AUSTRAC Tranche 2: What Australian lawyers and accountants must do before 1 July 2026

The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 represents the most significant expansion of Australia's AML/CTF regime since the original legislation passed in 2006. Commonly called Tranche 2, the reforms extend full AML/CTF obligations to designated non-financial businesses and professions — a category that includes lawyers, accountants, conveyancers, real estate agents, and trust and company service providers. The compliance deadline for most affected entities is 1 July 2026.

Until now, these professions sat in a regulatory grey zone. AUSTRAC could monitor them, but the hard obligations — customer due diligence, ongoing transaction monitoring, Suspicious Matter Reporting — applied primarily to banks, remittance dealers, and financial services licensees. From July 2026, that changes. Any accountant who assists a client with forming a company, managing a trust, buying or selling real estate, or managing client funds will be a reporting entity with the same core obligations as a bank.

The practical requirements are substantial. Affected entities must enrol with AUSTRAC, develop and maintain an AML/CTF program, appoint a compliance officer, conduct customer due diligence before providing designated services, and report suspicious matters within 24 hours of forming a suspicion. For lawyers and accountants, the obligation to report coexists with professional privilege obligations — a tension that the legislation attempts to resolve through specific carve-outs, but one that will require careful legal advice to navigate in practice.

Software has a real role to play here. The customer due diligence process — verifying identity, identifying beneficial owners, assessing risk — generates documentation that must be stored, retrievable, and available to AUSTRAC on request. Suspicious matter reporting requires a structured internal workflow: the person who identifies the suspicion records it, a senior person reviews it, and the SMR is submitted through AUSTRAC Online within the legislated window. If the workflow lives in email threads and spreadsheets, that's an audit finding waiting to happen.

The deadline is fixed. AUSTRAC has made clear it does not intend to extend it further — previous deferrals came after the original 2008 proposals were shelved for more than fifteen years. Firms that leave compliance program development until June 2026 will find themselves competing for limited consulting bandwidth at the worst possible time. The organisations that will be best placed are those that begin now: mapping their designated services, assessing their customer base for risk, and implementing the systems their compliance program will depend on.