Australia's tranche 2 reforms put lawyers, accountants and real estate agents under AML/CTF rules from 1 July 2026. See what changes and how to prepare.
Table of contents
On 1 July 2026 Australia's tranche 2 reforms bring lawyers, accountants, conveyancers, real estate agents and dealers in precious metals and stones under the AML/CTF regime for the first time. Around 80,000 new businesses must enrol with AUSTRAC, run customer due diligence and report suspicious activity.
- The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 extends AUSTRAC oversight to "gatekeeper" professions from 1 July 2026.
- AUSTRAC opened enrolment on 31 March 2026; newly regulated firms must enrol by 29 July 2026.
- Around 80,000 new businesses join the regime, one of its largest expansions since it began in 2006.
- Core duties include enrolment, an AML/CTF programme, customer due diligence, sanctions and PEP screening, suspicious matter reports and seven-year record-keeping.
- Civil penalties reach up to A$31.3 million per contravention for a corporation.
What changes under the tranche 2 reforms?
The tranche 2 reforms close a gap Australia left open for two decades. From 1 July 2026, "designated services" provided by lawyers, accountants, conveyancers, real estate agents, trust and company service providers, and dealers in precious metals and stones become regulated activities. Provide one with a link to Australia, in the course of business, and you become an AUSTRAC reporting entity.
The legal basis is the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024, Act No. 110 of 2024, which received assent on 10 December 2024 and amends the AML/CTF Act 2006. Schedule 3 of the Act is titled, in its own words, "Regulating additional high risk services". A separate schedule modernises the treatment of digital currency and virtual asset services.
| Newly regulated sector | Example designated service | Common trigger |
|---|---|---|
| Real estate professionals | Brokering a property sale or purchase | Acting for buyer or seller |
| Legal practitioners | Holding client funds, forming companies | Managing money or assets |
| Accountants | Forming or managing companies and trusts | Acting on client instructions |
| Trust and company service providers | Acting as nominee director or trustee | Providing the arrangement |
| Dealers in precious metals and stones | Buying or selling bullion or gemstones | A$10,000 or more in value |
These are the professions the Financial Action Task Force calls designated non-financial businesses and professions. AUSTRAC estimates roughly 80,000 new entities fall in scope, one of the largest single expansions of the regime since it began in 2006. AUSTRAC chief executive Brendan Thomas framed the intent plainly: "For too long, criminals have been able to take advantage of so-called 'gatekeeper professions'."
How does the new regime work, and what is the timeline?
The tranche 2 reforms run on a fixed sequence of dates, and the window to act is closing. Enrolment opened on 31 March 2026. Full obligations switch on for newly regulated firms on 1 July 2026. Any business providing a designated service from that date must complete AUSTRAC enrolment by 29 July 2026, with no general extension beyond it.
| Milestone | Date | What it means |
|---|---|---|
| Act receives assent | 10 December 2024 | Reforms become law |
| AUSTRAC enrolment opens | 31 March 2026 | Newly regulated firms can register |
| Obligations commence | 1 July 2026 | Full AML/CTF duties apply |
| Enrolment deadline | 29 July 2026 | Last date to enrol for 1 July services |
The substantive duties mirror what banks and money services businesses already carry. A firm must enrol, build an AML/CTF programme, complete a money laundering and terrorism financing risk assessment, run customer due diligence before providing a service, screen against sanctions and politically exposed person lists, and keep records for seven years. Threshold transaction reports cover cash of A$10,000 or more and are due within ten business days. Suspicious matter reports have no monetary threshold and are due within three business days, or 24 hours where terrorism financing is suspected.
What does this mean for your AML obligations?
The tranche 2 reforms convert professional courtesy checks into evidenced compliance duties. Customer due diligence is the largest shift: a real estate agent or accountant must now identify and verify the customer, understand the nature of the business relationship, and apply enhanced due diligence where risk is higher, before the designated service is provided. "Know your client" as a relationship norm becomes a documented, auditable control.
Reporting is the second change. Firms must file suspicious matter reports when they form a suspicion, with no minimum value and a tight clock, and threshold transaction reports for large cash dealings. Sanctions and PEP screening becomes a standing obligation, not a one-off. Record-keeping rules require customer and transaction records to be retained for seven years and produced to AUSTRAC on request. Tipping off a customer that a report has been made is itself an offence.
