Tranche 2 Australia: Who's affected and how to comply
On 1 July 2026, Australia's Tranche 2 reforms take effect. If you're a lawyer, accountant, real estate agent, conveyancer, precious metals dealer, or trust and company service provider, this deadline likely applies to you.
Tranche 2 extends Australia's AML/CTF obligations to approximately 100,000 businesses that were previously unregulated. Below, we walk through who Tranche 2 affects, which services trigger compliance obligations, how to enroll with AUSTRAC, and what you need to do before 1 July to meet requirements.
Note: This guide focuses on the immediate actions Tranche 2 entities need to take before 1 July 2026. For a more comprehensive background on Australia's AML/CTF framework, see our guide to KYC and KYB in Australia.
What is Tranche 2?
Tranche 2 is a set of legislative reforms that extend Australia's AML/CTF obligations to lawyers, accountants, real estate agents, conveyancers, precious metals dealers, and trust and company service providers starting 1 July 2026.
The reforms close a long-standing gap. Banks and fintechs have faced AML/CTF obligations for years, but professional services remained unregulated, making them an attractive channel for laundering money through property transactions, trust structures, and high-value asset purchases.
Starting 1 July 2026, relevant entities must comply with the AML/CTF Act when providing designated services. However, AUSTRAC has indicated it will focus initial enforcement on entities that wilfully ignore their obligations rather than those making good faith efforts to comply.
These obligations include customer identification (Know Your Customer and Know Your Business), ongoing monitoring, suspicious activity reporting, and maintaining comprehensive records for seven years.
Who is affected by Tranche 2?
Tranche 2 targets industries where professionals handle high-value transactions, manage client assets, or facilitate complex ownership structures — all areas vulnerable to money laundering.
Six specific sectors now fall under AUSTRAC regulation:
Lawyers and law firms
Legal professionals who handle property transactions, manage client assets, or establish companies and trusts must verify client identities before providing designated services, screen clients against watchlists, and maintain comprehensive audit trails.
Accountants
Accounting practices are subject to Tranche 2 if they provide specific designated services, such as managing or controlling client funds, assisting with financial transactions, or managing trust accounts.
Real estate agents and agencies
Real estate professionals who represent buyers or sellers in property transactions must verify the identities of both parties, regardless of which side they represent. This addresses real estate's long-standing identification as a high-risk sector for money laundering.
Conveyancers
Conveyancing professionals who facilitate property settlements and transfers must verify client identities and screen for money laundering risks. This includes licensed conveyancers who prepare property transfer documents, manage settlement funds, or facilitate real estate transactions.
Precious metals dealers and jewellers
Bullion dealers are regulated regardless of transaction size. Dealers in other precious metals, stones, and jewellery must comply when a purchase involves physical currency or virtual assets totalling $10,000 or more. (AML/CTF Amendment 2024, Schedule 3, Part 2, Item 6)
Trust and company service providers
Professionals who establish, manage, or administer trusts, companies, or other legal entities on behalf of clients must comply with Tranche 2 obligations. This includes service providers who act as trustees, company directors, or registered agents, as well as those who provide registered office services or nominee shareholders.
Not sure if you're affected?
If your business involves any of the following, you likely fall under Tranche 2 obligations:
- Property settlements or conveyancing
- Managing client funds or assets
- Company or trust formation services
- Financial advisory or wealth management
- Buying or selling property on behalf of clients
- Dealing in precious metals, stones, or jewelry above designated thresholds
- Acting as trustee, director, or registered agent for client entities
For a complete list of designated services, keep reading or see AUSTRAC's official Tranche 2 guidance.
What are designated services for Tranche 2 entities?
Even if you fall into a Tranche 2 industry, not every service you provide will necessarily trigger AML/CTF obligations. AUSTRAC regulates specific "designated services" that present elevated money laundering risks.
You only need to conduct customer due diligence and comply with AML/CTF obligations when you provide these designated services defined by AUSTRAC.
Designated services by industry
Industry | Designated services |
Lawyers | Buying or selling real estate on behalf of clients Managing client money, securities, or other assets Establishing, operating, or managing companies, trusts, or partnerships Acting as a director, trustee, or partner on behalf of clients |
Accountants | Providing financial planning or transactional advisory services involving client funds Managing client assets or accounts Establishing or managing companies, trusts, or partnerships for clients |
Real estate agents and agencies | Brokering the sale, purchase, or transfer of real estate on behalf of buyers or sellers |
Conveyancers | Facilitating property settlements, transfers, or transactions Preparing property transfer documents or managing settlement funds |
Precious metals dealers and jewellers | Dealing in bullion (gold, silver, platinum) — regulated regardless of transaction amount Buying or selling precious metals, stones, or jewellery where payment is made in physical currency or virtual assets totalling $10,000 or more |
Trust and company service providers | Establishing, managing, or administering trusts, companies, or other legal entities on behalf of clients Acting as trustees, company directors, or registered agents Providing registered office services or nominee shareholders |
For AUSTRAC's complete list of designated services, see its official guidance for newly regulated entities.
