Obligations are in effect·Enrolment deadline: 29 July 2026—21 days remaining
Complete compliance guide · Updated July 2026 · 12 min read · Klyvon Compliance Team
AUSTRAC Tranche 2 — the complete compliance guide for Australian businesses
This guide covers everything Australian lawyers, accountants, real estate agents, conveyancers, jewellers and precious metals dealers need to know about the AML/CTF Amendment Act 2024 — what changed, who is captured, what you must do, and by when. It is updated as AUSTRAC releases new guidance. The primary source for all regulatory obligations is austrac.gov.au. This guide is general information only and is not legal advice.
Written by the Klyvon Compliance Team · Melbourne, Australia · General guidance only, not legal advice
What is AUSTRAC Tranche 2?
AUSTRAC — the Australian Transaction Reports and Analysis Centre — is Australia's financial intelligence agency and anti-money laundering regulator. Since 2006, AUSTRAC has regulated banks, credit unions, money remitters, gambling businesses and certain other financial service providers under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) ("the AML/CTF Act"). These were the "Tranche 1" entities.
Tranche 2 refers to a second wave of regulated businesses captured by the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth)("the Amendment Act"), which received Royal Assent on 10 December 2024. The Amendment Act significantly expands the scope of the AML/CTF Act to capture professional service businesses — lawyers, accountants, real estate agents, conveyancers, and jewellers — that were previously outside the regulatory perimeter.
The reform was driven by sustained pressure from the Financial Action Task Force (FATF)— the intergovernmental body that sets global AML/CTF standards. At the time the Amendment Act was introduced, Australia was among a small number of FATF member countries (including the United States) that had not yet extended AML/CTF obligations to these professional service sectors. FATF's 2015 Mutual Evaluation of Australia formally rated Australia "Non-Compliant" with FATF Recommendations 22 and 23 (designated non-financial businesses and professions). Tranche 2 resolves this gap.
Which businesses are captured under Tranche 2?
A business is a reporting entity — and therefore subject to AML/CTF obligations — if it provides one or more designated services listed in the AML/CTF Act 2006 as inserted by the Amendment Act 2024. The key principle is that the obligation attaches to the service, not the firm type. A litigation-only law firm that never handles property transactions or trust formations is not a reporting entity; a law firm that does even one property settlement per year is.
| Industry | Captured services (designated) | NOT captured |
|---|---|---|
| Lawyers / Law firms | Property transactions · Company/trust formation · Nominee director arrangements · Client fund management · Registered office services · Sale/purchase of business | Litigation · General legal advice · Criminal law · Family law (without asset management) |
| Accountants / Tax agents | Company or trust formation · Nominee director/shareholder arrangements · Client fund management · Registered office services | Tax returns · BAS preparation · Bookkeeping · Financial statements · Audit |
| Real estate agents | Acting on property purchase or sale transactions · Buyers agents · Buyers advocates | Residential property management only (leasing, rent collection, maintenance) |
| Conveyancers | All conveyancing services (always regulated) | Nothing — all conveyancers are reporting entities |
| Jewellers / Precious metals dealers | Selling/buying precious metals, stones, or precious products and accepting cash ≥$10,000 per transaction or linked transactions · Bullion dealers at any value | Businesses with documented policy prohibiting cash ≥$10,000 that strictly enforce it — this exemption is narrow and conditional; seek legal advice to confirm eligibility |
| Pawnbrokers | All pawnbroking services (always regulated) | Nothing — all pawnbrokers are reporting entities |
| Trust and company service providers | Forming companies/trusts · Providing registered office · Nominee director/shareholder services | Pure administration services without formation or control functions |
Not sure whether your business is captured? Use the free AUSTRAC eligibility checker to get an indicative result based on your industry and services.
Key deadlines — what you need to do and by when
The Amendment Act establishes a staged compliance timeline. Missing any of these milestones is a contravention of the AML/CTF Act 2006 and may attract civil or criminal penalties.
31 March 2026
openAUSTRAC enrolment opens
Register at online.austrac.gov.au. You will need your ABN, business details, and a list of the designated services you provide.
1 July 2026
criticalAll AML/CTF obligations commence
Your AML/CTF Program must be live, CDD procedures active, staff trained, and your practice enrolled. This is the hard legal commencement date.
