AML Compliance in Australia: The Complete 2026 Guide

Anti-money laundering compliance in Australia has entered a new era. With the Tranche 2 reforms now in effect, thousands of businesses that previously sat outside the regulatory perimeter are being brought under AUSTRAC's supervision for the first time. Whether you are an accountant, a lawyer, a real estate agent, or a conveyancer, understanding your AML compliance obligations is no longer optional — it is a legal requirement.

This guide covers what AML compliance in Australia means in 2026, who must comply, and the practical steps you need to take.

What Does AML Compliance Mean in Australia?

AML compliance in Australia refers to the legal obligations businesses must meet under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (the AML/CTF Act). The Act requires certain businesses — known as reporting entities — to implement controls, verify their customers, and report suspicious activity to the authorities.

In practical terms, your business must have documented processes for identifying customers, assessing risk, monitoring transactions, and reporting to AUSTRAC when something does not look right.

The Role of AUSTRAC

AUSTRAC (the Australian Transaction Reports and Analysis Centre) is Australia's financial intelligence agency and AML/CTF regulator. It sets and enforces compliance standards, collects and analyses financial transaction reports, shares intelligence with law enforcement, and conducts audits and enforcement actions against non-compliant businesses. If your business provides designated services, AUSTRAC is your regulator.

Who Must Comply With AML Laws in Australia?

The AML/CTF Act applies to any business that provides a designated service. Historically, this was limited to financial institutions, gambling providers, bullion dealers, and remittance service providers. The Tranche 2 amendments have significantly expanded the scope.

Tranche 2: The Big Expansion

Tranche 2 brings designated non-financial businesses and professions (DNFBPs) into the AML/CTF regime. The compliance deadline of 1 July 2026 means the following professions must now meet the same regulatory standards:

Real estate agents — Agents involved in buying or selling real property
Accountants — Professionals managing client funds, forming companies or trusts, or providing financial advisory services
Lawyers — Legal practitioners engaged in conveyancing, company formation, trust establishment, or managing client money
Conveyancers — Licensed conveyancers handling property transfers

The Financial Action Task Force (FATF) repeatedly flagged Australia's failure to regulate these professions as a significant gap. The 2026 reforms finally close that gap.

The 6 Core AML Compliance Obligations

Every reporting entity must meet six core obligations under the AML/CTF Act.

1. Enrol With AUSTRAC

Before providing any designated service, your business must enrol with AUSTRAC as a reporting entity through the AUSTRAC Online portal.

2. Develop an AML/CTF Program

You must have a written AML/CTF program with two parts:

Part A — General compliance arrangements, including governance, risk management, and oversight procedures
Part B — Customer identification and verification (Know Your Customer) procedures

Your program must be tailored to your business — a generic template will not satisfy AUSTRAC.

3. Conduct a Risk Assessment

A money laundering and terrorism financing (ML/TF) risk assessment is the foundation of your program. You must identify risks based on your customers, services, delivery channels, and geographic exposure. The assessment must be documented and reviewed regularly.

4. Perform Customer Due Diligence (CDD)

Before providing a designated service, you must verify the identity of your customers. This includes collecting identification, verifying it against independent sources, identifying beneficial owners, and applying enhanced due diligence for higher-risk customers such as politically exposed persons (PEPs). CDD is an ongoing obligation, not a one-off exercise.

5. Monitor and Report

You must monitor customers and transactions for suspicious activity and submit reports to AUSTRAC:

Suspicious Matter Reports (SMRs) — When you suspect money laundering, terrorism financing, or other serious crime
Threshold Transaction Reports (TTRs) — For cash transactions of $10,000 or more
International Funds Transfer Instructions (IFTIs) — For international electronic funds transfers

Failing to submit an SMR when required is a serious offence.

6. Keep Records

All AML/CTF records must be retained for seven years, including customer identification, transaction records, risk assessments, program documents, and training records. Records must be stored securely and be readily accessible for AUSTRAC audits.

Penalties for Non-Compliance

AUSTRAC has significant enforcement powers and the penalties are severe:

Civil penalties of up to $25.2 million per contravention for body corporates
Infringement notices for specific regulatory breaches
Enforceable undertakings and remedial directions
Criminal prosecution in serious cases

High-profile cases — including a $1.3 billion penalty against Westpac — signal that no business is too large or too small to avoid scrutiny. Beyond financial penalties, enforcement actions are made public, creating serious reputational risk for professional services firms.

