Rules Mate
PlaybooksBottom-funnel persona playbook

AML/CTF playbook for law firms and conveyancers

Tranche 2 from 1 July 2026 — which legal services are designated services under Schedule 1, Table 1 of the AML/CTF Act 2006, client identification and beneficial-owner verification, trust account interaction, PEP screening, ECDD, SMR triggers, the tipping-off offence, Part A and Part B program design, the AMLCO role, and how Tranche 2 sits with the Legal Profession Uniform Law trust account regime.

20 obligations3 deadlines16 cross-linked articles

Key deadlines — next 12 months

  • 29 July 2026AUSTRAC enrolment deadline (Tranche 2)
  • 31 March 2027First AUSTRAC Compliance Report (ACR)
  • Within 3 business daysLodge any SMR after suspicion formed
  • Within 10 business daysLodge any TTR (cash ≥$10,000) or IFTI

Does this apply to me?

Answer yes to any of the below and the obligations in this playbook are likely relevant.

  • 1Are you a solicitor, barrister, conveyancer or notary providing legal services in or from Australia?
  • 2Do you act for a client in any of these designated services: buying or selling real estate; managing client money, securities or other assets; creating, operating or managing a company, trust or other legal arrangement; buying or selling a business entity?
  • 3Do you act as, or arrange for someone to act as, a nominee director, nominee shareholder or trustee?
  • 4Do you operate a trust account for client money under the Legal Profession Uniform Law (or state equivalent)?
  • 5Do you act in cross-border transactions involving foreign purchasers, offshore corporates, or trusts in higher-risk jurisdictions?

Plain English summary

Tranche 2 of the AML/CTF Act commenced on 1 July 2026. Lawyers, conveyancers and notaries are now reporting entities. The designated services schedule (Schedule 1, Table 1 of the AML/CTF Act 2006, as amended by the AML/CTF Amendment Act 2024) captures specific activity — not the practice of law generally. Court advocacy, dispute resolution and pure advice are not designated services. The trigger is transactional: real-estate transfer, managing client money, forming a company or trust, acting as a nominee director or trustee, or assisting with the sale of a business.

The interaction with the Legal Profession Uniform Law trust account regime is the operational pinch-point. Trust accounts already have rigorous deposit, withdrawal and audit rules under the Uniform Law. AUSTRAC adds a layer on top: KYC on every party paying into or being paid from the trust account, threshold transaction reports (TTR) for cash ≥AUD 10,000, and suspicious matter reports (SMR) where the transaction smells of structuring, layering or proceeds of crime. The legal professional privilege carve-out in s 242 of the AML/CTF Act 2006 protects narrow communications but does not displace KYC, record-keeping or reporting.

AUSTRAC's Tranche 2 sector guidance for the legal profession walks through the matter-by-matter analysis: a property settlement is captured (real-estate transfer + trust account); a litigation file with a settlement payment may or may not be; advice on tax structuring is not captured but the company formation that follows is. The AMLCO function cannot be outsourced — sole practitioners are the AMLCO by default.

This playbook lists every obligation that applies to a Tranche 2 law firm or conveyancer, the section of the Act it sits under, who in the firm is accountable, the frequency, the maximum penalty, and a regulator-direct source. Cross-link to the AML Tranche 2 scope checker and beneficial owner identifier for the practical pieces.

Obligation checklist

Every obligation cites the Act and section. Source URLs link to the regulator's portal — Rules Mate does not republish statutory text.

  1. 1

    AML/CTF Act 2006, s 51B (enrolment)

    Enrol the firm with AUSTRAC as a reporting entity within 28 days of first providing a designated service. Tranche 2 entities operating from 1 July 2026 must enrol by 29 July 2026.

    Who's responsible
    Managing partner / sole practitioner / Principal conveyancer
    Frequency
    One-off (plus updates within 14 days of material change)
    Penalty
    $19,800 per day continuing offence (60 penalty units per day, body corporate).
    Full obligation page →
  2. 2

    AML/CTF Act 2006, Part 7 + AML/CTF Rules Part 8 (Part A program)

    Adopt and maintain a written Part A AML/CTF program — a risk assessment by client type, matter type (real estate, business sale, trust formation), jurisdiction, channel and beneficial-ownership complexity. Approved by the principal of the firm.

    Who's responsible
    Managing partner / sole practitioner
    Frequency
    Ongoing, reviewed at least annually
    Penalty
    Civil penalty up to $33M per contravention (body corporate); criminal liability for senior officers in serious cases.
    Full obligation page →
  3. 3

    AML/CTF Rules Part 8.4 (Part B program — KYC procedures)

    Document Part B procedures: client identification (individuals, companies, trusts, partnerships, foreign-domiciled clients); beneficial-owner identification (≥25% control or ownership); source-of-wealth and source-of-funds for higher-risk matters; ongoing client due diligence; matter-monitoring rules.

