Tranche 2 AML reform: What businesses need to do now

Australia’s Anti-Money Laundering (AML) framework is undergoing a major transformation.

Driven by the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act, this has been described as one of the most significant changes since the original legislation.

AML is fast becoming a defining factor in how organisations build trust, manage risk, and stay competitive. Combined with the most significant AML reforms in nearly two decades, businesses across financial services, and now well beyond, need to pay attention.

Key milestones include:

• March 2026: New AML/CTF Rules came into effect, replacing older frameworks.
• July 2026: Expanded obligations begin for newly regulated sectors such as lawyers, accountants, and real estate agents.

These reforms aim to align Australia with global standards set by the Financial Action Task Force (FATF) and strengthen the country’s ability to combat evolving financial crime threats.

AML/CTF Tranche 2: Are you ready for AUSTRAC’s expanded regulatory regime?

The Tranche 2 reforms will extend regulatory obligations beyond traditional financial institutions to a broad range of professional service providers, marking a fundamental shift in the compliance landscape.

From 1 July 2026, entities captured under Tranche 2 will be required to comply with AUSTRAC’s AML/CTF framework for the first time. These reforms are designed to strengthen Australia’s response to financial crime and bring the regime into closer alignment with international standards by targeting key 'gatekeeper' professions.

Who is impacted?

The Tranche 2 reforms are expected to capture a wide range of designated non‑financial businesses and professions, including:

• real estate agents and property developers
• lawyers and conveyancers
• accountants and professional advisers
• trust and company service providers
• dealers in precious metals and stones.

What brings you into scope? The critical role of designated services

Designated services are specific activities defined under the AML/CTF regime that trigger compliance obligations when undertaken, particularly those involving financial transactions, client asset management, or the establishment and administration of legal structures.

Importantly, AML/CTF obligations are activity-based, not entity-based. This means an organisation is regulated only to the extent that it provides one or more designated services.

Key characteristics of designated services:

What are the core obligations?

Once captured, Tranche 2 entities will be required to:

• Enrol with AUSTRAC and maintain accurate business details.
• Implement an AML/CTF Program, including a documented ML/TF risk assessment.
• Conduct customer due diligence (CDD) and assess beneficial ownership.
• Report suspicious matters to AUSTRAC.
• Maintain records for at least seven years.

AUSTRAC has emphasised a risk-based, outcomes-focused approach, requiring organisations to demonstrate not just compliance, but the effectiveness of controls in mitigating financial crime risks.

What this means for your business

For impacted organisations, AML/CTF compliance will become a business‑as‑usual obligation, rather than a one‑off regulatory exercise. This will involve:

• formal governance and accountability for AML/CTF obligations, including Board and senior management oversight
• changes to client onboarding, due diligence and record keeping processes
  
• enhanced focus on risk assessments, documentation and demonstrable compliance
• potential reputational and enforcement risk if obligations are not embedded effectively.

Early preparation will enable a more measured and proportionate implementation and reduce disruption while ensuring frameworks are appropriately tailored to the organisation’s size and risk profile.

Top five challenges for Tranche 2 entities

1. Many entities will need to establish formal compliance structures, policies and controls from the ground up.
2. AML/CTF obligations apply to designated services, not entire professions. Interpreting whether activities fall within scope, particularly for mixed or advisory services, can be complex.
3. Tranche 2 entities must build a risk-based AML/CTF Program from the ground up, including risk assessments, policies, controls and reporting processes aligned to AUSTRAC expectations.
4. Introducing customer identification, verification and beneficial ownership checks may impact client experience, turnaround times and workflows, requiring careful process redesign.
5. AML/CTF compliance is continuous, not one-off. Entities must maintain governance, training, monitoring, reporting and periodic reviews while managing regulatory and reputational risk. 

How risk advisory can help

Preparing for Tranche 2 obligations requires more than policy documentation. Organisations will need practical, scalable, and risk-based compliance frameworks that align with their operations and risk profile.
Risk advisory teams can support organisations through:

• AML readiness assessments
• gap analysis and remediation planning
• development of AML/CTF programs and policies
• risk assessment facilitation
• governance and control framework design
• staff training and awareness programs
• independent reviews and ongoing compliance support.

The expansion of AML/CTF obligations to Tranche 2 entities represents a significant shift in Australia’s regulatory landscape. For impacted organisations, the focus should now move from awareness to preparedness. By taking proactive steps today, organisations can strengthen compliance capability, reduce regulatory risk, and position themselves confidently for the evolving AML environment.

Because in today’s world, understanding financial crime isn’t just compliance, it’s capability.

FOR MORE INFORMATION

If you would like to learn more about the topics discussed in this article, please contact your local RSM office.