Iran sanctions are escalating. Tranche 2 businesses in Australia can’t ignore proliferation‑financing risk anymore
Quick read:
On 25 February 2026, the U.S. Treasury sanctioned 30+ people, companies and vessels tied to Iran’s shadow fleet and missile/UAV supply chains—explicitly targeting networks that fund and facilitate non‑proliferation breaches.
The U.S.–Israel–Iran conflict has sharply intensified since mid‑2025 and again in late February 2026, increasing the likelihood of additional sanctions actions by partners and allies—creating real operational risk for Australian firms.
Australia’s AML/CTF Tranche 2 starts on 1 July 2026 and explicitly requires businesses to assess and mitigate proliferation‑financing and targeted financial sanctions (TFS) risks.
What just happened—and why it matters beyond Washington
The U.S. Department of the Treasury’s latest action targets Iran’s shadow fleet—older, obscured‑ownership tankers moving Iranian oil and petrochemicals—and procurement networks acquiring sensitive materials for ballistic missile and UAV programs. These designations were made under U.S. authorities including E.O. 13382 (WMD proliferators) and E.O. 13902 (Iran economy sectors), and they highlight typologies Australian businesses need to recognise: deceptive shipping practices, front companies, layering via third‑country traders, and payments routed through exchange houses and brokers.
This is not a one‑off. Since 2024, Washington has repeatedly tightened sanctions on Iran’s petroleum trade and procurement facilitators; the February 25 designations build on that continuum and on the re‑imposition of wider UN Iran sanctions (“snapback”) in September 2025. The practical take‑away for Australian risk owners: counterparties and vessels that were unsanctioned yesterday can become sanctioned overnight, and links to sanctioned ecosystems can be indirect but still risky.
The broader conflict context: why PF risk is rising
In June 2025, Israel struck Iranian nuclear and missile facilities; Iran responded with waves of missiles and drones. After a tense ceasefire, the region flared again on 28 February 2026 when the U.S. and Israel launched new strikes inside Iran, followed by Iranian ballistic missile salvos across the region. Each spike of conflict has been followed by waves of new designations, sector advisories, and heightened screening expectations across global finance and trade.
For Australian firms—especially those about to enter scope under T2—this means sanctions exposure is no longer theoretical. You’re operating in a landscape where red‑flag patterns (e.g., unusual trans‑shipment hubs, opaque ownership, dual‑use goods orders, or vessel identity manipulation) are moving from “nice to know” to must detect.
Australia’s direction of travel: more listings, tighter frameworks
Australia implements UN sanctions in domestic law and also imposes autonomous sanctions. After the UN snapback took effect in September 2025, DFAT updated the Iran framework and has continued to expand listings—including 20 individuals and 3 entities linked to the IRGC on 3 February 2026. DFAT’s Consolidated List is updated frequently (last updated 24 February 2026 at the time of writing). Expect ongoing adjustments as the conflict evolves.
Key controls already in Australian law include restrictions on sensitive goods and services, bans on dealing with designated persons and entities (asset‑freeze/TFS), and prohibitions on bunkering services to Iranian vessels—particularly relevant for logistics, energy, and maritime‑adjacent sectors in Australia.
Tranche 2: Proliferation‑financing is now your obligation
From the 1 July 2026, Australia’s reformed AML/CTF regime requires you to identify, assess, manage and mitigate PF risk, and to integrate targeted financial sanctions controls into your AML/CTF policies and customer lifecycle. DNFBPs—real estate agencies, law and accounting practices, conveyancers, trust & company service providers, and dealers in precious metals/stones—are squarely in scope.
This aligns with FATF updates (2020/2021) requiring both countries and private sectors to treat PF risk (including risk of breach, non‑implementation or evasion of TFS) as part of the risk‑based approach. Your program needs to be proportionate, but it must exist, be documented, and be operational—especially screening against DFAT’s Consolidated List and applying enhanced due diligence for higher‑risk scenarios.
AUSTRAC’s guidance sets out how TFS screening must cover the customer, beneficial owners, persons acting on behalf of the customer, and any person on whose behalf the service is provided—before you provide a designated service and throughout the relationship. Breaches can bring significant criminal penalties.
