On 13 February 2026, the Financial Action Task Force (FATF) added Papua New Guinea (PNG) to its list of “Jurisdictions under Increased Monitoring” — the FATF grey list. This follows the February Plenary in Mexico City.

PNG’s grey‑listing matters for Australia — and matters most for Queensland, given our geographic proximity, deep people‑to‑people links, and substantial cross‑border trade. The change will raise risk and compliance expectations across banks and, from 1 July 2026, across newly regulated Tranche 2 sectors (legal, accounting, real estate, and dealers in precious metals/stones), especially in FNQ and the Torres Strait.

Why Queensland should pay attention

• Geographic reality: PNG is Australia’s closest neighbour — just ~3.5–4 km separates PNG’s south coast and Australia at the Torres Strait’s narrowest point (around Daru).

• Flight/flow reality: Port Moresby–Brisbane is around 2,090–2,105 km with ~3h 05–10m direct flight time, underscoring frequent movement of people and goods.

• Economic reality: In 2023–24, Queensland merchandise exports to PNG were ~$1.2 billion, making PNG a critical Pacific partner for our state’s businesses.

What the FATF grey list actually means

Grey‑listing signals a country has strategic AML/CTF deficiencies but has committed to a time‑bound action plan under FATF monitoring. Crucially, FATF does not call for blanket enhanced due diligence (EDD) or de‑risking of entire classes of customers; it urges a risk‑based approach that avoids disrupting legitimate trade, humanitarian flows, and remittances.

PNG authorities have publicly acknowledged the listing and outlined an action plan to address deficiencies — with officials signalling intent to exit monitoring as quickly as possible.

Likely impacts for Queensland & FNQ

1) Banking & trade finance: more friction, slower approvals

Grey‑listing typically leads to tighter correspondent banking oversight and recalibrated country risk by financial institutions. Empirical research suggests grey‑listing can reduce capital inflows by around 7.6% of GDP (at the time of listing), which can translate into costlier, slower cross‑border finance — though GDP impacts themselves are mixed across studies.

What this means in practice: expect more questions, more documents, and longer turnaround on PNG‑linked payments, letters of credit, and trade facilities, even as FATF discourages indiscriminate de‑risking.

2) Tranche 2 reforms: new obligations from 1 July 2026

Australia’s AML/CTF reforms bring lawyers, accountants, real estate professionals, precious metals/stones dealers and TCSPs into scope from 1 July 2026 (with existing reporting entities transitioning by 31 March 2026). AUSTRAC has released reform guidance and timelines.

Implication: PNG‑linked work will likely be rated higher risk in many firm‑level risk assessments, triggering enhanced customer due diligence (ECDD), senior management approvals, and tighter ongoing monitoring, consistent with AUSTRAC’s risk‑based expectations — noting FATF does not mandate EDD solely on the basis of grey‑listing.

3) Cross‑border commercial ties under an active QLD–PNG MoU

Queensland and PNG signed a renewed Memorandum of Understanding on 10 December 2025, covering 14 priority cooperation areas (trade, tourism, education, health, emergency services, disaster resilience, cultural and sporting exchange). This state‑level framework underscores the unique depth of QLD–PNG links that will remain vital — and more compliance‑intensive — during PNG’s FATF action plan period.

4) Sporting diplomacy & public attention

PNG’s planned NRL franchise — the PNG Chiefs, slated to enter in 2028 — reflects deep cultural links and high public visibility for PNG–Australia ties. It’s also part of a broader government‑backed Pacific partnership agenda. This sweetheart deal came with one major condition, that PNG does not allow China to secure a military foothold in the country.

Sector‑by‑sector: what changes on the ground?

Banks and credit unions (current reporting entities)

• Immediate actions: Review your country risk ratings, correspondent banking exposure, and trade finance controls for PNG‑linked transactions; document the rationale under your enterprise‑wide risk assessment.

• EDD triggers: Apply ECDD where your risk‑based assessment indicates higher ML/TF risk (e.g., complex ownership; cash‑intensive operations; adverse media), and file SMRs when warranted. FATF does not require automatic EDD for grey‑listed countries, but AUSTRAC expects proportionate controls.

Lawyers & conveyancers (Tranche 2 from 1 July 2026)

• When obligations bite: When you assist or act for clients in transactions captured by the new designated services (e.g., company formation, trust services, real property transactions, management of client funds).

• PNG‑linked matters: Expect heightened KYC/ECDD, verification of beneficial ownership, source of funds/wealth, senior management approval for higher‑risk relationships, and ongoing monitoring calibrated to risk.

Accountants & TCSPs (Tranche 2 from 1 July 2026)

• Corporate structuring for PNG clients or UBOs: Treat as higher inherent risk in many scenarios; apply ECDD, document enhanced source‑of‑funds work, and consider adverse media and sanctions screening.

Real estate professionals (Tranche 2 from 1 July 2026)

• PNG buyers/investors: Expect to apply ECDD where your risk assessment deems it appropriate — especially for non‑resident buyers, off‑the‑plan transactions, third‑party payers, and complex structures. Collect and verify UBOs, beneficial ownership chains, and source of funds/wealth. FATF’s stance remains risk‑based, not automatic EDD.

Key reminder: AUSTRAC’s reform pages and regulatory expectations emphasise outcomes‑focused, risk‑based controls — not box‑ticking. Start building your reform implementation plan now (policies, systems, training, and records).

For Queensland businesses trading with PNG

• Expect more documentation on counterparties, beneficial ownership, and trade documentation (commercial invoices, BLs/AWBs, inspection/packing certs).

• Allow longer lead times for payments and LCs, as banks perform additional checks.

• Work with your bank early on KBAs (Know‑Your‑Business Activities) and transaction narratives to reduce friction — especially in FNQ supply chains moving via the Torres Strait. (FATF guidance cautions against disrupting legitimate flows; your clarity helps banks keep things moving.)

What to do this month (practical checklist)

For current reporting entities (banks, ADIs, remitters, casinos, etc.)

1. Update country risk: Re‑rate PNG in your jurisdictional risk matrix; document rationale; adjust screening lists/alerts.

2. Tighten ECDD playbooks: Define clear EDD triggers (ownership opacity, PEPs, non‑resident high‑value transactions, cash‑intensive sectors).

3. Enhance trade finance due diligence on PNG flows (dual‑use risk, unusual routing, third‑party payments).

For Tranche 2 firms (from 1 July 2026)

1. Gap‑assess your program against AUSTRAC’s reform guidance; set an implementation plan & training schedule.

2. Design risk‑based onboarding for PNG‑linked clients (EDD steps, SMR triggers, senior approvals).

3. Build records & BO controls (e.g., UBO registers/screenshots, SoF/SoW evidence, ongoing monitoring cadence).

Frequently asked questions

Is PNG on the “blacklist”?
No. PNG is on the FATF grey list (increased monitoring). That is not the blacklist (a call for countermeasures). FATF does not call for automatic EDD or de‑risking for grey‑listed countries; controls should be risk‑based.

Will grey‑listing crash PNG’s economy?
Impacts vary. The strongest evidence shows capital inflows fall by ~7.6% of GDP around grey‑listing events; GDP growth effects are mixed and context‑dependent. Businesses should plan for more compliance friction rather than assume a collapse.

We have long‑standing PNG clients. Do we have to exit them?
No. FATF discourages indiscriminate de‑risking. Apply a risk‑based approach: refresh KYC, enhance due diligence if warranted, and monitor.

Context & ties that bind

Australia administered PNG until independence in 1975; the two countries retain significant economic, political, security and cultural ties. Today, Queensland’s export, workforce mobility, and sporting links (including PNG’s planned NRL Chiefs franchise in 2028) keep the relationship both close and visible — and therefore subject to higher compliance scrutiny while PNG progresses its FATF action plan.

How AML Advisers can help

• Rapid PNG exposure review (RBA refresh, policy updates, ECDD templates, red‑flag catalogues)

• Tranche 2 implementation (fit‑for‑purpose AML/CTF programs, training, file‑ready procedures) ahead of 1 July 2026 go‑live

• Trade finance enablement (evidence packs and narratives to keep your transactions moving)

👉 Book a Tranche 2 Readiness Session with AML Advisers today and see how we can assist you with your prep!

What’s new: AUSTRAC has confirmed that the first round of independent evaluations for newly‑regulated tranche‑2 businesses will be staggered. The deadline you receive will be determined by the AUSTRAC account number issued to you when you enrol. The earliest evaluation deadline is 1 July 2029, with subsequent cohorts at six‑month intervals thereafter.

This mechanism is designed to prevent bottlenecks—so entire sectors (e.g., real estate) or business types (e.g., small practices) aren’t all due at the same time.

Who is captured under Tranche 2 and when?

From 1 July 2026, AML/CTF obligations commence for entities providing designated services in the following sectors: real estate, law, conveyancing, accounting, trust & company services, and dealers in precious metals and stones. Enrolment opens 31 March 2026.

AUSTRAC’s reform hub provides the consolidated timeline, guidance, and sector resources to prepare for these changes.

The staggered evaluation model: how it works

• Extended first‑evaluation deadline set by AUSTRAC account number: When you enrol from 31 March 2026, you’ll receive an AUSTRAC account number. AUSTRAC will use that number to assign your first independent evaluation deadline, ensuring a spread across sectors and business sizes. You may embed this extended deadline in your AML/CTF program if it suits your nature, size and complexity.

• Earliest first deadline = 1 July 2029: No newly‑regulated business will be required to complete its first independent evaluation earlier than three years from commencement. AUSTRAC sets the first tranche‑2 deadline at 1 July 2029, with further cohorts at six‑month intervals (e.g., early 2030, late 2030, etc.), based on account number allocations.

• If you’re already regulated (Tranche 1): Entities that recently completed a pre‑reform independent review will also receive an extended window for their first post‑reform evaluation, scaled to how recently they were reviewed.

Important: “Staggered” only applies to the timing of your first independent evaluation. It does not delay the start of your AML/CTF obligations from 1 July 2026 for tranche‑2 entities.

What Tranche 2 entities must do now (step‑by‑step)

1. Calendar the big three dates:

   • 31 Mar 2026 (enrollment opens), 1 Jul 2026 (obligations begin), 29 Jul 2026 (Deadline to register).

2. Design and operate your AML/CTF program early: Build your risk assessment, AML Program, CDD, transaction monitoring, SMR processes, recordkeeping, and training—and start capturing evidence of effectiveness well before July 2026.

3. Add the evaluation clause to your program: Document that you will use the extended first‑evaluation deadline assigned by AUSTRAC account number, provided it’s appropriate to your nature, size and complexity. Keep a placeholder section to insert your actual date once you enrol and receive your number.

4. Build a capacity plan: Even with staggering, demand for independent evaluators will spike around each cohort date. Start short‑listing independent, appropriately qualified evaluators and request provisional windows that align with your expected cohort (you’ll confirm after enrolment).

5. Assign internal owners: Nominate a project lead, program author, training owner, and records custodian.

6. Prepare an “evaluation pack”: Keep a live folder with risk assessment versions, program updates, training logs, CDD samples, SAR/SMR decisioning memos, monitoring alerts, remediation logs and board/senior‑management oversight evidence—this is what evaluators and AUSTRAC will expect to see.

Frequently asked questions

When will I know my exact evaluation deadline?
After you enrol from 31 March 2026, AUSTRAC issues an account number. Your first independent evaluation deadline will be set off that number, with 1 July 2029 the earliest cohort and subsequent six‑monthly cohorts thereafter. Insert the confirmed date into your AML/CTF program once you receive it.

Can I elect to be evaluated earlier than my cohort?
You may plan an earlier evaluation in your program (e.g., for risk, client or governance reasons). The staggered model simply defines the latest acceptable first‑evaluation deadline tied to your account number.

The bottom line (and why starting early still matters)

Staggering will spread demand and reduce bottlenecks, but it won’t help if your AML/CTF program isn’t operating well before your evaluation window. Start now, so by the time your account‑number‑based deadline arrives, your program already works in practice and you have the evidence to prove it.

Need help?

👉 Book a Tranche 2 Readiness Session with AML Advisers today and see how we can assist you with your prep!

