AML/CTF Tranche 2: Accountant Obligations from July 2026

AML/CTF Tranche 2: Accountant Obligations from July 2026

Table of Contents

AML/CTF Tranche 2 obligations for accountants are set to commence on 1 July 2026 — bringing a significant new compliance layer to Australian accounting practices that previously sat outside the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. This post was written on 12 May 2026, the day of the Australian Federal Budget 2026-27 delivery, and the timing convergence of the Budget and Tranche 2 commencement makes this a critical moment for firms to assess their readiness. Everything that follows is framed as proposed and subject to final AUSTRAC guidance — details may shift before commencement and accountants should verify their obligations directly with AUSTRAC and their firm’s regulatory adviser.

Disclaimer: This article provides general information only and does not constitute legal, compliance, or tax advice. The AML/CTF regime is technically complex and firm-specific. Consult AUSTRAC’s official guidance and a qualified AML/CTF adviser before making compliance decisions for your practice.

What Tranche 2 Actually Means

Australia’s AML/CTF framework has applied to banks, casinos, remittance dealers, and bullion dealers since 2006 under Tranche 1. What has long been described as a gap in the Australian framework — compared with comparable FATF member countries — is the absence of equivalent obligations for professional service providers. Tranche 2 closes that gap.

The legislation extends the AML/CTF Act to designated professional services including accounting, legal, real estate, and trust and company service providers. Under the framework as currently proposed, these sectors will be classified as reporting entities and will be subject to the full suite of obligations that banks have carried for nearly two decades. Budget Paper No. 2, released alongside the 2026-27 Federal Budget on 12 May 2026, references the expected fiscal and administrative context of Tranche 2 commencement, though the substantive obligations are governed by AUSTRAC legislation separately (budget.gov.au).

The policy rationale is straightforward: professional service providers are gatekeepers to the financial system. Accountants help clients establish companies and trusts, manage assets, facilitate transactions, and structure business arrangements — all activities that carry money-laundering and terrorism-financing risk if the provider has no obligation to know who they are actually dealing with. Tranche 2 brings Australia into alignment with FATF Recommendation 22 and the approach taken in the United Kingdom, European Union, and New Zealand.

Are You In Scope?

Whether Tranche 2 applies to your firm depends on whether you provide what will be classified as a “designated service.” This is the threshold question, and it is not simply a matter of whether you hold a CPA or CA qualification.

Services that are likely to be designated (subject to final legislative definition) include:

  • Creating or managing legal arrangements — incorporating companies, establishing trusts, or managing the ongoing administration of those entities on a client’s behalf
  • Acting as a company director or partner — providing nominee director, nominee partner, or similar services for client entities
  • Providing a registered office address — acting as the registered agent address for a company or trust
  • Certain transaction-facilitation services — receiving, holding, or transferring funds in connection with the above arrangements

Services that may not trigger reporting entity status on their own include:

  • Routine tax return preparation (individual or business)
  • Standard bookkeeping or payroll processing
  • BAS lodgement and GST compliance work
  • General financial advice not connected to establishing or managing legal arrangements

The critical point is that many mid-size accounting firms do provide a mix of services — they prepare returns and administer trust structures for the same clients. In that scenario, the designated service elements are likely to draw the whole client relationship into scope for AML/CTF purposes, even if the non-designated work is the bulk of time billed.

If you are unsure whether your specific service mix crosses the threshold, do not guess. Review the designated service definitions once AUSTRAC publishes its final guidance, and if the answer is still not clear, obtain specialist AML/CTF legal advice. The cost of that advice is almost certainly lower than the cost of a reportable non-compliance finding.

Customer Due Diligence (CDD) Requirements

Customer due diligence is the cornerstone of any AML/CTF programme. Under the Tranche 2 framework as proposed, reporting entities must conduct CDD before or as soon as practicable after establishing a designated service relationship. There are three tiers.

