AML/CTF Compliance Is Now Available in VeriEzi. Mobile App Coming Soon.
Manage AML reviews, monitor alerts, and streamline your compliance workflow today. Secure mobile access is coming soon.
BlogLegal Updates

AUSTRAC Tranche 2 Explained: What Lawyers, Real Estate Agents, Conveyancers and Accountants Must Do Before 1 July 2026

Admin May 14, 2026Legal Updates
AUSTRAC Tranche 2 Explained: What Lawyers, Real Estate Agents, Conveyancers and Accountants Must Do Before 1 July 2026

Australia is about to make the biggest expansion of its anti-money laundering regime in two decades.

From 1 July 2026, around 90,000 additional firms, lawyers, conveyancers, real estate agents, property developers, accountants, tax agents, trust and company service providers, and dealers in precious metals and stones will become reporting entities under the AML/CTF Amendment Act 2024.

That is around five times the existing population of current AUSTRAC-regulated entities, and it will affect professional services that have never run a compliance program like this. AUSTRAC enrolment opened on 31 March 2026 and will close on 29 July 2026, so the window is a small one.

Key Takeaways
  • Tranche 2 commences 1 July 2026. AUSTRAC enrolment is open now and will close on 29 July 2026.
  • Six core obligations will apply to each reporting entity: enrol, appoint a compliance officer, run an AML/CTF program, perform customer due diligence, report suspicious matters and keep records for 7 years.
  • Affected professions: lawyers, conveyancers, real estate agents, property developers, accountants, tax agents, trust and company service providers, and dealers in precious metals/stones over $10,000.
  • Civil penalties can get as high as $33 million per contravention for body corporates and $6.6 million for individuals.
  • AUSTRAC released sector-specific guidance for lawyers and accountants in January 2026, as well as Program Starter Kits for small practices.
  • Customer due diligence is the single most significant workflow change for the majority of newly affected firms, and it’s the one with the most direct overlap with current verification processes.

What Is the AML/CTF Tranche 2 Reform?

Tranche 2 is the second phase of Australia’s AML/CTF regime, and it extends reporting-entity obligations beyond banks and casinos to professional and property-adjacent services.

The legislative vehicle is the AML/CTF Amendment Act 2024 (Cth), which got Royal Assent on 10 December 2024. It amends the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) to add additional "designated services" to the regulated aspects.

The reforms also change the entire regime, for both current and new reporting entities, from a prescriptive, compliance-based model to a risk-based, outcomes-oriented framework. AUSTRAC’s summary of the change describes this as moving from "tick-box compliance" to measures tailored to the actual risks faced by the business.

At a glance: Australia first proposed extending AML/CTF coverage to lawyers, accountants and real estate almost 20 years ago, but successive governments put this off, and 1 July 2026 is the date the regulator is now planning around.

Who Is Now a “Reporting Entity”?

Firms are considered to be reporting entities if they provide one or more "designated services" with a geographical link to Australia in the course of carrying out their business.

The expansion affects the following professions:

ProfessionCommon designated services
LawyersProperty transactions, sale or transfer of legal entities, receiving/holding/managing client property, equity or debt financing, acting as or arranging directors, nominee shareholders, registered office services
ConveyancersActing on the sale, purchase or transfer of real property
Real estate agentsActing for buyer or seller in the sale, purchase or transfer of real property
Property developersSelling or transferring real property directly (house-and-land packages, off-the-plan, new subdivisions)
Accountants and tax agentsReal estate transactions, sale of business entities, holding client funds, providing registered office services, acting as nominee director
Trust and company service providers (TCSPs)Company formation, nominee directorships, trustee services
Dealers in precious metals/stonesTransactions involving $10,000 or more in physical currency or virtual assets

The Law Society of NSW’s Law Society Journal (February 2026) lists nine categories of designated legal services. The key clarification the Society makes is that obligations apply when services “directly advance” a transaction, not when they provide strategic or theoretical advice.

In practice, this means that a lawyer giving general advice on a corporate structure is not captured by that act alone, but if the same lawyer drafts and lodges the documents, holds settlement funds or acts as a nominee director, they become a reporting entity.

For real estate, the position is more expansive. Gadens’ analysis confirms that the obligation applies to any service in connection with a sale, purchase or transfer of real property, regardless of price and if the agent is acting on behalf of the buyer or seller.

For accountants, CPA Australia’s Tranche 2 factsheet says the captured services include registered office services, assisting with restructures, acting as nominee director and holding or managing client money.

AUSTRAC Tranche 2 sectors and obligations

When Do the New Obligations Begin?

The Tranche 2 timeline has four key dates between Royal Assent and the enrolment deadline.

DateWhat happens
10 December 2024AML/CTF Amendment Act 2024 receives Royal Assent
31 March 2026AUSTRAC enrolment opens for newly captured Tranche 2 entities
30 May 2026Existing reporting entities must notify AUSTRAC who their AML/CTF compliance officer is
30 June 2026Tranche 2 entities must have their AML/CTF program in place
1 July 2026Full Tranche 2 obligations begin
29 July 2026Final deadline for newly captured entities to enrol with AUSTRAC

There are two things that are easy to miss. First, enrolment opened on 31 March 2026, not 1 July. Firms that wait until commencement to enrol risk their submission being late as the 29 July deadline will be when AUSTRAC’s enrolment portal is busiest.