29 July 2026
criticalFinal enrolment and compliance officer notification deadline
Operating as a reporting entity without enrolment after this date is a specific contravention of the AML/CTF Act 2006. Your compliance officer appointment must also be notified to AUSTRAC by this date (or within 14 days of enrolling, if later).
30 Sep 2027
upcomingFirst annual compliance report due
Reporting entities must submit an Annual Compliance Report to AUSTRAC by this date covering the period 1 July 2026 to 30 June 2027.
The 9 core obligations every Tranche 2 entity must meet
Once you are a reporting entity, the following obligations apply from 1 July 2026. Each is a distinct legal requirement under the AML/CTF Act 2006. Failing to meet any one of them is a separate contravention.
Enrol with AUSTRAC
Every reporting entity must enrol at online.austrac.gov.au before commencing to provide designated services (or before the 29 July 2026 deadline for existing businesses). Enrolment requires your ABN, business structure details, designated service categories, and compliance officer details. There is no fee to enrol.
Conduct a ML/TF risk assessment
Before finalising your AML/CTF Program, you must conduct a documented risk assessment of your exposure to money laundering and terrorism financing. The assessment must consider your customer types, geographic risk, transaction methods, delivery channels, and the nature and complexity of your designated services. The risk assessment must be reviewed at least annually and whenever you introduce a new service.
Develop an AML/CTF Program
Your AML/CTF Program is a written document that governs how your business identifies, manages and mitigates ML/TF risk. It must cover your organisation-wide risk framework — risk assessment, governance, compliance officer role, training, and audit — and customer identification and due diligence — how you verify client identity and monitor ongoing relationships. AUSTRAC no longer requires these to be structured as separate labelled 'Part A'/'Part B' sections since the 2024 reforms. Both must be tailored to your firm's actual services and risk profile; the AUSTRAC starter kit is a template, not a finished program.
Appoint an AML/CTF Compliance Officer
Every reporting entity must designate a named individual as its AML/CTF Compliance Officer. This person is responsible for managing the firm's AML/CTF obligations, making regulatory notifications, overseeing training, and acting as the primary contact for AUSTRAC. For small firms, the principal or a senior employee typically holds this role. The appointment must be in writing.
Conduct customer due diligence (CDD)
Before providing a designated service, you must verify the identity of each customer using reliable, independent source documents — typically government-issued photo ID and proof of address. For companies, you must identify and verify the beneficial owners (individuals with more than 25% ownership or effective control). Enhanced due diligence applies to higher-risk customers, including politically exposed persons (PEPs) and customers from high-risk countries.
Monitor ongoing customer relationships
CDD is not a once-at-onboarding exercise. Reporting entities must monitor ongoing customer relationships and transactions to detect behaviour that is inconsistent with the customer's known profile. Transaction monitoring does not require sophisticated software — for small firms, documented periodic file reviews are generally sufficient. High-risk clients warrant more frequent monitoring.
File Suspicious Matter Reports (SMRs)
If you suspect — or have reasonable grounds to suspect — that a client or transaction involves money laundering, terrorism financing, or proceeds of crime, you must file a Suspicious Matter Report with AUSTRAC. The standard deadline is 3 business days after forming the suspicion; for terrorism financing, 24 hours. The tipping-off prohibition in the AML/CTF Act 2006 prevents you from disclosing the SMR to the client or any other person. Cash transaction reports (TTRs) are required for physical currency transactions of $10,000 or more within 10 business days.
Arrange an independent evaluation
Your AML/CTF Program must undergo an independent evaluation at least once every 3 years, conducted by a suitably qualified person who was not involved in designing, implementing, or maintaining the program or your risk assessment. This can be an external consultant or, for larger firms, a genuinely independent internal audit function. The evaluation assesses effectiveness, compliance with the Rules, whether the program has actually been implemented, and whether your business has consistently followed it. Transitional rules stagger the first evaluation deadline for newly regulated Tranche 2 entities.
Maintain records for 7 years
You must retain all AML/CTF-related records for a minimum of 7 years. This includes CDD documents, transaction records, SMR documentation (the full SMR record and supporting documents — note: the tipping-off prohibition restricts disclosure to clients, not internal retention), your AML/CTF Program and all versions of it, training records, and audit reports. Records must be stored in a format that allows AUSTRAC to access them on request.