    Who's responsible
    AMLCO + engagement partner
    Frequency
    Ongoing
    Penalty
    Each unverified client can be a separate civil penalty contravention.
    Full obligation page →
  4. 4

    AML/CTF Act 2006, s 41A (beneficial owner identification)

    Identify and verify every beneficial owner (natural persons with ≥25% ownership or control) for non-individual clients. For trust clients: identify settlor, trustees, beneficiaries, and any person with control. For complex layered structures: trace to natural-person ultimate controllers.

    Who's responsible
    AMLCO + engagement partner
    Frequency
    At engagement + on structural change
    Penalty
    Each unverified beneficial owner is a separate breach.
  5. 5

    AML/CTF Rules Part 4.13 (PEPs — politically exposed persons)

    Screen every client and beneficial owner against PEP lists (foreign, domestic, international organisation). PEPs trigger Enhanced Customer Due Diligence: senior-partner approval to act, source-of-wealth, source-of-funds and ongoing monitoring.

    Who's responsible
    AMLCO
    Frequency
    At onboarding + on client-risk change
    Penalty
    Civil penalty regime to AML/CTF Act maximum.
    Full obligation page →
  6. 6

    Charter of the United Nations Act 1945 + Autonomous Sanctions Act 2011

    Screen every client and beneficial owner against the DFAT Consolidated List of sanctioned persons and entities before acting. Refuse to act if a confirmed sanctions hit is identified.

    Who's responsible
    AMLCO
    Frequency
    At engagement + ongoing (DFAT list updated weekly)
    Penalty
    Criminal — up to 10 years imprisonment; strict liability for the conduct.
    Full obligation page →
  7. 7

    AML/CTF Act 2006, ss 41-42 (SMR — suspicious matter reports)

    Lodge an SMR via AUSTRAC Online within 3 business days of forming a suspicion (24 hours for terrorism financing). Document the suspicion-formation reasoning in a privileged file note before lodging. Common triggers: structured cash deposits, third-party settlements with no commercial logic, client refusing to provide source-of-funds, instruction to layer transactions through multiple trust accounts.

    Who's responsible
    AMLCO (with input from engagement partner)
    Frequency
    Event-driven
    Penalty
    Failure to report: civil penalty up to $33M. Tipping off the client: 2 years imprisonment.
    Full obligation page →
  8. 8

    AML/CTF Act 2006, s 43 (TTR — threshold transaction reports)

    Lodge a TTR within 10 business days for any cash transaction of AUD 10,000 or more (including the foreign-currency equivalent). For law firms this typically arises on trust-account cash deposits or cash-funded settlements.

    Who's responsible
    AMLCO + trust-account manager
    Frequency
    Event-driven
    Penalty
    Civil penalty up to $33M per contravention.
    Full obligation page →
  9. 9

    AML/CTF Act 2006, ss 45-46 (IFTI — international funds transfer instructions)

    Lodge an IFTI report within 10 business days of instructing or receiving an international funds transfer through the firm's trust account on behalf of a client.

    Who's responsible
    AMLCO + trust-account manager
    Frequency
    Event-driven
    Penalty
    Civil penalty up to $33M per contravention.
  10. 10

    AML/CTF Act 2006, s 47 (ACR — annual compliance report)

    Lodge the AUSTRAC Compliance Report (ACR) by 31 March each year covering the prior calendar year. Self-attestation to enrolment, program, training, independent review and CDD posture.

    Who's responsible
    AMLCO
    Frequency
    Annual — calendar-year basis, lodged by 31 March
    Penalty
    Failure to lodge: civil penalty + AUSTRAC remediation directions.
  11. 11

    AML/CTF Act 2006, s 36 (ongoing customer due diligence)

    Apply ongoing CDD: matter-by-matter risk reassessment, periodic re-verification, and trigger-based review where a client's circumstances change (PEP status change, change of beneficial owners, suspicious activity).

    Who's responsible
    AMLCO + engagement partner
    Frequency
    Ongoing
    Penalty
    Civil penalty regime to AML/CTF Act maximum.
  12. 12

    AML/CTF Rules Part 15 (Enhanced Customer Due Diligence)

    Apply ECDD for higher-risk matters: PEPs, complex ownership, high-risk jurisdictions, clients unwilling to provide source-of-funds, large cash settlements. Document senior-partner approval to act.

