Anti money laundering – what law firms need to know and act on

Law firms are on a shrinking deadline to implement Anti-Money Laundering procedures and testing – or risk AUSTRAC action and reputational damage.

With the regulatory landscape shifting rapidly and reporting obligations expanding, legal practices must act now to protect their reputation, clients and operations. This insight piece explores what law firms need to know, where the risks lie and what steps you should take to ensure your firm is ready.

Key steps law firms need to take to comply – and the risks if they don’t

Australia’s Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2024 represents the biggest change in compliance procedures for law firms in decades.

Most rule changes for existing and newly regulated reporting entities (including high-risk professions such as law firms) commence on July 1 2026, and if your business provides virtual asset services the new laws commence from March 31 2026.

What could go wrong for law firms? 

There are two high risk issues for law firms to address.

Firstly, while March or July 2026 might seem distant, it is fast approaching, considering the extensive procedures, staff training and testing that law firms need to get underway.

The key risk in not getting on the front foot for law firms is that AUSTRAC has been newly armed for action, with additional funding and ATO-like powers of compulsion to make companies respond to notices and potentially front a commission for scrutiny.

While there may be a misconception that previously AUSTRAC only pursued the big end of town for cases they were likely to win, AUSTRAC will have a much greater remit and appetite to police this area.

The second big issue for law firms is that entities are now expected to have better information, report promptly and to get it right the first time – or risk serious reputational damage.
Law firms regularly operate trust accounts with large amounts of money coming in and out, and they could knowingly or unknowingly be used for ‘layering‘ or ‘integrating’ illicit funds to legitimise terrorist or criminal funding.

The big risk is law firms will come unstuck with three key AUSTRAC reporting areas for suspicious transactions.

Law firms need to monitor client transactions daily, if not hourly, and do a Suspicious Matter Report (SMR) on transactions of any value if criminal activity, tax evasion or terrorism funding is suspected.

Threshold Transaction Reporting (TTRs) requires reporting to AUSTRAC any transaction of physical currency of $10,000 or more (or other currency equivalent). Law firms may need external assistance to put in the controls to detect this (as it includes smaller transactions they suspect have been structured to avoid the $10,000 threshold).

With International Fund Transfers (IFT) reports, AUSTRAC needs to know every 10 days of any transactions that involve sending or receiving international funds. 

If terrorism suspected, you have 24 hours to report. If tax evasion or criminal activity is suspected, you have to report within three business days. We are talking about practically real-time reporting, not something that is done at year end.”

While established global law firms may have the capacity to put processes in place I am concerned in particular for smaller law firms who come under the regulations from next year but are not well positioned to do this complex work themselves.

It should be top of mind for law firm action but as yet the market is not seeing a big uptick in law firms pro-actively getting specialist input to set best practice systems in place.”
It will be challenging for law firms to strike a balance between the nature of their work with clients and meeting their complex statutory obligations. 

External experts with experience of AML Tranche 1 implementation can add valuable insight and guidance for entities who will fall under tranche 2.

Every industry has its own risks. Law firms will need a program to identify, mitigate and manage their Anti-Money Laundering and Counter-Terrorism Financing (AML CTF) risks.

Law firms must put in place a program that includes customer due diligence, employee training, strong record keeping procedures and independent reviews. This is the policy framework that should be developed and reviewed with independent input - it’s not a set and forget.

Key requirements law firms must understand

Two key requirements are to do customer due diligence and to put in place an AML CTF program that is properly implemented. It is crucial to KYC – know your customer. There must be sufficient due diligence to understand who each of your clients are, and the onus is on you to know who is providing funds into their trust accounts. 

This makes law firms’ onboarding processes vitally important. Law firms don’t want to put off their clients with onerous questionnaires, but they’ll need to communicate to clients why this information is compulsory. 

Specialists can help put best practice in place, and provide guidance to develop, test and monitor processes and systems. They will be focusing on what can be done covertly (to not annoy clients) and overtly without damaging the client relationship. 

You really only have one shot at onboarding new clients in a way to help you be compliant with the new regulations – and you’ll also need to vet your existing clients.

It is positive that Australia is in the top 10 least corrupt countries (Transparency International’s Corruption Perceptions Index) for first time since 2016. But the process will still be complex for medium and small law firms to put in place.

The fear is that newly regulated entities with stretched resources, such as smaller law firms, may develop a generic AML policy that does not sufficiently assess their risks and clientele. It is important to note that AUSTRAC will scrutinise your AML policy to ensure it is tailored to your business.

Our advice to law firms is to get expert assistance to put in place processes now, so you have valuable time to stress test the systems well ahead of the 1 July 2026 implementation.
You need system and person (manual) controls in place, that have been stress tested to see that dummy transactions have been picked up and dealt with as per the new regulations.

While AUSTRAC have said they don’t expect perfection from day one, they will expect actions to be underway, policies to be in place and systems to be reviewed at least annually. Prevention is always better than cure - getting it right the first time will avoid AUSTRAC scrutiny, adverse media attention and potential business reputational harm.

Once your AML / CTF program is in place, it must be independently evaluated at least once every three years.”

RSM Australia’s Professional service sector team are helping law firms around Australia comply with the new regulations and solve other business issues that they don’t have the internal capacity to undertake.

For more information 

For more information, please reach out to the RSM Professional services team by filling out the form below.