Standard CDD (Most Clients)

Standard CDD applies to the majority of clients. It requires:

  • Identifying the client — collecting name, date of birth, and residential address for individuals; company name, ACN, and registered address for entities
  • Verifying that identity using reliable, independent source documents — a passport, driver’s licence, or equivalent government-issued identification
  • Identifying beneficial owners — understanding who ultimately owns or controls the entity, typically defined as any natural person with more than 25% ownership or effective control
  • Assessing AML/CTF risk for the client relationship before providing the designated service

Standard CDD must be completed before you act. You cannot defer verification until after you have incorporated a company or executed a trust deed on behalf of a client whose identity you have not yet confirmed.

Enhanced CDD (High-Risk Clients, PEPs, Complex Structures)

Enhanced CDD applies where the AML/CTF risk is elevated. Triggers include:

  • Clients who are Politically Exposed Persons (PEPs) — foreign government officials, senior domestic officials, their family members, and close associates
  • Complex multi-jurisdictional ownership structures
  • Clients from or transacting with high-risk jurisdictions identified by FATF
  • Unusual or unexplained transaction patterns
  • Clients who are reluctant to provide identity information or whose information cannot be independently verified

Enhanced CDD requires deeper investigation: source of wealth enquiries, source of funds verification for specific transactions, and more frequent ongoing review. Senior management sign-off before establishing or continuing these relationships is typically required under AML/CTF programmes.

Simplified CDD (Low-Risk Only)

Simplified CDD may apply where the risk is demonstrably low — for example, services provided exclusively to listed public companies or other regulated financial institutions. The default for most accounting clients is standard CDD. Simplified CDD is not a shortcut for clients who simply seem trustworthy on the basis of a long relationship.

Ongoing Customer Due Diligence

CDD is not a one-time exercise at client onboarding. Reporting entities will be required to conduct ongoing CDD throughout the life of the relationship. In practical terms, this means:

Transaction monitoring — reviewing transactions and activities for patterns that are inconsistent with the client’s stated business, their known risk profile, or industry norms. This does not require sophisticated software for smaller practices, but it does require a documented process.

Risk re-rating triggers — automatically revisiting a client’s risk rating when certain events occur: a change in beneficial ownership, entry of a new investor or director, a material change in the nature of services being provided, or a client moving into a higher-risk sector or jurisdiction.

Periodic CDD refresh — reviewing and updating CDD information on a risk-based schedule. Higher-risk clients require more frequent review; lower-risk clients may be reviewed every two to three years. The programme documentation should specify the review cycle for each risk tier.

The ongoing monitoring obligation is one of the most operationally demanding aspects of Tranche 2 for accounting firms, because it requires embedding AML/CTF thinking into routine client interactions rather than treating compliance as a one-off intake exercise.

Suspicious Matter Reporting (SMRs)

One of the most consequential obligations under Tranche 2 is the requirement to lodge Suspicious Matter Reports with AUSTRAC. The threshold is deliberately set lower than certainty — you do not need proof of wrongdoing. You need only reasonable grounds to suspect that a transaction or client matter is relevant to an investigation, proceeding, or prosecution relating to money laundering, terrorism financing, or related offences.

Reasonable grounds to suspect can arise from:

  • A client’s inability to explain the source of funds
  • A request to structure transactions in an unusual way
  • Instructions inconsistent with the stated business purpose
  • Beneficial ownership that is deliberately obscured
  • Activity that matches known typologies published by AUSTRAC

SMRs must be lodged with AUSTRAC promptly — the timeframes for different categories of suspicious matter will be specified in the legislation and associated rules. Critically, you must not tip off the client. Once an SMR is lodged, telling the client (or any third party) that a report has been made, or that information about them has been given to AUSTRAC, is a criminal offence. This creates a significant professional conduct tension that firms need to plan for: how do you continue acting for a client about whom you have lodged an SMR without inadvertently disclosing that you have done so?

The legislation does provide statutory protection for good-faith reporters. Lodging an SMR that turns out to be unfounded does not expose you to civil liability from the client, provided the report was made honestly and on reasonable grounds. This protection is an important practical safeguard for firms that are uncertain whether a matter crosses the threshold.