As Australia moves closer to implementing the next phase of AML/CTF reforms, AUSTRAC has launched a series of education initiatives to help new reporting entities—especially those in the Tranche 2 sectors—understand how to build a compliant and practical ML/TF risk assessment. One of the most valuable of these resources is AUSTRAC’s “Conducting Your Risk Assessment” webinar series, running throughout early 2026.

Whether you're a real estate agency, accountant, lawyer, conveyancer, or other newly captured entity, this webinar provides a clear roadmap for developing a structured, defensible risk assessment framework.

In this article, we break down the key themes and AUSTRAC expectations highlighted in the webinar and explain what it means for your AML/CTF readiness.

Why AUSTRAC Is Focusing on Risk Assessments

AUSTRAC’s reform education program aims to help new reporting entities understand their obligations and adopt a risk‑based approach as early as possible. As part of this initiative, AUSTRAC is conducting dedicated risk assessment webinars that introduce the purpose of ML/TF risk assessments, how they fit within the broader AML/CTF regime, and how businesses can apply AUSTRAC’s quick guides in practice.

These webinars are designed specifically for new reporting entities that will soon be required to comply with AML/CTF laws and need guidance on where to begin.

Key Learning Areas Covered in the Webinar

According to AUSTRAC’s official event description, the webinar walks participants through the core building blocks of an effective ML/TF risk assessment. These include:

1. Understanding the Purpose of a Risk Assessment

AUSTRAC emphasises that a risk assessment is the foundation of a business’s entire AML/CTF Program. It enables reporting entities to:

• identify vulnerabilities in their business,

• understand how ML/TF or proliferation financing risks may arise, and

• build appropriate mitigation controls.

The session highlights that an ML/TF risk assessment helps ensure the business can detect, deter, and avoid being exploited by criminals.

2. Key Elements of an Effective ML/TF Risk Assessment

During the webinar, AUSTRAC explains the critical components that must be present in a risk assessment framework:

• identification of inherent risks,

• assessment of customer, service, channel, and geographic risks,

• evaluation and prioritisation of risks, and

• documenting the methodology used.

These expectations align closely with AUSTRAC’s broader reform guidance, which outlines a structured approach to identifying, assessing, and prioritising ML/TF risks under the AML/CTF Act.

3. Applying a Structured Methodology

One of the strengths of the webinar is its focus on practical application. AUSTRAC walks through how to use a repeatable and structured methodology to identify and assess risks. The approach is tailored to:

• the size, nature, and complexity of the business, and

• sector‑specific ML/TF risks.

Participants are encouraged to use AUSTRAC’s ML/TF risk assessment framework quick guides, which provide risk indicators and examples specific to each Tranche 2 sector.

4. Sector‑Specific Risks and Real‑Time Activities

The webinar includes interactive activities allowing participants to practice applying AUSTRAC’s framework to real‑world scenarios. AUSTRAC reinforces that risk assessments must consider:

• customer types,

• delivery channels,

• designated services,

• geographic exposure, and

• emerging risks such as cyber-enabled crime and proliferation financing.

These obligations are clearly stated in AUSTRAC’s risk assessment guidance under AML/CTF Reform.  

Who Should Attend These Webinars?

The webinar series is targeted at new reporting entities, particularly those now captured under the upcoming reforms. AUSTRAC recommends participation from:

• compliance officers,

• business owners,

• directors and principals,

• risk and operations managers.

Engagement in these sessions signals that a business is proactively preparing for its AML/CTF obligations and taking financial crime risk seriously.

Why This Matters for Tranche 2 Entities

For many newly captured sectors, this is the first time they will be required to undertake a formal ML/TF risk assessment. AUSTRAC’s expectations are clear:

• Your risk assessment must be tailored, documented, and evidence‑based.

• It must cover both current services and any planned designated services.

• It must include an assessment of customer risks, service risks, delivery channels, and geographic exposure.

• Your risk assessment becomes the basis for assigning risk ratings to customers and building your AML/CTF Program.

These requirements form the backbone of risk‑based compliance under the AML/CTF regime.

Final Thoughts: Start Early and Build a Defensible Framework

AUSTRAC’s “Conducting Your Risk Assessment” webinar provides a clear pathway for Tranche 2 businesses preparing for AML/CTF obligations. The key message is simple: your risk assessment is not a box‑ticking exercise—it is the foundation for your entire compliance framework.

As the reforms approach, now is the time to:

• understand your sector‑specific risks,

• build a structured methodology,

• document your assessment thoroughly, and

• prepare to embed these insights into your AML/CTF Program.

If you’re looking for expert support developing a firm‑wide ML/TF risk assessment tailored to your business, AML Advisers can help you design, document, and implement a framework that meets AUSTRAC’s expectations and protects your business from financial crime.

👉 Book a Tranche 2 Readiness Session with AML Advisers today and see how we can assist you with your Tranche 2 prep!

Recent reporting highlights that more than one million family trusts operate in Australia, a figure supported by ATO data and widely cited in investment commentary. With trusts generating close to $489.5 billion in total business income in the 2023 financial year, they represent one of the largest and most lightly scrutinised financial structures in Australia’s economy.

Until now, these trusts have existed in a regulatory blind spot for anti‑money laundering and counter‑terrorism financing (AML/CTF) oversight—but Tranche 2 reforms are set to change that.

This article breaks down what family trusts are, why they matter in the Tranche 2 context, and what real estate agents, accountants, lawyers, and trust administrators should start preparing for.

1. What the reported trust boom tells us

Public analysis notes that family trusts are widely used for:

• tax planning;

• asset protection;

• flexible income distribution; and

• intergenerational wealth management.

The ATO also outlines that trusts vary significantly, from simple discretionary structures to those requiring formal Family Trust Elections, enabling access to certain concessions and tax treatments.

These structures offer flexibility—and that flexibility is precisely why they pose AML/CTF risk when unregulated.

2. Why family trusts are squarely in the sights of Tranche 2

a) High‑risk structural features

Family trusts can obscure:

• ultimate beneficial ownership (UBO),

• source of funds,

• control rights, and

• distribution pathways.

The trust deed, appointor powers, corporate trustees, and layered beneficiary classes can make determining the “real” controller extremely challenging. This is well‑recognised globally by FATF.

b) Tranche 2 will require trust-related gatekeeper professions to verify:

• trustee identity,

• beneficiaries (including minors and contingent beneficiaries),

• appointors and controllers,

• settlors (in line with FATF standards), and

• the purpose and anticipated nature of trust activity.

After the reforms go live in just over 5 months time, AML obligations will fall heavily on:

• lawyers drafting or advising on trusts;

• accountants administering or structuring trusts;

• real estate agents dealing with trust‑held property;

• corporate service providers and trust management businesses.

3. Trusts & real estate: the Tranche 2 flash‑point

Family trusts are commonly used to purchase residential and commercial property. With more than one million trusts operating, the intersection between trusts and real estate transactions is vast.

Under Tranche 2, a trust purchasing a property will trigger:

• full KYC on the trust (trust deed, role-holders, beneficiaries);

• source‑of‑funds checks on contributions and distributions;

• ongoing monitoring if the trust continues to transact.

This is especially relevant because real estate is globally recognised as a vehicle for laundering illicit funds—often through opaque trust structures.

4. Risks the government is trying to close

Tranche 2 aims to mitigate risks including:

• layered ownership via corporate trustees;

• income distribution to obscure funds flow;

• property holdings shielding criminals from asset tracing;

• use of trusts for tax evasion or cross‑border fund transfers;

• “family group” definitions that make it harder to identify beneficial owners.

Given the ATO already acknowledges the complexity of trust elections, loss provisions, and interposed entity rules, the AML/CTF challenge is substantial.  

5. What trustees and advisers should start doing now

a) Prepare for full trust transparency

Trustees should expect to provide:

• certified trust deeds;

• identification of all role‑holders;

• source‑of‑funds documentation;

• beneficiary and UBO disclosures.

b) Accountants & lawyers need updated onboarding processes

You will be expected to:

• collect CDD/KYC documents before providing trust-related services;

• build risk‑scoring for high‑risk trust structures;

• reassess how you handle complex or foreign‑linked trusts.

c) Real estate agents must be Tranche‑2 ready

When a trust buys or sells property:

• trust KYC is mandatory;

• controllers must be identified;

• suspicious distribution patterns must be monitored and reported.

d) Trust administrators should implement AML policies

This includes AML/CTF programs, ongoing monitoring, staff training, and suspicious matter reporting (SMRs).

6. What this means for the 1 million+ Australians with family trusts

Most trustees have never had to undergo AML checks. That will soon change.

For ordinary families using trusts for tax and asset planning, this means:

• more paperwork;

• clearer documentation of wealth sources;

• greater visibility into distributions;

• compliance obligations when dealing with Tranche‑2 regulated professionals.

For high‑risk clients, complex structures, or foreign‑linked beneficiaries, scrutiny will increase substantially.

7. Final thoughts: The era of anonymous trust structures is ending

The widely reported scale of Australian trust usage—more than one million structures—illustrates why government reform has become urgent.

Tranche 2 will not eliminate family trusts, nor is it designed to. But it will require the industries surrounding them—real estate, accounting, legal, and trust administration—to bring these vehicles into the light.

If you rely on trusts or advise clients who do, now is the time to prepare for AML/CTF compliance.

👉 Book a Tranche 2 Readiness Session with AML Advisers today and ensure your trust structures, onboarding processes, and risk assessments are compliant from day one.

What’s new: The Department of Home Affairs’ transitional‑rules consultation proposes staggering the first independent evaluation deadlines for tranche‑2 entities (lawyers, conveyancers, accountants, real estate professionals, trust & company service providers, and dealers in precious metals/stones). Instead of everyone clustering at the three‑year mark after obligations commence on 1 July 2026, the first evaluations could be due 1 July 2030, 1 July 2031, or 1 July 2032 for different cohorts. Home Affairs notes the aim is to avoid a capacity crunch if most entities take the three‑year option and try to book evaluators simultaneously. The paper also flags a possible extension for tranche‑1 entities beyond 31 March 2029. Importantly, the Department acknowledges staggered deadlines could affect Australia’s FATF mutual evaluation, and seeks views on how best to split cohorts.

Why it matters: Australia’s FATF on‑site visit is scheduled for late 2026 under the 5th‑round methodology. During an evaluation, assessors look for both technical compliance and effectiveness, with the on‑site visit focusing heavily on whether measures are working in practice. If large parts of tranche‑2 have not yet undergone an independent evaluation by late 2032 (the year of the Brisbane Omplyics), that could influence how assessors view implementation under Recommendations 18 (independent audit function) and 23 (DNFBPs’ programmes/controls).

A quick refresher on Australia’s timetable (as proposed/announced)

• Parliament passed the AML/CTF Amendment Act 2024, which extends the regime to tranche‑2 services and modernises rules. Tranche‑2 enrolment from 31 March 2026, with obligations to apply from 1 July 2026 for new entrants has been widely communicated.

• Under the consultation paper, first independent evaluations would ordinarily be due within three years of obligations commencing (i.e., by 31 March 2029 for many) — but the transitional proposal is to stagger to 1 July 2030/2031/2032 for tranche‑2 cohorts to ease pressure on evaluator capacity.  

Bottom line: Home Affairs is explicitly consulting on staggering independent evaluations (AU terminology), not delaying general compliance — entities will still need to design and operate AML/CTF programs from day one.

What happened in New Zealand when Phase 2 hit — and why Australia should pay attention

When New Zealand brought lawyers (2018), accountants (2018), real estate agents (2019) and other sectors into scope, independent audits of AML/CFT programs were required on a set cycle. Initially every two years, Cabinet moved in 2020 to extend the default audit cycle to every three years, and pushed back the first audit due date for real estate agents to 31 December 2021 to relieve pressure. Regulators also recognised that COVID‑19 disruptions affected audit delivery.  

At the same time, New Zealand experienced a broader shortage of auditors (a talent and border‑restrictions issue) that forced Parliament to extend statutory reporting deadlines across parts of the public sector; the Auditor‑General publicly described the shortage and its impacts. While that announcement concerned financial statement audits, it illustrates the system‑wide constraints on audit capacity that existed during NZ’s early Phase‑2 years — precisely the kind of constraint Australia is trying to avoid for independent AML evaluations.

NZ supervisors have repeatedly urged firms to “plan ahead” for audits and clarified what counts as independent and appropriately qualified, reflecting the reality that qualified AML auditors/evaluators are a finite resource. Updated guidelines in May 2025 reiterated the three‑year audit cadence (or four years if a supervisor permits).

