Key AML/CFT Obligations for Tranche 2 Entities

This infographic explains all the key obligations that will be applicable to Tranche 2 entities, i.e., entities that will be brought under AUSTRAC’s regulatory framework concerning AML/CTF Obligations from 1st July 2026.

These entities include: 

• Real Estate Professionals 
• Dealers in Precious Stones, Metals and Products 
• Lawyers 
• Conveyancers 
• Accountants 
• Trust and Company Service Providers 

However, if there exists any doubt as to whether these obligations are applicable to a particular entity or not, AUSTRAC has built an online tool as well as a ‘New Industries and Services to Be Regulated’ page that will break things down sector by sector so that these entities can effectively implement AML/CFT measures in their regulatory framework. 

Now, let us understand what the compliance journey of these entities would look like. 

Enrol and Register with AUSTRAC 

Business entities providing covered services must register with AUSTRAC. Entities providing for virtual asset services (VASP), including those which are newly regulated, need to register with AUSTRAC before operating. 

Enrolment 

The Tranche 2 entities are required to enrol within 28 days of offering a regulated service. This includes providing AUSTRAC with key business details such as structure, contact details, services and key personnel. 

Since the new law comes into effect on 31 March 2026, if any entity is offering virtual asset services, it must enrol with AUSTRAC by 28 April 2026. Businesses providing newly regulated services must enrol with AUSTRAC by 29 July 2026 because, for Tranche 2 entities, the new law commences on 1 July 2026. Any business starting after the law comes into force will have to enrol with AUSTRAC within 28 days.

Registration 

The Tranche 2 Entities are required to register with AUSTRAC before 31 July 2026. Additionally, the virtual asset service providers cannot offer any of their services unless AUSTRAC approves their registration. 

Failing to enrol or register on time can lead to criminal penalties, so it should be treated as a priority. These entities should think of it as their official entry into the regulated environment. 

Creating and maintaining an AML/CTF Program 

Each Tranche 2 entity must create an AML/CFT program that matches the size and nature of its operation. This program helps identify and assess risk related to money laundering, terrorism financing, or the misuse of financial services. 

The program must include: 

• An internal risk assessment 
• Policies and Procedures to manage those risks 
• Clear systems for oversight and staff responsibilities 
• A review of the program every three years 

A senior manager of the business must approve the program. If the business is run by a sole proprietor, that person can take on these responsibilities as well. 

Businesses and entities that operate within a group structure may be allowed to share some responsibilities through a reporting group arrangement, depending on the final rules provided by AUSTRAC. 

Customer Due Diligence 

All regulated entities must carry out the necessary customer due diligence before offering any services. Let’s try to understand the different kinds of customer due diligence.  

Initial Customer Due Diligence 

Conducting an Initial Customer Due Diligence includes collecting information about a customer before offering them any kind of services. It helps in identifying and checking whether they are: 

• Who they say they are 
• Listed under financial sanctions 
• A politically exposed person (PEP) 
• Closely connected to someone who’s a PEP 

Ongoing Customer Due Diligence 

After conducting an initial check, businesses must continue to monitor customers as part of Ongoing Customer Due Diligence. This includes watching for unusual transactions, reviewing and updating customer information, and assessing their level of risk.  

For existing customers who were onboarded before the business became regulated, no new checks are required unless: 

• There is a suspicious matter  
• The nature of the relationship changes, and the customer’s risk level increases 

Reporting Requirements 

Businesses will need to report certain types of activities to AUSTRAC, including: 

• Suspicious Matter Reports (SMRs): If something about a customer or transaction seems suspicious. 
• Threshold Transaction Report (TTRs): For cash transactions of AUD 10,000 or more. 
• International Value Transfer Service (IVTS) Reports: For sending money across borders. 
• Cross Border Currency Reports: When someone physically moves AUD 10,000 or more into or out of Australia. 
• Annual Compliance Reports: A yearly summary of how the businesses met their AML/CFT Obligations. 

These reports help to protect Australia’s financial system and assist law enforcement in tracking any kind of criminal activity. 

Keeping Records 

Businesses must keep records of their compliance efforts for at least 7 years. These include: 

• AML/CFT Program 

• Customer Due Diligence Checks 

• Transactions 

• Audits 

• Staff Training Records 

Legal Professional Privilege 

The AML/CFT Reforms respect the principle of legal professional privilege. This means that lawyers and others who hold privileged client information are not required to share documents that are legally protected. Instead, they can submit a special form (to be released by AUSTRAC) asserting privilege.  

The process for handling privilege claims will be explained in ministerial guidelines released before reforms take effect on 1st July 2026. 

Conclusion 

The 2026 reforms will bring thousands of new businesses into Australia’s AML/CFT system. For many, this will be their first experience with formal compliance obligations. The expectations are clear, but support will also be available. By preparing early, Tranche 2 entities will be able to avoid last-minute pressure and confidently meet their legal responsibilities.