Australia’s AML/CTF regime has evolved with the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Amendment Bill 2024, passed in December 2024. The legislation amends the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 to align Australia’s AML/CTF framework with the global standards of the Financial Action Task Force (FATF), strengthening its ability to prevent, detect, and disrupt money laundering and terrorism financing (ML/TF).

This AML/CTF Amendment Bill expands oversight beyond the financial sector, gambling industry, and bullion dealers, to include “tranche 2 entities”, which provide high-risk services (known as designated services) and are classified as reporting entities.

To support tranche 2 entities in navigating the new AML/CTF requirements, this guide offers a key overview of the AML/CTF Amendment Bill 2024, outlines core compliance requirements and provides practical steps to meet regulatory expectations effectively.

Who Are Tranche 2 Entities?

To align with Financial Action Task Force (FATF) recommendations for regulating Designated Non-Financial Businesses and Professions (DNFBPs), the amended Anti-Money Laundering and Counter-Terrorism Financing Act 2006 expand Australia’s anti-money laundering and counter-terrorism financing laws to “tranche 2 entities.” These are businesses and professions providing designated services with a geographical link to Australia, including:

Real estate professionals – such as real estate agents, buyers’ agents and property developers
Dealers in precious metals, products, and stones
Lawyers
Conveyancers
Accountants
Trust and company service providers

Full compliance for tranche 2 entities providing designated services is mandatory from 1 July 2026. Failure to comply may result in significant penalties and reputational damage, underscoring the urgency of proactive preparation. Refer to the sections below on Core AML/CTF Compliance Requirements and Preparation Guide to ensure readiness.

(Refer to Part 1A, Section 6 of Future Law Compilation of the AML/CTF Act 2026 and AUSTRAC’s Summary of AML/CTF obligations for tranche 2 entities)

Core AML/CTF Compliance Requirements for Tranche 2 Entities

1. Enrolment with AUSTRAC

All reporting entities, including tranche 2 entities under the AML/CTF Amendment Bill, must enrol with the Australian Transaction Reports and Analysis Centre (AUSTRAC) within 28 days of providing a designated service to avoid penalties. Enrolment requires submitting basic business details, including its structure, services, key personnel, and contact information.

Enrolment Deadlines:
i. Newly Regulated Virtual Asset Services:
Enrol by 28 April 2026 (laws commence 31 March 2026)

ii. Newly regulated designated services:
Enrol by 29 July 2026 (laws commence 1 July 2026)

(Refer to AUSTRAC’s Summary of AML/CTF obligations for tranche 2 entities)

2. Development of AML/CTF Programs

Tranche 2 entities are required to develop and maintain an AML/CTF program comprising the ML/TF risk assessment and AML/CTF policies. An AML/CTF program protects your business from criminal exploitation through money laundering (ML), terrorism financing (TF), and proliferation financing (PF), based on the entity’s nature, size, and complexity.

Your AML/CTF program must contain:

i. ML/TF risk assessment

The ML/TF risk assessment is an assessment of the risks of money laundering, financing of terrorism and proliferation financing that the reporting entity may reasonably face in providing its designated services.

The risk factors that should be considered under the ML/TF risk assessment include:

Designated services and related emerging technologies
Customers
Delivery channels
Countries of provision of the designated service
AUSTRAC guidance on risks
AML/CTF Rules specifications

The ML/TF risk assessment should be reviewed at least once every 3 years, or upon significant changes to risk factors, AUSTRAC directives, or AML/CTF Rules. The updates of the ML/TF risk assessment should be completed before the significant change occurs or as soon as practicable after the review.

(Refer to Part 1A, Division 2, Section 26C to 26E of Future Law Compilation of the AML/CTF Act 2026)

ii. AML/CTF policies

AML/CTF policies encompass the developed and updated procedures, systems, and controls of the reporting entity. They serve as the foundation of the company’s compliance framework, effectively managing and mitigating risks related to money laundering (ML), terrorism financing (TF), and proliferation financing (PF), while ensuring adherence to the AML/CTF Act, its regulations, and the AML/CTF Rules.

The AML/CTF policies include the following items:

Identifying and adapting to significant risk factor changes
Conducting customer due diligence
Maintaining an updated program via regular reviews
Appointing an AML/CTF compliance officer
Ensuring senior management oversight
Performing staff due diligence
Providing staff training
Arranging independent program evaluations at least every three years
Facilitating group information sharing
Other matters specified in the AML/CTF Rules

The AML/CTF program must be documented, approved by a senior manager, and updated to reflect significant business changes or AUSTRAC’s release on ML/TF/PF risk products. Updates to the ML/TF risk assessment require written notification to the governing body.

(Refer to Part 1A, Division 3, Section 26F to 26G of Future Law Compilation of the AML/CTF Act 2026)

3. Appointment of AML/CTF Compliance Officer

Tranche 2 entities must appoint a “fit and proper” individual as the AML/CTF compliance officer, to oversee day-to-day implementation of the AML/CTF program, ensure compliance and report breaches.