    Who's responsible
    AMLCO
    Frequency
    Event-driven
    Penalty
    Civil penalty regime to AML/CTF Act maximum.
  13. 13

    AML/CTF Act 2006, s 123 (tipping-off offence)

    Do not disclose to the client or any other person that an SMR has been lodged or is being prepared, that AUSTRAC has been notified, or that information has been requested by AUSTRAC. Exceptions in s 123 allow limited disclosure within the firm and to legal advisers.

    Who's responsible
    Every employee, partner and contractor
    Frequency
    Continuous
    Penalty
    2 years imprisonment and/or 120 penalty units ($39,600).
  14. 14

    AML/CTF Act 2006, s 242 (legal professional privilege carve-out)

    Communications that attract legal professional privilege are protected from disclosure to AUSTRAC under s 242. The carve-out is narrow: it protects the privileged communication itself, not the underlying transaction, KYC records, trust-account entries or fact of acting. SMR and TTR obligations are not displaced.

    Who's responsible
    AMLCO + engagement partner
    Frequency
    Continuous
    Penalty
    Misapplied privilege claim does not protect against penalty for failure to report or maintain CDD.
  15. 15

    AML/CTF Act 2006, Part 10 (record-keeping)

    Keep KYC records, transaction records, trust-account records, SMR working papers, training records and program documents for 7 years after the client relationship ends or the transaction occurred.

    Who's responsible
    AMLCO + practice manager
    Frequency
    Continuous (7-year retention)
    Penalty
    Civil penalty up to $33M per contravention.
  16. 16

    AML/CTF Rules Part 8.6 (independent review)

    Arrange an independent review of the Part A program at risk-based intervals. Lower-risk small firms: every 2-3 years. Higher-risk (international, complex structuring, prestige property): annually. Reviewer must be independent of those who designed the program.

    Who's responsible
    Managing partner (commission), AMLCO (manage delivery)
    Frequency
    Risk-based; minimum every 2 years
    Penalty
    Same regime as AML/CTF Act breaches; informs AUSTRAC enforcement posture.
    Full obligation page →
  17. 17

    AML/CTF Rules Part 8.2 (AML/CTF Compliance Officer)

    Designate a senior employee as AMLCO with seniority, authority and resources to discharge the function. Cannot be outsourced. Sole practitioners are the AMLCO by default.

    Who's responsible
    Managing partner
    Frequency
    Continuous; reappoint on departure
    Penalty
    Civil penalty regime to AML/CTF Act maximum.
    Full obligation page →
  18. 18

    AML/CTF Rules Part 8.3 (AML/CTF training)

    Deliver AML/CTF training to every legal-services-providing employee + partner + AMLCO. Annual refresher. Record attendance and content. Cover red flags specific to law firms — third-party payers, layering through trust accounts, structuring, foreign-PEP property purchases.

    Who's responsible
    AMLCO
    Frequency
    On hire, then annual
    Penalty
    Civil penalty regime to AML/CTF Act maximum.
  19. 19

    Legal Profession Uniform Law (NSW + VIC + WA) — trust account regime

    Maintain trust account in compliance with the Uniform Law: deposit on business day of receipt, separate ledgers, designated approvers, monthly trust account statements, annual external examination by an approved external examiner.

    Who's responsible
    Trust-account principal / Director of Trust Accounts
    Frequency
    Continuous; monthly statements; annual external examination
    Penalty
    Disciplinary proceedings; trust-account deficiency claims through the Fidelity Fund; potential criminal liability for misappropriation.
    Full obligation page →
  20. 20

    Legal Profession Uniform Law / state Legal Practice Acts — fit-and-proper

    Maintain practising certificate in good standing. A serious AML/CTF contravention is a fit-and-proper-person matter for the Legal Services Commissioner / state regulator — and can independently trigger disciplinary action.

    Who's responsible
    Every admitted practitioner
    Frequency
    Continuous
    Penalty
    Suspension or cancellation of practising certificate.

Deadlines

Pulled from the Rules Mate compliance calendar. Click through for the full deadline page.

Forms and regulator portals

Direct links to the lodgement forms and regulator portals. Rules Mate does not host copies — we link to the official source.

  • AUSTRAC Online enrolment form

    Web-based enrolment for reporting entities. Required within 28 days of first designated service.

    Open portal →

  • Suspicious Matter Report (SMR)

    Lodged via AUSTRAC Online. 3 business days from suspicion formation (24 hours for terrorism financing).

    Open portal →

  • Threshold Transaction Report (TTR)

    Lodged via AUSTRAC Online. 10 business days for cash transactions ≥AUD 10,000.