Record-Keeping (7 Years)

The record-keeping requirements under the AML/CTF framework are prescriptive. As proposed, reporting entities must retain:

  • CDD records — all identity documents, verification results, beneficial ownership determinations, and risk assessments for each client
  • Transaction records — for any transactions carried out as part of a designated service: amount, currency, date, nature of the transaction, and the parties involved
  • SMR documentation — copies of all Suspicious Matter Reports lodged, along with the supporting information that prompted the report
  • Programme documentation — the firm’s AML/CTF programme itself, risk assessments, training records, audit results, and board or senior management approvals

All records must be retained for seven years from the date the client relationship ends or the relevant transaction occurs. Records must be capable of being retrieved and provided to AUSTRAC within 30 days of a request. Practically, this means your records need to be structured and indexed — not buried in a partner’s email folder or a shared drive with inconsistent naming conventions.

For guidance on building document retention workflows that your team can actually maintain, see our post on organising receipts and client records — the principles of consistent categorisation and retrievable storage translate directly into AML/CTF record-keeping.

Operational Setup Before 1 July 2026

With fewer than two months to 1 July 2026, the operational window is short. Here is the minimum viable setup that reporting entities are expected to have in place before providing a designated service:

1. Appoint an AML/CTF Compliance Officer. This must be a senior person within the firm — a partner, principal, or equivalent. The compliance officer is responsible for overseeing the programme, reporting to senior management, and acting as the primary point of contact with AUSTRAC. In a sole-practitioner firm, that is you.

2. Develop an AML/CTF programme. The programme has two mandatory parts:

  • Part A — the firm’s AML/CTF risk assessment, identifying which services are designated, which client segments carry elevated risk, and how the firm will manage those risks
  • Part B — the controls and procedures: how CDD will be conducted, how ongoing monitoring will work, how staff are trained, and how SMRs will be lodged

3. Train all relevant staff. Everyone who has contact with clients in connection with designated services needs to understand the basic obligations: what CDD is, what suspicious activity looks like, and what to do if they encounter it. Training records must be retained.

4. Implement a client onboarding workflow. Before 1 July, your standard client engagement process needs to incorporate identity verification, beneficial ownership identification, and risk assessment. This will likely require updating your engagement letter templates, your file-opening procedures, and your client management system.

5. Enrol with AUSTRAC. Reporting entities are required to enrol through the AUSTRAC Online system. Enrolment is separate from registration; check the current requirements on the AUSTRAC website.

For accountants already using digital tools to manage client documentation, the transition to AML/CTF-compliant record-keeping is less daunting. Practices that have adopted tools like Taxr’s free accountant portal for centralising client financial records already have some of the infrastructure — organised, retrievable, timestamped records — that AML/CTF compliance depends on. See also how accountants use Taxr for context on building a document-centric client workflow.

Cost Implications for Firms

Compliance costs under Tranche 2 are real and will fall unevenly across the profession. Sole practitioners and small firms face proportionally higher costs than mid-size practices, because the fixed overhead of building a programme, training staff, and conducting CDD on every client relationship is spread over fewer billable hours.

Indicative cost categories to budget for:

  • AUSTRAC fees — reporting entities pay an annual AUSTRAC industry contribution levy; the quantum for accounting firms will be published by AUSTRAC
  • Programme development — engaging an AML/CTF specialist to help draft your risk assessment and programme documentation if you do not have in-house expertise
  • Identity verification software — electronic verification is faster and more reliable than manual document checks; most commercial solutions carry a per-check cost
  • Staff training — whether you use an external provider or develop internal materials, training takes time and that time has a cost
  • Periodic external review — larger practices may be required to commission independent audits of their AML/CTF programme; smaller practices should still consider periodic external review to identify gaps

Budget for these costs now rather than discovering them after 1 July. For reference on integrating new compliance workflows without doubling your administrative overhead, our post on exporting expenses for your accountant covers how structured data workflows reduce the marginal cost of each additional compliance task.

Interaction with Other Budget Changes

The Federal Budget 2026-27 lands at an already demanding moment for accountants. Three major compliance commencements converge on 1 July 2026:

Payday super — employers will be required to pay superannuation at the same time as wages from 1 July 2026, ending the quarterly payment cycle that most payroll systems have been built around. Accountants with payroll clients face significant workflow changes. For a detailed readiness guide, see our post on payday super readiness for accountants.