(Refer to Part 1A, Division 5, Section 26J-26M of Future Law Compilation of the AML/CTF Act 2026)

4. Customer Due Diligence (CDD)

Tranche 2 entities are required to conduct risk-based customer due diligence (CDD) at the start of a business relationship and continuously thereafter. This process involves confirming client identities, understanding the nature of the business relationship, and identifying the beneficial owners of legal entities. CDD helps Tranche 2 entities understand their customers and the ML/TF/PF risks they may bring to the business.

In Schedule 2 of the AML/CTF Bill 2024, taking effect on 31 March 2026, the criteria for customer due diligence (CDD) have been updated. Firstly, CDD is divided into two categories based on the timing of relevant checks:

i. Initial CDD

When starting a customer relationship, it is essential to identify the ML/TF/PF risks associated with the customer based on the information that is reasonably accessible. This involves assessing the customer’s position in your organisation or group-wide risk assessment, considering factors such as

Service nature
Customer type
Delivery method
Countries involved

Additionally, the initial CDD process includes conducting screenings to determine if the customer is under targeted financial sanctions or is a politically exposed person (PEP).

ii. Ongoing CDD

It is essential to continuously monitor and manage risks associated with ML/TF/PF throughout the customer relationship. This involves implementing ongoing CDD measures that are tailored to the specific risk profile of each customer.

Secondly, the new regulations provide clarity on the level of due diligence required for each customer during both initial and ongoing CDD:

Simplified CDD:
Simplified CDD can be utilised in certain situations, particularly when the customer presents a low risk of ML/TF/PF, and no conditions for enhanced CDD are met. This approach alleviates the compliance requirements for customers deemed low risk.
Enhanced CDD:
Enhanced CDD is mandatory when a customer poses a high risk of ML/TF/PF, as well as in specific scenarios where there are inherent risks linked to the business relationship. This includes cases where the customer is a foreign PEP or when there is an obligation to report suspicious activities related to their behaviour.
Pre-commencement customers:
Before beginning a business relationship with a customer, it is crucial to regularly monitor them for any significant changes that could increase their risk level to medium or high. In the event of such changes, it is important to conduct both initial and ongoing CDD for the customer to ensure compliance with AML/CTF regulations.

(Refer to Part 2—Customer due diligence of Future Law Compilation of the AML/CTF Act 2026)

5. Reporting Obligations

Tranche 2 entities are obligated to report certain transactions and any suspicious activities to AUSTRAC, including:

Suspicious Matter Reports (SMR):
Report any suspicious matter linked to criminal activity or proceeds of crime within 24 hours for financing of terrorism (TF) or 3 business days for money laundering (ML) or proliferation financing (PF).
Threshold Transactions (TTR):
Report physical currency transactions of AUD 10,000 or more within 10 business days.
Annual Compliance Report:
Submit an annual report detailing AML/CTF program compliance for the previous calendar year by March 31.
Cross border movement reports:
Report physical movements of currency or bearer negotiable instruments (e.g., cheques or money orders payable to bearer) valued at AUD 10,000 or more into or out of Australia within five business days.

(Refer to Part 3 —Reporting obligations, and Part 4—Reports about cross-border movements of monetary instruments of Future Law Compilation of the AML/CTF Act 2026)

6. Record Keeping

Tranche two entities must retain detailed records of their CDD processes, transactions, and any reports submitted to AUSTRAC. These records should be maintained for at least seven years.

Records need to be maintained including:

Transaction Records and Documents
Customer Due Diligence
AML/CTF Program
Staff Training Sessions
Audit Results

(Refer to Part 10—Record-keeping requirement and Part 13—Audit of Future Law Compilation of the AML/CTF Act 2026 and AUSTRAC’s Summary of AML/CTF obligations for tranche 2 entities)

7. Staff Training

Tranche 2 entities must implement regular staff training programs to ensure employees are well-versed in their AML/CTF responsibilities, including:

Obligations under the AML/CTF Act and Rules;
Consequences of non-compliance (e.g., penalties, reputational harm);
ML/TF risks specific to the entity and their potential impacts;
Relevant processes and procedures

(Refer to Part 1A, Division 3, Section 26F of Future Law Compilation of the AML/CTF Act 2026 and Part 9.2 of Federal Register of Legislation’s AML/CTF Rules)

8. Independent Review

Tranche 2 entities must ensure their AML/CTF program undergoes regular independent review to maintain compliance with the AML/CTF Act.

Below are the key requirements:

Regular Review:
The AML/CTF program must be subject to periodic independent review, ensuring its ongoing suitability and effectiveness.
Frequency:
Review frequency depends on the entity’s size, complexity, and ML/TF risk profile, requiring a tailored approach to scheduling.
Reviewer Independence:
The review may be conducted internally or externally, but the reviewer must be independent, with no prior involvement in designing, implementing, or maintaining the AML/CTF program or related risk assessments. Entities must demonstrate this independence to AUSTRAC.
Purpose of Review:
The review assesses the program’s effectiveness against ML/TF risks, compliance with AML/CTF Rules, proper implementation, and the entity’s adherence to its own program.
Reporting Results:
Review findings, including any reports, must be submitted to senior management and, if applicable, the governing board for oversight and action.

