AUSTRAC has tabled the Anti-Money Laundering and Counter-Terrorism Financing Rules 2025, which operationalise the Amendment Act and switch Australia’s regime onto a simpler, outcomes-based footing. The Rules commence on 31 March 2026.
From 2026, Tranche 2 obligations extend to: real-estate professionals; dealers in precious metals, stones and products; lawyers, accountants and TCSPs; and virtual asset service providers (VASPs). The new Rules replace most of the 2007 instrument, retain a slimmed “Class Exemption” rulebook, and add detailed requirements on reporting groups, AML/CTF programmes, CDD (including delayed/simplified/enhanced), the travel rule, and updated SMR/TTR contents and compliance reporting.
The big changes at a glance
Who’s captured (from 2026): real estate, DPMS, lawyers/accountants/TCSPs, and VASPs.
Programme & governance: explicit independent evaluation, documented senior-manager approvals, fit-and-proper tests for the AML/CTF officer, sanctions screening in policies, and mandatory programme updates after adverse findings.
Customer due diligence (CDD): modernised initial/ongoing CDD, simplified BO checks for certain low-risk customers, enhanced CDD triggers (incl. unusual services; crypto-ATM cash), and clarified PEP handling (foreign/domestic/international-organisation).
Travel rule / transfers of value: explicit ordering/beneficiary/intermediary duties; information-pass-through and response-time standards.
Real-estate transactions: sector-specific CDD flow, permitted delayed CDD around settlement, and policy rules for split-KYC arrangements between brokers/conveyancers.
Reporting: refreshed SMR/TTR data fields with transitional relief (e.g., old forms accepted in the first 3 months; TTR concessions around 1 July–30 June 2026 for entities already on the Reporting Entities Roll).
What the new Rules actually do
Scope: who’s in, and the new Rulebook structure
The Amendment Act brings in globally-recognised DNFBP services and VASPs. AUSTRAC’s 2025 Rules replace most of the 2007 instrument and retain only selected Class Exemption chapters, reorganised to follow a reporting entity’s lifecycle. Commencement: 31 March 2026.
AML/CTF programme & governance (Part 5)
Independent evaluation & risk-assessment feedback loop. Programmes must undergo independent evaluation; if there are adverse findings, you must review the ML/TF risk assessment and update policies accordingly.
Senior-manager approval points + officer fitness. Rules set out actions needing senior-manager sign-off and criteria for a fit-and-proper AML/CTF officer.
Sanctions policy is now explicit. Policies must ensure no breach of targeted financial sanctions, with screening, match-resolution governance and asset-freeze controls.
Programme detail for CDD. Policies must define when to collect vs collect-and-verify KYC including source-of-funds/wealth, both at onboarding and on an ongoing basis.
Reporting groups & lead entities. The Rules provide for group-level arrangements and record-keeping by the lead entity, allowing coordinated policies and reporting.
Customer due diligence
Part 6 covers initial CDD (different customer types), providing services before CDD completion, simplified CDD, enhanced CDD, PEPs, nested services, reliance, real estate, life policies, and ongoing monitoring.
Simplified CDD—key reliefs still require core checks. Even when applying simplified CDD, customer identity and PEP/sanctions status must still be verified.
Beneficial owner identification can be relieved for specified low-risk customers (e.g., government bodies; prudentially supervised entities; owners’ corporations)—but you must still determine PEP/sanctions status.
Enhanced CDD—wider triggers and substance.
Unusual services (no apparent purpose, unusually large/complex, unusual patterns) → enhanced CDD.
Crypto-cash interfaces (e.g., crypto-ATMs) → enhanced CDD + source-of-funds/wealth.
Where EDD applies (e.g., high ML/TF risk, suspicion, FATF high-risk countries), you must establish SoF/SoW as relevant.
PEPs—clearer expectations.
At onboarding, if a customer/BO/actor is a foreign PEP, or a domestic/international-organisation PEP with high risk, you must establish SoF/SoW; ongoing CDD must re-verify KYC if PEP status arises.
When servicing from a foreign permanent establishment, a foreign PEP connected to that country may be treated as a domestic PEP (i.e., PEP-specific measures apply when risk is high).
Nested services relationships. New due-diligence content for relationships where an AU-regulated FI/remitter/VASP enables an overseas counterpart to serve its end-customers (outside correspondent banking). You must assess ownership/control, customer base, geographies, regulatory quality and reputation.