How to Get Started With AML Compliance

If your business is newly caught by the Tranche 2 reforms, here is a practical starting point:

Determine whether you provide a designated service — Review the AML/CTF Act and AUSTRAC's guidance
Enrol with AUSTRAC — Complete your registration as a reporting entity
Conduct your ML/TF risk assessment — Understand the specific risks your business faces
Develop your AML/CTF program — Build a program that addresses those risks
Set up customer due diligence processes — Establish identity verification procedures
Train your staff — Ensure everyone understands their obligations
Implement monitoring and reporting — Put systems in place to detect and report suspicious activity

Industry-Specific Guidance

Your AML compliance approach should reflect the specific risks of your industry:

Take the Complexity Out of AML Compliance

AML compliance in Australia does not have to be overwhelming. ComplyReady helps Australian businesses build and maintain their AML/CTF programs with guided risk assessments, automated program generation, customer due diligence tools, and ongoing monitoring — all designed specifically for the professions caught by Tranche 2. If you are looking for a straightforward way to meet your obligations without the cost of a consultant, ComplyReady can help you get compliant and stay compliant.

This guide covers what AML compliance in Australia means in 2026, who must comply, and the practical steps you need to take.

What Does AML Compliance Mean in Australia?

In practical terms, your business must have documented processes for identifying customers, assessing risk, monitoring transactions, and reporting to AUSTRAC when something does not look right.

The Role of AUSTRAC

Who Must Comply With AML Laws in Australia?

Tranche 2: The Big Expansion

Real estate agents — Agents involved in buying or selling real property
Accountants — Professionals managing client funds, forming companies or trusts, or providing financial advisory services
Lawyers — Legal practitioners engaged in conveyancing, company formation, trust establishment, or managing client money
Conveyancers — Licensed conveyancers handling property transfers

The Financial Action Task Force (FATF) repeatedly flagged Australia's failure to regulate these professions as a significant gap. The 2026 reforms finally close that gap.

The 6 Core AML Compliance Obligations

Every reporting entity must meet six core obligations under the AML/CTF Act.

1. Enrol With AUSTRAC

Before providing any designated service, your business must enrol with AUSTRAC as a reporting entity through the AUSTRAC Online portal.

2. Develop an AML/CTF Program

You must have a written AML/CTF program with two parts:

Part A — General compliance arrangements, including governance, risk management, and oversight procedures
Part B — Customer identification and verification (Know Your Customer) procedures

Your program must be tailored to your business — a generic template will not satisfy AUSTRAC.

3. Conduct a Risk Assessment

4. Perform Customer Due Diligence (CDD)

5. Monitor and Report

You must monitor customers and transactions for suspicious activity and submit reports to AUSTRAC:

Suspicious Matter Reports (SMRs) — When you suspect money laundering, terrorism financing, or other serious crime
Threshold Transaction Reports (TTRs) — For cash transactions of $10,000 or more
International Funds Transfer Instructions (IFTIs) — For international electronic funds transfers

Failing to submit an SMR when required is a serious offence.

6. Keep Records

Penalties for Non-Compliance

AUSTRAC has significant enforcement powers and the penalties are severe:

Civil penalties of up to $25.2 million per contravention for body corporates
Infringement notices for specific regulatory breaches
Enforceable undertakings and remedial directions
Criminal prosecution in serious cases

How to Get Started With AML Compliance

If your business is newly caught by the Tranche 2 reforms, here is a practical starting point:

Determine whether you provide a designated service — Review the AML/CTF Act and AUSTRAC's guidance
Enrol with AUSTRAC — Complete your registration as a reporting entity
Conduct your ML/TF risk assessment — Understand the specific risks your business faces
Develop your AML/CTF program — Build a program that addresses those risks
Set up customer due diligence processes — Establish identity verification procedures
Train your staff — Ensure everyone understands their obligations
Implement monitoring and reporting — Put systems in place to detect and report suspicious activity

Industry-Specific Guidance

Your AML compliance approach should reflect the specific risks of your industry:

AML Compliance in Australia: The Complete 2026 Guide

What Does AML Compliance Mean in Australia?

The Role of AUSTRAC

Who Must Comply With AML Laws in Australia?

Tranche 2: The Big Expansion

The 6 Core AML Compliance Obligations

1. Enrol With AUSTRAC

2. Develop an AML/CTF Program

3. Conduct a Risk Assessment

4. Perform Customer Due Diligence (CDD)

5. Monitor and Report

6. Keep Records

Penalties for Non-Compliance

How to Get Started With AML Compliance

Industry-Specific Guidance

Take the Complexity Out of AML Compliance

Ready to get AML/CTF compliant?

AML Compliance in Australia: The Complete 2026 Guide

What Does AML Compliance Mean in Australia?

The Role of AUSTRAC

Who Must Comply With AML Laws in Australia?

Tranche 2: The Big Expansion

The 6 Core AML Compliance Obligations

1. Enrol With AUSTRAC

2. Develop an AML/CTF Program

3. Conduct a Risk Assessment

4. Perform Customer Due Diligence (CDD)

5. Monitor and Report

6. Keep Records

Penalties for Non-Compliance

How to Get Started With AML Compliance

Industry-Specific Guidance

Take the Complexity Out of AML Compliance

Ready to get AML/CTF compliant?