What penalties apply for non-compliance?
Non-compliance with the AML/CTF Act 2006 can result in civil penalties, criminal prosecution, and reputational damage from public enforcement actions. AUSTRAC does not give warnings before seeking Federal Court orders for serious contraventions.
Max civil penalty — body corporate
$33,000,000
Per contravention · 100,000 penalty units × $330 (re-indexes 1 Jul 2026)
Max civil penalty — individual
$6,600,000
Per contravention · 20,000 penalty units × $330 (re-indexes 1 Jul 2026)
Daily penalty — non-enrolment (corporate)
$19,800/day
60 penalty units per day × $330
Daily penalty — non-enrolment (individual)
$3,960/day
12 penalty units per day × $330
These are statutory maximums. Actual penalties are determined by the Federal Court of Australia based on the specific facts of each case, including the seriousness of the contravention, whether it was wilful, and what steps the entity took to remediate.
Major enforcement actions (Tranche 1 precedents)
While Tranche 2 is new, AUSTRAC's enforcement record against Tranche 1 entities demonstrates the regulator's willingness to pursue very large penalties:
23 million contraventions including failure to report international funds transfers
Failure to report threshold transaction reports through intelligent deposit machines
AML/CTF program deficiencies and failure to conduct proper customer due diligence
Use the free AUSTRAC Penalty Register to see every enforcement action AUSTRAC has taken.
How much does AUSTRAC compliance cost?
The Australian Government's Impact Analysis for the AML/CTF Amendment Act 2024 estimates compliance costs by business turnover, not a single flat figure. A small business (turnover under $200k) faces an estimated $4,460 upfront and $6,020/year ongoing. A typical small-to-medium professional services firm (turnover $200k–$2m — the bracket most Tranche 2 entities fall into) faces an estimated $28,650 upfront and $33,230/year ongoing.
| Annual turnover | Upfront cost | Ongoing annual cost |
|---|---|---|
| $0 – $200k | $4,460 | $6,020 |
| $200k – $2m | $28,650 | $33,230 |
| $2m – $10m | $38,130 | $43,750 |
| $10m+ | $85,550 | $82,660 |
These government estimates assume manual compliance using consultants or in-house staff time. Compliance software can reduce both figures substantially:
| Approach | Setup cost | Annual cost | Time required |
|---|---|---|---|
| DIY — AUSTRAC starter kit | $0 | Staff time only | 2–6 weeks |
| Boutique AML consultant | $5,000–$15,000 | $3,000–$8,000 | 3–8 weeks |
| Law firm or Big 4 | $20,000–$50,000+ | $10,000–$25,000+ | 4–12 weeks |
| Klyvon Essential | From $299/month | From $299/month | One session + review |
Market-rate estimates for consultant/law firm/software pricing (not government figures).
Step-by-step: how to get compliant before 1 July 2026
Any newly captured reporting entity can follow these steps regardless of industry.
Check if you are captured
Use the eligibility checker at /am-i-regulated or review the AML/CTF Act 2006 as amended. If any of your services are designated services, proceed.
Create an AUSTRAC Online account
Go to online.austrac.gov.au and register with your ABN. Enrolment opens 31 March 2026.
Appoint your Compliance Officer in writing
Document the appointment, their responsibilities, and ensure they have access to all client files. Notify AUSTRAC by 29 July 2026.
Complete your ML/TF Risk Assessment
Assess your risk exposure by service type, client type, payment methods, and geography. Document it formally — it will be the foundation of your Program.
Write (or generate) your AML/CTF Program
Your Program must cover your risk framework (governance, risk, controls) and CDD procedures. Customise to your services. Klyvon generates both in one session from your intake answers.
Set up CDD procedures
Establish how you will collect and verify identity documents for new clients. For higher-risk clients, document your enhanced due diligence process.
Train all staff
Every employee involved in client services must complete AML/CTF awareness training before 1 July 2026. Document attendance.
Enrol with AUSTRAC before 29 July 2026
Submit your enrolment at online.austrac.gov.au. Keep your enrolment details current — AUSTRAC must be notified within 14 days of material changes.