Proliferation‑financing (PF) 101 for T2 sectors
What is PF? Funding or facilitating the manufacture, acquisition, movement, or use of WMDs and their delivery systems; in practice, PF often looks like sanctions evasion and trade‑based schemes around dual‑use goods, supported by front/shell companies and third‑country procurement hubs.
Why you’ll see it: AUSTRAC’s national PF risk assessment highlights Australia’s vulnerabilities: high‑volume trade in dual‑use materials, complex corporate structures, and use of DNFBPs to hide beneficial ownership or facilitate transactions. Threat actors linked to Iran and the DPRK have targeted these channels.
How it shows up:
Real estate & conveyancing: property purchases via layered companies or trusts with opaque beneficial owners linked to high‑risk jurisdictions; payments routed through third‑country entities that don’t match the customer’s profile.
Legal & accounting/TCSPs: company formation/restructures that obscure control; nominee arrangements; professional trust accounts used to stage funds related to trade invoices for “machine parts” or “industrial software” that may be dual‑use.
Dealers in precious metals/stones: high‑value portable commodities used to shift value cross‑border outside the banking system.
Logistics touchpoints (if applicable): counterparties or vessels later revealed as part of a shadow fleet; inconsistent cargo descriptions; ship‑to‑ship transfers; AIS manipulation. (This typology is at the heart of the latest U.S. action.)
What to do now: a practical, T2‑ready checklist
Update your enterprise ML/TF/PF risk assessment
Incorporate recent conflict‑driven risk signals (Iran, DPRK) and typologies (shadow fleet, third‑country procurement, dual‑use goods). Reference FATF PF Guidance and AUSTRAC’s PF NRA for indicators and methodology.
Embed targeted financial sanctions (TFS) into your AML/CTF policies
Define how you will screen customers, beneficial owners, controlling persons, authorised signatories, and “persons on whose behalf” services are provided—pre‑onboarding and ongoing. Add escalation paths for potential matches and asset‑freeze steps in line with DFAT guidance.
Screen against DFAT’s Consolidated List—and keep it current
Subscribe to DFAT updates; document your update cadence and controls for delta screening (e.g., changes effective 2 Marcg 2026). Treat screening hits linked to Iran or affiliated networks as high‑priority reviews.
Define PF‑specific EDD triggers tailored to your sector
Real estate: layered ownership without clear rationale; funds from trading companies dealing in metals, chemicals, avionics, or “industrial equipment” inconsistent with buyer profile.
Legal/TCSPs: formation of complex structures with nominee directors in trans‑shipment hubs; unusual requests for escrow/trust account disbursements to third‑country counterparties.
Dealers: high‑value purchases with indirect links to high‑risk jurisdictions; attempts to pay via third‑party companies or crypto without a legitimate business reason.
Strengthen trade & commodity red‑flag awareness (even if you’re not a bank)
Watch for dual‑use goods (e.g., carbon fibre, certain resins/chemicals, machine tools, electronics/sensors) and paperwork anomalies (end‑user certificates, mismatched HS codes). If your professional services touch the underlying transaction (e.g., acting for the buyer/seller or structuring entities), your PF exposure rises.
Train staff & document decisions
Run short, scenario‑based refreshers that use current Iran examples. Keep records of negative decisions (why you declined or exited). These are invaluable for demonstrating a risk‑based approach to AUSTRAC.
Plan for change: expect further listings/sanctions rounds
Following the UN snapback and the February 2026 listings, more changes are plausible if the crisis escalates. Maintain a playbook for rapid counterparty re‑checks and client communications when DFAT updates the framework or list.
What “future tranches” of sanctions could look like for Australia
While we should avoid speculation, there are clear indicators. Australia has already expanded its Iran framework post‑snapback and taken autonomous actions targeting IRGC‑linked figures. As allied measures evolve (notably U.S./UK actions on maritime, oil revenues, and procurement), Australia may continue to add designations or refine restrictions (e.g., services linked to controlled goods, sanctioned vessels, or specified entities). That means more names, more vessels, and tighter service prohibitions to screen against.
Operationally, that impacts onboarding, ongoing monitoring, supplier due diligence, trust accounts, deal escrow, and—for real estate—the ability to complete settlements if a counterparty is listed mid‑transaction. Your contingency plans should cover freezing obligations, notifying authorities, and client communication—before you’re in a live matter.
