Tranche 2 AML/CTF Rules for Accountants in Australia: What You Must Do Before 1 July 2026
From 1 July 2026, thousands of Australian accounting practices become AUSTRAC reporting entities for the first time. Here's what Tranche 2 actually requires, who it applies to, and the steps to take before the deadline
For twenty years, Australia's anti-money laundering laws applied almost exclusively to banks, casinos and remittance providers. That changes on 1 July 2026. Under the Tranche 2 reforms to the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Act, accountants join lawyers, real estate agents, conveyancers, and dealers in precious metals and stones as regulated "gatekeeper" professions.
The scale of this expansion is significant. It's expected to pull somewhere between 80,000 and 90,000 new businesses into a regime that previously covered around 17,000 entities. If your practice sets up companies, acts as a trustee, manages client funds, or assists with certain property and business transactions, you are very likely in scope — regardless of whether you're a five-partner firm or a sole practitioner.
Many firms still don't fully understand what's being asked of them. Here's a practical breakdown.
Why this is happening
The changes come from the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024, which received assent in December 2024. The goal is to bring Australia in line with international standards set by the Financial Action Task Force (FATF) — standards the UK and much of the EU have already applied to accountants and lawyers for years. Australia has effectively been an outlier, and regulators have flagged the professions being brought in now, known as designated non-financial businesses and professions (DNFBPs), as common entry points for disguising the source of illicit funds.
Who actually gets caught by this
This is the point that trips up most firms: the obligation attaches to the service, not to the job title "accountant." If your practice provides what the Act calls a "designated service," you're in scope — even if AML/CTF compliance was never something you associated with your work.
Designated services relevant to accounting practices generally include:
Managing client funds, accounts, securities or other assets (outside of ordinary professional fees)
Setting up, operating or managing a company, trust or other legal structure on a client's behalf
Acting as a trustee, including corporate trustee appointments for SMSFs
Assisting with the buying, selling or transfer of a business
Giving instructions on a client's behalf in relation to property transactions
Providing a registered office or business address for a client
If your work is limited to preparing tax returns, BAS lodgements and standard compliance advice with no structuring, trustee or fund-management element, you may fall outside scope. But don't assume this without checking — AUSTRAC and several professional bodies have released self-assessment tools specifically because so many practices misjudge their own exposure.
The key dates
31 March 2026 — AUSTRAC enrolment opened for Tranche 2 entities
1 July 2026 — The AML/CTF obligations formally commence for newly regulated businesses
29 July 2026 — Deadline to be enrolled with AUSTRAC if you were already providing a designated service as at 1 July
Enrolment itself is separate from having your compliance program ready. You need both in place, and AUSTRAC has been explicit that it expects firms to be operational by 1 July, not scrambling to catch up afterwards.
What your practice needs to have in place
1. Enrol with AUSTRAC This is done through AUSTRAC Online and is the formal step that registers your practice as a reporting entity. If you're providing designated services from 1 July, you have until 29 July to complete this.
2. Appoint an AML/CTF compliance officer This person must sit at management level. In a small or sole-practitioner firm, this is usually the practice owner or principal. Their role is to oversee the AML/CTF program and act as the point of contact with AUSTRAC.
3. Complete a risk assessment Before you can build a compliance program, you need to understand your practice's actual exposure — the types of clients you act for, the services you provide, the channels you use to deliver them, and any higher-risk jurisdictions or client types involved.
4. Build a written AML/CTF program This is the core deliverable. It should be scaled to the size and complexity of your practice — a two-partner firm doesn't need the same infrastructure as a national network. At minimum it needs to cover customer due diligence procedures, staff roles and training, ongoing monitoring processes, and how suspicious matters get identified and escalated.
5. Carry out customer due diligence (CDD) This means verifying who your clients actually are — and, where relevant, who ultimately owns or controls them — before providing a designated service. AUSTRAC has been clear this isn't about photocopying a driver's licence and filing it away. It's about understanding the nature of the relationship and checking clients against sanctions and politically exposed persons (PEP) lists where the risk warrants it. Lower-risk clients can be handled with simplified diligence; higher-risk clients need enhanced checks and senior sign-off.
6. Set up ongoing monitoring and reporting Once operational, you're required to keep watching client relationships over time, not just at onboarding. This includes filing:
Suspicious matter reports (within 24 hours for suspected terrorism financing, three business days for other matters)
Threshold transaction reports for cash transactions of A$10,000 or more, within 10 days
An annual compliance report to AUSTRAC
7. Keep records for seven years All CDD documentation, risk assessments and reports need to be retained and readily accessible.
Common misunderstandings worth clearing up
"My firm is too small to matter." The obligation is triggered by the service you provide, not your headcount or revenue. Sole practitioners offering trustee or company-setup services are just as captured as large firms.
"I can just outsource it and forget about it." You can outsource administrative tasks, but legal accountability for compliance stays with your practice and, in some cases, with individual directors and officers personally.
"A basic ID check covers me." It doesn't. The regime expects an ongoing, risk-based understanding of the client relationship, not a one-off document collection exercise.
"I'll deal with it once AUSTRAC contacts me." AUSTRAC has signalled it expects firms to be compliant from day one, not reactive after the fact. Given the volume of newly regulated businesses, early preparation is the only realistic path to being ready.
"Existing clients need to be re-verified from scratch." Generally not. Clients you were already acting for before the commencement date are typically treated as pre-commencement clients, so you don't need to repeat identity checks purely because the new rules have started — though ongoing monitoring obligations still apply going forward.
Where to start this week
If you haven't already, the first practical step is working out whether you're in scope at all. AUSTRAC and several professional bodies, including CPA Australia and various law firms, have published self-assessment tools that map your everyday services against the legal definition of "designated service." From there, the sequence is: enrol, assess your risk, build your written program, appoint your compliance officer, and train whichever staff handle client onboarding.
The compliance burden is real, but it's manageable if you start now rather than in June. AUSTRAC has also flagged that further industry-specific guidance for accountants will be released progressively — worth watching if your practice sits in a genuinely borderline category.
This article is general information only and does not constitute legal or compliance advice. Practices should confirm their specific obligations directly with AUSTRAC or a qualified adviser.
Related Australia Services
-
ATO Certified BAS Filing
Professional BAS and IAS filing services
-
Australian Tax Preparation
Expert tax preparation for Australian businesses
-
Australian Accounting Services
Professional accounting support for Australian firms
-
Australian Payroll Management
Payroll processing and compliance for Australian employers
Frequently Asked Questions
What is the difference between accounting and bookkeeping? ▼
What is a balance sheet and why is it important? ▼
Streamline Your Payroll Compliance
CPA firms and accounting practices trust us to handle complex payroll workflows, superannuation compliance, and regulatory reporting. Let us manage the complexity while you focus on client relationships and strategic advisory.
Schedule Your Consultation