If you’re an accountant in Australia, your accountant AUSTRAC obligations are no longer a future concern, they’re here. The Tranche 2 reforms to the Anti-Money Laundering and Counter-Terrorism Financing Act bring accounting firms squarely under AUSTRAC’s regulatory oversight, meaning registration, risk assessments, and a fully operational AML/CTF program are now part of your compliance reality.
For many firms, the challenge isn’t understanding why these obligations exist. It’s figuring out what to do, in what order, and how to avoid getting buried in manual processes along the way. From enrolling as a reporting entity to conducting customer due diligence on every client, the operational lift is significant, especially if your current systems weren’t built with identity verification and compliance workflows in mind.
That’s exactly the problem we built StackGo to solve. Our integration platform, including IdentityCheck, lets accounting firms run KYC/AML identity verification directly inside their existing CRM, no new software to learn, no tab-switching, no duct-taped automations. Below, we’ve put together a practical checklist covering every core obligation your firm needs to address under Tranche 2, along with clear steps to get compliant.
Why accountants are being brought into AUSTRAC rules
Australia’s AML/CTF framework has regulated banks, financial institutions, and casinos since 2006. Accounting firms were deliberately excluded from that first wave of legislation, but that exclusion is now closing. The 2024 amendments to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 extend AUSTRAC’s reach to a broad set of "tranche 2" designated services, and accounting sits firmly in that category.
The Tranche 2 reforms explained
The Australian government passed the AML/CTF Amendment Act 2024 after years of pressure from the Financial Action Task Force (FATF), which had repeatedly flagged Australia’s failure to regulate professional services as a significant gap in the country’s defences against financial crime. FATF’s mutual evaluation reports identified lawyers, accountants, and real estate agents as high-risk sectors that were being exploited precisely because they operated outside regulated oversight.
Australia was one of the few FATF member countries that had not yet brought professional service providers under AML/CTF supervision, making it a standout gap in global financial crime controls.
Under the amended legislation, designated non-financial businesses and professions (DNFBPs) are now required to enrol with AUSTRAC, implement a formal AML/CTF program, and meet ongoing reporting obligations. For accounting firms, that shift is substantial. The compliance infrastructure that banks built over two decades now needs to exist, in some form, inside your practice.
The money laundering risk in accounting services
The reason accountants are being pulled into this framework comes down to access. When you help a client structure a transaction, establish a company, manage assets, or handle significant sums of money, you are in a position where illicit funds can enter the legitimate financial system. Criminal organisations actively seek professional gatekeepers who can lend credibility and complexity to money flows.
Your accountant AUSTRAC obligations exist because regulators recognise that the services accountants provide are the same services that financial criminals need to launder proceeds and finance illegal activity. The reforms are not administrative box-ticking; they reflect a genuine risk picture that your firm now has a legal responsibility to address.
Who must comply and what services trigger obligations
Not every accountant in Australia is caught by the new rules. AUSTRAC’s jurisdiction applies to firms that provide specific designated services, and understanding whether your practice crosses that threshold is your first practical step. The legislation targets services where an accountant acts on behalf of a client in a way that could facilitate movement of money or ownership of assets.
Services that trigger your obligations
Your accountant AUSTRAC obligations are activated when you provide any of the following services to a client:
- Creating or managing a legal arrangement such as a trust, company, or partnership
- Buying or selling a business or business assets on a client’s behalf
- Managing client funds, accounts, or securities
- Providing a registered office or business address as a service
- Arranging the introduction of capital or financing for a client
If your firm provides even one of these services, you are a reporting entity under the amended Act, regardless of firm size or structure.
Firms that may not be caught
Accountants who only prepare tax returns, compile financial statements, or provide general business advice are not automatically required to enrol. The trigger is the nature of the service, not your professional licence. That said, most mid-size and larger accounting firms offer at least one of the designated services listed above, which means the majority of practices need to assess their exposure carefully before assuming they fall outside scope.
Timeline and AUSTRAC enrolment for 1 July 2026
The amended legislation sets 1 July 2026 as the commencement date for most accountant AUSTRAC obligations, which means your firm needs to be enrolled and operationally compliant before that date arrives. AUSTRAC has made clear that enrolment is not optional, and firms providing designated services cannot wait until they face scrutiny to begin the process.
