The countdown has officially begun. On 31 March 2026, AUSTRAC opened enrolment for approximately 90,000 new reporting entities, including thousands of Australian law firms, under the landmark AML/CTF Amendment Act 2024. With full compliance obligations taking effect from 1 July 2026, legal practices now have precisely 90 days to register with the regulator, establish their AML/CTF programmes, and ensure they are ready to meet their new obligations.

This is not a theoretical future event. Tranche 2 is here, and the window to prepare is narrowing fast.

What Happened on 31 March

AUSTRAC's enrolment portal for Tranche 2 entities (i.e. lawyers providing designated services, accountants, real estate agents, buyers' agents, and property developers) went live on 31 March 2026. Registration is the first formal step in bringing these professions into Australia's anti-money laundering and counter-terrorism financing regime, closing a gap that the Financial Action Task Force (FATF) has repeatedly identified as a systemic vulnerability in Australia's financial crime defences.

The enrolment requirement applies to any legal practitioner who provides "designated services" as defined under the amended AML/CTF Act. These include conveyancing, trust account management, company formation, and the management of client funds or assets etc. In short, activities that sit at the intersection of legitimate legal practice and money laundering risk.

Law firms that provide these services must enrol with AUSTRAC before 1 July 2026, when the full suite of compliance obligations comes into force.

What Compliance Looks Like from 1 July

Once the compliance date arrives, registered entities will be required to meet a comprehensive set of obligations under the AML/CTF Act and the new AML/CTF Rules 2025, which AUSTRAC tabled on 29 August 2025. The core requirements include:

Developing and maintaining a written AML/CTF programme tailored to the firm's risk profile and the designated services it provides. This programme must address customer identification and verification procedures, ongoing customer due diligence, and enhanced due diligence for higher-risk clients and transactions.

Appointing an AML/CTF compliance officer with appropriate seniority and authority within the firm, responsible for overseeing the programme's implementation and ensuring it remains fit for purpose.

Conducting customer due diligence (CDD) on a risk-based approach. This means identifying and verifying clients before providing designated services, screening for politically exposed persons (PEPs) and sanctions, and assessing the money laundering and terrorism financing risks associated with each engagement.

Providing staff training so that all relevant personnel understand their obligations, can recognise suspicious activity, and know how to escalate concerns through the firm's internal reporting channels.

Filing suspicious matter reports (SMRs) with AUSTRAC where there are reasonable grounds to suspect that a transaction or client activity may be linked to money laundering, terrorism financing, or other serious criminal conduct.

Maintaining records of all CDD activities, risk assessments, and compliance decisions for a minimum of seven years.

AUSTRAC's Guidance and Support

Recognising that many of these entities have never operated within an AML/CTF framework, AUSTRAC has released sector-specific guidance for legal practitioners and accountants, published in late January 2026. The guidance covers how the risk-based approach applies to professional services, what constitutes adequate customer identification, and how to structure an AML/CTF programme for a small or mid-sized practice.

AUSTRAC has also published starter programme kits for small, low-complexity businesses. These are a practical acknowledgement that a sole practitioner's compliance programme will look materially different from that of a national full-service firm. Professional bodies including the Law Society of New South Wales, the Law Council of Australia, and CPA Australia have also issued supplementary guidance to their members.

MinterEllison's recent analysis of the AUSTRAC guidance notes that the regulator is taking a deliberately supportive approach in the initial implementation phase, while making clear that ignorance of the obligations will not be a defence once the regime is in force.

Why Law Firms Should Act Now

Ninety days sounds manageable until you consider what needs to happen within that window. Firms that have not yet begun preparing will need to assess which of their services fall within the designated services definition, enrol with AUSTRAC, draft or procure an AML/CTF programme, select and implement identity verification and screening tools, train their staff, and establish internal reporting procedures. This is all before 1 July.

Comprehensive tech platforms for AML, client onboarding and lifecycle management such as Legl can significantly compress this timeline by providing automated identity verification, PEP and sanctions screening, risk scoring, and audit-ready record-keeping. But even with technology assistance, firms need to make governance decisions, assign compliance responsibilities, and build internal awareness. These are not tasks that can be completed in a week.

The cost of inaction is significant. AUSTRAC has a well-documented enforcement track record (including the landmark $1.3 billion penalty against Westpac in 2020) and has signalled that it intends to actively supervise the new Tranche 2 entities. Civil penalties for non-compliance with the AML/CTF Act can reach up to $22.2 million for a body corporate per contravention.

Key Takeaways for Compliance Officers

• Enrol now. AUSTRAC's Tranche 2 enrolment portal is live. Registration is the essential first step and should not be delayed.
• Assess your designated services. Not all legal work triggers AML/CTF obligations. Map your practice areas against the designated services definition to determine the scope of your compliance programme.
• Build or procure your AML/CTF programme. AUSTRAC's sector-specific guidance and starter kits provide a practical foundation. Engage support from a client lifecycle management platform to automate CDD, screening, source of funds, risk assessments and record-keeping.
• Appoint your compliance officer. This must be someone with sufficient seniority and authority to oversee the programme. The role carries personal accountability.
• Train your staff before 1 July. Every person involved in providing designated services needs to understand their obligations and know how to escalate suspicious activity.

Looking Ahead

The opening of Tranche 2 enrolment marks the beginning of the end of Australia's long-standing exemption for legal and accounting professionals from AML/CTF regulation. The coming months will be critical, not just for individual firms getting compliance-ready, but for the profession as a whole in establishing the standard of engagement that AUSTRAC and the broader regulatory community expect. Firms that move early will be best positioned to manage the transition smoothly; those that wait risk facing both regulatory consequences and a scramble for compliance resources as the deadline approaches.

This article is for informational purposes and does not constitute legal advice. Law firms should seek independent legal counsel regarding their specific AML/CTF compliance obligations.