
Australia is about to make the biggest expansion of its anti-money laundering regime in two decades.
From 1 July 2026, around 90,000 additional firms, lawyers, conveyancers, real estate agents, property developers, accountants, tax agents, trust and company service providers, and dealers in precious metals and stones will become reporting entities under the AML/CTF Amendment Act 2024.
That is around five times the existing population of current AUSTRAC-regulated entities, and it will affect professional services that have never run a compliance program like this. AUSTRAC enrolment opened on 31 March 2026 and will close on 29 July 2026, so the window is a small one.
Tranche 2 is the second phase of Australia’s AML/CTF regime, and it extends reporting-entity obligations beyond banks and casinos to professional and property-adjacent services.
The legislative vehicle is the AML/CTF Amendment Act 2024 (Cth), which got Royal Assent on 10 December 2024. It amends the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) to add additional "designated services" to the regulated aspects.
The reforms also change the entire regime, for both current and new reporting entities, from a prescriptive, compliance-based model to a risk-based, outcomes-oriented framework. AUSTRAC’s summary of the change describes this as moving from "tick-box compliance" to measures tailored to the actual risks faced by the business.
At a glance: Australia first proposed extending AML/CTF coverage to lawyers, accountants and real estate almost 20 years ago, but successive governments put this off, and 1 July 2026 is the date the regulator is now planning around.
Firms are considered to be reporting entities if they provide one or more "designated services" with a geographical link to Australia in the course of carrying out their business.
The expansion affects the following professions:
| Profession | Common designated services |
|---|---|
| Lawyers | Property transactions, sale or transfer of legal entities, receiving/holding/managing client property, equity or debt financing, acting as or arranging directors, nominee shareholders, registered office services |
| Conveyancers | Acting on the sale, purchase or transfer of real property |
| Real estate agents | Acting for buyer or seller in the sale, purchase or transfer of real property |
| Property developers | Selling or transferring real property directly (house-and-land packages, off-the-plan, new subdivisions) |
| Accountants and tax agents | Real estate transactions, sale of business entities, holding client funds, providing registered office services, acting as nominee director |
| Trust and company service providers (TCSPs) | Company formation, nominee directorships, trustee services |
| Dealers in precious metals/stones | Transactions involving $10,000 or more in physical currency or virtual assets |
The Law Society of NSW’s Law Society Journal (February 2026) lists nine categories of designated legal services. The key clarification the Society makes is that obligations apply when services “directly advance” a transaction, not when they provide strategic or theoretical advice.
In practice, this means that a lawyer giving general advice on a corporate structure is not captured by that act alone, but if the same lawyer drafts and lodges the documents, holds settlement funds or acts as a nominee director, they become a reporting entity.
For real estate, the position is more expansive. Gadens’ analysis confirms that the obligation applies to any service in connection with a sale, purchase or transfer of real property, regardless of price and if the agent is acting on behalf of the buyer or seller.
For accountants, CPA Australia’s Tranche 2 factsheet says the captured services include registered office services, assisting with restructures, acting as nominee director and holding or managing client money.

The Tranche 2 timeline has four key dates between Royal Assent and the enrolment deadline.
| Date | What happens |
|---|---|
| 10 December 2024 | AML/CTF Amendment Act 2024 receives Royal Assent |
| 31 March 2026 | AUSTRAC enrolment opens for newly captured Tranche 2 entities |
| 30 May 2026 | Existing reporting entities must notify AUSTRAC who their AML/CTF compliance officer is |
| 30 June 2026 | Tranche 2 entities must have their AML/CTF program in place |
| 1 July 2026 | Full Tranche 2 obligations begin |
| 29 July 2026 | Final deadline for newly captured entities to enrol with AUSTRAC |
There are two things that are easy to miss. First, enrolment opened on 31 March 2026, not 1 July. Firms that wait until commencement to enrol risk their submission being late as the 29 July deadline will be when AUSTRAC’s enrolment portal is busiest.