How enrolment works
You enrol your firm directly through AUSTRAC’s online portal, providing details about your business structure, the designated services you offer, and the key personnel responsible for AML/CTF compliance. The form itself is not complex, but the preparation behind it takes time because you need to have already assessed your service scope before you can accurately complete the submission.
When enrolling, you will need to confirm:
- Your firm’s ABN and legal entity structure
- The specific designated services your firm provides
- The name and contact details of your AML/CTF compliance officer
What the lead-up period looks like
AUSTRAC has signalled a risk-based and education-first approach during the initial period following commencement, but that does not mean delayed compliance is acceptable. Your firm should treat every month between now and 1 July 2026 as active preparation time: confirm your service scope, appoint your compliance officer, and begin drafting your program well ahead of the deadline.
Firms that enrol early put themselves in a stronger position if AUSTRAC requests documentation or conducts a supervisory review in the months following commencement.
Building your AML/CTF program and firm controls
Your AML/CTF program is the written foundation of your compliance obligations, and AUSTRAC requires it to be in place before you start providing designated services. For accountants, this is the most substantial piece of your accountant AUSTRAC obligations, because it needs to reflect your actual business, not a generic template pulled from another firm.
What your program must cover
AUSTRAC’s framework requires your program to address specific core components, each tailored to your actual business operations in practice. A compliant program includes:
- A risk assessment covering your client base, services, delivery channels, and jurisdictions
- Policies and procedures for identifying, verifying, and monitoring clients
- Reporting obligations, including how your firm handles suspicious matter reports (SMRs)
- Employee training so staff can recognise and escalate red flags
- An ongoing review process to update the program as risks change
Appointing a compliance officer
Your firm must nominate a designated AML/CTF compliance officer who holds responsibility for maintaining the program and liaising with AUSTRAC. This person does not need to be an external hire; many firms assign the role to a senior partner or operations manager who already understands the firm’s risk profile.
Your compliance officer should have direct access to firm leadership, because AML/CTF decisions often involve client relationships and cannot sit at an administrative level alone.
Documenting how decisions are made, and keeping records of that decision-making process, is just as important as the program itself. AUSTRAC expects evidence that your program is genuinely operational, not simply filed away.
Customer due diligence, identity checks and sanctions risk
Customer due diligence (CDD) sits at the operational core of your accountant AUSTRAC obligations. Before you provide a designated service, you must verify who your client is, understand the nature of the relationship, and assess the risk they present to your firm.
Verifying client identity
You need to collect and verify identifying information for every client before the service relationship begins. For individuals, that means confirming their full name, date of birth, and residential address against a reliable and independent source. For companies and trusts, you also need to identify the beneficial owners, the natural persons who ultimately control or benefit from the arrangement.
Relying on a client’s word alone is not sufficient. AUSTRAC expects you to use independent documentary or electronic verification to confirm identity.
Your verification process should be documented and repeatable, so any staff member handling onboarding follows the same steps and records the same evidence every time.
Sanctions screening and ongoing monitoring
Checking a client against Australian and international sanctions lists is a separate but equally important step. You must screen clients against the Australian Sanctions Office consolidated list and relevant UN lists before commencing work, and re-screen periodically as the relationship continues.
Ongoing monitoring means you actively watch for changes in client behaviour, transaction patterns, or ownership structures that no longer match the original risk profile. When something looks inconsistent, your program needs a clear escalation path and a process for filing a suspicious matter report with AUSTRAC if required.
Next steps
Your accountant AUSTRAC obligations are substantial, but they are also manageable when you tackle them in the right order. Start by confirming whether your firm provides any of the designated services covered under the Tranche 2 reforms. If it does, your immediate priorities are enrolling with AUSTRAC, appointing a compliance officer, and drafting an AML/CTF program that reflects your actual client base and service mix.
The hardest part for most firms is not writing the policy documents. It is building a repeatable, auditable process for verifying client identities at scale without adding hours of manual work to every new engagement. That is where the right tooling makes a real difference. StackGo’s IdentityCheck runs KYC/AML verification directly inside your existing CRM, so your team can complete checks without switching systems or managing separate software. If you want to see how it works for accounting firms specifically, explore how IdentityCheck supports Tranche 2 compliance.