Takeaway for Australia: When large numbers of newly‑regulated DNFBPs hit their first evaluation window together, capacity bottlenecks are real — NZ’s timeline adjustments and messaging underline the need to stagger demand and book early.

Could staggering hurt Australia’s FATF result?

Potential risk: The consultation itself notes that staggered deadlines could impact compliance in advance of Australia’s FATF mutual evaluation, citing Recommendations 23.2 and 18.1(c) (the latter refers to an independent audit function as part of AML/CTF programs). If assessors arrive late‑2026 and many tranche‑2 firms won’t undergone an independent evaluation until the start of the next decade, that could limit evidence of effective implementation.

Nuance: FATF’s 5th‑round places strong weight on effectiveness — assessors want to see risk‑based controls operating and tested. However, FATF also recognises risk‑based approaches and transitional contexts. If higher‑risk sectors can demonstrate early, credible implementation, and supervisors can show risk‑focused oversight, the overall picture can still be positive even if some lower‑risk cohorts are scheduled for later evaluation waves.

Practical moves tranche‑2 firms should make now (especially real estate, legal, accounting & TCSPs)

1. Start before you’re asked. Don’t wait for your cohort assignment. Begin building your risk assessment, program, and CDD workflows now so they’re operating well ahead of 1 July 2026. AUSTRAC’s consultation materials and sector briefings outline what’s coming for tranche 2 and emphasise simplification with outcomes‑based rules — but substance still matters.

2. Plan an early “mock independent evaluation.” NZ supervisors repeatedly told firms to plan ahead; early dry‑runs help surface gaps long before the real evaluation window opens.

3. Lock in evaluator capacity. Build relationships with independent, appropriately qualified evaluators; verify independence (no program design by the same provider) and expertise in your sector. NZ’s updated audit guideline gives a clear picture of what “independent & appropriately qualified” means.

4. Evidence effectiveness. FATF assessors focus on results. Keep clear records of risk‑based decisions, training, monitoring, SAR/SMR decisioning, remediation, and board/senior‑management oversight. This aligns with FATF Rec. 18 & 23 expectations for programs and control frameworks in DNFBPs.

5. Mind the dates. Plan to enrol from 31 March 2026 and be operational by 1 July 2026. Even if your first independent evaluation is staggered later, your program must be live.

How should Home Affairs stagger cohorts? A practical proposal

Home Affairs asked for input on how to divide tranche‑2 entities so engagements are “appropriately spread over time.” Here’s a balanced, risk‑and‑capacity model:

• Cohort A — 1 July 2029 (earliest):
  Higher‑risk services and larger national networks (e.g., trust & company service providers, large real estate groups with high‑risk profiles, and law/accounting practices with significant cross‑border trust/company work). Front‑loading these helps FATF optics because higher‑risk DNFBPs will have demonstrably and locked in dates for their independent evaluations.

• Cohort B — 1 July 2031:
  Medium‑sized practices and multi‑office agencies with mixed risk profiles.

• Cohort C — 1 July 2032:
  Small, single‑office practices in lower‑risk segments, including smaller suburban agencies with predominantly domestic clientele (provided ongoing supervision shows their programs are operating effectively).  

Layer across cohorts a geographic spread and evaluator specialisation (legal, real estate, accounting) to reduce simultaneous demand spikes and avoid the NZ‑style bottlenecks.

What Australia can lift directly from the NZ playbook

• Be explicit and early about cycles. NZ moved from two‑year to three‑year independent audits and publicly flagged timelines/cohorts (e.g., the real estate extension to 31 Dec 2021). This transparency helped firms plan and reduced compliance‑date “cliff edges.”

• Acknowledge market capacity and plan around it. New Zealand’s general auditor shortage was openly addressed via deadline extensions in other sectors — a reminder that policy design should map to real evaluator capacity.

• Keep guidance current. NZ supervisors updated the Audit Guideline (May 2025) to clarify independence and qualification criteria, which helps prevent “shadow consulting” conflicts and elevates audit/evaluation quality.

What this means for the 2026 FATF visit

• Technical compliance: Australia’s 2024 Act plus draft rules/consultations show strong progress toward covering DNFBPs and modernising obligations — a positive signal.

• Effectiveness: The on‑site (late 2026) will look for programs operating and tested across higher‑risk DNFBP sectors. Ensuring Cohort A (above) has confirmed dates for their first independent evaluations by then would materially strengthen the narrative.

FAQ

What’s the difference between Australia’s “independent evaluation” and NZ’s “independent audit”?
They’re functionally similar: a qualified, independent party tests whether your AML/CTF program is adequate and effective. The terminology differs (evaluation vs audit), but the independence and competence expectations are clear in both jurisdictions.

Which tranche‑2 sectors are captured and when?
Tranche‑2 covers real estate professionals; lawyers/conveyancers; accountants; trust & company service providers; and dealers in precious metals/stones. Entities are widely expected to enrol from 31 March 2026 and comply from 1 July 2026 per the 2024 AML/CTF Amendment Act.

How often will evaluations occur?
The consultation paper references the first independent evaluation cadence and proposes staggered first‑round deadlines (1 July 2030/2031/2032). Ongoing frequency will be set by the Act/Rules and AUSTRAC guidance, with flexibility to trigger earlier evaluations based on risk or material changes, consistent with program‑assurance expectations under FATF Rec. 18/23.

Conclusion

These changes are still under consultation, so the safest course is to plan for an independent evaluation within three years of obligations commencing—and only adjust your timetable once any transitional rules are formally enacted. In practice, that means getting audit‑ready now: build and operate your AML/CTF program, capture evidence of effectiveness, and secure evaluation capacity early. Don’t wait for the cohort decision—high‑risk services and larger networks should move first.

If you’re a law, accounting, real estate or TCSP firm, book a free no-obligation 30‑minute Tranche 2 readiness call with AML Advisers this month. We’ll map your evaluation timeline, prioritise critical gaps, and place you on our independent evaluation waitlist (if you have created/implemented your own AML Program) so you’re not caught in a capacity bottleneck when dates are locked in. Start now—your future evaluation (and Australia’s FATF optics) will be much stronger if you can show your program is already working in practice.

 On 14 January 2026, the U.S. State Department announced it will pause immigrant visa processing for citizens of 75 countries while it reassesses screening under the long‑standing “public charge” provisions. The suspension is due to start 21 January and does not apply to short‑term (non‑immigrant) visas. Multiple outlets and wire services confirmed the move and timing.

Among the affected nations are four Caribbean states that operate citizenship‑by‑investment (CBI) or “golden passport” programs: Grenada, St Kitts & Nevis, St Lucia, and Antigua & Barbuda (each cited on the full country lists carried by several outlets that obtained the State Department memo).

Why does this matter for Australia? Because Tranche 2 AML/CTF reforms will shortly bring real estate professionals, lawyers, conveyancers, accountants, dealers in precious metals & stones, and trust & company service providers (TCSPs) into scope with full customer due diligence (CDD) and enhanced CDD (ECDD) duties.

Golden passports = higher ML/TF risk (and why ECDD should be the default)

FATF and the OECD’s joint report on investment migration is unambiguous: CBI/RBI programs create elevated ML/TF risks. Criminals exploit them to launder identity, gain mobility, open bank accounts, form shell companies, and move or shield assets across borders. The report documents identity‑laundering typologies, professional‑enabler abuse, and real‑estate fraud patterns connected to CBI/RBI.

Key FATF/OECD findings relevant to Australian reporting entities include:

·       Identity laundering via secondary passports (including alternate spellings and name changes) frustrates screening and beneficial‑ownership checks.  

·       Enhanced freedom of movement + access to new financial systems helps criminals layer and integrate funds.

·       Real‑estate investment linked to CBI/RBI is repeatedly misused through over‑/undervaluation and circular funds (“money merry‑go‑rounds”).

·       Weak post‑issuance monitoring and revocation processes in some programs allow continued misuse even after red flags emerge.  

Bottom line: When a customer obtained citizenship via investment, that fact should be treated as a strong indicator of heightened ML/TF risk. Under AUSTRAC’s reforms guidance, high‑risk customers require ECDD—and your policies should explain when and how you apply it.

Recap: what the U.S. did—and how it intersects with CBI programs

·       What happened: A pause on immigrant visa processing from 75 countries begins 21 Jan while screening is reassessed; non‑immigrant visas are not affected.

·       Why now: The State Department linked the move to “public charge” screening; this continues a tightening trend that varied by administration.

·       CBI angle: Outlets publishing the full list identify Grenada, St Kitts & Nevis, St Lucia, and Antigua & Barbuda—all CBI jurisdictions—among the 75.

What AUSTRAC expects under Tranche 2—and where ECDD fits

AUSTRAC’s reform guidance set out who becomes regulated and what you must do (enrol, maintain an AML/CTF program, conduct initial and ongoing CDD/ECDD, report, and keep records). Enhanced CDD is mandatory where the ML/TF risk is high, for foreign PEPs, for prescribed foreign countries, and in other risk‑escalating circumstances—with specific measures and record‑keeping spelled out in the reforms guidance.

Practical ECDD triggers tied to golden passports

Use the following triggers:

1.      Customer declares or exhibits CBI/RBI citizenship (e.g., Grenada, St Kitts & Nevis, St Lucia, Antigua & Barbuda): treat as high‑risk and apply ECDD.

2.      Multiple passports / recent name changes inconsistent across documents (identity‑laundering risk).

3.      Real‑estate transactions with unusual pricing or quick flips; use of escrows controlled by developers/agents linked to CBI investments.

4.      Funds flows via third‑party remitters, informal value transfer, or opaque offshore vehicles.  

An ECDD playbook you can lift into your AML/CTF program

1) Deepen identification & verification

·       Capture all current and prior nationalities (not just the passport presented) and ask whether citizenship was obtained via investment; retain supporting evidence.  

·       Record all known aliases/prior names and cross‑match spellings across documents.  

2) Source‑of‑funds and source‑of‑wealth (SoF/SoW)

·       Obtain documentary evidence of SoF/SoW with transaction‑level corroboration (e.g., sale agreements, audited statements, tax returns).

·       For real estate, corroborate valuation, counterparty independence and settlement statements to detect over/undervaluation and circular flows.

3) Geography & sanctions/PEP overlay

·       Screen for PEP status and sanctions; evaluate country risk (including prescribed foreign countries) and apply senior‑management approval for onboarding/continuation.

4) Payment scrutiny

·       Require transparent banking from the customer’s own account; reject third‑party payments, cash‑intensive routes, and informal transfer methods.

5) Ongoing monitoring

·       Apply event‑driven reviews (new passport presented; change in residence; adverse media).

·       Build CBI “flags” in your customer file to trigger enhanced periodic reviews. (FATF/OECD advocate post‑grant monitoring precisely because risks evolve.)

6) Reporting & record‑keeping

·       Where suspicion forms, lodge an SMR; note that SMRs don’t replace ECDD—keep enhanced measures in place while monitoring risk.

What this means specifically for Tranche 2 sectors

Real estate (agencies, developers, buyer’s agents)

·       Expect buyers or beneficial owners presenting CBI passports or structures with CBI links. Build CBI‑specific questions into forms. Scrutinise related‑party developers and escrow arrangements to avoid being the last line of defence against over/undervaluation typologies.

Lawyers, conveyancers & accountants

·       When onboarding CBI‑linked clients/entities, perform enhanced SoF/SoW and UBO mapping to the natural person—and record all nationalities and identity histories. Watch for professional enablers and concierge services in the chain.  

TCSPs & dealers in precious metals/stones

·       Treat high‑value portable assets funded via CBI‑linked wealth as higher risk; align payments policies and inventory controls with ECDD outcomes.

Key dates and next steps for Australian firms

·       Now: Review AUSTRAC’s ECDD (Reform) guidance and draft your policies to define CBI/RBI as a high‑risk indicator requiring ECDD and senior‑management sign‑off.

·       Throughout 2025–26: Follow AUSTRAC’s reform updates and practical materials for newly regulated entities; enrolment and program build activities are staged ahead of commencement.

·       From 1 July 2026: Tranche 2 obligations commence for real estate, legal, accounting, dealers in precious metals/stones, and TCSPs. Ensure your CDD/ECDD, reporting, and record‑keeping controls are live and tested.

