AML/CTF Compliance Is Now Available in VeriEzi. Mobile App Coming Soon.
Manage AML reviews, monitor alerts, and streamline your compliance workflow today. Secure mobile access is coming soon.
BlogCompliance

AML/CTF Compliance for Lawyers and Conveyancers: A Practical Guide to 1 July 2026

Admin June 11, 2026Compliance
AML/CTF Compliance for Lawyers and Conveyancers: A Practical Guide to 1 July 2026

Starting on the 1 July 2026, all legal practitioners and conveyancers who help their clients with property transactions, entity structuring or trust account matters will become reporting entities under the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth) (AML/CTF Amendment Act).

For the vast majority, this will be the first time anti-money laundering compliance applies to them.

The good news for those who may be worried is that AUSTRAC has been clear that it expects effort, not perfection in the first year of the new rules. It will be important to keep in mind that "effort" has a specific meaning in this context, and four things need to be present at your practice within weeks of the new rules coming into effect.

This guide will explain exactly what is captured under this new amendment, what you need to have in place so you’re compliant and the order you should do it in.

Key takeaways
  • Not all legal work is captured under the AML/CTF Amendment Act. Obligations concern nine "designated services" centred on property transactions, entity creation and structuring, trust account handling and nominee arrangements. Litigation and general advice aren’t included.
  • Obligations start on 1 July 2026, not 29 July. The enrolment window shuts 29 July, but your AML/CTF program, compliance officer and customer due diligence workflow must be in operation from the first designated service you provide on or after 1 July.
  • AUSTRAC has four minimum expectations (updated 21 May 2026): be enrolled, have a program and a compliance officer, fully train your staff and be ready to report any suspicious matters.
  • The ARNECC Verification of Identity (VOI) process is a head start, not a substitute. Customer Due Diligence goes far beyond simple identity verification.
  • Privilege is preserved. If all grounds of a suspicion are protected by legal professional privilege, you aren’t required to report it.
  • Penalties are heavy: civil penalties can get as high as $33 million per contravention for a body corporate, and reach $6.6 million for individuals, based on the current $330 penalty unit (subject to CPI indexation on 1 July 2026). Failing to enroll is one of two breaches AUSTRAC has highlighted for early enforcement.

Which legal and conveyancing services are captured?

AML requirements for lawyers and conveyancers

Practices that provide one or more designated services in the course of conducting business become reporting entities under the new legislation.

For legal practitioners, these cluster into four groups. Full information can be found in Table 6 of section 6(5B) of the AML/CTF Act, but here’s a simplified version:

GroupDesignated servicesTypical examples
Property transactionsAssisting in the planning or execution of a transaction to sell, buy or transfer real estateConveyancing files, off-the-plan purchases, commercial property sales
Entities and structuringAssisting with the sale, transfer, creation or restructure of a body corporate or legal arrangement; selling shelf companies; organising equity or debt financingIncorporations, trust deeds, business sales, restructures
Holding client propertyReceiving, holding, controlling or managing a person’s property to assist a transactionTrust account funds held for settlement
Nominee and address servicesActing (or arranging for someone to act) in positions in an entity; providing a registered office or principal place of business addressNominee director arrangements, registered office services

AUSTRAC tests whether your assistance directly advances the transaction. Preparing a contract of sale once a price is agreed is included, while advising another practitioner on contract terms, providing general legal advice or being part of litigation is not. Court-ordered and tribunal-ordered transfers are also not included.

Things are simpler for conveyancers: the core of your work (assisting clients in buying, selling or transferring real estate) is fully captured. If you provide conveyancing services from 1 July 2026, you are now considered a reporting entity.

Tranche 2 does not regulate "law firms" as such, it regulates designated services, which is a common misconception. A litigation-only practice might not have any obligations, while a sole-practitioner conveyancer has all of them.

Map out your service lines first, and everything else will follow from there.

Your obligations at a glance

Legal AML implementation timeline

Every practice captured under the new rules has the same six core obligations to adhere to. The deadlines are tighter than they first appear:

ObligationWhat it meansDeadline
Enrol with AUSTRACEnrol the legal entity (not individual practitioners) via AUSTRAC OnlineBy 29 July 2026
Appoint a compliance officerA designated person at management level who’s fit, proper and an Australian residentWithin 28 days of providing designated services; notify AUSTRAC by the later of 29 July 2026 or 14 days after enrolling
AML/CTF programA documented risk assessment plus the policies, processes and controls that respond to itIn place before 1 July 2026
Customer Due Diligence (CDD)Identify and verify clients, beneficial owners and persons acting on their behalf, before the service beginsFrom the first designated service
ReportingSuspicious matter reports, threshold transaction reports for cash of $10,000 or moreFrom 1 July 2026
Record keepingRetain CDD, transaction and program records, generally for 7 yearsOngoing

The Queensland Law Society has urged firms to enrol before 1 July instead of relying on the 29 July backstop. That is the much safer course as obligations apply to the services you provide from 1 July regardless of when you enrol.

