AML/CTF Tranche 2: Customer Due Diligence and Mandatory Reporting for Law Firms
From 1 July 2026, Australian law firms providing "designated services" must comply with new anti-money laundering and counter-terrorism financing (AML/CTF) requirements under Tranche 2 reforms.
This affects approximately 16,000 legal practices across Australia, fundamentally changing how firms onboard and monitor clients. The new obligations focus on mitigating money laundering (ML) and terrorism financing (TF) risks through structured risk assessment, enhanced due diligence, and suspicious activity reporting.
What Are "Designated Services"?
Designated services include legal services involving:
Real estate transactions (buying, selling, or managing property)
Managing client money, securities, or other assets
Managing bank, savings, or securities accounts
Organising contributions for company formation, operation, or management
Creating, operating, or managing legal persons or arrangements (including trusts and companies)
If your firm provides any of these services, you become a reporting entity under the AML/CTF Act.
Core Requirements: Customer Due Diligence (CDD) and Risk Management
Law firms will need to move beyond standard client identity confirmation to implement comprehensive, risk-based AML/CTF programs.
What AML/CTF Adds to Client Onboarding
Reporting entities must establish robust procedures for verifying customers and understanding ownership structures:
Formal Risk Classification: Institute a system for rating customers as low, medium, or high-risk based on your AML/CTF program.
Customer Identity Verification (KYC): Collect personal information and verify the person's identity against independent, reliable sources using government-approved methods.
Business Identity Verification (KYB): Verify the business entity itself, then map complete beneficial ownership and corporate control structures—going beyond merely verifying the client representative who instructed you.
Politically Exposed Person (PEP) and Sanctions Screening: Mandatory screening against current PEP and sanctions lists:
Foreign PEPs (individuals holding prominent public functions in foreign countries) are always classified as high-risk and require enhanced due diligence measures
Domestic PEPs require enhanced measures only when your risk assessment indicates high risk
All PEP classifications require enhanced measures including source of wealth/funds documentation and ongoing monitoring
Source of Wealth and Source of Funds Verification: Require documentation explaining the origin of a customer's overall wealth and the specific funds being used for higher-risk customers.
Ongoing Monitoring: Implement continuous transaction monitoring systems throughout the client relationship.
Risk-Based CDD and Enhanced Due Diligence (EDD) Examples
Low-Risk Scenario
An individual seeking standard legal advice or document preparation
Customer Due Diligence:
Verify the individual's identity against an independent source in line with your program requirements
Conduct PEP and sanctions screening
Document the service purpose and risk classification
High-Risk Scenario Triggering Enhanced Due Diligence
An overseas individual funding a property transaction via complex foreign entities
Customer Due Diligence:
Complete verification of the instructing party in line with your program
Conduct full beneficial ownership verification of the foreign trust or entity structure
Conduct PEP and sanctions screening
Apply Enhanced Customer Due Diligence measures, which may include (depending on your program):
Source of wealth and source of funds documentation
Senior management approval workflows, recorded and reviewed by your AML Compliance Officer (AMLCO)
Rate as higher risk based on your program and apply continuous monitoring for potential suspicious matters
Ongoing Monitoring Requirements
Firms must conduct continuous monitoring throughout the client relationship. Watch for patterns that do not fit the client's expected behaviour, including:
Sudden changes in transaction structures or complexity
Inconsistent or unexplained funding sources
Multiple properties purchased in short periods
Attempts to obscure beneficial ownership
Transactions with no clear legal or business purpose
Unusual urgency or secrecy requests
Mandatory Reporting Obligations for Law Firms
Law firms must lodge specific reports with AUSTRAC. The three most common reports are:
1. Suspicious Matter Reports (SMRs)
Lodge an SMR when you have reasonable grounds to suspect a client or matter may be linked to:
Money laundering or terrorism financing
Sanctions breaches
Fraud, bribery, corruption, or other serious offences
Identity concerns or fraudulent documentation
Unusual matters with no clear business or legal purpose, unusually complex structures, or inconsistent with the client's profile
Example: A client offers to pay rates significantly higher than usual for a settlement task outside your normal service area, then indicates funds will come from an offshore account under a different name.
2. Threshold Transaction Reports (TTRs)
Submit a TTR whenever your firm receives cash or cash equivalent of AUD $10,000 or more in a single transaction or matter, even if the transaction appears legitimate.
Example: A prospective client presents $15,000 in cash to be held in trust for payment of legal services.
3. Annual AML/CTF Compliance Report
Every reporting entity must submit this report annually to AUSTRAC by 31 March, covering the previous calendar year.
The report demonstrates how your firm is meeting its obligations, including:
Status of AML/CTF policies and procedures
Staff training completion
Record-keeping practices
Compliance reporting activities
Independent reviews undertaken
Making the Transition
Ready to prepare for AML/CTF Tranche 2 while building on your existing client verification practices? VerifiMe bridges your current trust account and client identification procedures with new regulatory requirements, ensuring seamless transition and ongoing compliance efficiency.
Contact VerifiMe to discuss how our shareable identity wallet transforms regulatory compliance from repetitive burden into competitive advantage.
Disclaimer: The content on this website is general and is not legal advice. Before you make a decision or take a particular action based on the content on this website, you should check its accuracy, completeness, currency and relevance for your purposes. You may wish to seek independent professional advice.
