Australia's AML/CTF Reform — 1 July 2026
The AML/CTF Amendment Act 2024 brings 80,000–90,000 new businesses into Australia's anti-money laundering regime from 1 July 2026. Understand what's required — and how NexusShield gets you there.
Time remaining to comply
1 July 2026
Full AML/CTF obligations commence
31 March 2026
AUSTRAC enrolment opens
Background
Australia's Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) regime has historically regulated financial institutions — banks, remittance providers, digital currency exchanges. Tranche 2 changes that fundamentally.
The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024, which received Royal Assent on 10 December 2024, extends mandatory AML/CTF obligations to a new category of "Designated Non-Financial Businesses and Professions" (DNFBPs) for the first time.
This aligns Australia with the Financial Action Task Force (FATF) recommendations and the approach taken by comparable jurisdictions including the UK, EU, New Zealand, and Canada — where professional services have been subject to AML obligations for years.
The reforms are expected to bring approximately 80,000–90,000 additional businesses into the AML/CTF regime, with full obligations commencing 1 July 2026.
AML/CTF Act 2006 — Federal Register of Legislation80–90K
New businesses entering the AML/CTF regime
7yr
Minimum record retention period required
$23K+
Estimated annual manual compliance cost per SME
1 Jul '26
Full obligations commence — all Tranche 2 entities
Affected Sectors
Tranche 2 regulates specific designated services — not entire professions. Whether your business is captured depends on the nature of the services you provide.
Lawyers & Conveyancers
Captured when providing legal services related to property transactions, trust structures, company formation, or managing client funds.
⚠ Litigation-only or pure advisory practices may not be captured.
Accountants & Tax Agents
Captured when providing services that manage client financial affairs, particularly when creating or managing financial flows.
⚠ Tax return preparation alone may not trigger obligations.
Real Estate Agents & Developers
Captured when facilitating the purchase or sale of real property — a high-risk sector for money laundering.
⚠ Property management and leasing are generally not captured.
Trust & Company Service Providers
Captured when providing corporate trustee, registered agent, or company secretarial services.
⚠ High-risk sector — typically in scope for most services provided.
Dealers in Precious Metals & Stones
Captured when buying or selling precious metals, stones, or jewellery at or above defined thresholds.
⚠ Cash transactions above threshold trigger additional obligations.
Not Sure If You're Captured?
Whether your business is in scope depends on the specific designated services you provide — not your profession as a whole.
Use AUSTRAC's checker Or speak to a specialist →What You Must Do
Eight obligations apply from 1 July 2026. Each carries its own civil and criminal penalty regime for non-compliance.
All Tranche 2 entities must enrol with AUSTRAC from 31 March 2026 and complete enrolment by 29 July 2026. Failing to enrol is a strict liability offence.
A documented, risk-based program must identify and assess money laundering and terrorism financing risks specific to your business and set out controls to manage them.
A dedicated AML/CTF Compliance Officer must be appointed and their details provided to AUSTRAC by 29 July 2026. This person is responsible for managing the program.
Verify customer identity before providing designated services. Enhanced due diligence applies for higher-risk customers including PEPs, foreign nationals, and complex structures.
All relevant staff must receive AML/CTF training covering obligations, red flags, and reporting requirements. Training records must be maintained and staff re-trained periodically.
Ongoing monitoring must detect unusual or suspicious activity. Monitoring must be risk-based and proportionate to the nature of your customer relationships.
File Suspicious Matter Reports (SMR) for suspected ML/TF activity, Threshold Transaction Reports (TTR) for cash transactions ≥ $10,000, and International Funds Transfer Instructions (IFTI) where relevant.
All customer identification records, transaction records, and AML/CTF program documentation must be securely retained for a minimum of seven years.
Key dates
10 December 2024
Royal Assent
AML/CTF Amendment Act 2024 becomes law
29 August 2025
AML/CTF Rules 2025 tabled
AUSTRAC tables the new compliance rules in Parliament
31 March 2026
AUSTRAC enrolment opens
New Tranche 2 entities can begin enrolling with AUSTRAC
1 July 2026
Full obligations commence
AML/CTF program, KYC, training, monitoring and reporting all required
29 July 2026
Enrolment deadline
Final date to enrol with AUSTRAC and notify Compliance Officer details
Non-Compliance Risk
AUSTRAC has broad enforcement powers and a track record of significant action against non-compliant entities.
Civil Penalties
Significant civil penalties apply for failing to enrol, maintain an AML/CTF program, conduct customer due diligence, or file required reports. Penalties can reach millions of dollars for serious or systematic contraventions.
Criminal Penalties
Deliberate or reckless failures — such as knowingly assisting with money laundering or failing to report suspicious matters — carry criminal penalties including imprisonment for responsible individuals.