FAQs

Does a golden passport automatically make someone a criminal?
No. But FATF/OECD conclude that CBI/RBI elevate ML/TF risk due to identity‑laundering and mobility advantages; risk‑based ECDD is the defensible posture.

Is ECDD optional if I’ve filed an SMR?
No. AUSTRAC notes that submitting an SMR doesn’t manage ongoing risk; you still need to apply ECDD and maintain monitoring.

Will ECDD be required for all customers from the 75 countries?
No. AUSTRAC requires risk‑based application of ECDD. However, CBI status (regardless of country) is a clear risk escalator that should trigger enhanced measures.

The takeaway

The U.S. visa freeze has thrust golden passports back into the compliance conversation. Australia’s Tranche 2 timeline means real estate agencies, law firms, accountants, dealers, and TCSPs need documented ECDD that treats citizenship‑by‑investment as a high‑risk indicator—with sharpened identity controls, SoF/SoW testing, payment hygiene, and post‑onboarding monitoring to match.

Don’t wait until Q2 to begin your preparations. Tranche 2 AML/CTF obligations go live on 1 July 2026—and the learning curve is real. If you’re still unsure where to start in January 2026, book your free, no‑obligation consultation with AML Advisers today. We’ll map your risk, prioritise your gaps, and give you a practical, staged plan to be AML‑ready before 1 July.

→ Book your free consult now

 Australia is moving decisively toward greater corporate transparency. Treasury’s latest policy specifications outline a Commonwealth‑operated beneficial ownership register for unlisted companies, with access expanding in stages and early policy development underway for beneficial ownership regimes covering trusts. For Tranche 2 sectors (real estate, lawyers, accountants, and trust & company service providers), this shift aligns with global trends and will materially change onboarding of complex structures — especially trusts that commonly hold Australian real estate.

Transparency International Australia has welcomed the Government’s plan to “lift the veil” on corporate ownership by moving to a public register, emphasising the reform’s importance for due diligence, cost savings for SMEs, and Australia’s FATF evaluation. Implementation is expected to dovetail with broader registry stabilisation work, with public availability targeted after the first stage.

Why this matters: Tranche 2 is coming fast

Parliament passed the Anti‑Money Laundering and Counter‑Terrorism Financing Amendment Bill 2024, extending AML/CTF obligations to Tranche 2 entities and setting transition dates: enrol with AUSTRAC by 31 March 2026 and comply from 1 July 2026. AUSTRAC’s reforms guidance confirms new obligations for real estate professionals, lawyers, accountants, TCSPs, and others.

Concurrently, enhanced corporate transparency — including a beneficial ownership register — will reduce blind spots in customer due diligence (CDD), help firms “follow the money,” and strengthen Australia’s alignment with FATF Recommendations 24 and 25 ahead of the 2026–27 mutual evaluation.

The register: what’s changing for unlisted companies (and why trusts are next)

Treasury’s specifications propose that unlisted companies collect, verify and record beneficial owner information, with self‑identification obligations for beneficial owners and ASIC enforcement powers (including freezing orders) where disclosure fails. Stage 1 access prioritises journalists, academics, AML/CTF reporting entities, regulators and law enforcement, with broader public access envisaged when the Commonwealth‑operated register goes live.

Crucially for onboarding chains, the definition now aligns to 25% ownership or voting rights and captures significant influence or control — and companies must trace through to a registrable beneficial owner, including across trusts. Where a trust appears, the trustee must disclose detailed information on trustees, beneficiaries, appointors/protectors, settlors (with professional advisers below $1,000 excluded), and any person with powers to remove/appoint trustees or control trust property. For discretionary trusts, trustees must identify persons who received distributions in the last three years, are likely to receive a distribution, or exert significant influence.

AUSTRAC’s 2024 National Risk Assessment underscores how limited visibility of ultimate beneficial owners creates significant money‑laundering vulnerabilities — particularly in channels like real estate — reinforcing why corporate and trust transparency are being prioritised.

Trusts: Australia’s most practical onboarding challenge for Tranche 2

Why trusts are hard to onboard today

• Real estate is often held via trusts (including discretionary, unit and fixed trusts), and the beneficiaries or controllers may be layered behind multiple trusts or entities, creating extended chains for KYC/KYB. FATF’s updated guidance stresses the need for adequate, accurate and up‑to‑date beneficial ownership information for express trusts and similar arrangements, with mechanisms to verify and access this data.

• In Australia, trust information cannot be sourced from a single independent public register like ASIC; onboarding teams must obtain documents directly from the client/trustee, such as trust deeds (and variations), trustee resolutions, schedules of beneficiaries, appointor/protector details, and distribution records. Treasury’s trust trace‑through parameters formalise that trustees bear verification obligations because beneficiaries may not even be aware of their interests.

• Layering (trust‑within‑trust, plus companies and partnerships) means reporting entities must continue to trace through non‑registrable entities until they reach a registrable beneficial owner that satisfies disclosure requirements.

What’s getting easier over time

• As Australia builds the beneficial ownership register and considers trust regimes, Tranche 2 entities will gain more reliable access to validated data across corporate chains, narrowing the scope of documents they must manually chase. Transparency International Australia argues that a public corporate transparency register materially improves due diligence efficiency and outcomes.

Australia’s trajectory mirrors the EU’s post‑2022 pivot toward high‑quality data

After the CJEU’s 2022 ruling curtailed fully public access to EU beneficial ownership registers, the EU’s new AML package (AMLD6 + AML Regulation + AML Authority) aims to standardise access via legitimate interest, machine‑readable data standards, and interoperability — with default legitimate‑interest access for journalists, academics, NGOs and obliged entities. That balance between privacy and transparency is informing Australia’s staged approach and eventual public register.

Practical steps: onboarding corporate/trust structures under Tranche 2

1) Map the ownership & control chain (end‑to‑end).
Use a structured KYB/KYC workflow to identify natural persons with ≥ 25% ownership/voting rights or significant influence/control, and continue trace‑through for trusts, partnerships, associations and co‑ops until you reach a registrable beneficial owner.  

2) Raise your trust documentation standards.
Request (from the trustee/client): the executed trust deed and all variations, trustee appointment/removal instruments, appointor/protector clauses, beneficiary schedules, distribution history (3 years) for discretionary trusts, unit registers for unit trusts, and evidence of fixed entitlements for fixed trusts. Validate settlor information (subject to professional‑advisor exclusion and <$1,000 threshold) and identify any person empowered to direct or control trust property.

3) Align CDD to AUSTRAC’s timelines and expectations.
Prepare to enrol by 31 March 2026 and comply from 1 July 2026, with initial and ongoing CDD, SMR reporting, and seven‑year record‑keeping. Start training teams on risk‑based assessments, customer risk scoring, and enhanced due diligence for higher‑risk scenarios (politically exposed persons, offshore arrangements, complex layering).

Key takeaways for Tranche 2 sectors (especially real estate)

• Real estate is repeatedly highlighted as a high‑risk laundering channel; transparency reforms and Tranche 2 obligations are designed to close due diligence gaps in property transactions held via layered trusts and companies.

• The beneficial ownership register will progressively provide trusted data about who really owns and controls corporate entities, reducing reliance on client‑provided documents alone — and Australia is exploring trust transparency to prevent regulatory arbitrage.

• Australia’s approach is consistent with FATF R.24/R.25 and comparable to the EU’s push for standardised, machine‑readable, interoperable BO data under legitimate‑interest access.

How AML Advisers can help (and what to do next)

1. Trust‑ready onboarding playbook: We’ll tailor checklists, templates and escalation paths for discretionary, unit and fixed trusts — including appointor/protector mapping and distribution‑history analysis.

2. CDD uplift for Tranche 2: Program design, customer risk scoring, training, and SMR process design to meet AUSTRAC’s 2026 deadlines.

3. Extensive CDD training: We can assist with tailored AML training for the types of individuals, corporate entities or trusts which you provide designated services to.

Contact us directly via the Contact page on our website or schedule your free, no-obligation call with AML Advisers today to see how we can assist with your Tranche 2 preparations!

AML Training in January 2026: Why Tranche 2 Entities Must Act Now

It’s January 2026, and the countdown to Australia’s AML/CTF Tranche 2 reforms is well underway. With compliance obligations set to apply from the 1st of  July, now is the time for real estate agencies, accountants, lawyers, and other Tranche 2 entities to prioritise AML training. Early preparation will ensure your business is ready to meet AUSTRAC’s expectations and align with global standards set by the Financial Action Task Force (FATF). Organising

Why AML Training Matters

AML training is not just a regulatory requirement—it’s the foundation of an effective compliance program. AUSTRAC mandates that personnel performing AML/CTF functions must understand:

• Your obligations under the AML/CTF Act and Rules

• How to identify and mitigate money laundering (ML), terrorism financing (TF), and proliferation financing (PF) risks

• Procedures for customer due diligence (CDD), enhanced due diligence (EDD), and suspicious matter reporting (SMR)

Training ensures your team can implement your AML/CTF program effectively and protect your business from financial crime risks.

What AML Training Should Cover

AUSTRAC guidance emphasises that AML training must be tailored to roles and risk exposure. Your program should include:

• AML/CTF obligations under Australian law

• ML/TF and PF typologies based on FATF guidance

• Indicators of suspicious activity and escalation procedures

• How to conduct initial and ongoing CDD, including beneficial ownership checks

• Enhanced CDD for high-risk customers, including source of funds and wealth verification

• Reporting obligations for SMRs and threshold transactions

• Record-keeping requirements and governance responsibilities

When to Deliver AML Training

• Initial training: At onboarding for all relevant personnel

• Ongoing training: Regular refreshers (every 6–12 months for compliance officers and customer-facing staff)

• Event-driven updates: When laws change, new ML/TF risks emerge, or internal reviews identify gaps

AUSTRAC expects training to be updated promptly in response to regulatory changes and emerging risks.

How to Deliver AML Training

Training must be accessible and understandable, using methods such as:

• Online courses and e-learning modules

• In-person workshops for high-risk roles

• On-the-job mentoring and supervision

• Regular updates via newsletters or intranet

Outsourcing is permitted, but AUSTRAC stresses that training must remain specific to your business and ML/TF risk profile.

Monitoring and Record Keeping

You must monitor training effectiveness through assessments, audits, and feedback. Keep detailed records of:

• Who completed training and when

• Training content and delivery method

• Assessment results and follow-up actions

Maintaining a training register helps demonstrate compliance to AUSTRAC.

✅ Book Your AML Training Today – Build Confidence for Tranche 2 Compliance

The AML/CTF reforms coming into effect in 2026 will introduce significant obligations for Tranche 2 entities. Scheduling AML training now is the smartest first step because it gives your key personnel the knowledge and clarity they need to tackle compliance head-on.

Early training provides:

• Clear Understanding of Reforms
  Your team will learn exactly what AUSTRAC expects under the AML/CTF Act and Rules, including customer due diligence (CDD), enhanced due diligence (EDD), suspicious matter reporting, and record-keeping.

• Confidence to Implement Obligations
  By familiarising staff with money laundering, terrorism financing, and proliferation financing typologies—aligned with FATF guidance—they’ll feel equipped to identify risks and apply controls effectively.

• A Strong Compliance Foundation
  Training first ensures your AML/CTF program is built on informed decisions, reducing the risk of errors and penalties later.

• Proactive Risk Management
  Understanding ML/TF risks early means you can design policies and procedures that protect your business before the July deadline.

Don’t wait until the last minute. Book your AML training today and empower your team to approach Tranche 2 reforms with confidence and clarity.

Contact us directly via the Contact page on our website or schedule your free, no-obligation call with AML Advisers today to see how we can assist with your Tranche 2 preparations!

Why ISO 37301 Is a Winning Strategy

ISO 37301 defines what a certifiable compliance management system (CMS) must look like: documented obligations, risk assessment, leadership & governance, competence & training, operational controls, raising concerns, impartial investigations, monitoring & indicators, internal audit, management review, and continual improvement/corrective action. These “shall” requirements are not theory—they align naturally with AUSTRAC’s risk‑based expectations and the legal obligations found in the AML/CTF Act and AML Rules 2025.