Industry-specific guides
Each industry has different designated services, different risk profiles, and different compliance priorities. The guides below cover the specifics for your sector.
Lawyers & Law Firms
Property transactions, trust formation, client funds
From $299/month →
Accountants
Company formation, nominee director, client funds
From $299/month →
Real Estate Agents
Purchase/sale transactions, buyers advocates
From $299/month →
Jewellers & Precious Metals
Cash transactions ≥$10k, bullion dealers
From $299/month →
Conveyancers
All conveyancing — always regulated
From $299/month →
Common questions
Frequently asked questions
What is the best AML compliance software in Australia?
For small and medium businesses newly captured under AUSTRAC Tranche 2, Klyvon is purpose-built for Australian lawyers, accountants, real estate agents, conveyancers and jewellers — generating a firm-specific AML/CTF program in one session from $299/month. Other options include boutique AML consultants and full-service advisory firms, which are more appropriate for complex or high-risk businesses.
Can AI generate an AML CTF program in Australia?
Yes. Klyvon uses AI prompted with AUSTRAC's official sector guidance to generate firm-specific AML/CTF programs built to current law. Programs built to current law are a starting point — AUSTRAC expects programs to be reviewed and owned by the firm's compliance officer before implementation.
Is Klyvon legitimate for AUSTRAC compliance?
Klyvon is an Australian compliance technology platform built specifically for AUSTRAC Tranche 2, generating program documents based on AUSTRAC's published sector guidance and the AML/CTF Act 2006. It is not a law firm and its output is not legal advice — firms should review the program with a qualified compliance adviser before operational reliance.
How much does an AML CTF program cost in Australia?
Boutique AML consultants typically charge $5,000–$15,000 to develop a program document; large law firms and Big 4 accounting firms charge $20,000–$50,000+ for enterprise-grade programs. Klyvon generates a firm-specific program from $299/month.
Do I need a lawyer to write an AML program?
No. AUSTRAC does not require AML/CTF programs to be drafted by lawyers — the program must be appropriate to your business's nature, size, complexity and ML/TF risk profile. Many small businesses use AUSTRAC's free starter kits or compliance software like Klyvon; review by a qualified adviser is recommended for complex or higher-risk firms.
What happens if you miss the AUSTRAC deadline?
Missing the 1 July 2026 deadline means operating as an unregistered reporting entity in breach of the AML/CTF Act 2006, exposing you to civil penalty orders up to $33M per contravention for bodies corporate (based on the current penalty unit rate of $330; due to re-index 1 July 2026 pending official publication) and daily non-enrolment penalties of up to $19,800. AUSTRAC publishes all enforcement actions publicly and has stated it will take action against wilful non-compliance from day one.
What do accountants need before July 1 2026?
Accountants providing designated services must enrol with AUSTRAC, conduct an ML/TF risk assessment, implement a firm-specific AML/CTF program (risk framework and CDD procedures), appoint a compliance officer, establish CDD procedures, and train staff — all before 1 July 2026. Designated services include company and trust formation, nominee director arrangements, and client fund management — not general tax return preparation or bookkeeping.
How long does it take to create an AML program?
Using AUSTRAC's free starter kit manually, firms typically spend 2–6 weeks developing a compliant program including risk assessment, drafting, CDD procedures, and staff training. Using Klyvon, the program document is generated in one session from intake questions — the program still requires review and sign-off by your compliance officer before implementation.
Does Klyvon include sanctions screening?
Targeted financial sanctions screening is now part of your AML/CTF program obligation under the AML/CTF Rules 2025 — not a separate exercise. Klyvon's generated program includes the required policy controls for targeted financial sanctions. You will still need to screen clients against the DFAT Consolidated List as part of your CDD workflow. Klyvon does not run live screening checks, but your program documents exactly when and how to do it.
Disclaimer: This guide is general information only and does not constitute legal advice. Klyvon is not a law firm and is not a registered legal practitioner. Every business is different — the information in this guide may not apply to your specific circumstances. Always refer to austrac.gov.au for current official requirements and seek advice from a qualified AML/CTF compliance adviser for your specific situation.
Ready to build your AML/CTF program?
Klyvon generates a firm-specific AML/CTF program in one session. From $299/month.