Your Tranche 2 AML/CTF Obligations (Simplified)

From 1 July 2026, Tranche 2 of Australia's AML/CTF regime will apply to real estate agents, conveyancers, lawyers, accountants, and trust & company service providers.

AUSTRAC's Rules and guidance outline exactly what you must do, but with thousands of pages of detail and new governance, training, and reporting requirements, it's a lot.

In this guide, we break down each obligation into:

• Exactly what you need to do
• How to do it right
• How Instant Compliance can help you

AUSTRAC Enrolment

What you need to do

All Tranche 2 entities must enrol with AUSTRAC. Enrolments open on 31 March 2026. If you're already providing a designated service on 1 July 2026, you must be enrolled by 29 July 2026. Failure to enrol means you must stop providing those services.

As part of the enrolment, you'll need to provide information about your business structure, ownership, and the services you offer.

How to do it right

Have your business details ready:

• ABN/ACN
• Business ownership details
• Governance contacts
• Designated services list
• Director information
• Beneficial owners
• Business structure details
• Contact information
• Compliance officer nomination

Submit via the AUSTRAC Business Portal on or after 31 March 2026.

How Instant Compliance helps

Enrolment is a one-off step that must be completed by the business itself. However, if you have any questions about the information you need to provide, our Australian support team is here to help. We provide step-by-step enrolment guidance, a checklist of required information, and support via email, chat, and phone.

Your AML/CTF Program

What you need to do

All Tranche 2 entities must document, implement, and maintain a written AML/CTF Program that: identifies and manages ML/TF risks specific to your business; describes your tailored Customer Due Diligence (CDD), reporting, and training processes; and includes an Independent Review schedule (every 2-3 years). Your organisation's senior manager must approve the Program.

How to do it right

Step 1: Governance Structure. Identify who will fill three governance roles: Governing body; Senior manager(s) (approves your Program); AML/CTF Compliance Officer. In smaller businesses, one person can hold all three roles.

Your Compliance Officer must be employed or engaged at management level, an Australian resident (if services provided here), a fit and proper person, and free from conflicts of interest.

Step 2: Risk Assessment. Conduct a comprehensive risk assessment examining: how you onboard clients; types of clients; client locations; PEPs or high-net-worth individuals; service delivery methods; payment methods. AUSTRAC will provide Risk Matrices for Tranche 2 businesses after January 2026.

Step 3: Document Your Policies. Your policies must be targeted, proportionate, ongoing, and effective. Once documented, your Senior Manager must review and approve them.

How Instant Compliance helps

Manage your governance in one place; industry-specific Risk Assessment Questionnaire; guided questions about your business; generates a tailored AML/CTF Program built around AUSTRAC requirements in about 15 minutes; includes Program governance sign-off; platform updates when AUSTRAC issues new guidance. 55 gold-standard policy templates included — worth $10,000+ if written by lawyers.

Your AML/CTF Culture

What you need to do

AUSTRAC expects Tranche 2 businesses to embed a culture that treats AML/CTF compliance as a business priority, not a box-ticking exercise. You also need to conduct Employee Due Diligence (EDD) to ensure employees meet your probity standards, including ongoing periodic checks.

How to do it right

Indicators of a strong AML/CTF culture: involve leaders in risk and compliance updates; encourage staff to report concerns with clear reporting process; conduct regular staff training; enforce disciplinary measures for non-compliance.

How Instant Compliance helps

Your subscription includes: easy-to-navigate user dashboard; detailed compliance dashboards for senior management; training dashboards to track staff training status; comprehensive board reports; customizable reports demonstrating positive AML/CTF culture to AUSTRAC.

Customer Due Diligence (CDD)

What you need to do

CDD is the process of understanding who your clients are. Conduct initial CDD before providing designated services (exceptions for real estate/conveyancing: may delay up to 15 days from contract exchange). Monitor client transactions and behaviour ongoing. For high-risk clients (PEPs, complex structures), complete enhanced CDD.

How to do it right

Depending on entity type (individual, company, trust), follow appropriate process to verify identity of all beneficial owners (25%+ ownership/control). Identify whether client or beneficial owners are PEPs or designated for sanctions; nature of the transaction; for PEPs and high-risk clients: source of funds and source of wealth. Use reliable, independent sources. Record all steps taken and decisions made.

How Instant Compliance helps

Comprehensive digital ID verification (KYC): ID link sent to customer's email/phone; 10,000+ Australian and international IDs supported; automated ID data extraction; liveness validation; biometric verification; completed in under 60 seconds. Included screening: PEPs, sanctions, adverse media; 1,000+ international databases. KYB for businesses: 300+ international company registries; automated corporate structure unwrapping; UBO identification (25%+) for your review. Pricing: $15 per KYC, $40 per KYB (pay as you use). Central source of information with audit trails and secure document storage in Australia.

Reporting to AUSTRAC

What you need to do

Various mandatory reports must be submitted: Suspicious Matter Reports (SMRs) within 3 business days of forming suspicion (24 hours for terrorism financing); Threshold Transaction Reports (TTRs) for cash transactions $10,000+, within 10 business days; International Funds Transfer Instructions (IFTIs) within 10 business days; Annual Compliance Report due 1 January – 31 March each year.

How to do it right

Good record-keeping is imperative: maintain clear internal reporting channels; train staff to recognise red flags; ensure staff understand escalation process; keep all records for at least 7 years.

How Instant Compliance helps

Pre-filled SMR and TTR forms linked to customer records; automated alerts for unusual activity; comprehensive audit history; single source of information; pre-population of available data; prompts that help you prepare complete reports; submit to AUSTRAC from the platform; dashboard alerts for timely reporting.

Training & Record-Keeping

What you need to do

Provide initial and ongoing AML/CTF training to all relevant staff on: your AML/CTF Program; ML/TF/PF risks; CDD obligations; reporting requirements; red flags and suspicious activity. Maintain comprehensive records for at least 7 years.

How to do it right

Develop role-specific training modules; conduct initial training for all staff; implement onboarding for new employees; schedule regular refresher training; document training completion; test understanding with assessments; keep all compliance records organised and accessible.

How Instant Compliance helps

Training: Built-in training modules for all roles; automated training assignment; completion tracking; automated reminders for refresher training; training certificates. Record-keeping: Centralised document storage; automatic audit trails; 7-year retention built-in; secure Australian servers; easy retrieval for AUSTRAC audits; comprehensive compliance registers.