ARTICLE
26 January 2026

Frequently Asked Questions (FAQs) On The Upcoming Commencement Of The AML/CTF Regime For Tranche 2 Entities In Australia

SG
Sophie Grace Pty Ltd

Contributor

Sophie Grace Pty Ltd logo
Sophie Grace is a leading Australian firm specialising in both compliance and legal services to participants within the financial services and credit industries. We have serviced Australian and international clients across the financial sector for over a decade. From obtaining the required licences to operate your business to the provision of ongoing compliance support, many businesses have benefited from Sophie Grace’s extensive knowledge in the financial and credit space. We take pride in our ability to offer tailored solutions to a broad range of businesses whilst keeping business practicalities and obligations to regulators at the forefront of our minds when delivering services and advice. Our consultancy services can equip you with assistance and clarity in your business endeavours.
Explore Firm Details
The AML/CTF Regime for Tranche 2 entities takes effect on 1 July 2026.
Australia Finance and Banking
Sarah Chapman
Your Author LinkedIn Connections
Sarah Chapman’s articles from Sophie Grace Pty Ltd are most popular:
  • in United States
  • with readers working within the Banking & Credit industries
Sophie Grace Pty Ltd are most popular:
  • within Privacy, Government and Public Sector topic(s)
  • with Senior Company Executives, HR and Finance and Tax Executives

General Overview and Timeline

Q. When does the AML/CTF Regime for Tranche 2 entities commence?

The AML/CTF Regime for Tranche 2 entities takes effect on 1 July 2026, so it's important for Tranche 2 entities to start considering the action they must take now.

Q. What is a Tranche 2 entity?

Tranche 2 entities are those that provide particular services in the following professions and businesses:

  • real estate professionals – such as real estate agents, buyer's agents and property developers
  • dealers in precious stones, metals and products
  • lawyers
  • conveyancers
  • accountants
  • trust and company service providers

Please click here to see whether the services you provide a caught by the AML/CTF regime for Tranche 2 entities.

Q. What are the key areas Tranche 2 entities must focus on?

There are a number of areas Tranche 2 entities must focus on in order to prepare for the commencement of the AML/CTF Regime, including (but not limited to):

  • enrolment with AUSTRAC,
  • preparation and implementation of an AML/CTF Program,
  • governance,
  • AML/CTF Compliance Officers, and
  • Customer Due Diligence (CDD).

Most importantly, Tranche 2 entities must also conduct a risk assessment of their business and of each client onboarded.

Q. When can Tranche 2 entities enrol with AUSTRAC?

Enrolments for Tranche 2 entities open on 31 March 2026. Enrolments cannot be submitted to AUSTRAC earlier.

AML/CTF Programs and Risk Assessments

Q. Do Tranche 2 entities need an AML/CTF Program?

Yes, Tranche 2 entities must prepare and implement an AML/CTF Program. AUSTRAC expects Tranche 2 entities to make a concerted effort to implement their AML/CTF Programs, systems, policies and controls prior to 1 July 2026.

Q. What must be included in the AML/CTF Program?

The AML/CTF Program must contain the following:

  • Risk Assessment: Tranche 2 entities must identify and assess their money laundering, terrorism financing and proliferation financing risks (ML/TF/PF Risks); and
  • AML/CTF policies: Tranche 2 entities must develop and maintain appropriate policies, procedures, systems and controls to manage and mitigate their ML/TF/PF Risks and comply with AML/CTF obligations.

Tranche 2 entities can implement a range of policies which must be documented in writing, approved by a senior manager and reviewed and updated regularly.

Remember, non-compliance with your AML/CTF policies constitutes a civil penalty offence.

Q. What are the requirements for Risk Assessments?

Risk Assessments are a critical focus for AUSTRAC. Tranche 2 entities will need to implement a risk management framework and process. The requirement to undertake a money-laundering, terrorism financing, and proliferation financing (ML/TF/PF) risk assessment is a specific requirement. The overarching written risk assessment must consider relevant risks, taking into account the nature, size and complexity of your business, including:

  • your customer types;
  • jurisdictions you deal with;
  • the designated services you provide; and
  • delivery channels utilised.

Q. What is proliferation financing?

Proliferation financing refers to providing funds for the manufacture, acquisition, or use of nuclear, chemical, or biological weapons.

Q. Is there any requirement to have the AML/CTF Program independently reviewed?

Yes, Tranche 2 entities must conduct Independent Evaluations. Tranche 2 entities must have their AML/CTF policies independently evaluated at least every three years. Your AML/CTF policies must incorporate procedures for conducting these Independent Evaluations. If the independent evaluator makes adverse findings, you must conduct a review of your Risk Assessment as soon as practicable.

Governance and Oversight

Q. What are the main points in relation to governance?

Under the AML/CTF Reform, there are three key roles:

  • Governing Body – responsible for overseeing and ensuring compliance with your AML/CTF policies and obligations under the legislation
  • Senior Managers – responsible for approving your AML/CTF policies
  • AML/CTF Compliance Officer – responsible for the implementation of your AML/CTF policies, communicating with AUSTRAC and reporting to the Governing Body

You will need to formally appoint an AML/CTF Compliance Officer and determine the person is:

  1. A 'fit and proper' person.
  2. A Resident in Australia if you provide designated services through a permanent establishment in Australia.
  3. Employed or otherwise engaged at management level, with sufficient authority, independence, and access to resources and information.

Q. What is a 'Reporting Group'

There are two types of Reporting Groups:

  1. Those formed by election; or
  2. A group where there is a control relationship between one entity and the others in the group (e.g.: a corporate group).

The Reporting Group must designate a 'lead entity'. The lead entity's governing body must maintain oversight across the group and will be liable for a contravention committed by a reporting entity member of the group.

Q. How can I prepare staff for the commencement of the AML/CTF Regime?

AUSTRAC expects Tranche 2 entities to do both of the following:

  1. conduct personnel due diligence: assess the skills, knowledge, expertise and integrity of personnel employed or engaged to conduct AML/CTF functions; and
  2. provide AML/CTF training: make sure personnel understand AML/CTF obligations and know how to follow your policies, procedures and systems. This is so they can identify, manage and mitigate Risk.

Q. What is Customer Due Diligence (CDD)?

Tranche 2 entities are required to carry out:

  • Initial customer due diligence;
  • A risk assessment for each customer; and
  • Ongoing customer due diligence.

The risk assessment assists Tranche 2 entities to determine the initial and enhanced KYC information required from the client.

Q. What is required during initial CDD?

Initial CDD must be completed before providing a designated service unless it would interrupt the ordinary course of business. As part of initial CDD, Tranche 2 entities must establish:

  • The identity of the customer and any beneficial owners
  • The nature and purpose of the business relationship
  • Whether the customer, beneficial owner, or associated person is:
    • a politically exposed person – that is, a person who holds a prominent public position in a government body or international organisation (for example, a government minister) or is a family member or close associate of such a person
    • is designated for targeted financial sanctions – this prevents you from dealing with their assets or making assets available to them

Q. What is required for ongoing customer due diligence?

Tranche 2 entities must continuously monitor customers to identify, assess, manage, and mitigate Risks. This includes:

  • monitoring for unusual transactions or behaviours;
  • significant changes to the customer's risk assessment; and
  • re-verifying KYC information if adequacy or veracity is doubted.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Sarah Chapman
Sarah Chapman
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More