For groups that span regulated and newly regulated work, the obligation also reshapes governance. A law firm or accounting practice must appoint an AML/CTF compliance officer, train staff, and have the programme independently evaluated. None of this is generic advice; each duty flows from the AML/CTF Act 2006 as amended, and each is enforceable by civil penalty.
What is still uncertain about the tranche 2 reforms?
The hardest questions sit at the edges of "designated service". Legal and accounting work blends regulated and unregulated tasks inside a single engagement, and firms must decide, often in real time, when an instruction crosses into a designated service that triggers due diligence. Legal professional privilege complicates suspicious matter reporting for lawyers, and the boundary between a reportable suspicion and privileged communication is not fully settled in practice.
Readiness is the second risk. AUSTRAC and industry bodies have warned that many small practices remain underprepared, and an estimated 80,000 entities cannot all be supported or examined at once. AUSTRAC has signalled an education-first posture: chief executive Brendan Thomas said the regulator has "never penalised a small business for administrative mistakes". Even so, the civil penalty exposure, up to A$31.3 million per contravention for a corporation, does not disappear, and the regulator retains discretion to act on serious failures from day one.
Cost and capacity are the quiet risks. Identity verification, screening tools and record-keeping systems carry real expense for a sole conveyancer or a two-partner firm, and a rush to enrol before 29 July 2026 could strain both vendors and AUSTRAC's own systems. How proportionately the regime treats genuinely low-risk small businesses will shape whether the reforms deliver intelligence or just paperwork.
How does Australia compare with other FATF members?
Australia is closing a gap that made it a global outlier. For years it sat among a small group of Financial Action Task Force members that had not extended AML rules to gatekeeper professions, a gap repeatedly flagged in international reviews ahead of Australia's next mutual evaluation. The reforms align the country with Financial Action Task Force Recommendations 22 and 23, which set customer due diligence and reporting duties for these businesses.
| Jurisdiction | Gatekeeper professions covered | Basis |
|---|---|---|
| Australia | From 1 July 2026 | AML/CTF Amendment Act 2024 |
| European Union | Long established, tightening under the AML package | AMLD framework and AML Regulation |
| United Kingdom | Long established | Money Laundering Regulations 2017 |
The benchmark matters because it sets the bar AUSTRAC will be measured against. Where the European Union is consolidating supervision under a single authority and the United Kingdom already supervises legal and accountancy sectors, Australia is standing up an equivalent regime in one step. That makes the 1 July 2026 commencement less a local rule change than a catch-up to a long-standing international standard, and it lands the same week as the MiCA transitional cliff in the European Union.
How should compliance teams respond?
Start by deciding scope: map which of your services are designated services, since the obligation attaches to the activity, not the job title. Enrol with AUSTRAC before 29 July 2026, complete a money laundering and terrorism financing risk assessment, and stand up an AML/CTF programme with a named compliance officer, staff training, and independent evaluation. Then operationalise customer due diligence, sanctions and PEP screening, suspicious matter reporting and seven-year record-keeping so the controls run on every relevant engagement, not just the obvious ones.
The recurring cost of the tranche 2 reforms is identity verification done well across tens of thousands of customers without becoming a new data liability. Zyphe verifies a customer once against ICAO 9303 and eIDAS standards with an NFC chip read and two-step liveness, then issues a reusable credential the customer re-presents elsewhere, with no image upload and no central honeypot. Personal data is sharded across a decentralised network so no single node holds a complete record, data residency is enforced per region, and the audit trail is exportable for an AUSTRAC examiner. Newly regulated firms can integrate in about 15 minutes through one API; how it works walks through the flow. To see how this maps to your obligations, book a demo.
The bottom line
The tranche 2 reforms are the largest single expansion of Australia's AML/CTF perimeter since the regime began, and they land on 1 July 2026 with a hard enrolment deadline weeks later. For tens of thousands of firms that never carried these duties, the practical test is the same one banks already face: verify customers reliably, screen and report on time, and keep an evidenced audit trail, without turning that data into a fresh breach risk. Teams that treat identity verification as reusable infrastructure rather than a per-deal scramble will absorb the change far more cheaply than those that wait.
Cited sources
Michelangelo Frigo (Co-Founder at Zyphe) Michelangelo Frigo is a privacy and identity infrastructure expert and co-founder of Zyphe.