The Hidden Challenges of Operationalising Client Due Diligence and AML Risk Assessments in Tranche 2 Sectors

Introduction

With Australia’s Tranche 2 AML/CTF reforms fast approaching, law firms, real estate agencies, and accounting practices are bracing for a new wave of anti-money laundering (AML) compliance obligations. At the core of these requirements are two critical processes: Client Due Diligence (CDD) and AML Risk Assessments (RAs). While AUSTRAC’s guidance makes these concepts sound straightforward, embedding them into day-to-day operations is anything but simple. Many Tranche 2 businesses assume AUSTRAC’s sector-specific guidance and starter kits will do the heavy lifting. The reality? Operationalising these reforms is your responsibility—not AUSTRAC’s.

This article explores why operationalising these requirements is challenging, common pitfalls, AUSTRAC expectations, and practical strategies for Tranche 2 businesses.

AUSTRAC Expectations Under Tranche 2

AUSTRAC requires businesses to adopt a risk-based approach (RBA). Key obligations include:

• Customer identification and verification before providing designated services.

• Assessing money laundering and terrorism financing (ML/TF) risk for clients and transactions.

• Applying proportionate controls such as enhanced due diligence (EDD) for high-risk clients.

• Conducting ongoing monitoring of clients/transactions and record-keeping for at least seven years.

For law firms, this means verifying clients and conducting CDD and client/matter Ras prior to recording time. For real estate agencies, it means conducting CDD and Ras on sellers before signing listing contracts and for buyers, prior to the transaction taking place. There are provisions for delayed initial due diligence for auctions. For accountants, it applies when managing client funds or forming companies.

Failure to comply can result in AUSTRAC penalties, reputational damage, and even criminal liability.

Why Operationalisation Is Harder Than It Looks

On paper, AML compliance seems procedural and like other compliance activities Tranche 2 businesses already conduct such as conducting checks on registered bidders in an auction context. In practice, it requires:

• Integration into existing workflows without disrupting client service.

• Technology and training investment for staff unfamiliar with AML compliance.

• Balancing regulatory rigor with commercial realities—especially in competitive markets.

Challenges in Implementing Client Due Diligence checks include:

1. Data Collection and Verification

• Real estate agents often deal with offshore buyers or complex trust structures, making beneficial ownership verification difficult.

• Law firms face similar hurdles when acting for corporate clients with layered ownership or international corporate entities.

• Accountants may struggle with clients using multiple entities for tax planning.

Manual checks against government registries, sanctions lists, and PEP screening are time-consuming but more often the most cos- effective and compliant method of UBO identification, verification and screening.

1. Balancing Compliance and Client Experience

• A property buyer expecting a quick settlement may resist lengthy AML checks.

• Law clients under time pressure for litigation or conveyancing may view compliance as a nuisance.

• Accountants risk losing clients if onboarding feels intrusive.

The challenge is educating clients on why these checks are mandatory without creating friction.

1. False Positives and Alert Fatigue

• Sanctions screening tools often flag common names or outdated data.

• Smaller firms lack dedicated compliance teams to triage alerts, leading to delays and frustration.

1. Keeping Pace with Regulatory Change

• AUSTRAC updates guidance regularly. For small practices, adapting policies and retraining staff is resource-intensive.

Challenges in AML Risk Assessments

Risk assessments underpin the entire AML framework, but common mistakes include:

• One-Size-Fits-All Ratings
  Treating all clients as low risk because they’re “local” ignores factors like occupation (e.g., politically exposed persons), business activities or source of wealth/funds.

• Overreliance on Automation
  Automated scoring can miss contextual red flags which may appear during a transaction.

• Insufficient Staff Training
  Without understanding risk indicators or ML/TF typologies, staff may treat assessments as a tick-box exercise.

Operational Pain Points

• Resource Constraints
  Many small law firms and agencies lack compliance officers, forcing admin staff to manage AML tasks alongside core duties.

• Data Silos
  Client data often sits in separate systems—CRM, accounting software, and email—making it hard to maintain a single risk profile.

• Technology Integration
  RegTech solutions promise efficiency but come with significant cost and complexity barriers for smaller firms.

Practical Tips for Tranche 2 Businesses

1. Adopt a Risk-Based Approach

• Focus on high-risk scenarios: offshore clients, complex structures, cash transactions.

• Apply enhanced due diligence (EDD) for these cases—such as deeper understanding of/verification of their source of funds or obtaining additional documentation.

2. Leverage Technology Wisely

• o Use ID verification platforms integrated with sanctions screening however opt for in person verification where possible to minimise onboarding cost and reduce risk.

• Automate low-risk checks in possible but keep human oversight for nuanced cases.

1. Embed Compliance in Client Onboarding

• For real estate agencies: include AML checks in pre-commencement workflows.

• For law firms: integrate CDD into matter opening procedures.

• For accountants: make AML checks part of engagement letters.

2. Continuous Training

• Train staff to spot AML red flags (e.g., unusual payment methods, reluctance to provide ID).

• Use AUSTRAC resources and industry webinars.

3. Client Education

• Explain AML obligations upfront in plain language.

• Provide FAQs or short guides to reduce resistance.

4. Regular Review

• Update risk assessments annually or when business models change.

• Monitor AUSTRAC updates and adjust policies accordingly.

Conclusion

Operationalising AML compliance, Client Due Diligence (CDD), and risk assessments is far more than a regulatory checkbox—it’s a cultural shift. For Tranche 2 businesses, success depends on embedding compliance into everyday workflows, leveraging existing systems and tools, and fostering a risk-aware culture from the top down. Those that embrace this approach will not only meet AUSTRAC’s expectations but also strengthen trust and resilience in an increasingly regulated environment.

Yet, many soon-to-be regulated businesses underestimate the operational realities of these reforms. The processes within a corporate law firm differ dramatically from those in a retail bank. Matter creation and transaction details are often gathered manually, and obtaining complete information can take far longer than expected. Unless those drafting CDD policies, procedures, and training materials fully understand how time-consuming it is to identify, verify, and screen beneficial ownership structures, significant delays in client onboarding and service delivery are inevitable.

Consider a typical corporate law firm scenario: a Partner or Practice Executive initiates a new business intake request with incomplete details about the client, matter parties, or transaction. Compliance teams must then chase down all relevant information to set up the matter correctly and complete onboarding. At this stage, they must also identify elevating risk factors—such as sanctions exposure, business activity, negative news, PEP status, or shareholder jurisdictions on grey lists—that may require escalation to senior management. These triggers are often identified manually because most legal practice management systems (LPMs) are not designed for AML risk events.

All of this occurs in a fast-paced environment where Partners are focused on billing targets, not compliance checks. The tension between speed and thoroughness is real—and unless addressed, it can undermine both compliance and client experience.

While many Tranche 2 entities concentrate on building an AML program framework, the true measure of its effectiveness lies in how well it can be operationalised. The goal is to meet AML obligations without impeding business activity—a balance that is notoriously difficult to achieve. Having worked within an AML function at a Big Six Australian law firm, I can attest to the complexity and effort required to make this work in practice.

If you want to ensure that your business  operationalises these reforms in a robust, efficient and cost-effective manner, book a no-obligation free 30-minute consultation to see how we can assist you making your AML/CTF Program work for you.