Second, AUSTRAC expects AML/CTF programs to be in place by 30 June 2026, which is the day before designated services trigger obligations. The program shouldn’t be something firms build after they start providing regulated services, it needs to be in place on day one.

How Do I Enrol With AUSTRAC?

Enrolment is done via AUSTRAC Online, the same portal that existing reporting entities currently use. Firms create an account, complete the new enrolment form and submit a single application for the legal entity that’s providing designated services.

AUSTRAC’s enrolment guidance for new entities contains two important points:

Two important enrolment points
  • One enrolment per legal entity. Multi-entity firms (e.g. a parent partnership plus a service trust) might need to enrol more than once, depending on the entity which actually provides the designated service.
  • Some entities need to register as well as enrol. Remittance service providers and virtual asset service providers will have to register on top of enrolling, while most Tranche 2 professions will only need to enrol.

Quick check: practices that have not enrolled by 29 July 2026, but are providing designated services from 1 July, are operating outside the AML/CTF Act’s enrolment requirements. Enrolment is the starting obligation and the rest of the program is built on top of it.

The professional bodies, Law Council of Australia, Queensland Law Society, Law Institute Victoria, Law Society of NSW, REIA, CA ANZ, CPA Australia, have all published guidance of varying depth.

What Are the Six Core Obligations for Reporting Entities?

Each Tranche 2 reporting entity must fulfil the same six obligations from 1 July 2026, regardless of their profession.

#ObligationWhat it requires
1Enrol with AUSTRACOne enrolment per legal entity made via AUSTRAC Online before 29 July 2026.
2Appoint a fit-and-proper compliance officerA named officer responsible for the AML/CTF program, which is an explicit requirement as per AUSTRAC’s transitional rules.
3Develop a written AML/CTF programThis is a two-part document: Part A is for risk assessment, while Part B is for policies, procedures, systems and controls. It should be reviewed and approved regularly.
4Conduct customer due diligence (CDD)Identify and verify the customer, beneficial owners and any politically exposed persons. Assess risk and monitor consistently.
5Report suspicious matters and threshold transactionsLodge SMRs where there is reasonable suspicion of money laundering, terrorism financing or other criminal activity. Lodge TTRs for cash transactions at or above $10,000.
6Maintain records for seven yearsCustomer ID and verification, transactions, the AML/CTF program and all reports lodged with AUSTRAC

In practice, appointment of a compliance officer and the AML/CTF program are the two obligations most newly captured firms underestimate. The program is not a template document, it is a written reflection of the firm’s actual money-laundering and terrorism-financing risk.

AML obligations checklist

AUSTRAC’s Program Starter Kits, released on January 30, 2026, help small practices structure that document, but they are just a starting point and not a finished product.

What Is Customer Due Diligence (CDD) Under Tranche 2?

CDD is the workflow the majority of firms will end up spending the most time on. CDD is the obligation to identify and verify customers before providing a designated service, and that risk picture will be kept current across the engagement.

AUSTRAC’s CDD rules introduce more prescriptive obligations than the existing regime, each tailored to different types of customer.

The four CDD steps are:
  • Identify the customer: full legal name, date of birth, residential address and other identifiers required by the firm’s program
  • Verify the customer’s identity: confirm those details are correct against reliable, independent documentation or electronic data
  • Identify beneficial owners: if the customer is a company, trust or other legal arrangement, identify the natural persons who ultimately own or control it
  • Apply ongoing CDD: monitor the relationship, refresh information whenever risk changes and re-verify when required

Different customer profiles attract different levels of CDD. Standard CDD is the default, while simplified CDD applies to lower-risk customers and enhanced CDD applies to higher-risk customers (politically exposed people, higher-risk jurisdictions, complex ownership structures, etc.).

The verification step is the bridge between Tranche 2 and the verification work a lot of firms are already doing. Lawyers and conveyancers run Verification of Identity (VOI) on every property file under ARNECC Schedule 8, and a clean VOI workflow already covers most of the CDD identity step.

The new requirement is the program around it, which involves risk assessment, beneficial-owner identification and ongoing monitoring.

For real estate agents and developers, who likely have never had to run a formal verification, the change is more complicated. The REIA AML/CTF resource hub and Law Society of NSW CDD guidance highlight this as the aspect with the most friction for the property sector.

What Are the Penalties for Non-Compliance?

Civil penalties under the AML/CTF Act are substantial and apply for each contravention.

OffenderMaximum civil penalty per contravention
Body corporate$33 million
Individual$6.6 million

These figures are confirmed in the BDO Australia analysis of the AML/CTF Amendment Act 2024 and cross-referenced by Grant Thornton’s reforms overview.

Penalty scale: a single significant contravention will cost $33 million for a body corporate. Multiple contraventions, such as failing to identify beneficial owners across a series of transactions, can multiply into much larger penalties. AUSTRAC also has graduated enforcement options for those who break the rules. They are infringement notices, enforceable undertakings, court-ordered remediation and civil penalty proceedings.