What does Tranche 2 require businesses to do?
If you're a Tranche 2 entity, you must meet six core obligations under the AML/CTF Act. These requirements mirror those already in place for banks, fintechs, and other financial institutions.
1. Enroll with AUSTRAC
You must apply to enroll with AUSTRAC within 28 days of commencing designated services starting 1 July 2026. Enrollment opened 31 March 2026. Failure to enroll is a civil penalty violation under the AML/CTF Act (Section 51B).
2. Develop and maintain an AML/CTF program
You must establish and maintain a written AML/CTF program tailored to your business's risk profile. Your program must comprise two elements: (1) an ML/TF risk assessment and (2) AML/CTF policies. These policies must cover:
Customer identification and verification methods
Ongoing monitoring policies
Employee training requirements
Compliance officer designation
Independent review schedule
Note: Suspicious matter reporting and record-keeping are separate obligations under the AML/CTF Act.
💡 Not sure where to begin? AUSTRAC provides free program starter kits you can customize for your business.
3. Conduct customer due diligence (CDD)
Before providing designated services, you must collect and verify certain customer information.
For individuals (KYC), you must collect and verify information appropriate to the customer's ML/TF risk profile. This typically includes full legal name, date of birth, and residential address, but the specific requirements are determined by your risk assessment rather than a fixed checklist.
For businesses (KYB), you must collect and verify:
Full legal name (as registered with ASIC)
Australian Company Number (ACN) or equivalent
Principal place of business and registered office addresses
Beneficial owners (individuals with 25%+ ownership or effective control)
Nature of business operations
Verification methods include government ID checks, database verification against Australia's Document Verification Service (DVS), or a combination of both.
4. Conduct ongoing due diligence
Compliance doesn't end at onboarding. You must also:
Review and update customer information at a frequency appropriate to each customer's ML/TF risk level (more frequently for higher-risk customers)
Review your entity's overall ML/TF risk assessment at least every three years
Reassess customer risk when circumstances change
Screen customers against updated watchlists and sanctions lists
Reverify information when risk indicators increase
5. Report suspicious activity and threshold transactions
You must file reports with AUSTRAC when you detect suspicious activity or certain transaction types:
Suspicious Matter Reports (SMRs): File within three business days (24 hours if terrorism-related) when you suspect money laundering or criminal activity
Threshold Transaction Reports (TTRs): Report cash transactions of AUD $10,000 or more within 10 business days
International Funds Transfer Instructions (IFTIs): Report international fund transfers within 10 business days
6. Maintain comprehensive records
You must retain records for at least seven years:
Customer identification records: seven years after the customer relationship ends
Transaction records: seven years from the date of the transaction
AML/CTF program documents and risk assessments: seven years after they cease to be relevant to compliance
Tranche 2 in practice: two example scenarios
The obligations above can feel abstract without a concrete example. Here's how two common scenarios might play out under Tranche 2.
A real estate agent representing a buyer
Your client is purchasing a residential property through a family trust. Here's what you need to do before the transaction proceeds:
For the trust (KYB)
Collect the trust deed and verify the trust's legal name and registration details
Identify all trustees. If the trustee is a company, you'll also need to verify the company through ASIC
Identify and verify all beneficial owners: individuals who control or benefit from the trust (typically the settlor, appointor, and primary beneficiaries)
For each individual (KYC)
Collect the individual’s information. This typically includes full legal name, date of birth, and residential address, though the exact requirements depend on the customer's ML/TF risk profile
Verify their information using reliable and independent data, such as government-issued ID or a DVS database check
Screen each individual against sanctions lists and PEP databases
Risk assessment
A family trust purchasing residential property is typically low to medium risk
Document your risk rating and the rationale in your records
Ongoing
Rescreen the buyers against updated watchlists after settlement
Reverify if their circumstances change (e.g., one party becomes a PEP)
Maintain all records for seven years
An accountant onboarding a new advisory client
Your new client is a privately held company seeking CFO-for-hire services. The company has overseas shareholders.
For the company (KYB)
Verify the company name and ACN through ASIC
Collect the registered and principal business addresses
Identify all directors
For beneficial owners (KYC)
Identify any individual with 25%+ ownership, including overseas shareholders
Collect the individual’s information. This typically includes full legal name, date of birth, and residential address, though the exact requirements depend on the customer's ML/TF risk profile
Verify using reliable and independent data, such as government-issued ID or a DVS database check (note: for overseas individuals, you may need to rely on certified copies of foreign documents)
Risk assessment
Overseas ownership and complex corporate structure are elevated risk indicators
Assign a medium to high risk rating and document your reasoning
Consider whether enhanced due diligence (EDD) is required, including source of funds and source of wealth verification
Ongoing
Review the client's risk rating at a frequency appropriate to their ML/TF risk level — at least every two years for nested services (Rules 2025, 6-26), and more frequently for higher-risk clients. Your business's overall ML/TF risk assessment must be reviewed at least every three years (Amendment 2024, s. 26D).
