CDD checklists, and set clear escalation pathways for suspicious matters. 
  • Create a training programme – Provide ongoing education so staff understand obligations and red flags.  
  • Engage with AUSTRAC – Follow guidance updates through 2025–26 and make use of regulator and professional body resources. 

Conclusion

Tranche 2 represents a major cultural and regulatory shift for “gatekeeper” organisations in Australia.  While compliance will require investment, early preparation ensures smoother integration into daily practice. With a risk-based approach, strong governance, and the right technology, firms can not only meet their obligations but also strengthen their reputation for integrity and professionalism.  

Compliance with these regulations should not be seen as a box-ticking exercise. Done well, it is an opportunity to modernise operations and demonstrate leadership in safeguarding Australia’s financial system. 

 

 

Comply and Outperform with our Platform

The KYC360 platform is an end-to-end solution offering slicker business processes with a streamlined, automated approach to Know Your Customer (KYC) compliance. This enables our customers to outperform commercially through operational efficiency gains whilst delivering improved customer experience and KYC data quality.

View platform
KYC360 Platform Core Solutions