
All firms captured by Australia’s new Tranche 2 reforms must designate an AML (Anti-Money Laundering)/CTF (Counter-Terrorism Financing) compliance officer by the time obligations commence on 1 July 2026. The statutory deadline is 28 days after the firm first provides designated services.
For the majority of newly regulated practices, that means a principal, practice manager or licensee-in-charge will undertake a role they have never done before, under a regime that didn’t apply to their industry until these new reforms came into place.
If you have been given these responsibilities by your firm, this guide will take you through everything you need to know. It covers the legal requirements of the role, the deadlines that apply to you specifically as well as a realistic plan for your first 90 days.
None of it assumes any prior AML knowledge because AUSTRAC itself doesn’t: in fact, the regulator’s guidance states explicitly that a compliance officer “doesn’t need to be an AML/CTF expert.”

The AML/CTF Act requires every reporting entity to designate a compliance officer at management level. There are three pillars of eligibility:
As per AUSTRAC’s compliance officer guidance, the role involves four key functions:
Three important things are worth getting straight early on because they remove most of the anxiety you might feel about the role:
You are not a shield from accountability for the firm. The governing body (the partners, directors or owner) still has a statutory obligation to oversee risk and take reasonable steps toward compliance, and designating you doesn’t change that.
A separate senior manager should be in charge of approving AML/CTF policies, risk assessment and high-risk customer decisions. For small firms, one person can hold all three roles. AUSTRAC notes that they “don’t need to report to themselves.”
You are not expected to be fully trained from the start. For small businesses, AUSTRAC requires a management-level person to learn the firm’s risks and be willing to build their capability through training and experience.
You are not necessarily an employee. The role can be outsourced to an external compliance officer who’s given the authority, resources and expertise to do the job. Also, one compliance officer can serve other members within a corporate reporting group. Either way, the firm is ultimately responsible.
Before you can be appointed, the firm must confirm you are a fit and proper person, and also keep records showing how they came to that conclusion. This is a considered decision, not a pass/fail checklist.
AUSTRAC accepts open-source searches, reference checks, credit checks and police checks as examples of what firms might document to confirm their officer is fit and proper. It also requires periodic reassessment.
For professionals already subject to practising-certificate or licensing checks, there is a logical development expected in late 2026: AUSTRAC is working with industry bodies on recognising existing fit-and-proper processes.
Deadline confusion is a particularly common issue, partly because of the 30 May 2026 notification deadline that was circulated widely earlier this year. However, that deadline only applied to entities already on AUSTRAC’s Reporting Entities Roll by 30 March 2026.
For newly captured firms, the Transitional Rules set the timetable:
| Event | Deadline |
|---|---|
| Firm enrols with AUSTRAC | By 29 July 2026 |
| Compliance officer appointed | Within 28 days of the firm providing designated services |
| AUSTRAC notified of the appointment | The later of 29 July 2026 or 14 days after enrolment |
| Compliance officer leaves or becomes ineligible | Notify AUSTRAC within 14 days; someone must always be covering the function |
| First written report to the governing body | Within 12 months of commencement |
| Firm’s first annual compliance report to AUSTRAC | Covers 1 July 2026 to 30 June 2027; lodged between 1 July and 30 September 2027 |

Here is a workplan that fits what AUSTRAC has said it expects of newly regulated firms by 1 July: enrolled, program and compliance officer in place, staff trained, ready to report.
A print-ready PDF of this 90-day plan and checklist is available to download and keep as your compliance roadmap from day one.
Download the PDF GuideShare it with your governing body so they understand the role too, as their oversight obligations sit alongside yours.
A compliance officer’s workload is divided into judgement and bookkeeping. The judgement aspect (risk decisions, escalations, the annual report’s conclusions) is yours, but the bookkeeping is what VeriEzi was built to do.
VeriEzi gives the compliance officer a single review queue. Matters auto-calculate a risk level from screening and questionnaire answers, and high-risk matters lock and escalate to you automatically. Risky answers are highlighted so you can see what actually needs your judgement at a glance.
False positives from sanctions and politically-exposed-person screening can be cleared in bulk with a recorded reason, and risk overrides always capture who, when and why. Staff can route completed work to you for sign-off.
When something warrants reporting, the suspicious matter report pre-fills from the matter record, and the annual compliance report compiles electronically instead of from a Word template. Every action sits in a filterable audit log that exports to CSV, which is precisely what you want to hand over when the firm’s records are examined.
There is no subscription and no platform fee; the firm pays per verification. You can get 5 free verifications to run on your own matters, or book your free demo and see the compliance officer workspace before 1 July.
VeriEzi provides identity-verification software to support firms preparing for AUSTRAC Tranche 2 reporting obligations. The information in this article is general in nature and does not constitute legal or compliance advice. Firms remain responsible for their own AML/CTF Program and reporting-entity obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). For advice specific to your firm’s obligations, consult AUSTRAC guidance materials or a qualified compliance adviser.
More insights from the same category: Industry Insights
Industry InsightsMay 26, 2026
Verifying overseas property buyers under ARNECC VOI rules, what lawyers and conveyancers must do to meet AML compliance and protect settlement.
Read More
ComplianceJuly 6, 2026
So let’s do the calm, practical thing. Here is what ongoing compliance actually involves, day to day, not as legal theory. It is not effortless. But it is manageable, and this article sets out why.
Read More