← All posts
Blog·16 October 2025·By Tim Dickinson

A Practical Guide to AML/CTF Compliance for Australian Businesses

Australia's Tranche 2 AML/CTF reforms extend compliance obligations to designated non-financial businesses and professions including accountants, lawyers, and real estate agents. This guide covers the five key steps businesses need to take to prepare.

Blog

Tranche 2 is here…

Australia’s Tranche 2 reforms extend AML/CTF obligations to Designated Non-Financial Businesses and Professions (DNFBPs), including accountants, lawyers and real estate agents, with compliance registration required from 31 March–29 July 2026.

Beyond legal obligations, being unprepared for Tranche 2 can cause negative impacts to your business — from damaging overall reputation, to eroding client trust, or attracting undesirable customers.

Part 1: Understanding your financial crime risks

Understanding the key areas of your business that are subject to attack, targeting, exploitation and corruption is critical to working out what changes you’ll need to make.

AUSTRAC expects regulated industries to capture all areas of Money Laundering / Terrorism Financing (ML/TF) risk, from customers, delivery and channel risks through to products.

Assessing your business’s AML/CTF risks includes:

  • Reviewing customer types
  • Assessing whether products and services are scaling with growth
  • Checking affiliated geographic locations for any regulatory changes or loopholes
  • Understanding exactly how you deliver services to your customers

The data cleanse

Think of your business like an ecosystem where each component needs a certain level of nurturing and attention. Check your data regularly to streamline AML/CTF obligations:

  • Is your client list still up-to-date?
  • Is the right information captured against them?
  • Is your company data stored in the correct place?
  • Do you have a solid Know Your Customer (KYC) process in place?
  • Do you have reliable PII protection?
  • Are you monitoring your customers’ transactions against financial crime?

Non-compliance can result in serious penalties: civil penalty orders, enforceable undertakings, infringement notices, and remedial directions.

Part 2: Knowing Your Customers

The 2026 regulatory changes are targeted to Designated Non-Financial Businesses and Professions (DNFBPs). As a reporting entity, customer identification procedures need to be applied to all your customers.

Customer Due Diligence obligations

The Amendment Act requires DNFBPs to conduct initial CDD to:

  • Collect and verify information about the identity of a customer
  • Understand potential risks in providing designated services to that customer

Key steps:

  • Capture and verify personal identification via a digital Document Verification Service (DVS)
  • Screen customers against PEPs and Sanction lists
  • Assign a risk category to each customer (low, medium, or high)
  • For higher-risk individuals, conduct full KYC checks
  • Monitor customer transactions to identify suspicious activity

Part 3: Monitoring Your Customers

Reporting entities should treat compliance as intelligence gathering, not just a regulatory requirement. When you truly understand your customers and their needs, managing your compliance obligations becomes smarter, faster and far more effective.

BNDRY’s configurable forms are designed to make this traditionally hard step easy, by creating a secure and centralised workspace to request, collect and collaborate on CDD.

Features of the BNDRY platform:

  • Configurable forms collect and verify customer information (DVS, ID documents, risk category)
  • Determines customer risk scores, what actions have been taken and what’s overdue
  • Simplifies reporting for Suspicious Matter Reports (SMRs)
  • Stores customer records through document uploads in Customer Profiles — a centralised view built for risk teams

Part 4: Understanding AUSTRAC Reporting Requirements

The types of reports you may need to submit include:

  • Suspicious Matter Reports (SMR): When you reasonably suspect a customer or affiliate is not who they claim or a transaction is linked to criminal activity
  • Threshold Transaction Reports (TTR): For individual physical currency transactions valued at A$10,000 or higher
  • International Value Transfer Service Reports (IVTS): All international transfers of value
  • Cross Border Movement Reports (CBM): When carrying physical currency of A$10,000 or higher into or out of Australia
  • Annual Compliance Reports: Annual summary of how you’ve met your AML/CTF obligations

Part 5: Storing and Managing Customer Data

The BNDRY platform is purpose-built to help regulated entities manage their AML/CTF responsibilities with less friction and more confidence:

  • Consolidated Entities: Consolidate customer data and risk-related information into a unified profile
  • Investigation Workspaces: Capture red flags, attach evidence, and collaborate internally
  • Regulatory Reporting Workflows: Populate and generate reports for all AUSTRAC reports
  • Audit-ready Record-keeping: Store all AML/CTF-related documents in one place

Quick Checklist

  • Enrolment: Sign up with AUSTRAC between 31 March 2026 and 29 July 2026
  • Compliance Officer: Appoint an Australian resident at the management level
  • Risk Assessment: Document how your specific services could be exploited for money laundering
  • AML/CTF Program: Create a written policy tailored to your business
  • Know Your Customer (KYC): Establish procedures to verify the identity of clients
  • Reporting Systems: Prepare to lodge SMRs and TTRs for cash above $10,000
  • Staff Training: Conduct “red flag” awareness training for all employees
  • Record Keeping: Set up a secure system to store all compliance records for 7 years

This article is intended as general information only and does not constitute legal advice.

Ready to see BNDRY in action?

Get in Touch