Rescreen all individuals against updated sanctions and PEP lists
Reassess immediately if ownership structure changes or suspicious activity is detected
❄️ A note on these examples: Every client relationship is different, and your AML/CTF program should reflect your specific risk assessment. AUSTRAC's starter kits include their own examples for each industry. Download yours from AUSTRAC's program starter kits page.
How to enroll with AUSTRAC as a Tranche 2 entity
AUSTRAC enrollment opened 31 March 2026. Here are the steps to enroll:
Determine if you're a reporting entity. Review AUSTRAC’s designated services list to confirm whether your business falls under Tranche 2
Gather required information. This includes business identifiers such as your legal name and any registered or other names, Australian Business Number (ABN) if applicable, and ASIC identifiers if applicable. It also includes information about your business structure (sole trader, association, co-operative, company, etc.), beneficial owners (full name and date of birth), operations (number of employees, approximate annual turnover, etc.), and more.
Enroll via AUSTRAC's online portal. Visit AUSTRAC's enrollment page and follow the prompts.
Receive your enrollment confirmation. AUSTRAC will issue a confirmation once your enrollment is complete. Keep this documentation as part of your compliance records.
Tranche 2 enrollment deadline
You can enroll now (enrollment opened 31 March), but you only need to apply to enroll within 28 days of commencing designated services starting 1 July. That means if you start providing designated services on 1 July, the deadline is 29 July. Enrolling early means you're ready to take on clients from day one without the clock ticking.
AUSTRAC’s program starter kits for Tranche 2
AML/CTF compliance can be overwhelming. To help, AUSTRAC has released industry-specific program starter kits, which contain templates and guidance documents that walk you through building your AML/CTF program.
AUSTRAC offers starter kits for:
AUSTRAC has not yet published a dedicated starter kit for trust and company service providers. If you fall into this category, AUSTRAC recommends adapting the guidance for the closest applicable profession or contacting AUSTRAC directly.
These starter kits include:
A risk assessment covering the common risks faced by your profession
Policies that outline what you must do and when
Processes that explain how AML/CTF tasks are carried out day to day
Forms to record information and demonstrate compliance, along with steps to customize the documents
Tips on how to deal with clients and manage personnel
Information on keeping your program up-to-date and effective
Note: While these starter kits provide a strong foundation, they're templates, not turnkey solutions. You'll still need to tailor them to your business's specific risk profile, customer base, and operational model. And critically, you'll need technology to actually execute the verification, monitoring, and reporting processes the program describes.
Timeline for Tranche 2 compliance
AUSTRAC enrollment is open now, and the 1 July deadline is weeks away. If you haven't started yet, here's what a realistic preparation timeline looks like:
ASAP:
Enroll with AUSTRAC if you haven't already (reminder: you must apply within 28 days of commencing designated services starting 1 July)
By late May:
Complete your risk assessment
Select a KYC/KYB solution
By early June:
Develop your AML/CTF program using AUSTRAC's starter kits
By mid-June:
Train staff on AML/CTF obligations and red flags
By late June:
Implement and test your verification workflows before go-live
What are the penalties for non-compliance?
Non-compliance with Tranche 2 obligations carries serious consequences. AUSTRAC has significant enforcement powers and a track record of imposing substantial penalties.
Financial penalties
Under the AML/CTF Act, penalties can reach up to 20,000 penalty units for individuals and 100,000 penalty units for corporations, and they apply per violation, meaning repeated or systemic failures can compound quickly. Visit AUSTRAC's consequences of non-compliance page for current penalty unit values.
Civil penalties for failure to enroll
Failure to enroll with AUSTRAC is a civil penalty violation under Section 51B of the AML/CTF Act. You must apply within 28 days of commencing designated services, meaning if you start on 1 July, you must submit your application by 29 July.
AUSTRAC's enforcement history
AUSTRAC takes enforcement seriously. In one of the largest civil penalties in Australian corporate history, the regulator issued an AUD $1.3 billion penalty.
While Tranche 2 businesses may not face penalties of that magnitude, the precedent is clear: AUSTRAC will pursue enforcement action for serious or repeated violations.
Other consequences
Beyond financial penalties, non-compliance can result in:
Enforceable undertakings requiring you to implement specific remediation measures
External audits at your expense
Restrictions on your ability to operate or provide designated services
Reputational damage that can affect client relationships and business development
Loss of professional licenses or memberships in industry bodies
Note: Enforceable undertakings (s. 197) and external audits (s. 162) are direct AUSTRAC enforcement powers under the AML/CTF Act. Reputational damage and loss of professional licenses are practical consequences that may arise separately through professional bodies and industry associations.