The new $1,000 flat deduction — the Budget introduces a simplified deduction option for eligible individual taxpayers, which will change the advice landscape and client enquiry volume for tax agents handling individual returns.

AML/CTF Tranche 2 — the compliance uplift described throughout this post.

Firms that treat these as three separate workstreams will find the period between now and 30 June extremely tight. A consolidated operational readiness review — covering all three changes simultaneously — is a more efficient use of partner time than handling each in sequence.

Frequently Asked Questions

When do AML/CTF Tranche 2 obligations start for accountants?

1 July 2026, as proposed under the AML/CTF Tranche 2 framework — subject to final AUSTRAC guidance and any legislative refinements before commencement. Monitor the AUSTRAC website and subscribe to their industry updates for confirmation of final commencement details.

Which accounting services are in scope?

Designated services include creating or managing legal arrangements, acting as company directors or partners, providing registered office addresses, and certain transaction-management services. Routine bookkeeping and tax return preparation alone may not trigger reporting status — verify your specific service mix with AUSTRAC guidance. Many firms will find that a subset of their services is designated, bringing those client relationships into scope.

What does customer due diligence (CDD) actually require?

Verifying client identity using reliable independent sources, understanding ownership and control structures (including beneficial owners), and assessing AML/CTF risk before establishing or providing the designated service. CDD must be completed before you act — not retrospectively.

What is ongoing customer due diligence?

Continuously monitoring transactions and the client relationship for unusual activity, reviewing risk ratings periodically, and updating CDD information when circumstances change. It is an embedded, ongoing obligation, not a one-time intake exercise.

Do I need to file Suspicious Matter Reports (SMRs)?

Yes. If you suspect on reasonable grounds that information about a client or transaction may be relevant to an investigation, you must lodge an SMR with AUSTRAC. There are statutory protections against civil liability for good-faith reporters, and a tipping-off prohibition that prevents you from informing the client that a report has been made.

How long do I retain records?

Seven years from when the client relationship ends or the transaction occurs. Records must be retrievable within 30 days of an AUSTRAC request. This applies to CDD records, transaction records, SMR documentation, and your programme documentation.

Tranche 2 expands the recordkeeping burden for accountants significantly — but firms that already have structured, retrievable client records are better placed to meet these obligations. Taxr’s free accountant portal centralises client receipts and financial exports, making CDD verification easier when client transactions need documentation. See the free accountant portal.

Tags :
Share :

Related Posts

Loss Carry-Back Records Your Clients Need to Keep

Loss Carry-Back Records Your Clients Need to Keep

The loss carry back records required for a successful claim just became substantially more important. Today, 12 May 2026, the Federal Government delivered the 2026-27 Budget, restoring loss carry-back for companies with aggregated turnover under $1 billion from 1 July 2026. If you advise company clients, now is the time to audit their record-keeping — before the first eligible year opens, not after the ATO comes knocking.

Read More
ATO Shadow Economy Crackdown: $231M Funding

ATO Shadow Economy Crackdown: $231M Funding

The ATO shadow economy crackdown got a significant boost on 12 May 2026, when Treasurer Jim Chalmers handed down the 2026-27 Federal Budget and announced a multi-year compliance package worth approximately $281 million in total. The centrepiece is $155.5 million over four years directed squarely at the shadow economy — undeclared income, cash-in-hand arrangements, GST evasion, and a range of related activity the ATO has been building its enforcement capability around for years. If you run a small business, operate as a contractor, or earn anything on the side, now is the time to understand what changed and what it means for you.

Read More
Trust Restructure Window: How to Advise Clients

Trust Restructure Window: How to Advise Clients

If you have clients with discretionary trusts, the trust restructure 2028 advise-clients conversation starts today — 12 May 2026 — with the delivery of the Australian Federal Budget 2026-27. As proposed in Budget Paper No. 2 and subject to passage of enabling legislation, the government has announced a three-year rollover-relief window opening 1 July 2027. Eligible discretionary trusts will be able to restructure into another vehicle with no income tax or CGT consequence — a genuine opportunity for clients who will be materially affected by the 30% minimum tax landing 1 July 2028. Your job between now and then is to triage your client base, model the numbers, and guide each client to a defensible decision.

Read More