Compliance Alert: The "Tranche 2" reforms are coming. AUSTRAC enforcement for designated non-financial businesses and professions (DNFBPs) begins in 2026.

The Changing Landscape of Anti-Money Laundering in Australia

Australia is currently undergoing the most significant overhaul of its Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) regime in nearly two decades. For years, the AML/CTF Act 2006 applied primarily to financial institutions, casinos, and bullion dealers ("Tranche 1"). However, following pressure from the Financial Action Task Force (FATF), Australia is extending these obligations to "gatekeeper" professions—lawyers, accountants, real estate agents, and trust service providers. This is the "Tranche 2" reform.

As a professional service firm, you are now on the front lines of the fight against financial crime. Failure to comply is not just a reputational risk; it carries heavy civil and criminal penalties. At CorpArray, we provide the technical expertise and practical tools to help you navigate these complex requirements without disrupting your client relationships.

Who is Affected? The "Designated Services" Test

You are a reporting entity under the new laws if you provide "designated services" in Australia. This includes:

Lawyers & Conveyancers: When helping clients buy or sell real estate, managing client money/securities, or setting up corporate entities and trusts.
Accountants: When acting as a registered office, managing funds, or providing insolvency and liquidation services.
Real Estate Agents: When acting as an agent for the purchase or sale of real estate or businesses.
Trust & Company Service Providers: When acting as a nominee director, shareholder, or providing a registered office address.

The Six Pillars of an AML/CTF Compliance Program

Your compliance program is the foundation of your regulatory standing. AUSTRAC requires a program that is "risk-based"—it must be tailored to the specific money laundering and terrorism financing (ML/TF) risks your practice faces. CorpArray helps you build a program based on these six essential pillars:

1. Oversight and Governance

The program must be approved and overseen by your board or senior management. You must appoint an **AML/CTF Compliance Officer** who has the authority and resources to manage the program effectively.

2. ML/TF Risk Assessment

You must conduct a formal assessment of the risks your business faces. This includes analyzing your client types, the services you offer, your delivery channels (e.g., online vs. in-person), and the geographic locations where you operate.

3. Employee Due Diligence & Training

You must vet your employees to ensure they are fit and proper. Furthermore, you must provide ongoing training so your team can identify "red flags" and suspicious activity.

4. Customer Due Diligence (KYC)

Known as "Know Your Customer" (KYC), you must verify the identity of your clients before providing services. For corporate clients, this includes "drilling down" to identify the **Ultimate Beneficial Owners (UBOs)**—the natural persons who ultimately own or control the entity.

5. Transaction Monitoring & SMR

You must have systems in place to detect unusual patterns. If you suspect a transaction involves crime or terrorism, you must lodge a **Suspicious Matter Report (SMR)** with AUSTRAC within 24 hours (for terrorism) or 3 days (for other crimes).

6. Independent Review

Your program must be independently reviewed at regular intervals (typically every 2-3 years) to ensure it is effective and compliant. **CorpArray is a leading provider of these independent audits.**

Part A vs. Part B: Understanding the Difference

An AML/CTF program is divided into two distinct sections:

Part A (General): Focuses on your internal policies, risk management, oversight, and reporting systems. It is the "brain" of your compliance.
Part B (Customer Due Diligence): Focuses on the "onboarding" of clients—how you identify them, verify their documents, and assess their specific risk level.

The Cost of Non-Compliance

AUSTRAC has become one of the world's most aggressive regulators. Recent years have seen record-breaking fines against major institutions (e.g., CBA, Westpac, Crown). While small firms are unlikely to face billion-dollar fines, the penalties are still devastating:

Civil Penalties: Up to $22 million for a corporation and $4.4 million for an individual per contravention.
Enforceable Undertakings: AUSTRAC can force you to hire expensive consultants and overhaul your systems under their supervision.
Reputational Ruin: Being named in an AUSTRAC enforcement action can lead to the immediate loss of professional indemnity insurance and banking facilities.

Our Three-Step Compliance Methodology

Step 1: Gap Analysis

We review your current onboarding and risk processes to identify exactly where you fall short of AUSTRAC's Tranche 2 standards.

Step 2: Program Build

We draft your custom Part A and Part B programs, including risk assessment templates and KYC checklists tailored to your profession.

Step 3: Audit & Review

Once live, we conduct your mandatory Independent Review, providing a comprehensive report for your board and AUSTRAC.

Frequently Asked Questions

Yes. While international clients often present a higher risk, domestic transactions (especially in real estate and trust formation) are frequently used for money laundering in Australia. The law applies based on the service you provide, not the location of the client.

EDD is a more rigorous verification process required for high-risk clients, such as **Politically Exposed Persons (PEPs)**, clients from high-risk countries, or those involved in unusually large or complex transactions. It often involves verifying the client's **Source of Wealth (SOW)** and **Source of Funds (SOF)**.

AUSTRAC expects reporting entities to review their program "regularly." For most Tranche 2 firms, an independent review every 24 to 36 months is considered best practice, or sooner if there is a significant change in your business model.

Conclusion: Don't Wait for the Deadline

The "Tranche 2" reforms are no longer a distant possibility—they are an imminent reality. Implementing a robust AML/CTF framework takes months of planning, staff training, and system integration. Starting early not only ensures compliance but gives you a competitive edge by demonstrating a commitment to integrity and high-quality governance.

At CorpArray, we take the fear out of compliance. We provide professional, easy-to-understand solutions that keep you on the right side of AUSTRAC while you focus on serving your clients. Book your free initial consultation today.

Tranche 2 Audit Request

Ensure your practice is ready for 2026. Our experts are here to help.