    Open portal →

  • International Funds Transfer Instruction (IFTI)

    Lodged via AUSTRAC Online. 10 business days from instruction or receipt.

    Open portal →

  • AUSTRAC Compliance Report (ACR)

    Annual self-attestation. Due 31 March each year, covering the prior calendar year.

    Open portal →

  • AUSTRAC industry-specific guidance for legal practitioners

    AUSTRAC sector guidance for the legal profession — designated services, KYC, PEP screening, SMR.

    Open portal →

Free tools that help

Interactive Rules Mate tools matched to this persona.

AML Tranche 2 scope checker

Use tool →

Beneficial owner identifier

Use tool →

Compliance calendar builder

Use tool →

Penalty estimator

Use tool →

What changes 2025–2026

31 March 2026 — AUSTRAC enrolment opens

Tranche 2 entities can enrol on AUSTRAC Online from 31 March 2026. Early enrolment is encouraged.

1 July 2026 — Tranche 2 commences

The AML/CTF Amendment Act 2024 extends the regime to lawyers, conveyancers, accountants, real estate agents, TCSPs and precious-metals dealers. Designated services provided from 1 July 2026 must be supported by an AML/CTF program from day one.

29 July 2026 — Enrolment deadline

Any Tranche 2 firm that provided a designated service between 1 July and 29 July 2026 must be enrolled by 29 July. Continuing offences accrue $19,800 per day after that.

31 March 2027 — First ACR

The first AUSTRAC Compliance Report for Tranche 2 lawyers and conveyancers covers H2 2026 and is due 31 March 2027.

2026-2027 — State Legal Services Commissioner coordination

The Legal Services Commissioners in NSW, Victoria and the other Uniform Law states have signalled they will treat AUSTRAC breaches as a fit-and-proper-person matter for practising certificates.

In-depth reading

16 Rules Mate articles tagged to this playbook.

Frequently asked

Are pure-advice and litigation files captured?

No. Court advocacy, dispute resolution and pure tax or commercial advice are not designated services. The trigger is transactional: real-estate transfer, managing client money, forming a company or trust, acting as nominee, or assisting with a business sale. A litigation file with a settlement payment may be captured if the firm administers settlement money through its trust account on behalf of the client.

Does legal professional privilege block KYC and SMR obligations?

No. Section 242 of the AML/CTF Act 2006 protects narrow privileged communications from disclosure, but does not displace KYC, beneficial-owner identification, transaction monitoring or SMR obligations. The fact of acting, KYC records and trust-account entries are not privileged.

Who is the customer where the firm acts for a corporate trust client?

The corporate trust client. KYC is on the trust (settlor, trustees, beneficiaries, controllers) and on each trustee. Beneficial-owner identification traces to natural-person ultimate controllers under s 41A. Both the corporate trustee and the underlying trust are subject to identification.

Can a sole practitioner be their own AMLCO?

Yes. The AML/CTF Rules require the AMLCO to be a senior employee with sufficient authority. For a sole practitioner that is the sole practitioner. Document the appointment in the Part A program and put a succession plan in place for incapacity.

How does Tranche 2 interact with trust-account audits under the Uniform Law?

They sit side-by-side. The annual external examination under the Uniform Law verifies trust-account integrity. The AUSTRAC AML/CTF program verifies KYC, monitoring and reporting on the persons paying into or receiving from the trust account. Some external examiners will offer AML add-on reviews; the AMLCO function and the independent review under AML/CTF Rules Part 8.6 remain separate obligations.

What enforcement should small firms expect in year one?

AUSTRAC has signalled an education-first posture for the first 12 months of Tranche 2 for genuine compliance failures. Tipping-off, refusal to enrol, and failure to lodge SMRs draw proceedings from day one. The bigger practical pressure for many firms is the Legal Services Commissioner's fit-and-proper-person regime — an AUSTRAC breach can independently trigger disciplinary action against practising certificates.

What about barristers acting on direct briefs?

Court advocacy is not a designated service. A barrister taking briefs from instructing solicitors generally is not providing a Tranche 2 designated service. Direct-brief work that involves arranging company or trust formation, or managing client money, may be captured matter-by-matter — review against the Schedule 1 designated services list.

Free assessment

Get a personalised obligation list

2-minute structured check tailored to your business.

AI advisor (waitlist)

Ask any compliance question

Coming Phase 2 — grounded answers with citations.

Last verified: 9 June 2026

Rules Mate provides citation-first reference material, not legal advice. Always consult a qualified professional for specific obligations.