• AUSTRAC requires a risk‑based AML/CTF program tailored to the nature, size and complexity of your business, with a current ML/TF risk assessment before providing designated services. ISO 37301 requires documented context, scope, obligations, and a risk assessment process that is periodically reassessed.

• AUSTRAC mandates governance (oversight by the governing body and compliance officer), program documentation and approvals, periodic reporting to the governing body, and independent evaluation. ISO 37301 requires leadership & commitment, compliance function independence, documented information control, internal audit, and management review.

The Core: Your ML/TF Risk Assessment

A credible AML/CTF program starts with a methodical ML/TF (and PF) risk assessment across services, customer profiles & types, delivery channels/technology, geographies, and third‑party/outsourced activities. AUSTRAC expects you to identify, assess and mitigate these risks, review and update regularly (or upon significant change), and have it up‑to‑date before serving customers. ISO 37301’s risk assessment clause (4.6) and AML requirements echo each other here.

• Act: s 26C (undertake risk assessment), s 26D (review and update at triggers and at least every 3 years), s 26E (must be up‑to‑date before providing designated services).

• Rules: 5‑1 (review cadence); AUSTRAC program guidance provides a practical roadmap for the assessment and periodic updates.

Pro tip (ISO): Keep your methodology documented (inputs, rating scales, criteria, residual risk) and your update triggers explicit (regulatory changes, new product/channel, AUSTRAC communications, adverse events). ISO 37301 requires documented information and periodic reassessment; AUSTRAC expects responsiveness to AUSTRAC‑issued risk intel.

Governance That Stands Up To AUSTRAC’s Expectations (and ISO 37301 Auditors)

A strong AML/CTF program relies on real accountability and oversight.

• Governing body & top management: exercise appropriate ongoing oversight; ensure resources; approve risk assessment and AML/CTF policies; receive periodic reports.

• AML/CTF Compliance Officer: designated at management level, with authority, independence and access to information, and notified to AUSTRAC.

• Reporting cadence: structured 12‑monthly reporting from the compliance officer to the governing body, covering risk mitigation effectiveness, compliance status, deficiencies & remediation, and AUSTRAC interactions.

Pro tip (ISO): Evidence governance with board minutes, approval logs, and a RACI model. ISO 37301 requires documented roles and a functioning compliance function; AUSTRAC expects demonstrable oversight and resourcing.

Authoring the AML/CTF Program: Documents That Matter

Your AML/CTF program must be documented, approved, version‑controlled, and kept current. AUSTRAC may request your documentation, and the Act/Rules spell out what you need and when. ISO 37301 requires formal documented information creation, control and retention.

• Act: s 26N (program documentation), s 26P (senior‑manager approvals & notifying governing body), s 26Q (AUSTRAC requests), s 26G (comply with your policies).

• Rules: 5‑15 (documentation timing), 5‑3 (sanctions policy), 5‑4 (update policies after evaluation), 5‑10 (independent evaluations).

• ISO: 7.5 (documented information creation, version control, retention and integrity).

Program content checklist:

• Compliance Policy (plain language; non‑retaliation; commitment to applicable requirements)—ISO 5.2.

• ML/TF Risk Assessment (methodology, results, update schedule)

• Governance & Roles (Governing body, Senior manager, Compliance Officer; approvals; reporting)

• CDD SOPs (initial/ongoing/simplified/enhanced; PEPs; beneficial ownership; reliance; nested services)

• Sanctions SOP (lists, matching, escalation, freeze)

• Transfers of Value SOPs (ordering/beneficiary/intermediary duties)

• Reporting SOPs (SMR, threshold transactions, exception reporting; secrecy/tipping‑off)

• Record‑keeping Policy (7‑year retention across transactions, customer docs, CDD & reliance, program records)

• Training & Competence (role‑based training; effectiveness assessment; records)

• Independent Evaluations (scope, frequency; remediation & policy updates)

Operating Your Program Day‑to‑Day

ISO 37301 requires operational planning & control (8.1), establishing & testing controls (8.2), raising concerns (8.3), and impartial investigations (8.4). AUSTRAC expects the same in practice.

• Operational control: Ensure your CDD, sanctions screening, monitoring, and reporting processes have defined criteria, evidence trails, and competent operators.

• Third parties & reliance: If you rely on another reporting entity, the AML Rules set contractual, assessment, and procedural requirements; ISO requires control of externally provided processes.

• Raising concerns & investigations: Provide visible, accessible, confidential channels (accept anonymous reports, protect reporters), and run impartial investigations with outcomes reported to governance—mind the secrecy/tipping‑off prohibitions in the Act

Monitoring, Indicators, Independent Evaluations & Management Review

To show effectiveness (for AUSTRAC and ISO auditors), you need monitoring & indicators (KPIs), independent evaluations, and management reviews—and you must retain complete evidence.

• Indicators & reporting: Define what you monitor (e.g., SMR timeliness, false‑positive rates, overdue CDD reviews, control test pass rates), how and when you report, and how you ensure accuracy/completeness

• Independent evaluations: Conduct periodically, capture findings, implement Corrective Action Plans (CAPs), and update policies; ISO requires internal audit and corrective action evidence.

• Management review: Governing body/top management review the program at planned intervals, with specific inputs (noncompliance trends, audit/evaluation results, adequacy of resources) and decisions for improvement.

Record‑Keeping: The Seven‑Year Rule (and Document Control)

AUSTRAC’s Act requires 7‑year retention for transaction & customer records, CDD & reliance evidence, and AML/CTF program documentation. ISO 37301 requires control of documented information—availability, integrity, version control, retention & disposition. Put simply: if you didn’t retain it, you didn’t do it.

Real‑World Example: Independent Real Estate Agencies (Tranche 2 Focus)

Independent real estate agencies face exposure via client onboarding, payments, and third‑party arrangements. Aligning with ISO 37301 and your AML obligations helps standardise controls and evidence:

• CDD tailored to property transactions: beneficial ownership checks (companies/trusts), PEP screening, source‑of‑funds for high‑risk transactions; ongoing monitoring.

• Sanctions checks on counterparties and payments prior to settlement; clear escalation & decision‑rights when potential matches arise.

• Risk assessment inputs: cash‑intensive buyers, offshore structures, complex trusts, high‑risk jurisdictions, third‑party referrers; periodic reassessment as market conditions change.

• Evidence: reliance agreements with lawyers/conveyancers (if used) that meet the requirements set out in the rules; documented approval & review cycles; training logs for frontline staff; annual compliance officer reports.

Frequently Asked Questions (FAQ)

Q1: Do I need ISO 37301 certification to satisfy AUSTRAC?
No—AUSTRAC doesn’t require ISO certification. But ISO 37301 gives you a structured, auditable CMS that maps cleanly onto AUSTRAC’s expectations, improving assurance and readiness for independent evaluations under the Rules.

Q2: How often must I review my ML/TF risk assessment?
Under the Act, at triggers (e.g., significant changes, AUSTRAC communications) and at least every 3 years—and it must be up‑to‑date before providing services. ISO 37301 also requires periodic reassessment.

Q3: What records must I keep (and for how long)?
Keep transaction records, customer documents, CDD & reliance evidence, and program documentation for 7 years. Maintain integrity and version control per ISO 7.5.

Q4: What is an independent evaluation under the AML Rules?
A periodic, objective review of your program’s effectiveness with findings and remediation, often complementing internal audits. Update policies post‑evaluation.

Need help building an ISO 37301‑aligned AML/CTF program?

AML Advisers designs audit‑ready programs for independent real estate agencies, conveyancers, law firms and accountancy firms for Tranche 2‑impacted businesses across SEQ, Gold Coast, Sunshine Coast, Ipswich and Northern NSW. We’ll deliver:

• ML/TF risk assessment (methodology + report),

• AML Compliance Policy and program documentation,

• CDD, sanctions & reporting SOPs,

• Governance reporting pack (board/committee),

• Training & competence framework,

• Independent evaluation plan, management review templates, and

• Record‑keeping & evidence repositories (7‑year compliance).

 Contact AML Advisers today to book a free, confidential consultation to navigate your Tranche 2 AML reforms preparation with an ISO 37301‑aligned AML/CTF program.

Introduction: An Economic Theory in the Modern Spotlight

The Laffer Curve, a cornerstone of supply-side economics, has recently re-entered global policy debates. Its namesake, economist Dr. Arthur Laffer, has publicly criticised high-tax proposals in the UK and, notably, Australia’s tobacco excise policy, stating, “It’s not working at all. Your taxes are way too high.”

These interventions underscore a critical question: How can this decades-old theory help explain a growing crisis in Australia—the explosion of money laundering linked to the illicit tobacco and vape trade?

This analysis examines a consequential side effect: while achieving public health goals, Australia's high excise may have pushed the tobacco market into a prohibitive range on the Laffer Curve. This economic shift has correlated with declining tax revenue and fostered a rampant black market, creating fertile ground for organised crime and challenging the nation's Anti-Money Laundering (AML) regime.

The Laffer Curve in a Nutshell

At its core, the Laffer Curve is a simple model of the relationship between tax rates and government revenue. Its premise is twofold:

• At a 0% tax rate, the government collects no revenue.

• At a 100% tax rate, it also theoretically collects no revenue, as the incentive to engage in the taxable activity vanishes.

The model posits an optimal tax rate between these extremes that maximises revenue. The controversial implication is that under certain conditions, cutting tax rates can actually increase total revenue by stimulating greater economic activity.

The entire debate hinges on one question: where on this curve does a specific market sit?

Australia's Tobacco Policy: Public Health Success and Economic Distortion

Australia’s public health campaign against smoking is globally recognised. The strategy is fundamentally fiscal: make tobacco prohibitively expensive to deter use. This is executed through a permanent annual excise increase of 12.5%, plus bi-annual indexation.

The public health result is clear success: national smoking rates have plummeted to below 6% of adults.

However, the economic side effects are significant. Australia now has among the most expensive cigarettes in the world, with a pack often costing AU$40-$50.

The Perverse Incentives and the Illicit Market Response

For an addictive product, extreme pricing creates a harsh reality. While many quit, a residual demand remains, disproportionately in lower socio-economic groups. For these consumers, the choice is often not to quit, but to find cheaper alternatives.

This is where the Laffer Curve becomes acutely relevant.

• Official excise revenue has sharply declined, from a peak of $16.3 billion in 2019/20 to an estimated $7.4 billion recently.

• This suggests the market may be beyond the revenue-maximising peak. The high tax has catalysed a massive shift toward the illicit market.

The situation is compounded by vaping regulations. Australia's prescription model for nicotine vapes has unintentionally created a parallel, entirely illicit vape market, readily available in convenience stores.

The economic incentive for criminal suppliers is overwhelming. The profit margin created by high excise and prohibition is irresistible.

The AML Conundrum: From Illicit Trade to Money Laundering

The link between high-tax illicit markets and money laundering is historical and profound. Australia faces a modern Prohibition-era challenge:

• The illicit tobacco trade is estimated to be worth $4 billion annually.

• Illicit cigarettes may account for one in every five sold.

This generates enormous cash that must be laundered. A primary method, identified by authorities, involves convenience stores with private ATMs. Criminals use illicit cash to "fill" these ATMs; customer withdrawals then dispense "dirty" cash while generating a "clean" electronic transaction record.

The trade has also sparked a rise in violence, including firebombings and armed robberies, stretching law enforcement.

The Small Business Squeeze: A Catalyst for Complicity

To understand the trade's proliferation, consider the position of small retailers. Their traditional model is under severe pressure, with minimal margins on legitimate tobacco. Faced with rising costs, selling illicit products can become a matter of economic survival. The high margins drive a vicious cycle, normalising illegality within the legitimate retail sector.

Policy Crossroads: Enforcement as a Chosen Path

Confronted with this crisis, states are pursuing aggressive enforcement. Queensland provides a recent and stark example.

In late November 2025, under new laws, Queensland Health Authorities and police raided retailers across the state, ordering immediate 90-day closures. The new powers allow for:

• On-the-spot business closures for up to three months.

• Criminal penalties for complicit landlords (fines up to $161,300 and jail time).

• Undercover operations within stores.

Health Minister Tim Nicholls called the laws “an absolute game changer,” designed to "cut off profits" and "remove the financial rewards" of the illegal industry. Industry groups supported the move, arguing the black market had "seen organised crime groups embed themselves in local retail strips."