Real-estate transactions
Permitted delayed CDD around settlement for brokering if parties share the KYC workload (e.g., broker vs conveyancer), but your policies must cover how you will verify KYC before settlement when you don’t obtain data from the other reporting entity.
Transfers of value / “travel rule”
Ordering/beneficiary/intermediary institutions must send, receive, monitor, and request required payer/beneficiary information; respond within 3 business days to information requests.
Reporting & transitional relief
Report content for SMRs/TTRs has been refreshed; old forms are accepted in the first 3 months post-commencement, with additional TTR concessions for entities already on the Reporting Entities Roll.
Enrolment/registration refresh
Reporting Entities Roll: updated enrolment/update details and identifiers.
VASP registration: new application content and refusal/cancellation grounds; remittance register processes (renewal/suspension/cancellation) are consolidated.
Sector-by-sector impact of Tranche 2
Lawyers, accountants, TCSPs
Risk-based programmes with independent evaluation and senior-manager gates for high-risk decisions; formal sanctions-screening inside policies.
CDD uplift: verify identity and PEP/sanctions even when applying simplified measures; enhanced CDD for unusual services; SoF/SoW where triggers apply.
Nested services: if facilitating overseas professional or financial services, expect deeper counterpart due-diligence.
Real-estate professionals: agents, brokers, conveyancers/settlement
Transaction-specific flow with delayed CDD permissible at defined points; policy requirement to govern split-KYC arrangements and pre-settlement verification.
Dealers in precious metals and stones (DPMS)
High-value / unusual-pattern triggers will bite (EDD on atypical or cash-heavy deals). Sanctions/PEP checks mandatory; SoF/SoW where risk/trigger dictates.
Virtual asset service providers (VASPs)
Crypto-cash interfaces (e.g., crypto-ATMs): mandatory EDD plus source-of-funds/wealth; nested-services due-diligence where relevant. Registration duties and programme/transfer-of-value obligations align with FATF R.16 expectations.
The “big issues” compliance leaders should care about
Outcomes-based regime = more judgement, more documentation. Policies must set when you collect vs verify, and when you escalate to SoF/SoW—both at onboarding and during ongoing CDD. Auditable rationale will matter.
Independent evaluation has teeth. Adverse findings now trigger mandatory reviews of the ML/TF risk assessment and programme updates. Boards will need sightlines; expect remediation plans and evidence.
PEP clarity, less box-ticking. The Rules calibrate PEP handling so that domestic/IO PEPs get PEP-specific measures when risk is high, and foreign PEPs serviced from a foreign branch can be treated as domestic for this purpose—reducing unnecessary friction but increasing reliance on robust risk assessment.
Real-estate end-to-end KYC. Where different parties split KYC, each must have policies for pre-settlement verification and be able to obtain data from the other when relying. Sloppy hand-offs will be a regulatory exposure.
Travel-rule operational readiness. Firms must be able to monitor required info in transfers, decide when to pass/stop messages, request more data, and respond within tight timeframes—all embedded in policies and controls.
Transitional relief is real—but brief. You can submit old SMR/TTR formats in the first 3 months, and there are targeted TTR concessions afterwards for entities already enrolled—but don’t bank on long grace periods for core control weaknesses.
How VinciWorks can help
We’ve launched a suite of fully regionalised AML/CTF training to help Australian firms prepare for Tranche 2:
AML: A 30-Minute Refresher for Australian Law Firms A practical refresher covering all the essentials of AML/CTF compliance, tailored to the Australian legal sector.
AML: A 15-Minute Refresher for Australian Law Firms
A quick update for busy professionals who need a concise overview of their AML obligations.
Due Diligence for Australian Law Firms
Step-by-step training on conducting robust CDD and ongoing monitoring, with case studies from the Australian market.
AML for Law Firms in Australia: Knowledge Check
An interactive assessment to test knowledge retention and identify gaps across teams.
AML: Know Your Risk for Australian Law Firms
A scenario-based course focused on identifying and mitigating ML/TF risks in client onboarding and transactions.
Omnitrack for AML Onboarding
Alongside training, VinciWorks’ Omnitrack AML Onboarding solution provides end-to-end compliance management. With dynamic workflows, automated reminders, and real-time tracking, Omnitrack ensures every CDD check, risk assessment, and record is up to date — so firms can evidence compliance under Tranche 2 with confidence.