This independent review process ensures that tranche 2 entities maintain a robust, compliant AML/CTF framework, mitigating risks and meeting regulatory standards.

(Refer to Part 1A, Division 3, Section 26D to 26F of Future Law Compilation of the AML/CTF Act 2026 and Part 8.6 Federal Register of Legislation’s AML/CTF Rules)

Guide for Tranche 2 Entities to Prepare for the AML/CTF Compliance Now

With the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 establishing a compliance deadline of July 1, 2026, tranche 2 entities must take proactive steps now to meet their AML/CTF compliance obligations. Early preparation ensures alignment with AUSTRAC’s requirements and a smooth transition by the mandated deadlines. The following structured guide outlines key actions to initiate your compliance efforts effectively:

Confirm Your Status as a Reporting Entity:
Verify whether your business provides designated services as defined in section 6 of the Future Law Compilation of the AML/CTF Act 2026.
Conduct an Initial Risk Assessment:
Assess your exposure to money laundering (ML), terrorism financing (TF), and proliferation financing (PF) risks. Examine your client base, service offerings, and operational processes to identify potential vulnerabilities, laying the groundwork for your AML/CTF program.
Identify a Prospective AML/CTF Compliance Officer:
Designate a “fit and proper” individual to oversee your AML/CTF program. Selecting this person early—whether a senior manager or yourself, for sole proprietors—provides ample time to prepare for their responsibilities.
Engage Reliable AML/CTF Solutions:
Source trusted AML/CTF solutions from reputable providers, such as SentroWeb AML/CTF system, and incorporate them into your compliance framework. This ensures seamless integration into processes such as screening, customer due diligence, risk management, and record keeping. Early adoption allows staff to be thoroughly trained on these tools, fostering proficiency and confidence in their use well, thereby enhancing overall compliance efficiency.
Monitor Regulatory Updates: Regularly review AUSTRAC’s resources on the latest development of the regulatory updates, to help you understand the effect and become familiar with the amended legislation. Also, stay informed on the final authorised version of the AML/CTF Act on the Federal Register of Legislation and the latest version of Anti-Money Laundering and Counter-Terrorism Financing Rules by AUSTRAC. This vigilance ensures your preparations remain aligned with the latest regulatory framework and expectations.

By undertaking these steps, tranche 2 entities can establish a robust compliance framework well ahead of the mandatory deadlines.

AML/CTF Compliance Solutions for Tranche 2 Entities

Navigating the AML/CTF compliance landscape can be complex for tranche 2 entities. Reporting entities are encouraged to leverage specialised tools and solutions to fulfil their obligations effectively and efficiently.

SentroWeb, a trusted provider of AML/CTF solutions, offers a comprehensive suite of tools tailored for tranche 2 entities to streamline adherence to the latest AML/CTF regulatory requirements.

By integrating SentroWeb’s features into your operations, tranche 2 entities can confidently meet AUSTRAC’s requirements, while optimising efficiency and ensuring preparedness for the latest AML/CTF legislation.

By leveraging SentroWeb, you can:

Customer Identification and Verification:
Screen customers’ names and photos against reliable databases to ensure accurate identification and verification.
Seamless Customer Due Diligence:
Simplify the due diligence process with step-by-step workflows for effortless compliance.
Ongoing Customer Monitoring:
Monitor your customers effortlessly, ensuring you stay alert to any changes of your customer risk profiles over time.
Risk Assessment and Analytics Dashboard:
Gain detailed insights for effective risk monitoring, allowing for informed decision-making and proactive risk management.
Documentation and Record Keeping:
Maintain thorough documentation and record-keeping to facilitate audits and reviews.
Staff Training:
Equip your team with the necessary knowledge and skills on the system for compliance success with our regular free training.

Ready to simplify your compliance journey? Click here to learn more about how SentroWeb can assist you with AML/CTF compliance.

Conclusion

In today’s fast-evolving digital landscape, money laundering tactics are becoming more sophisticated, driving stricter AML/CTF regulations globally and in Australia. The AML/CTF Amendment Bill marks a pivotal step toward safeguarding the integrity of Australia’s financial and business environment. Reporting entities, including newly regulated tranche 2 entities, should not only review the latest updates of the AML/CTF Act thoroughly to understand operational impacts and achieve full compliance by 1 July 2026, but also need to stay vigilant and continuously monitor regulatory development and emerging AML/CTF risks protecting against financial crime and maintain compliance.

Disclaimer
The article is based on the AUSTRAC’s Summary of changes for current reporting entities and the Future Law Compilation of the AML/CTF Act, which aims to assist reporting entities and industry associations understand the effect and become familiar with the amended legislation. It is not an authorised version, and further changes may be proposed and made to the law before the expected amendments commence. Reporting entities must stay informed of updates.

References and Useful Links

Recent Posts:

Tagged Accounting, AML101, Australia, Company Secretary, Legal

Navigating AML/CTF Compliance in Australia: A Guide for Tranche 2 Entities Under the Amendment to the AML/CTF Act Effective 2026