Queensland’s policy decision is clear: intensified prohibition and stricter enforcement are the chosen mechanisms.

Conclusion: Balancing Acts and Future Challenges

The government faces a complex balance. The public health success is undeniable, but economic and criminal side effects are severe.

The situation illustrates a Laffer Curve dilemma: a policy can become so effective at suppressing a legal market that it stimulates a larger, uncontrolled illegal one. The 2026 expansion of Tranche 2 AML reforms to "gatekeeper" professions will help track the laundering of the proceeds from this illicit activity, but the primary response, as seen in Queensland, is shifting toward direct suppression.

The fundamental tension remains: finding an equilibrium that maintains public health gains without ceding vast market share to criminals. The experience of alcohol prohibition in the United States serves as a stark historical lesson. The ongoing challenge will be to see if enforcement can curb the criminal incentives that the current economic landscape has created.

29/1/26 UPDATE:

Done‑for‑you setup for Tranche 2 small businesses—policy pack, risk assessment, KYC/EDD workflows, training, and go‑live support.
→ Get AUSTRAC Starter Kit help

1/12/25 Article:

Today (1/12/25) marks exactly 8 months until the Tranche 2 compliance deadline of July 1st, 2026. The clock is ticking!

For thousands of Australian accountants, lawyers, real estate agents, and jewellers, this date marks their formal entry into the nation’s anti-money laundering (AML) and counter-terrorism financing (CTF) regime.

In response to the understandable anxiety from these newly regulated Tranche 2 entities, AUSTRAC has promised a crucial resource: sector-specific guidance and AML/CTF Program Starter Kits. Designed to "help small, low-complexity businesses" develop their ML/TF risk assessments and AML/CTF programs, these kits are positioned as a cornerstone for a smooth transition into the AML/CTF framework.

However, a cloud of confusion hangs over this well-intentioned initiative. With the kits now delayed until the end of January 2026, a critical question remains unanswered: Who, exactly, are these "small, low-complexity businesses"?

A review of recent statements from various industry bodies reveals a worrying and ongoing lack of consensus, suggesting that many firms risk relying on a solution that may not be built for them.

The Promise: A Streamlined Path to AML/CTF Compliance

AUSTRAC’s official line positions the starter kits as a way to "streamline compliance processes" for a "significant number of businesses that are small and low complexity". The regulator emphasises cost savings, noting that the kits will help businesses avoid the high expense of developing their own programs from scratch. An impact analysis for the Attorney-General's Department estimates upfront costs of $4,460 for small businesses, a significant burden the kits aim to mitigate.

The promise is clear: a tailored, accessible, and affordable entry into a complex regulatory landscape for designated services.

The Problem: A Chronological Patchwork of Definitions for Tranche 2 Reporting Entities

The confusion about which reporting entities will qualify has unfolded over several months.

• 29 July 2025 - REIWA: The Real Estate Institute of Western Australia was an early voice, stating the kits will be "available for small businesses with 15 or fewer licensed agents or registered sales representatives." 

• 31 May 2025 - NSW Law Society: Striking a note of caution, The Law Society of New South Wales highlighted that “The Kit is expected to be available in late 2025, together with a definition of ‘small business’.” This admission was a red flag for many.

• 20 October 2025 - CPA Australia: Advocating for the smallest accounting firms, CPA Australia published a statement quoting a representative “urg[ing] AUSTRAC to finalise its Starter Program Kit for sole practitioners and micro firms as soon as possible.” 

• 23 October 2025 - Queensland Law Society: Just days later, the Queensland Law Society used a broader term, referring to the kits being for "small and medium legal practices." 

• 26 November 2025 - Law Society of Tasmania: Most recently, the Law Society of Tasmania echoed CPA Australia's focus, stating the kits will be "suitable for sole practitioners and low complexity legal practices."

This chronological patchwork of interpretations creates a dangerous ambiguity for many Tranche 2 entities who may be left in a regulatory no-man's-land.

The Hidden Gap: From AML Policy to Operational Reality

Even for businesses that correctly fall within the "small, low complexity" definition, a significant risk remains. The starter kits are designed to help businesses develop two key documents: an ML/TF Risk Assessment and an AML/CTF Program. However, writing a policy is only the first, and arguably the easiest, part of the compliance journey.

The real challenge—and where most businesses fall down—is operationalisation. A policy sitting in a drawer is useless to AUSTRAC. The regulator will expect to see your program in action

Creating the AML/CTF framework is half the battle; implementing it is the other, far more difficult half. Without clear guidance on these operational hurdles, a sole practitioner could be left with a compliant-looking policy but no practical way to execute it, leaving them just as exposed to regulatory action as having no program at all.

The Peril of "Wait and See" for Your AML Compliance

With this level of ongoing inconsistency and the significant operational gap, a "wait and see" approach is a high-risk strategy. Banking on the belief that a starter kit will solve all your Tranche 2 obligations in January 2026 is a gamble you cannot afford to take.

A generic starter kit, while helpful for documentation, cannot replace the foundational, bespoke work needed to build a living, breathing compliance culture grounded in a true risk-based approach.

The Path Forward: Secure Your AML/CTF Compliance Now

The July 2026 deadline is not as far away as it seems. The journey to AML/CTF compliance involves understanding obligations, conducting a risk assessment, drafting policies, and—most importantly—designing and implementing operational processes. The window for a smooth, cost-effective transition is closing rapidly.

Here is what you should be doing right now:

1. Conduct a Gap Analysis: Understand where your current processes stand against the upcoming AML/CTF regulations.

2. Map Your Workflows: Identify where CDD, client risk assessment, and ongoing monitoring will need to be embedded into your daily operations.

3. Use the Kits as a Benchmark, Not a Bible: When released, use the starter kits for documentation, but integrate them into the foundational work you've already started.

Stop Gambling with Your Compliance. Let's Build Your Defences Today.

The evolving guidance and operational gaps mean that relying solely on a starter kit is a dangerous game. The time for proactive preparation is now.

As an independent AML consultant specialising in the Tranche 2 reforms, I bridge the critical gap between policy and practice. I provide Tranche 2 entities with a clear, pragmatic path to full compliance that works for your specific business.

Don't wait for the deadline to become a crisis. Book your free, no-obligation AML Compliance Health Check today. We will review your current position, identify your biggest risks, and outline a clear roadmap to ensure you are operational and confident by July 2026.

Introduction

With Australia’s Tranche 2 AML/CTF reforms fast approaching, law firms, real estate agencies, and accounting practices are bracing for a new wave of anti-money laundering (AML) compliance obligations. At the core of these requirements are two critical processes: Client Due Diligence (CDD) and AML Risk Assessments (RAs). While AUSTRAC’s guidance makes these concepts sound straightforward, embedding them into day-to-day operations is anything but simple. Many Tranche 2 businesses assume AUSTRAC’s sector-specific guidance and starter kits will do the heavy lifting. The reality? Operationalising these reforms is your responsibility—not AUSTRAC’s.

This article explores why operationalising these requirements is challenging, common pitfalls, AUSTRAC expectations, and practical strategies for Tranche 2 businesses.

AUSTRAC Expectations Under Tranche 2

AUSTRAC requires businesses to adopt a risk-based approach (RBA). Key obligations include:

• Customer identification and verification before providing designated services.

• Assessing money laundering and terrorism financing (ML/TF) risk for clients and transactions.

• Applying proportionate controls such as enhanced due diligence (EDD) for high-risk clients.

• Conducting ongoing monitoring of clients/transactions and record-keeping for at least seven years.

For law firms, this means verifying clients and conducting CDD and client/matter Ras prior to recording time. For real estate agencies, it means conducting CDD and Ras on sellers before signing listing contracts and for buyers, prior to the transaction taking place. There are provisions for delayed initial due diligence for auctions. For accountants, it applies when managing client funds or forming companies.

Failure to comply can result in AUSTRAC penalties, reputational damage, and even criminal liability.

Why Operationalisation Is Harder Than It Looks

On paper, AML compliance seems procedural and like other compliance activities Tranche 2 businesses already conduct such as conducting checks on registered bidders in an auction context. In practice, it requires:

• Integration into existing workflows without disrupting client service.

• Technology and training investment for staff unfamiliar with AML compliance.

• Balancing regulatory rigor with commercial realities—especially in competitive markets.

Challenges in Implementing Client Due Diligence checks include:

1. Data Collection and Verification

• Real estate agents often deal with offshore buyers or complex trust structures, making beneficial ownership verification difficult.

• Law firms face similar hurdles when acting for corporate clients with layered ownership or international corporate entities.

• Accountants may struggle with clients using multiple entities for tax planning.

Manual checks against government registries, sanctions lists, and PEP screening are time-consuming but more often the most cos- effective and compliant method of UBO identification, verification and screening.

1. Balancing Compliance and Client Experience

• A property buyer expecting a quick settlement may resist lengthy AML checks.

• Law clients under time pressure for litigation or conveyancing may view compliance as a nuisance.

• Accountants risk losing clients if onboarding feels intrusive.

The challenge is educating clients on why these checks are mandatory without creating friction.

1. False Positives and Alert Fatigue

• Sanctions screening tools often flag common names or outdated data.

• Smaller firms lack dedicated compliance teams to triage alerts, leading to delays and frustration.

1. Keeping Pace with Regulatory Change

• AUSTRAC updates guidance regularly. For small practices, adapting policies and retraining staff is resource-intensive.

Challenges in AML Risk Assessments

Risk assessments underpin the entire AML framework, but common mistakes include:

• One-Size-Fits-All Ratings
  Treating all clients as low risk because they’re “local” ignores factors like occupation (e.g., politically exposed persons), business activities or source of wealth/funds.

• Overreliance on Automation
  Automated scoring can miss contextual red flags which may appear during a transaction.

• Insufficient Staff Training
  Without understanding risk indicators or ML/TF typologies, staff may treat assessments as a tick-box exercise.

Operational Pain Points

• Resource Constraints
  Many small law firms and agencies lack compliance officers, forcing admin staff to manage AML tasks alongside core duties.

• Data Silos
  Client data often sits in separate systems—CRM, accounting software, and email—making it hard to maintain a single risk profile.

• Technology Integration
  RegTech solutions promise efficiency but come with significant cost and complexity barriers for smaller firms.

Practical Tips for Tranche 2 Businesses

1. Adopt a Risk-Based Approach

• Focus on high-risk scenarios: offshore clients, complex structures, cash transactions.

• Apply enhanced due diligence (EDD) for these cases—such as deeper understanding of/verification of their source of funds or obtaining additional documentation.

2. Leverage Technology Wisely

• o Use ID verification platforms integrated with sanctions screening however opt for in person verification where possible to minimise onboarding cost and reduce risk.

• Automate low-risk checks in possible but keep human oversight for nuanced cases.

1. Embed Compliance in Client Onboarding

• For real estate agencies: include AML checks in pre-commencement workflows.

• For law firms: integrate CDD into matter opening procedures.

• For accountants: make AML checks part of engagement letters.

2. Continuous Training

• Train staff to spot AML red flags (e.g., unusual payment methods, reluctance to provide ID).

• Use AUSTRAC resources and industry webinars.

3. Client Education

• Explain AML obligations upfront in plain language.

• Provide FAQs or short guides to reduce resistance.

4. Regular Review

• Update risk assessments annually or when business models change.

• Monitor AUSTRAC updates and adjust policies accordingly.

Conclusion

Operationalising AML compliance, Client Due Diligence (CDD), and risk assessments is far more than a regulatory checkbox—it’s a cultural shift. For Tranche 2 businesses, success depends on embedding compliance into everyday workflows, leveraging existing systems and tools, and fostering a risk-aware culture from the top down. Those that embrace this approach will not only meet AUSTRAC’s expectations but also strengthen trust and resilience in an increasingly regulated environment.

Yet, many soon-to-be regulated businesses underestimate the operational realities of these reforms. The processes within a corporate law firm differ dramatically from those in a retail bank. Matter creation and transaction details are often gathered manually, and obtaining complete information can take far longer than expected. Unless those drafting CDD policies, procedures, and training materials fully understand how time-consuming it is to identify, verify, and screen beneficial ownership structures, significant delays in client onboarding and service delivery are inevitable.

