DNFBPs under AML Tranche 2: who counts as a designated non-financial business

A DNFBP (designated non-financial business or profession) is a business outside the traditional banking and finance sector that provides services capable of being misused for money laundering or terrorism financing — and that, under Australia's "Tranche 2" reforms, now falls within the anti-money laundering and counter-terrorism financing regime. In practical terms, if you are an Australian lawyer, conveyancer, accountant, real estate professional, trust or company service provider, or a dealer in precious metals and stones, you are very likely a DNFBP and must comply with the AML/CTF Act once the reforms take effect.

The reforms extend obligations long applied to banks, remitters and other financial institutions to roughly 90,000 additional entities. They were enacted through amendments to the *Anti-Money Laundering and Counter-Terrorism Financing Act 2006*, with the regulator, AUSTRAC, responsible for supervision. The change closes a gap that the Financial Action Task Force (FATF) had criticised for years: that professional "gatekeepers" facilitating property deals, corporate structures and high-value asset purchases sat outside Australia's framework.

What is a DNFBP in Australia?

"DNFBP" is the internationally recognised FATF term for non-financial businesses whose services can be exploited to move or disguise illicit funds. Australia's first tranche (from 2006) covered banks, casinos, money remitters and similar financial businesses. "Tranche 2" is the long-delayed second phase that brings designated non-financial businesses and professions into scope.

The defining feature of the regime is that obligations attach to designated services, not to industries in the abstract. A business becomes a "reporting entity" only when it provides a service that the Act lists as designated. Many DNFBPs provide a mix of work, only some of which is captured.

Once captured, a DNFBP carries the same core obligations as any other reporting entity:

• enrol (and, where required, register) with AUSTRAC — see AML/CTF enrolment
• maintain an AML/CTF program tailored to the business's money-laundering and terrorism-financing risks
• conduct customer due diligence, including identifying customers and, where relevant, beneficial owners
• report suspicious matters and certain threshold transactions
• keep records for the period required by the Act

Who counts: the Tranche 2 sectors

AUSTRAC has confirmed the broad professional groups expected to be brought in. The main DNFBP sectors are:

• Legal practitioners — when providing captured services such as managing client money, conveyancing, or assisting with the creation or sale of legal structures
• Conveyancers — handling real property transfers
• Accountants and bookkeepers — when providing captured services such as forming companies or trusts, acting as a registered agent, or managing client funds
• Real estate professionals — agents and others involved in buying and selling real estate; property developers selling directly
• Trust and company service providers (TCSPs) — forming companies, acting as (or arranging) directors, trustees or nominee shareholders, or providing registered office services
• Dealers in precious metals and precious stones — businesses trading in high-value bullion, gold, gemstones and similar above the relevant transaction value

To check whether a particular business model is captured, use the AML Tranche 2 scope tool, which maps common service lines to the designated-service tests.

It is the service, not the job title, that counts

This is the single most important point for DNFBPs to grasp. Being an accountant or a lawyer does not, by itself, trigger the regime. Providing a designated service does.

For example, a solicitor giving litigation advice or appearing in court is generally not providing a designated service. The same solicitor administering a client trust account for a property settlement, forming a company on a client's behalf, or transferring real estate may well be. The Law Society of NSW and equivalent professional bodies have published guidance on where this line falls for legal services.

Two consequences follow:

1. You must map your service lines. A firm may have some captured and some non-captured work. The captured work brings the whole entity into the regime, but the program and due-diligence effort should focus on the captured services.
2. Mixed practices need care. Many small and medium professional firms will find only part of their work is in scope — but "part" is enough to require enrolment and a compliant program.

Always confirm the precise designated-service definitions against the AML/CTF Act and AUSTRAC's published rules, as the statutory wording (not a sector label) governs.

Key dates and timing

The reforms follow a staged commencement. The key milestones are:

AUSTRAC has indicated a defined enrolment window for Tranche 2 entities in the months around commencement. Because exact cut-off dates and any transitional arrangements can shift, confirm your specific enrolment deadline directly with AUSTRAC rather than relying on summaries.

A DNFBP should not wait until the commencement date to act. An AML/CTF program, customer due diligence procedures and staff training take time to build and embed, and the obligation to have them operational arrives on day one.

What DNFBPs need to do

A practical sequence for a newly captured DNFBP:

• Confirm scope. Identify whether — and which of — your services are designated services. Document the assessment.
• Enrol with AUSTRAC. Complete enrolment within the applicable window. See AML/CTF enrolment.
• Build an AML/CTF program. Conduct a money-laundering/terrorism-financing risk assessment of your business, customers, services, delivery channels and jurisdictions, then design controls proportionate to that risk.
• Stand up customer due diligence. Implement procedures to identify and verify customers, and to identify beneficial owners of corporate and trust clients. See customer due diligence.
• Set up reporting and record-keeping. Establish processes for suspicious matter reports, any threshold transaction reports, and compliant record retention.
• Train staff and appoint a compliance officer. Ensure the people delivering captured services understand their obligations.

Common pitfalls and edge cases

• Assuming you are exempt because you are "just" a professional. The regime targets gatekeeper services, not balance sheets. Small firms are not automatically out of scope.
• Treating it as a one-off project. AML/CTF compliance is ongoing: risk assessments and programs must be reviewed and kept current.
• Confusing this with privacy reform. The Tranche 2 AML changes are separate from the *Privacy Act* reforms. Some Privacy Act measures (such as the statutory tort for serious invasions of privacy) are enacted, while the proposed removal of the small-business exemption remains a proposal and is not yet legislated with a settled commencement date — do not conflate the two reform programs.
• Over- or under-scoping. Capturing every service as designated wastes effort; missing a captured service creates legal exposure. Map carefully and document your reasoning.
• Relying on secondary summaries for dates and definitions. Penalties, thresholds and timing should be confirmed against the Act and AUSTRAC's current guidance before you rely on them.

If you are unsure whether your business is a DNFBP, start with the AML Tranche 2 scope tool and then verify against the primary source — the *Anti-Money Laundering and Counter-Terrorism Financing Act 2006* and AUSTRAC's published rules and guidance.