How Persona helps Tranche 2 entities get compliant fast
Persona already powers AML/CTF compliance for banks and fintechs worldwide, which means Tranche 2 entities can use what's already deployed and proven without waiting for new features to ship.
Getting started doesn't require developers or IT resources. With Persona's Hosted Flow, you can spin up a sandbox and run your first verification in minutes. Simply send clients a secure verification link. They complete identity checks, selfies, and database verification on their own device, and results appear in your dashboard automatically.
From there, Persona handles the verification capabilities AUSTRAC expects: Australian government ID and selfie verification, Document Verification Service (DVS) checks through Persona's accredited data partner, watchlist and PEP screening, and KYB with ABR and ASIC registry lookups.
Ongoing monitoring runs in the background, continuously rescreening customers against updated sanctions, PEP, and adverse-media lists. When a new match surfaces, Persona alerts your team and can route the customer back through a re-verification workflow you define. Every verification, screening result, and case decision is logged in Persona's system of record, and the platform's default retention aligns with the seven-year record-keeping AUSTRAC requires.
Whether you're a solo practitioner or a multi-office firm, Persona scales to meet your needs. Start for free or request a demo today.
FAQs
Who does Tranche 2 apply to, and what's changing on July 1?
Toggle description visibility
Tranche 2 applies to lawyers, accountants, real estate agents, conveyancers, precious metals dealers, and trust and company service providers. Starting 1 July 2026, these businesses must verify customer identities, screen against watchlists, report suspicious activity, and maintain seven-year records when providing designated services.
What are the key dates and path to Tranche 2 compliance?
Toggle description visibility
Key dates:
31 March 2026: AUSTRAC enrollment opened
1 July 2026: Tranche 2 obligations commence
Your compliance checklist:
Enroll with AUSTRAC immediately (if you haven't already)
Conduct a risk assessment
Choose your KYC/KYB solution
Develop your AML/CTF program using AUSTRAC's starter kits
Train your team
Test your verification workflows before you start providing designated services
See our complete timeline section above for detailed milestones.
What counts as a designated service?
Toggle description visibility
Designated services are specific activities that trigger AML/CTF obligations. Examples include lawyers handling property transactions or managing client assets, accountants providing financial planning with client funds, real estate agents representing buyers/sellers, conveyancers managing settlements, precious metals dealers facilitating high-value sales, and trust/company service providers establishing entities for clients.
See the "What are designated services?" section above for an industry-by-industry breakdown.
What are the new customer due diligence requirements?
Toggle description visibility
The 2024/2025 reforms shifted from prescriptive document checklists to outcome-based verification: "take reasonable steps" using "reliable and independent data." This gives you flexibility to match verification methods to customer risk.
How do I build an AML/CTF program?
Toggle description visibility
Your AML/CTF program must comprise two elements: (1) an ML/TF risk assessment and (2) AML/CTF policies. Your policies must cover areas including customer due diligence, designating a compliance officer, employee training, and scheduling independent reviews. Record-keeping and suspicious matter reporting are separate statutory obligations under the AML/CTF Act. (Amendment 2024, s. 26B, 26F)
Start with AUSTRAC's free program starter kits, then customize them to your business's risk profile and operational model.
How do I enroll with AUSTRAC?
Toggle description visibility
Visit AUSTRAC's enrollment portal, confirm your business details (ABN, structure, designated services, etc.), and designate your compliance officer. Your application for AUSTRAC enrollment must be submitted within 28 days of commencing designated services starting 1 July. Failure to enroll is a civil penalty violation.
What are the penalties for non-compliance?
Toggle description visibility
Penalties can reach up to 20,000 penalty units for individuals and 100,000 penalty units for corporations per violation. Key violations include: failure to enroll, failure to verify customers, failure to report suspicious activity, and failure to maintain seven-year records.
AUSTRAC has stated that it will take a supportive approach during the initial transition but will prioritize enforcement for entities that wilfully ignore the obligation to enroll or are complicit with, or wilfully blind to, money laundering in their business. (AUSTRAC Regulatory Expectations, austrac.gov.au)
What identity verification or KYC software do I need for Tranche 2 compliance?
Toggle description visibility
You need a solution that handles Australian government ID verification (driver's licenses, passports), database checks (DVS), watchlist and PEP screening, business verification (ASIC checks, beneficial owner identification), ongoing monitoring, and seven-year audit trails.
Persona already supports existing Australian reporting entities with identity verification and AML/CTF compliance. Our Hosted Flow requires no coding: send clients a verification link, they complete it on their device, and Persona automatically creates the audit trail AUSTRAC requires.