Learn more

Tranche 2 AML reforms: What Australia’s tax & accounting sector needs to know

Tranche 2 AML reforms: What Australia’s tax & accounting sector needs to know

The Australian Government is pressing ahead with long-awaited Tranche 2 reforms to expand its anti-money laundering and counter-terrorism financing (AML/CTF) regime.

These changes will bring lawyers, accountants, real estate agents and other gatekeeper professionals under the same obligations currently applied to banks and financial institutions.

With enforcement expected from July 1 2026, tax and accounting professionals will soon be subject to the same level of scrutiny as banks, with obligations around customer due diligence (CDD), transaction monitoring and reporting suspicious activity to .

Here’s what you need to know:

Why tax professionals and accountants are in the spotlight

Accountants and tax advisers are often involved in setting up legal structures, managing client funds, handling large financial transactions and providing strategic advice. These are all services that can be exploited to conceal illicit wealth.

While these are legitimate services, their potential misuse has been a global concern. The Financial Action Task Force (FATF) has consistently criticised Australia for not including the accounting sector in the AML/CTF regime.

Tranche 2 reforms bring accountants, lawyers, real estate agents and other ‘gatekeeper’ professions into line with international standards.

 

Are you covered by Tranche 2?

Under the proposed Tranche 2 reforms, tax and accounting professionals must comply with AML/CTF obligations if they offer designated services such as:

  • managing client money, accounts, securities or assets
  • creating or managing companies, trusts or other legal entities for clients
  • providing a registered office or business address
  • acting as a director, secretary, trustee or similar role for a client
  • offering tax advice or preparing tax filings in connection with complex financial arrangements or cross-border structures.

If you provide any of the above services, it's crucial that you understand and prepare for the new compliance requirements. Even if you’re an ‘item 54 provider’ and do not provide any other designated services, you may still have modified obligations under the AML/CTF regime. An item 54 provider is an Australian Financial Services Licence (AFSL) holder, such as a mortgage broker, who arranges for a person to receive a designated service.

What you need to do

1. Check whether you’re regulated

The first step is determining whether your services meet the criteria for a ‘designated service’ under the AML/CTF Act. It’s about what you do, not who you are.

If you are unsure whether you’ll be regulated, check the AUSTRAC website for guidance.

 

2. Register with AUSTRAC

Register your practice by July 29 2026 before offering any designated services. Enrolments open on March 31 2026. You cannot provide designated services until you are enrolled. If you miss the deadline, you may be subject to penalties.

 

3. Appoint an AML/CTF compliance officer

Accounting businesses providing a designated service must appoint an AML/CTF compliance officer to oversee the operation of the entity’s AML/CTF policies and reporting.

 

4. Conduct an ML/TF risk assessment

Your money laundering and terrorism financing (ML/TF) risk assessment involves identifying the level of exposure your business has to financial crime risks based on:

  • the services you offer
  • the types of clients you deal with, e.g. politically exposed persons (PEPs)
  • the delivery channels you use
  • the countries or jurisdictions you or your clients are linked to

 

5. Implement a risk-based AML/CTF program

Based on your risk assessment, you need to develop and maintain a written AML/CTF program suitable for your business's size, nature and complexity.

Your program must include:

  • Part A: Systems and controls to identify, mitigate and manage ML/TF risks
  • Part B: Procedures for verifying client identity (KYC)

 

6. Implement customer due diligence

Before providing any designated services, you must:

  • collect client data (e.g. identity documents, date of birth, address, etc). This is referred to as ‘know your customer’ (KYC)
  • verify that data through trusted sources
  • assess client risk, including checks against PEPs, sanctions and adverse media lists

You should also conduct ongoing customer due diligence (OCDD) to regularly monitor for changes to your clients’ risk profiles to ensure they are up to date.

 

7. Conduct ongoing monitoring

Monitor client transactions and behaviours. If there are red flags, such as unexpected changes in transaction amounts, frequency, or destinations, you may need to re-evaluate risk levels or escalate via a suspicious matter report (SMR).

