Home / Compliance / AU
Compliance · AU

AML/CTF compliance for Australian law firms (Tranche 2)

In short

Australian law firms will become subject to AML/CTF obligations from 1 July 2026 under the Tranche 2 reforms (Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth)) when they perform designated services such as conveyancing, trust account work, and certain types of corporate work. Firms should use the lead-in period to stand up a compliance program before commencement. This guide sets out 10 core obligations.

Build compliance into your firm — free trial
Who must comply

Coverage

From 1 July 2026, Australian law firms providing designated services under the amended AML/CTF Act, including those acting in conveyancing, trust account work, company formation, and asset management. Coverage applies regardless of firm size.

Legal basis

The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), as amended by the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth) (the Tranche 2 reforms). Tranche 2 obligations for law firms and other "designated non-financial businesses and professions" commence on 1 July 2026. AUSTRAC is the regulator.

10 obligations

The obligations

1

Develop an AML/CTF program

Establish a written AML/CTF program covering customer due diligence, ongoing monitoring, transaction reporting, and staff training.

AML/CTF Act 2006 (Cth) Part 7
2

Conduct customer due diligence (CDD)

Verify the identity of every client and beneficial owner before providing a designated service. Apply enhanced CDD for higher-risk clients.

AML/CTF Act 2006 (Cth) Part 2
3

Identify beneficial owners

For corporate or trust clients, identify and verify the beneficial owner — the natural person who ultimately controls the entity.

AML/CTF Rules
4

Conduct ongoing customer due diligence

Monitor client relationships and transactions for unusual or suspicious activity. Update CDD information as circumstances change.

AML/CTF Act 2006 (Cth) s 36
5

Report suspicious matters

Lodge suspicious matter reports (SMRs) with AUSTRAC within 3 business days of forming a suspicion. Failure to report is a serious offence.

AML/CTF Act 2006 (Cth) s 41
6

Report threshold transactions

Report cash transactions of $10,000 or more to AUSTRAC within 10 business days. Threshold transaction reports apply across multiple connected transactions.

AML/CTF Act 2006 (Cth) s 43
7

Provide staff training

Train all relevant staff on AML/CTF obligations, red flags, and reporting procedures. Document the training and refresh annually.

AML/CTF Act 2006 (Cth) Part 7.5
8

Maintain records

Keep AML/CTF records for at least 7 years, including CDD documents, transaction records, and SMR / TTR submissions.

AML/CTF Act 2006 (Cth) Part 10
9

Conduct an independent review

Arrange an independent review of the AML/CTF program at appropriate intervals. The review must be conducted by a person not involved in the program's day-to-day operation.

AML/CTF Rules
10

Enrol with AUSTRAC

Enrol with AUSTRAC as a reporting entity once the firm provides designated services. Maintain enrolment details and notify AUSTRAC of changes.

AML/CTF Act 2006 (Cth) Part 6
Penalties

What happens if you do not comply

Civil penalties of up to $22.5 million per contravention for body corporates. Criminal offences carry up to 10 years imprisonment for individuals. AUSTRAC can also accept enforceable undertakings, issue infringement notices, and order remedial action.

Reporting requirements

Suspicious matter reports within 3 business days. Threshold transaction reports within 10 business days. International funds transfer instructions on the day of transfer.

Practical steps

What firms should do today

  • Designate an AML/CTF compliance officer with sufficient seniority
  • Document the firm's AML/CTF program and update annually
  • Run staff training before the firm provides any designated service
  • Establish a system for ongoing customer due diligence on existing clients
  • Build SMR and TTR reporting into the firm's normal workflows
  • Schedule an independent review at least every 2-3 years
Use with Quillio

Compliance with Quillio

Quillio supports AML/CTF compliance by identifying high-risk client matters, flagging unusual transaction patterns, and helping draft AML/CTF programs and policies. See /resources/security or start a free trial.

This guide is general information about AML/CTF obligations — not legal or compliance advice. Always obtain specialist AML/CTF advice for designing and operating your compliance program.

Build compliance into your stack.

Quillio is built around AU compliance from the ground up — SOC 2 Type II + ISO 27001 + Australian data sovereignty. The free trial requires no credit card.

Start your free trial