Consider a typical corporate law firm scenario: a Partner or Practice Executive initiates a new business intake request with incomplete details about the client, matter parties, or transaction. Compliance teams must then chase down all relevant information to set up the matter correctly and complete onboarding. At this stage, they must also identify elevating risk factors—such as sanctions exposure, business activity, negative news, PEP status, or shareholder jurisdictions on grey lists—that may require escalation to senior management. These triggers are often identified manually because most legal practice management systems (LPMs) are not designed for AML risk events.

All of this occurs in a fast-paced environment where Partners are focused on billing targets, not compliance checks. The tension between speed and thoroughness is real—and unless addressed, it can undermine both compliance and client experience.

While many Tranche 2 entities concentrate on building an AML program framework, the true measure of its effectiveness lies in how well it can be operationalised. The goal is to meet AML obligations without impeding business activity—a balance that is notoriously difficult to achieve. Having worked within an AML function at a Big Six Australian law firm, I can attest to the complexity and effort required to make this work in practice.

If you want to ensure that your business  operationalises these reforms in a robust, efficient and cost-effective manner, book a no-obligation free 30-minute consultation to see how we can assist you making your AML/CTF Program work for you.

On 19 November 2025, AUSTRAC hosted its first Real Estate Town Hall, a landmark event for property professionals preparing for AML/CTF Tranche 2 reforms. These changes will bring real estate agents, property developers, and conveyancers under Australia’s anti-money laundering framework for the first time.

If you’re in real estate, this is not just a compliance update—it’s a major shift in how you do business. Here’s what was covered and what you need to do now.

AUSTRAC’s Role

AUSTRAC is Australia’s Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) regulator. Its mission is to:

• Detect, deter, and disrupt criminal abuse of the financial system.

• Collect and analyse financial intelligence to protect Australia from serious crime.

• Work with regulated businesses to ensure compliance and reduce risk.

For real estate professionals, AUSTRAC will now oversee your compliance obligations under Tranche 2 reforms.

National Risk Assessment & Real Estate

AUSTRAC’s National Risk Assessment identified real estate as a high-risk sector for money laundering and terrorism financing. Why?

• Large transaction values make property attractive for laundering illicit funds.

• Complex ownership structures and offshore buyers create opacity.

• Cash-heavy deals and informal arrangements increase vulnerability.

This risk profile is a key driver behind Tranche 2 reforms.

Reforms Passing Parliament

The AML/CTF Tranche 2 legislation passed in 2024, marking a significant milestone in Australia’s fight against financial crime.

• Effective Date: 1 July 2026

• Goal: Align Australia with global standards set by the Financial Action Task Force (FATF).

• Impact: Real estate agents, property developers, and conveyancers will become reporting entities under the AML/CTF Act.

Case Study from the Town Hall

AUSTRAC shared a real-world example:

• A criminal syndicate laundered 600,000 AUD via a Real Estate Trust Account. This included a 200,000 cash deposit to the buyers agent and 400,000 via domestic transfers to the Real Estate Trust account all referencing the same property.

• The lack of due diligence or reporting obligations from the Real Estate Business allowed the scheme to go undetected as the three financial institutions could not see the whole picture.

Lesson: Without robust AML controls, real estate businesses can be exploited for serious crime. Implementing Customer Due Diligence (CDD) and reporting mechanisms is critical to prevent Australia’s financial system from abuse.

Starter Kits & Sector Guidance

To support the industry, AUSTRAC will release in late January 2026:

• Starter Kits: Templates for AML/CTF programs, risk assessments, and reporting processes.

• Sector Guidance: Practical advice tailored to real estate businesses, including examples of suspicious indicators and compliance checklists.

These resources will help businesses meet obligations without starting from scratch.

AUSTRAC’s Regulatory Expectations

AUSTRAC expects real estate businesses to:

• Enrol as a reporting entity from 31 March 2026.

• Develop and implement an AML/CTF Program that addresses your specific risks.

• Conduct Customer Due Diligence before providing services.

• Submit Suspicious Matter Reports (SMRs) and Threshold Transaction Reports (TTRs).

• Maintain records for at least seven years.

• Train staff to recognize red flags and understand compliance obligations.

Compliance Timeline

• 31 March 2026: Enrolment opens for newly regulated entities.

• 1 July 2026: Obligations commence.

Town Hall Q&A: Your Questions Answered

Here are some of the most common questions raised during the Town Hall:

Q: How can real estate agents achieve ongoing due diligence?

A: Ongoing due diligence applies when a customer returns after the initial transaction. It involves monitoring subsequent interactions and transactions.

Q: Can we outsource AML/CTF functions to a consultant?

A: Yes, you can engage AML consultants or outsource functions. However, your business remains responsible for compliance.

Q: Do we have to stop business if we submit an SMR?

A: No. You can continue providing services but must manage ML/TF risks appropriately.

Q: What does “enter into an arrangement” mean?

A: It refers to sharing CDD information with another party. You decide who performs screening, but ensure it meets your compliance requirements.

Q: What checks should we do if we don’t manage a trust account?

A: You still need to verify identity and conduct risk checks. Use screening services for PEPs and adverse media.

Q: Do micro businesses or buyers’ agents need to comply?

A: Yes. If you broker a sale or purchase, you are regulated—even if you don’t handle client funds.

Q: Will AUSTRAC provide a portal for sanctions checks?

A: No dedicated portal, but you can use the DAFT Consolidated list & AUSTRAC guidance on sanctions screening.

Why Act Now

Failure to comply can result in:

• Civil penalties

• Reputational damage

• Loss of trust from clients and regulators

Early preparation avoids penalties and ensures smooth compliance.

How AML Advisers Can Help

At AML Advisers, we specialise in helping real estate businesses navigate Tranche 2 reforms. Our services include:

• Custom AML/CTF Programs tailored to your risk profile.

• Staff training to meet AUSTRAC requirements.

• Ongoing compliance support so you stay ahead of regulatory changes.

Don’t wait until July 2026—start preparing now.

📞 Contact AML Advisers today for a free no-obligation consultation and ensure your business is ready for the Tranche 2 reforms.

For professionals in law, accounting, and real estate, the arrival of the Tranche 2 AML reforms may appear to be a sudden regulatory shift. In reality, these reforms represent the culmination of a deliberate, multi-decade process to fortify Australia's financial defences. Understanding the protracted history of Tranche 2 AML reforms in Australia is critical to appreciating both their necessity and the pressing urgency for compliance.

This analysis traces the long road of the Tranche 2 AML reforms, from the foundational AML/CTF Act 2006 to their recent passage into law, underscoring why DNFBPs Australia are now firmly in the regulatory spotlight.

The Global Context: From Drug Proceeds to Terrorist Funds

The modern fight against financial crime began with initiatives like the U.S. Bank Secrecy Act (1970), which established basic "know your customer" (KYC) principles. The global standard was cemented in 1989 with the formation of the Financial Action Task Force (FATF), whose 40 Recommendations provided the initial blueprint for national regimes focused primarily on the proceeds of drug trafficking and organised crime.

The Paradigm Shift: The War on Terror and the Formalisation of CFT

The terrorist attacks of September 11, 2001, fundamentally reshaped the global landscape. The focus dramatically expanded from tracking the proceeds of crime to actively disrupting the funding of terrorism.

• The U.S. PATRIOT Act (2001): This legislation dramatically amplified AML tools for counter-terrorism purposes, introducing Enhanced Due Diligence and mandating comprehensive Anti-Money Laundering Programs for a wider range of institutions.

• The FATF's Expanded Mandate: The FATF issued its Special Recommendations on Terrorist Financing, which were fully integrated into its core standards, formally rebranding the field as Anti-Money Laundering and Counter-Financing of Terrorism (AML/CFT).

• The EU's Rapid Alignment: The European Union moved swiftly to embed this new paradigm, explicitly incorporating CFT standards into its directives and cementing a holistic approach to financial crime.

This global shift is critical to understanding Australia's own framework. The very "C" in Australia's AML/CTF Act 2006 is a direct product of this post-9/11 consensus.

Expanding the Net: The Inevitable Inclusion of DNFBPs

A key evolution was the recognition that terrorists and criminals exploit the same professional channels. Following jurisdictions like the EU, the international consensus solidified: effective AML/CFT frameworks must cover Designated Non-Financial Businesses and Professions (DNFBPs).

Australia's Starting Point: The Incomplete Framework of 2006

Australia's modern framework began with the AML/CTF Act 2006. This legislation was a direct response to FATF standards but was implemented in two phases:

• Tranche 1 (2006): Regulated the traditional financial sector.

• Tranche 2 (Planned for the future): Was always intended to extend obligations to DNFBPs.

This two-stage approach left a strategic vulnerability in Australia's financial crime defences for nearly two decades.

The Catalyst for Change: The 2015 FATF Mutual Evaluation Report

The FATF Mutual Evaluation Report Australia in 2015 was unequivocal, identifying Australia’s failure to regulate DNFBPs as a "glaring weakness." This international censure framed the Tranche 2 AML reform delays as both a national security and economic reputation risk, making reform a matter of urgency.

From Consultation to Legislation: Scrutiny, Debate, and Final Passage

Momentum turned with the Statutory Review AML/CTF Act 2022, which provided a powerful, evidence-based case for closing the regulatory gap. This led to a definitive timeline:

• 2023-2024 Public Consultation: The government undertook two rounds of extensive consultation on the Tranche 2 AML reforms, engaging stakeholders across the legal, accounting, real estate, and civil society sectors.

• Parliamentary Scrutiny: The *Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2024* was introduced on 11 September 2024. On 19 September 2024, the Senate referred the Bill to the Legal and Constitutional Affairs Legislation Committee for an inquiry and report by 13 November 2024.
  This process included a pivotal public hearing on 30 October 2024, which heard testimony from a wide range of stakeholders, including the Law Council of Australia, the Real Estate Institute of Queensland, CPA Australia, Transparency International Australia, the Australian Federal Police, AUSTRAC, and leading academics. This thorough scrutiny informed the Committee's final recommendations, which included technical amendments to the 'tipping off' offence and the treatment of barristers.

• Legislative Debate & Key Amendments: The subsequent parliamentary debate saw substantive amendments proposed, though not passed, which highlighted key sector concerns:

• Senator David Shoebridge proposed an amendment to address a perceived conflict between a lawyer's duty to the court and their new statutory obligations to report suspicious matters, seeking to protect legal professional privilege.

• Senator Jacqui Lambie proposed an amendment to exempt small businesses (those with fewer than 15 employees) from the regime, aiming to reduce the regulatory burden.
  The rejection of these amendments underscored Parliament's commitment to a comprehensive and consistent Tranche 2 AML reforms framework without creating high-risk exemptions.

• Legislative Passage: After this robust debate, the Bill passed Parliament on 29 November 2024 and received Royal Assent on 10 December 2024.

The Path Ahead: A Call to Action for Regulated Entities

The long-awaited Tranche 2 AML reforms are now law. The theoretical debate has ended, replaced by a concrete compliance imperative. The transition period has begun, and DNFBPs must now undertake a rigorous preparation process, developing risk-based programs, appointing compliance officers, and educating their staff.

For firms providing designated services, the preparation window is definitive. The history of Tranche 2 delays is over; the era of Tranche 2 compliance has begun.

Is your firm prepared for the most significant shift in Australian AML/CFT compliance since 2006? With the legislation now in effect, proactive compliance is not just advisable—it is mandatory. Contact AML Advisers today to book a free, confidential consultation to navigate your Tranche 2 AML reforms preparation.

Many businesses approaching the Tranche 2 reforms focus on one thing: writing the AML/CTF Program document. While this is a critical requirement, it's only the first step. The real challenge—and where many fail—is translating that document from a shelf-ready policy into an operationally embedded framework that is practical, pragmatic and cost-effective.

The "Knowing-Doing" Gap in AML Compliance

Your team might know the policy, but will they follow it when under pressure to close a property deal or onboard a key client? Common failure points include:

• Rushed Customer Due Diligence (CDD) & Risk Assessments: A sales agent, eager to secure a listing, collects minimal ID information, rushes through the client and transaction risk assessment without truly identifying the potential risk profile of client and transaction and doesn’t verify the client's source of funds.

• Ongoing Monitoring: A lawyer, focused on complex legal work, fails to spot a red flag in a trust account transaction because there's no clear process or reporting mechanism.