 

8. Screen against watchlists

AML/CTF obligations require accountants to screen clients against key watchlists:

  • PEPs: Politically exposed persons who may pose a corruption risk.
  • Sanctions Lists: Individuals or entities restricted under national or international law.
  • Adverse Media: Negative news or reports that may suggest involvement in criminal activity can also be used to help assess risk.

If a client appears on any of these lists, you must assess the risk and may be required to undertake enhanced due diligence (EDD).

 

9. Maintain detailed records

You’ll need to keep records of all CDD steps, transactions and your AML/CTF processes.

 

10. Reporting

Report any suspicious activities and transactions, including those over a certain monetary threshold, to AUSTRAC.

Key considerations for accountants

  • Risk: Not all clients or services carry the same risk. You should tailor your AML/CTF program accordingly.
  • Efficiency: Automate CDD where possible. A clunky process frustrates clients, adds inefficiencies to your business and increases the risk of non-compliance.
  • Technology: Automated tools can help with the core requirements of real-time identity verification and watchlist screening.

 

What you need to know about your compliance program

Customer due diligence

Customer due diligence is a cornerstone of AML/CTF compliance. It involves verifying your client’s identity and assessing the risk they pose before delivering any designated service.

You’ll need to check their information against trusted sources, such as government databases, and screen them for risks using politically exposed person lists, sanctions registers and adverse media reports.

Your CDD process must be documented in Part B of your AML/CTF program.

 

CDD includes three key steps:

  1. Gather personal data – Collect identifying information such as ID documents, address, date of birth, place of birth, and source of funds or wealth.
  2. Verify the data – Check the accuracy of that information against reliable sources.
  3. Assess the risk – Evaluate the client against your business’s risk criteria, including screening for PEPs, sanctions, and adverse media.

 Why PEP screening matters

PEPs are individuals in prominent public or political roles considered higher risk due to their potential exposure to corruption or bribery. If a client is identified as a PEP, you’ll likely need to apply Enhanced Customer Due Diligence (ECDD), which may include gathering more information or applying stricter monitoring controls.

Ongoing customer due diligence (OCDD)

Compliance isn’t a ‘set and forget’ exercise. Ongoing customer due diligence (OCDD) ensures that client risk profiles stay up to date over time.

You’ll need to continuously monitor your clients’ behaviour and transactions to detect anything unusual, such as sudden increases in transaction frequency, new sources of funds or unexpected jurisdictions.

These requirements must be outlined in Part A of your AML/CTF program, which includes your:

  • Enhanced customer cue diligence (ECDD) procedures
  • Transaction monitoring framework
  • Reporting processes for suspicious matters

If something doesn’t add up, you may need to verify client details again or escalate concerns.

Suspicious matter reporting

If you suspect a client is not who they say they are, is linked to criminal activity, or is potentially the victim of a crime (such as identity theft), you must submit a (SMR) to AUSTRAC. This is a legal requirement and must be submitted as soon as possible once suspicion arises.

Watchlists: PEPs, sanctions and adverse media

Watchlist screening is a critical part of risk management. These lists help you assess whether a client is likely to be involved in or at risk of being targeted by financial crime:

  • PEPs: Individuals in high-ranking political or government roles.
  • Sanctions: Individuals or organisations subject to economic sanctions, including asset freezes and restrictions.
  • Adverse Media: News or reporting that signals criminal activity, fraud, or reputational risk, even if the person is not on any official list.

Regular screening helps you stay alert to changes in client risk and meet your obligations under the AML/CTF Act.

 

What's the timeline?

  • Now – Assess whether your services are covered and prepare your processes and documents.
  • March 31, 2026 – Enrolment with AUSTRAC opens
  • July 1, 2026 – AML/CTF obligations become enforceable
  • July 29, 2026 – Deadline to be registered with AUSTRAC and have compliance documents in place.

 

Get ready now

While the new obligations may seem daunting, early action will put you ahead of the curve. The right AML/CTF solution will simplify compliance and protect your business from regulatory risk.

Partner with us to prepare for Tranche 2

Our automated identity verification and compliance solutions help accountants easily meet AML/CTF obligations. Get in touch to find out how we can support your compliance journey.

Talk to our team of experts today to simplify your AML/CTF compliance.