Second, AUSTRAC expects AML/CTF programs to be in place by 30 June 2026, which is the day before designated services trigger obligations. The program shouldn’t be something firms build after they start providing regulated services, it needs to be in place on day one.
Enrolment is done via AUSTRAC Online, the same portal that existing reporting entities currently use. Firms create an account, complete the new enrolment form and submit a single application for the legal entity that’s providing designated services.
AUSTRAC’s enrolment guidance for new entities contains two important points:
Quick check: practices that have not enrolled by 29 July 2026, but are providing designated services from 1 July, are operating outside the AML/CTF Act’s enrolment requirements. Enrolment is the starting obligation and the rest of the program is built on top of it.
The professional bodies, Law Council of Australia, Queensland Law Society, Law Institute Victoria, Law Society of NSW, REIA, CA ANZ, CPA Australia, have all published guidance of varying depth.
Each Tranche 2 reporting entity must fulfil the same six obligations from 1 July 2026, regardless of their profession.
| # | Obligation | What it requires |
|---|---|---|
| 1 | Enrol with AUSTRAC | One enrolment per legal entity made via AUSTRAC Online before 29 July 2026. |
| 2 | Appoint a fit-and-proper compliance officer | A named officer responsible for the AML/CTF program, which is an explicit requirement as per AUSTRAC’s transitional rules. |
| 3 | Develop a written AML/CTF program | This is a two-part document: Part A is for risk assessment, while Part B is for policies, procedures, systems and controls. It should be reviewed and approved regularly. |
| 4 | Conduct customer due diligence (CDD) | Identify and verify the customer, beneficial owners and any politically exposed persons. Assess risk and monitor consistently. |
| 5 | Report suspicious matters and threshold transactions | Lodge SMRs where there is reasonable suspicion of money laundering, terrorism financing or other criminal activity. Lodge TTRs for cash transactions at or above $10,000. |
| 6 | Maintain records for seven years | Customer ID and verification, transactions, the AML/CTF program and all reports lodged with AUSTRAC |
In practice, appointment of a compliance officer and the AML/CTF program are the two obligations most newly captured firms underestimate. The program is not a template document, it is a written reflection of the firm’s actual money-laundering and terrorism-financing risk.

AUSTRAC’s Program Starter Kits, released on January 30, 2026, help small practices structure that document, but they are just a starting point and not a finished product.
CDD is the workflow the majority of firms will end up spending the most time on. CDD is the obligation to identify and verify customers before providing a designated service, and that risk picture will be kept current across the engagement.
AUSTRAC’s CDD rules introduce more prescriptive obligations than the existing regime, each tailored to different types of customer.
Different customer profiles attract different levels of CDD. Standard CDD is the default, while simplified CDD applies to lower-risk customers and enhanced CDD applies to higher-risk customers (politically exposed people, higher-risk jurisdictions, complex ownership structures, etc.).
The verification step is the bridge between Tranche 2 and the verification work a lot of firms are already doing. Lawyers and conveyancers run Verification of Identity (VOI) on every property file under ARNECC Schedule 8, and a clean VOI workflow already covers most of the CDD identity step.
The new requirement is the program around it, which involves risk assessment, beneficial-owner identification and ongoing monitoring.
For real estate agents and developers, who likely have never had to run a formal verification, the change is more complicated. The REIA AML/CTF resource hub and Law Society of NSW CDD guidance highlight this as the aspect with the most friction for the property sector.
Civil penalties under the AML/CTF Act are substantial and apply for each contravention.
| Offender | Maximum civil penalty per contravention |
|---|---|
| Body corporate | $33 million |
| Individual | $6.6 million |
These figures are confirmed in the BDO Australia analysis of the AML/CTF Amendment Act 2024 and cross-referenced by Grant Thornton’s reforms overview.
Penalty scale: a single significant contravention will cost $33 million for a body corporate. Multiple contraventions, such as failing to identify beneficial owners across a series of transactions, can multiply into much larger penalties. AUSTRAC also has graduated enforcement options for those who break the rules. They are infringement notices, enforceable undertakings, court-ordered remediation and civil penalty proceedings.