Step 1: Enrol the practice and designate your compliance officer

Each legal entity must enrol through AUSTRAC Online. An incorporated practice enrols the company; a partnership enrols the partnership. Lawyers and conveyancers won’t generally need to fulfill the separate "registration" step that applies to remittance providers.

As well as enrolling, practices have to designate an AML/CTF compliance officer, though the requirements are less demanding than they seem at first.

The compliance officer:
  • Must be at management level, meaning authority in the business rather than headcount. In a small practice this will usually be the principal or managing partner.
  • Must be a fit and proper person. The practice will decide this itself and document the assessment. AUSTRAC never pre-approves appointments.
  • Does not need to be an AML expert. AUSTRAC’s guidance explicitly states the officer can learn the role through training.

Sole practitioners can hold the compliance officer, senior manager and governing body roles at the same time. We cover all the role’s details in depth, including the first-90-days workplan, in our companion guide for compliance officers.

Step 2: Build your program around a risk assessment

The AML/CTF program is not a list of generic policies. The reformed framework condenses everything into one document set with two connected parts: a risk assessment of the money laundering and terrorism financing risk actually faced by your practice, and the AML/CTF policies developed to respond to those risks.

To help small practices with the new changes, AUSTRAC published a legal profession program starter kit (and a parallel conveyancer kit) in January 2026. These kits contain a customisable risk assessment, policies, processes and record-keeping forms. They are designed for practices that meet the suitability criteria.

The main ones are:
  • 15 or fewer personnel, including administrative staff
  • Mostly Australian-resident individual clients
  • No regular high-risk clients and no overseas property transactions
  • Not part of a large reporting group

AUSTRAC released an expectations statement in May 2026 which adds a practical incentive: practices which match the kit’s profile and use it as designed will see AUSTRAC’s engagement focus on how the program is applied rather than re-litigating the program design itself. If your practice falls outside the criteria, the kit can still inform your program but you will need to justify any adaptations.

The Law Society of NSW has also released a free implementation guide for sole practitioners and small practices that was developed with AUSTRAC and Law Council input, while most state bodies now run dedicated AML/CTF hubs.

Step 3: Stand up customer due diligence (and understand why VOI is not enough)

Customer Due Diligence (CDD) represents the most significant workflow change for many practices. It’s the area where there’s a dangerous assumption that having an existing ARNECC-compliant verification of identity process means the job is already done.

This is not true, however. VOI is a point-in-time identity check of an individual for land registry purposes. Initial CDD under the AML/CTF Act has to be finished before you start providing the designated service. It requires you to establish, on reasonable grounds.

Initial CDD requires you to establish:
  • The identity of the client, and of anyone acting on their behalf (also their authority to act)
  • The beneficial owners (where the client is a company, trust or other structure)
  • Whether the client, beneficial owners or representatives are politically exposed people or subject to targeted financial sanctions
  • The nature and purpose of the business relationship
  • Source of funds and source of wealth (this is mandatory for foreign PEPs and in other higher-risk situations)

If any of these cannot be established, the Act’s position is clear: you must not provide the service.

An important thing to be aware of is that the 2026 to 2029 transition period that lets existing reporting entities keep using their old identification procedures only applies to those that were enrolled on 30 March 2026. Newly captured practices will need to apply the new CDD framework in full from the first day.

The most practical approach is to build on what you already have, not simply duplicate it. Your VOI step can sit inside a broader CDD workflow that adds screening, beneficial ownership and risk rating.

For details on how the two regimes differ, have a look at our VOI requirements explainer.

Step 4: Prepare for reporting, with privilege handled properly

There are three important reporting obligations for legal and conveyancing practices.

Suspicious Matter Reports (SMRs). If you have a reasonable suspicion connected to money laundering, terrorism financing, criminal proceeds or unreliable identity, an SMR must be submitted within 24 hours for terrorism financing suspicions, and 3 business days for everything else.

Legal Professional Privilege (LPP) is preserved. Section 242 of the Act does not override LPP. If all the information that leads to a suspicion is privileged, no SMR is required. If the information is partly privileged, you report what is not privileged and lodge an LPP form for the rest.

Two things to keep in mind are that privilege is narrower than your general duty of confidentiality, and describing privileged material in the form does not waive it.

Tip offs are now a harm-based test. The reformed section 123 prohibits disclosing SMR-related information if doing so could reasonably be expected to prejudice an investigation. There is no longer a blanket communication ban, but informing a client that an SMR has been lodged remains a textbook breach.

Threshold Transaction Reports (TTRs). Receiving $10,000 or more in physical cash, including a cash deposit into your trust account, will trigger a TTR within 10 business days, but an electronic transfer won’t. AUSTRAC’s own example is a cash property deposit, so conveyancing trust accounts are precisely where this comes into play.

Step 5: Records, training and ongoing monitoring

There are three lesser obligations which round out the program, and they are the ones an AUSTRAC review will ask for evidence of.

The three lesser obligations:
  • Records: CDD records, transaction records and program documents must be retained for 7 years in a form you can readily retrieve.
  • Training: everyone whose role involves AML/CTF obligations needs initial and ongoing training tailored to their function. AUSTRAC is running free induction webinars for newly regulated businesses until August 2026, though this cannot be your only training.
  • Ongoing CDD: monitoring does not stop at file opening. Unusual instructions, unexpected payment patterns and changes in client risk all feed back into the program, and records must be kept even after a matter closes.