Reputational & Professional Risk
AUSTRAC enforcement actions are public. For lawyers, accountants, and real estate professionals, regulatory action can trigger professional body investigations, licence suspensions, and lasting reputational damage.
The NexusShield Platform
NexusShield is the only Australian compliance platform that addresses all five obligation pillars in a single integrated system — eliminating the need for multiple vendors, spreadsheets, or manual processes.
KYC Identity Verification
Real-time document checks, biometric verification, PEPs and sanctions screening.
Obligation 4 — Customer Due Diligence
KYB Entity Verification
Company due diligence, UBO identification, trust and structure verification.
Obligation 4 — Customer Due Diligence
Transaction Monitoring
Automated risk scoring, threshold alerts, and suspicious pattern detection.
Obligation 6 — Ongoing Monitoring
AUSTRAC-Aligned LMS & CPD
Training modules built for Tranche 2, automatic CPD certificate issuance, team dashboard.
Obligation 5 — Staff Training
AUSTRAC Reporting
Automated SMR, TTR and IFTI preparation and lodgement with immutable audit trails.
Obligation 7 — AUSTRAC Reports
| Obligation | NexusShield | Point-solution tools | Manual / consultant |
|---|---|---|---|
| KYC identity verification | ✓ | ◑ | — |
| KYB entity & UBO verification | ✓ | ◑ | — |
| AML/CTF program management | ✓ | — | ◑ |
| Staff training & CPD certification | ✓ | — | — |
| Transaction monitoring & risk scoring | ✓ | ◑ | — |
| AUSTRAC SMR / TTR lodgement | ✓ | — | ◑ |
| 7-year immutable audit trail | ✓ | — | — |
| Single platform, no integrations | ✓ | — | — |
✓ Fully covered ◑ Partially covered — Not available
Frequently Asked Questions
Authoritative answers to the most common compliance questions about Australia's Tranche 2 reforms.
Tranche 2 refers to the expansion of Australia's AML/CTF regime to Designated Non-Financial Businesses and Professions (DNFBPs) under the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024, which received Royal Assent on 10 December 2024. It extends compliance obligations previously limited to banks and financial institutions to lawyers, conveyancers, accountants, real estate agents, trust and company service providers, and dealers in precious metals and stones. Full obligations commence 1 July 2026.
There are three key dates. 31 March 2026: AUSTRAC enrolment opens for all new Tranche 2 reporting entities. 1 July 2026: Full AML/CTF obligations commence — your program, KYC procedures, staff training, and transaction monitoring must all be operational. 29 July 2026: Final deadline to complete AUSTRAC enrolment and formally notify AUSTRAC of your appointed Compliance Officer.
Civil penalties apply for failing to enrol with AUSTRAC, failing to maintain an AML/CTF program, failing to conduct customer due diligence, and failing to file required reports. These can reach tens of millions of dollars for systemic failures. Criminal penalties including imprisonment apply for deliberate non-compliance or knowingly facilitating money laundering. Professional practitioners also face risks from their professional bodies — such as licence suspension or deregistration.
Yes. Every Tranche 2 entity must appoint a designated AML/CTF Compliance Officer. This person is responsible for overseeing the AML/CTF program, managing compliance obligations, and acting as the primary contact with AUSTRAC. You must notify AUSTRAC of your Compliance Officer's details by 29 July 2026. The role can be held by an existing employee, a director, or a principal — but the responsibility cannot be fully outsourced.
Under the AML/CTF Act, all compliance records must be retained for a minimum of 7 years. This includes customer identity verification documents, transaction records, AML/CTF program documentation, training records, and filed reports. Records must be stored securely and be retrievable for AUSTRAC on request. NexusShield maintains an immutable, encrypted audit trail that automatically satisfies this obligation.
Partially. Certain functions — such as KYC verification, training delivery, and report preparation — can be performed using third-party services and technology platforms like NexusShield. However, ultimate legal responsibility for AML/CTF compliance cannot be outsourced. Your business remains the reporting entity accountable to AUSTRAC. Your Compliance Officer must still oversee the program, and your AML/CTF program must remain a document your business owns and maintains.
NexusShield is the only Australian platform combining all five compliance pillars: KYC identity verification (real-time document and biometric checks with PEPs/sanctions screening), KYB entity verification (corporate and trust due diligence with UBO identification), AUSTRAC-aligned LMS training (with automatic CPD certificate issuance and a team compliance dashboard), risk assessment engine (automated client risk scoring aligned to AUSTRAC requirements), and AUSTRAC reporting (automated SMR, TTR, and IFTI preparation with immutable 7-year audit trails). One platform. Zero integration headaches.
Speak to a NexusShield compliance specialist. No obligation — just a focused conversation about your business's obligations and how NexusShield can cover them before 1 July 2026.