As Australia edges closer to the commencement of the Tranche 2 Anti-Money Laundering and Counter-Terrorist Financing (AML/CTF) reforms, regulated businesses including legal and professional service providers, face a significant new compliance obligation of proliferation financing (PF), alongside traditional money laundering (ML) and terrorism financing (TF) risks. This is the first time the AML/CTF Act explicitly requires businesses to consider and mitigate these PF risks as part of their compliance programs. And the clock is ticking. These regulations come into force on July 1, 2026.

Why this matters now

Before the Tranche 2 reforms, Australia’s AML/CTF Act made no mention of proliferation financing. Compliance with UN sanctions and domestic laws such as the Charter of the United Nations Act 1945 (COTUNA) or the Autonomous Sanctions Act 2011 was sufficient to meet international obligations. However, the amended legislation introduces a broader, activity-based approach, meaning businesses must now actively consider PF even where no sanctioned party is involved.

This reform closes a regulatory gap and aligns Australia more closely with the Financial Action Task Force (FATF) recommendations, which encourage countries to identify, assess, and mitigate PF risks comprehensively. It also reinforces AUSTRAC’s role in overseeing compliance, expanding the AML/CTF regime to professional service providers like lawyers, accountants, and trust and company service providers, as well as virtual asset service providers.

Proliferation Financing 101

Proliferation financing refers to the use of financial systems to facilitate the creation, acquisition, or delivery of nuclear, chemical, or biological weapons. It can involve:

• violating proliferation-related sanctions under Australian law (COTUNA or Autonomous Sanctions Act) 
• providing funds or financial services to support WMD activities in contravention of Commonwealth law implementing international agreements 
• breaching analogous state or territory legislation 

While the sanctions-based approach targets known individuals or entities linked to weapons of mass destruction (WMD) proliferation, the broader “activity-based” approach under Tranche 2 encourages businesses to identify and mitigate indirect risks. These include dealing with foreign companies or transactions that may indirectly support WMD programs.

Implications for legal practices

For law firms and other professional service providers, PF risks are most acute when dealing with dual-use goods, high-risk jurisdictions, or clients potentially linked to WMD programs. Even indirect exposure can trigger compliance obligations. Conversely, regional or boutique practices with limited international or trade-related engagements may face minimal risk but they must still undertake a documented risk assessment to justify a low-risk determination if challenged by AUSTRAC.

Getting compliant

To prepare for the Tranche 2 obligations, regulated businesses should:

1. Identify potential proliferation financing threats using resources from FATF, AUSTRAC’s National Risk Assessment on Proliferation Financing, the Royal United Services Institute (RUSI), and the Multilateral Sanctions Monitoring Team. 
2. Incorporate counter proliferation financing (CPF) policies into existing AML/CTF programs. This includes enhanced due diligence, monitoring transactions and identifying red flags such as transfers to high-risk jurisdictions. 
3. Leverage the Australian Sanctions Office’s (ASO) Sanctions Compliance Toolkit, Risk Assessment Tool and Guidance Notes to ensure compliance with domestic and international obligations. 
4. Where a business reasonably concludes its PF risk is low, it must document this assessment to justify the exclusion of CPF-specific measures. 

Key dates 

• March 31, 2026: Enrollment opens for Tranche 2 entities with AUSTRAC 
• July 1, 2026: AML/CTF obligations, including PF, come into force 

Preparing for the future

The inclusion of PF under the AML/CTF Act represents a significant evolution in Australia’s regulatory landscape. Legal professionals and other regulated entities must now take a proactive approach, not only complying with sanctions but also actively assessing and mitigating risks associated with the spread of WMDs. Early preparation, structured risk assessment and integration of CPF measures into compliance programs will be essential for meeting the new obligations and avoiding potential enforcement actions.

For regulated businesses, Tranche 2 is more than a legislative change. It is a call to understand the complex, global threats posed by PF and to ensure Australia’s financial system is not misused to support weapons of mass destruction.

Proliferation financing poses a growing risk for businesses across regulated sectors, particularly those handling international transactions and supply chains. Our practical guide outlines how firms can implement effective controls to detect, prevent and respond to the threat of PF. It breaks down complex regulatory expectations and translates them into actionable steps, including onboarding processes, due diligence, risk identification and beneficial ownership checks. Get it here.