AUSTRAC has made it very clear that ignorance is not an acceptable defence. Firms cannot defer enrolment, point to professional-body silence or rely on having no prior AML/CTF experience to avoid penalties. The obligation is attached to the service, not the firm’s awareness of it.
For lawyers and conveyancers, Tranche 2 sits on top of the existing ARNECC Verification of Identity Standard when it comes to property matters. The two regimes share an identity-verification step but answer to different regulators.
The overlap looks like this:
| Element | ARNECC (state land registries) | AML/CTF Tranche 2 (AUSTRAC) |
|---|---|---|
| Trigger | Every party signing a registry instrument | Every customer receiving a designated service |
| Standard | Schedule 8, face-to-face safe harbour, “reasonable steps” elsewhere | Risk-based CDD: identify, verify, monitor |
| Validity | 2 years per Subscriber | Ongoing, refresh when risk changes |
| Records | 7 years | 7 years |
| Penalty for failure | Civil liability, professional-conduct complaint, indemnity issue | Civil penalty of up to $33M (body corporate) |
At a glance: from 1 July 2026, property lawyers or conveyancers verifying a client’s identity will be doing two regulatory jobs at the same time: ARNECC VOI for the registry and CDD for AUSTRAC. The evidence must satisfy both.
Firms with a clean VOI workflow will already have most of the identity-verification step covered, while firms running ad hoc verification must build a single workflow that addresses both regimes at the same time.
Real estate agents and accountants do not currently have an existing ARNECC equivalent. Their identity-verification step will be brand new from 1 July 2026, so the program around it must be built from the ground up.
The window before commencement is short. There are three phases to a defensible Tranche 2 readiness plan.
| Phase | What to do |
|---|---|
| May 2026 | Confirm if the firm provides designated services, decide which legal entity will enrol, nominate an AML/CTF compliance officer and a deputy, start the risk assessment that anchors the program and check the current verification workflow meets CDD obligations |
| June 2026 | Finalise the written AML/CTF program (Part A: risk assessment, and Part B: policies, procedures, systems and controls), dry-run CDD using an example from a recent matter, confirm seven-year record retention with access controls is in place, then brief every fee-earner and client-facing staff member |
| By 29 July 2026 | Enrol the legal entity (or entities) on AUSTRAC Online, lodge the compliance officer notification, then stand up the SMR and TTR reporting workflow |
Firms will not need a separate compliance suite on top of an existing verification tool. The verification record is the foundation of CDD, which means the program, officer and reporting workflow sit above that foundation. They are governance, not software.
Tranche 2 is the most significant regulatory change for Australian professional services since the AML/CTF Act itself in 2006. The compliance load is significant, the penalties are heavy and the window before 1 July 2026 is closing rapidly.
The firms that are ready are the ones treating Tranche 2 as a permanent workflow change, not a deadline to clear and then forget about. The compliance officer, the program, the CDD workflow and the records are the operating system of a reporting entity, designed to run year after year.
Every designated service provided from 1 July 2026 carries a CDD evidence trail that AUSTRAC may eventually ask to see.
VeriEzi runs ARNECC-aligned verification of identity in under 10 minutes that’s mobile-first, multi-language and with a tamper-evident audit trail. The verification record is the foundation Tranche 2 reporting entities can build their CDD workflow on, and we have AML compliance features on our roadmap. Book a demo now to see how VeriEzi fits into your firm’s readiness plan.
VeriEzi provides identity-verification software to support firms preparing for AUSTRAC Tranche 2 reporting obligations. The information in this article is general in nature and does not constitute legal or compliance advice. Firms remain responsible for their own AML/CTF Program and reporting-entity obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). For advice specific to your firm’s obligations, consult AUSTRAC guidance materials or a qualified compliance adviser.
More insights from the same category: Legal Updates