What AUSTRAC actually expects on day one

We recommend reading AUSTRAC’s updated statement of regulatory expectations because it converts a sprawling and complicated reform into four minimum expectations for newly regulated businesses:

Four minimum expectations:
  • Be enrolled (or be in the process, with the 29 July deadline in view)
  • Have an AML/CTF program and a compliance officer in place
  • Have trained your staff
  • Be ready to "have a go" at reporting suspicious matters

The same statement says that wilfully ignoring the obligation to enrol, and complicity or wilful blindness toward money laundering in the business, will both attract early enforcement.

Everything else sits under "effort, not perfection".

Practical checklist for legal and conveyancing practices
  • Map which of your service lines are designated services (property, structuring, trust account handling, nominee and address services)
  • Enrol the practice entity on AUSTRAC Online by 1 July if possible, and 29 July at the latest
  • Designate a fit-and-proper compliance officer at management level and notify AUSTRAC
  • Complete a risk assessment specific to your client base, services and geography
  • Adopt and customise the AUSTRAC starter kit if your practice fits the criteria; document adaptations if not
  • Extend your VOI workflow into full initial CDD: beneficial ownership, PEP and sanctions screening, nature and purpose, source of funds where required
  • Set up SMR and TTR workflows, including the LPP assessment step for SMRs
  • Brief every fee earner and client-facing staff member before 1 July
  • Confirm 7-year record retention across CDD, transactions and program documents
  • Book your team into AUSTRAC’s free induction webinars and your law society’s CPD sessions

Download this guide

A print-ready PDF version of this compliance guide is available to download and keep as a reference before 1 July.

Download the PDF Guide

Share it with your partners, practice manager and anyone who will be involved in CDD from 1 July.

Where VeriEzi fits

Most of the obligations involve governance: decisions, documents and accountability that have to exist inside the practice. The workflow underneath them is where software does the heavy lifting, and that is what VeriEzi was built for.

VeriEzi runs verification of identity and AML customer due diligence in one flow. Your client receives a link, completes a short questionnaire (cut from the industry-standard 10 to 12 pages down to 5 to 6) and verifies their identity, all with no app to download.

Screening runs across 300+ global databases covering sanctions, politically exposed persons and adverse media. Each matter auto-calculates a risk level (high-risk matters escalate to your compliance officer for review) and enhanced due diligence requests (source of funds, bank statements, trust deeds) go out from pre-set templates.

Suspicious matter reports pre-fill from the matter record, and cash threshold transactions are flagged for TTR lodgement. Every action lands in an exportable audit trail aligned to the 7-year retention requirement.

There is no platform fee, no subscription and VeriEzi is available in 5 languages. You pay per verification, which for a small practice means the cost of compliance tracks the work you actually do. You can get 5 free verifications to run VeriEzi’s identity verification on real matters today, or book your free demo and see the full AML workflow end to end before 1 July.

VeriEzi provides identity-verification software to support firms preparing for AUSTRAC Tranche 2 reporting obligations. The information in this article is general in nature and does not constitute legal or compliance advice. Firms remain responsible for their own AML/CTF Program and reporting-entity obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). For advice specific to your firm’s obligations, consult AUSTRAC guidance materials or a qualified compliance adviser.

Related Blogs

More insights from the same category: Compliance

You’re Now a Compliance Officer, Whether You Trained for It or Not: What Ongoing AML Actually InvolvesCompliance

July 6, 2026

You’re Now a Compliance Officer, Whether You Trained for It or Not: What Ongoing AML Actually Involves

So let’s do the calm, practical thing. Here is what ongoing compliance actually involves, day to day, not as legal theory. It is not effortless. But it is manageable, and this article sets out why.

Read More
AML Tranche 2 for Accountants and Tax Agents: Which of Your Services Actually Make You a Reporting EntityCompliance

July 2, 2026

AML Tranche 2 for Accountants and Tax Agents: Which of Your Services Actually Make You a Reporting Entity

Here is the practical split for accounting and tax practices. Treat it as a starting map, not a ruling on your specific facts.

Read More
AML/CTF for Real Estate Agents: What Agencies Must Have in Place by 1 July 2026Compliance

June 23, 2026

AML/CTF for Real Estate Agents: What Agencies Must Have in Place by 1 July 2026

Sales are captured; property management is not. Brokering the sale, purchase or transfer of real estate is the designated service. Leasing and property management fall outside the regime.

Read More
You’re Now a Compliance Officer, Whether You Trained for It or Not: What Ongoing AML Actually InvolvesCompliance

July 6, 2026

You’re Now a Compliance Officer, Whether You Trained for It or Not: What Ongoing AML Actually Involves

So let’s do the calm, practical thing. Here is what ongoing compliance actually involves, day to day, not as legal theory. It is not effortless. But it is manageable, and this article sets out why.

Read More
Ready to Modernize Your VOI Process?