• Missed red risk flags or trigger events:  An employee fails to identify elevating risk factors associated with a client or transaction in their risk assessment due to a basic or non-existent risk rating methodology which does adequately capture the inherent risks of their customer base and services.

Bridging the Gap: From Document to Doing

1. Process Integration: Map your AML obligations directly onto your existing workflows.

   • For a real estate agent, this means CDD checks are a mandatory step before the listing agreement is signed.

   • For a lawyer, it means a client and matter risk assessment is built into the CRM or matter management system.

2. Leverage Technology If Possible: Many soon to be regulated Tranche 2 businesses will conduct mainly manual checks due to cost considerations. If resources allow, try and use technology for identity verification, PEPs and sanctions screening, and even basic transaction monitoring. This improves onboarding efficiency, reduces time, human error and your compliance burden.

3. Practical, Role-Based Training: Move beyond reading the policy. Train your front-line staff with real-world scenarios they will face. "What do you do if a client refuses to provide source of wealth information?" or "This is what a suspicious property transaction might look like."

4. Clear Accountability & Empowerment: Ensure every team member knows their role and is empowered to pause a transaction if compliance isn't met. This might mean a complete culture shift of the business which must come from the top.

How an AML Consultant Adds Value Here

An experienced consultant does more than write a policy. They help you:

• Conduct AML process design workshops to integrate controls seamlessly.

• Advise on cost-effective AML technology that fits your practice.

• Develop and deliver bespoke AML training that resonates with your staff.

Make your compliance program a living, breathing part of your business. Book a no-obligation free 30-minute consultation to see how we can assist you making your AML/CTF Program work for you.

A High-Risk Sector Under the Spotlight

The Australian real estate market is not just a pillar of the economy; it is a prime target for financial crime. The 2024 Australian National Risk Assessment (NRA) explicitly categorises the domestic real estate sector as a "very high" money laundering risk, with real estate agents themselves posing a "medium" risk.

With the impending Tranche 2 AML reforms, your profession will soon be regulated by AUSTRAC under the AML/CTF Act. This means a legal obligation to understand and mitigate these risks. Your frontline role is critical. Being able to identify key red flags for money laundering is your agency's first and most important line of defence.

The 5 Critical Red Flags Every Real Estate Professional Must Know

1. The Secretive or Rushed Buyer

Criminals often priorities speed and anonymity over the normal considerations of a property purchase.

• What to Look For:

• A buyer disinterested in property features, price negotiation, or building inspections.

• A remote buyer who doesn’t inspect the property.

• An insistence on an abnormally fast settlement, often facilitated by all-cash offers or single-source wire transfers from an unrelated third party.

• Reluctance to meet in person and a preference for opaque, digital-only communication.

• Use of a Power of Attorney or an intermediary with no clear, legitimate connection to the transaction.

• Attempts to avoid or rush through standard Know Your Customer (KYC) or presenting documents that appear altered or forged.

2. Complex or Opaque Corporate Structures

Legitimate ownership is often hidden behind a web of entities to conceal the Ultimate Beneficial Owner (UBO).

• What to Look For:

• The purchasing entity is a shell company, a complex trust, or a series of interlinked companies registered in known offshore havens.

• The representative you deal with is evasive or unable to clearly explain the ownership structure.

• A refusal to provide essential documents like Trust Deeds, company structure charts, or shareholder registers.

• Use of nominees or third-party representatives who seem to be acting on instructions from an undisclosed principal, deliberately distancing the true owner from the transaction.

3. Unusual or Suspicious Payment Methods

The method of payment is a major tell-tale sign of layering—a stage in money laundering designed to obscure the origin of funds.

• What to Look For:

• Payments from a third party (e.g., a friend, relative, or unrelated company) without a legitimate commercial or personal explanation.

• A buyer who pays using a method inconsistent with their profile (e.g., large amounts of cash from a supposedly salaried employee).

• A buyer who deposits cash into your trust account, then pulls out of the deal and requests a refund via a different method (e.g., a cheque to a different name).

• Offering to pay significantly higher fees or a premium price to incentivise the agent to overlook procedures.

• Insisting on settlement in a foreign currency without any logical connection to the buyer or the transaction.

4. Illogical or Commercially Irrational Transactions

Money laundering is not about sound investment; it's about placing illicit funds into the legal economy, often in ways that defy logic.

• What to Look For:

• A buyer who agrees to pay significantly above the market value with no clear rational or logic as to why.

• Rapid "flipping" of properties—buying and selling in quick succession with a sharp, unexplained increase in value.

• Frequent and significant changes to transaction instructions without reasonable justification.

• Instructions to direct sale proceeds to an unrelated third party, rather than the seller.

• A pattern of rapid, consecutive property transactions ("back-to-back settlements") that seem to have no clear financial or logical driver.

5. Inconsistent Source of Wealth or Funds (SOW/SOF)

This is the cornerstone of detection. The story doesn't add up.

• What to Look For:

• A clear mismatch between the buyer's stated occupation (e.g., student, low-income worker) and their ability to purchase a multi-million dollar property.

• An inability or unwillingness to explain the Source of Funds (SOF) or Source of Wealth (SOW), or providing documentation that is vague, contradictory, or suspected to be forged.

• The use of complex loan arrangements or deposits from unusual or unverifiable sources.

• A buyer who becomes nervous, agitated, or defensive when asked standard Customer Due Diligence (CDD) questions.

• Funding substantial property renovations with no visible legitimate source of income or financing.

From Detection to Action: Your Compliance Protocol

Identifying a red flag is only the beginning. As a regulated entity, you must have a clear, actionable response plan.

Step 1: Document Meticulously
Keep a detailed, contemporaneous record of all interactions, communications, and the specific factors that raised your suspicion. This audit trail is crucial for both internal review and, if needed, for AUSTRAC.

Step 2: Conduct Enhanced Due Diligence (EDD)
A red flag triggers an obligation to dig deeper. This is not about accusation; it's about verification. EDD measures include:

• Requesting additional, verified documentation on the Source of Funds.

• Seeking senior management approval to proceed with the client relationship/ transaction.

• Conducting deeper background checks on the beneficial owners.

Step 3: Escalate Internally
Immediately report your concerns to your designated AML Compliance Officer (AMLCO) and Senior Manager. A robust internal reporting culture is vital for an effective AML/CTF program.

Step 4: Submit a Suspicious Matter Report (SMR)
If, after conducting EDD, your suspicions remain, your business has a legal obligation to submit an SMR to AUSTRAC. This must be done within 3 business days of forming a suspicion. It is a criminal offence to "tip off" the client that you have filed an SMR.

Don't Navigate This New Landscape Alone

The transition to becoming a regulated AUSTRAC reporting entity is complex. Recognising red flags is one thing; having the frameworks, risk rating methodology, training, and confidence to act on them is another.

AML Advisers specialises in providing end-to-end AML compliance solutions for the real estate sector. We help you:

• Develop a bespoke AML/CTF Program tailored to your agency's specific risks.

• Train your frontline staff to confidently identify and respond to these red flags.

• Establish clear procedures for Enhanced Due Diligence and SMR reporting.

• Provide ongoing support to ensure you meet your regulatory obligations.

Protect your business, your reputation, and the integrity of the financial system.

Book a free, no-obligation confidential consultation with AML Advisers to see how we can assist you on your Tranche 2 Journey.

A Regulatory Earthquake in Australia

The impending Tranche 2 AML reforms represent the most significant shift in Australia’s financial crime landscape in decades. Set to take effect from July 2026, these changes will expand the Anti-Money Laundering and Counter-Terrorism Financing Act (AML/CTF Act) to include Designated Non-Financial Businesses and Professions (DNFBPs).

This means for the first time, the following professions will become AUSTRAC reporting entities:

• Real Estate Agents, Buyers' Agents, and Developers

• Dealers in Precious Stones and Metals

• Lawyers and Legal Practitioners

• Conveyancers

• Accountants

• Trust and Company Service Providers

With over 80,000 new businesses entering the regime, Australia is closing a critical gap identified by the global Financial Action Task Force (FATF). While this brings us in line with international standards (like the EU's reforms from over 20 years ago), it creates an unprecedented demand for AML/CTF compliance expertise.

The Compliance Divide: The "Haves" vs. "Have-Nots"

The surge of new entrants will create a stark divide between those with existing AML knowledge and those starting from scratch.

The "Haves" – Businesses with a Head Start:

• Multinational Firms: Companies already operating under UK, EU, or other robust AML regimes can adapt existing frameworks for the Australian context.

• Financial Services Adjacents: Accountancy firms with financial planning divisions can leverage in-house experience with existing AML/CTF obligations.

• Professionals with Audit Experience: Law firms that have conducted independent AML audits for Tranche 1 entities possess valuable skills in interpreting legislation and drafting policy.

• Large Franchises: Real estate franchises can centralise resources, developing group-wide compliance programs and leveraging their scale for technology solutions.

The "Have-Nots" – The Challenge for Independent Businesses:
For the vast majority of small to medium-sized law firms, independent real estate agencies, and accounting practices, the path is far steeper. These businesses are "starting from scratch," facing three core challenges:

1. The Expertise Scarcity & Cost Crisis: The demand for skilled AML Compliance Officers (AMLCOs) is exploding. Salaries for AML analysts are already surpassing $100,000, with experienced AMLCOs commanding packages well over $200,000—a prohibitive cost for many SMEs.

2. The Operational Learning Curve: Even hiring an AML professional from a bank doesn't guarantee success. They must first understand the nuances of your specific business, services, and client base before they can even begin drafting a compliant AML/CTF Risk Assessment.

3. The "Bespoke" Mandate from AUSTRAC: Regulators have been clear: generic, template-based compliance programs are unacceptable. Your AML/CTF Program must be tailored to your business's unique risk profile, with controls proportionate to those risks. While sector-specific guidance is coming, interpreting and implementing it operationally is a complex, high-stakes task.

The Strategic Solution: Engaging an AML Consultant

For businesses facing these hurdles, an AML consultant is not an expense; it's a strategic investment in compliance, risk management, and operational continuity. Here’s how they deliver value:

1. Access Deep Regulatory Expertise & Best Practices
An AML consultant provides immediate access to specialised knowledge of the Tranche 2 reforms and the AML/CTF Act. They bring proven AML compliance frameworks from other sectors, helping you implement effective, rather than just minimal, standards.

2. Achieve Significant Cost Efficiency & ROI
Hiring a consultant is a cost-effective compliance solution. You avoid the high salary and overhead of a full-time AMLCO, engaging expert help on a flexible, project basis. Most importantly, their work provides a direct return on investment by mitigating regulatory fines and reputational damage that can cripple a business.

3. Develop a Truly Bespoke and Effective Compliance Program
Leveraging their experience, consultants conduct a thorough AML gap analysis and work with you to build a customised AML/CTF Program. They ensure your Customer Due Diligence (CDD) and ongoing customer monitoring processes are seamlessly integrated into your daily operations and leverage your existing systems, processes and tools to make your compliance burden cost-effective.

4. Enhance Operational Efficiency
Beyond policy, consultants optimise AML processes to reduce friction. They provide guidance on AML technology solutions, helping you select and implement the right tools for client onboarding, transaction monitoring, and reporting.

5. Empower Your Team and Assure Your Board
A key benefit is AML training and knowledge transfer. Consultants upskill your staff, from front-line employees to senior management, building long-term internal capacity. Furthermore, engaging a reputable expert demonstrates regulatory diligence to AUSTRAC and provides your board with confidence in your risk management strategy.

Who Needs an AML Consultant Most?

An AML consultant is particularly vital for:

• Small to Medium-Sized Enterprises (SMEs) in law, real estate, and accounting who lack in-house compliance resources.

• Businesses for whom generic "starter kits" will be insufficient due to their complexity, size, or specific risk profile.

• Growing firms that need to build a scalable, compliant framework from the ground up.

• Any organisation seeking an independent, expert assessment of their readiness for the July 2026 deadline.

Don't Navigate Tranche 2 Alone

The Tranche 2 AML reforms are a compliance imperative. While the challenge is significant, you don't have to face it alone. An experienced AML consultant provides the strategic guidance, deep expertise, and practical support to not only achieve compliance but to strengthen your firm's overall resilience against financial crime.

Prepare for the future of compliance. Book a no-obligation free 30-minute consultation with AML Advisers for a confidential assessment of your Tranche 2 readiness.