AUSTRAC has made it very clear that ignorance is not an acceptable defence. Firms cannot defer enrolment, point to professional-body silence or rely on having no prior AML/CTF experience to avoid penalties. The obligation is attached to the service, not the firm’s awareness of it.

How Does Tranche 2 Connect to Existing VOI Requirements?

For lawyers and conveyancers, Tranche 2 sits on top of the existing ARNECC Verification of Identity Standard when it comes to property matters. The two regimes share an identity-verification step but answer to different regulators.

The overlap looks like this:

ElementARNECC (state land registries)AML/CTF Tranche 2 (AUSTRAC)
TriggerEvery party signing a registry instrumentEvery customer receiving a designated service
StandardSchedule 8, face-to-face safe harbour, “reasonable steps” elsewhereRisk-based CDD: identify, verify, monitor
Validity2 years per SubscriberOngoing, refresh when risk changes
Records7 years7 years
Penalty for failureCivil liability, professional-conduct complaint, indemnity issueCivil penalty of up to $33M (body corporate)

At a glance: from 1 July 2026, property lawyers or conveyancers verifying a client’s identity will be doing two regulatory jobs at the same time: ARNECC VOI for the registry and CDD for AUSTRAC. The evidence must satisfy both.

Firms with a clean VOI workflow will already have most of the identity-verification step covered, while firms running ad hoc verification must build a single workflow that addresses both regimes at the same time.

Real estate agents and accountants do not currently have an existing ARNECC equivalent. Their identity-verification step will be brand new from 1 July 2026, so the program around it must be built from the ground up.

What Should Firms Be Doing Right Now?

The window before commencement is short. There are three phases to a defensible Tranche 2 readiness plan.

PhaseWhat to do
May 2026Confirm if the firm provides designated services, decide which legal entity will enrol, nominate an AML/CTF compliance officer and a deputy, start the risk assessment that anchors the program and check the current verification workflow meets CDD obligations
June 2026Finalise the written AML/CTF program (Part A: risk assessment, and Part B: policies, procedures, systems and controls), dry-run CDD using an example from a recent matter, confirm seven-year record retention with access controls is in place, then brief every fee-earner and client-facing staff member
By 29 July 2026Enrol the legal entity (or entities) on AUSTRAC Online, lodge the compliance officer notification, then stand up the SMR and TTR reporting workflow
Capabilities firms should look for in their verification and CDD tooling
  • Multi-language, client-facing flow that doesn’t need the client to download an app
  • Biometric liveness check and document authentication for risk-based CDD
  • Tamper-evident audit trail that timestamps and hashes every verification step
  • Seven-year record retention with retrievable records
  • Workflow that supports both ARNECC VOI and AUSTRAC CDD (for firms doing property work)

Firms will not need a separate compliance suite on top of an existing verification tool. The verification record is the foundation of CDD, which means the program, officer and reporting workflow sit above that foundation. They are governance, not software.

What This Means for Your Practice

Tranche 2 is the most significant regulatory change for Australian professional services since the AML/CTF Act itself in 2006. The compliance load is significant, the penalties are heavy and the window before 1 July 2026 is closing rapidly.

The firms that are ready are the ones treating Tranche 2 as a permanent workflow change, not a deadline to clear and then forget about. The compliance officer, the program, the CDD workflow and the records are the operating system of a reporting entity, designed to run year after year.

Practical checklist, what to actually do
  • Confirm whether each legal entity in the firm provides designated services
  • Enrol the relevant entity (or entities) on AUSTRAC Online before 29 July 2026
  • Appoint a fit-and-proper AML/CTF compliance officer and deputy
  • Complete a risk assessment specific to the firm’s customer base, service mix and geographies
  • Finalise the two-part AML/CTF program in writing by 30 June 2026
  • Stand up a CDD workflow that captures customer identity, beneficial ownership and ongoing monitoring
  • Retain customer, transaction and program records for seven years
  • Train every fee-earner and client-facing staff member on the workflow
  • If working on property matters, align the CDD identity step with the existing ARNECC VOI workflow rather than running two parallel processes
  • Track professional-body guidance, Law Council, QLS, LIV, Law Society of NSW, REIA, CA ANZ, CPA Australia, and continue to publish updates

Every designated service provided from 1 July 2026 carries a CDD evidence trail that AUSTRAC may eventually ask to see.

VeriEzi runs ARNECC-aligned verification of identity in under 10 minutes that’s mobile-first, multi-language and with a tamper-evident audit trail. The verification record is the foundation Tranche 2 reporting entities can build their CDD workflow on, and we have AML compliance features on our roadmap. Book a demo now to see how VeriEzi fits into your firm’s readiness plan.

VeriEzi provides identity-verification software to support firms preparing for AUSTRAC Tranche 2 reporting obligations. The information in this article is general in nature and does not constitute legal or compliance advice. Firms remain responsible for their own AML/CTF Program and reporting-entity obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). For advice specific to your firm’s obligations, consult AUSTRAC guidance materials or a qualified compliance adviser.

Ready to Modernize Your VOI Process?