Australian accounting firms are now reporting entities under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. The transition period runs until 31 March 2026, which means your firm needs a clear plan to meet AUSTRAC’s requirements, and fast. The good news? AUSTRAC has released an accounting AML starter kit specifically designed to help practices like yours get compliant without starting from scratch.
This guide walks you through everything in the official starter kit: what’s included, how to use each resource, and where identity verification fits into your new obligations. At StackGo, we help accounting firms integrate KYC and identity verification directly into their existing software, so compliance becomes part of your workflow rather than another administrative burden.
Whether you’re a sole practitioner or managing a multi-partner firm, understanding the starter kit is your first practical step toward compliance. Below, you’ll find a breakdown of each component, actionable steps to implement them, and guidance on building an AML/CTF program that actually works for your practice.
What the AUSTRAC accounting starter kit includes
AUSTRAC’s accounting AML starter kit provides five core resources designed to help your firm meet its reporting entity obligations under Tranche 2. The kit includes template documents, risk assessment frameworks, and compliance checklists that you can adapt to your practice’s size and client base. You’ll find materials covering everything from AML/CTF program development to customer due diligence procedures.
The starter kit isn’t a one-size-fits-all solution. You need to customise each template based on your firm’s specific services, client types, and risk profile. AUSTRAC expects you to tailor these resources rather than copy them verbatim, which means understanding what each component does and how it fits into your overall compliance framework.
Core compliance templates
Your firm receives two essential program templates within the accounting aml starter kit: the AML/CTF Program Template and the Risk Assessment Template. The program template outlines the structure of your compliance framework, including governance arrangements, risk management procedures, and reporting obligations. The risk assessment template helps you identify and evaluate money laundering and terrorism financing risks specific to accounting services.
Both templates require you to fill in practice-specific details about your services, clients, delivery channels, and geographic exposure. The program template runs approximately 40 pages when complete, while the risk assessment typically spans 15-20 pages depending on your firm’s complexity.
These templates form the foundation of your compliance program, but they’re starting points that require genuine analysis of your firm’s actual risk exposure.
Customer due diligence procedures
The kit includes detailed CDD procedures that explain how to verify client identities, collect beneficial ownership information, and conduct ongoing monitoring. You’ll find step-by-step workflows for onboarding new clients, including which documents to collect and how to verify them against AUSTRAC’s requirements.
These procedures cover three verification scenarios: individuals, companies, and trusts. Each scenario outlines acceptable verification documents, timeframes for completion, and recordkeeping requirements. The CDD section also addresses simplified and enhanced due diligence triggers, helping you determine when standard procedures aren’t sufficient.
Implementation checklists and training guides
AUSTRAC provides implementation checklists that break down your compliance tasks into manageable steps, organised by deadline. You’ll also receive training materials designed to educate your staff on AML/CTF obligations, red flag indicators, and reporting requirements.
The checklists specify what needs completion before 31 March 2026 versus ongoing obligations that continue after the transition period. Training guides include case studies relevant to accounting practices, making it easier for your team to recognise suspicious activities in real client scenarios.
Check if your firm falls under Tranche 2
Not every accounting practice becomes a reporting entity under Tranche 2. Your firm falls under these obligations only if you provide specific designated services to clients, which means basic bookkeeping or tax preparation alone won’t trigger AML/CTF requirements. The accounting aml starter kit helps you determine whether your practice meets the threshold for regulation, but you need to understand exactly which services create reporting obligations.
AUSTRAC defines three categories of designated services for accounting firms: forming or managing entities, acting as nominee shareholders or directors, and arranging for others to perform these functions. If your firm regularly provides any of these services, you become a reporting entity regardless of your practice size or annual revenue.
Services that trigger reporting obligations
You must register with AUSTRAC if your firm forms companies, trusts, or partnerships on behalf of clients. This includes preparing incorporation documents, lodging ASIC applications, or establishing trust structures as part of your service offering. Many firms provide these services without realising they trigger AML/CTF obligations.
Your practice also falls under Tranche 2 if you act as a nominee director or shareholder for client entities, or if you arrange for third parties to fill these roles. The key test is whether you facilitate entity formation or nominee arrangements as a regular business activity, not just occasionally as a favour to existing clients.
If you only prepare financial statements or lodge tax returns, you don’t become a reporting entity under current regulations.
Exemptions and thresholds
AUSTRAC provides no revenue or client count exemptions for firms offering designated services. A sole practitioner incorporating two companies per year has the same obligations as a national firm processing hundreds of entity formations monthly. The trigger is the service type, not the volume.
You can verify your status by reviewing your service agreements and fee schedules against AUSTRAC’s designated services list. If you’re still uncertain after checking the starter kit, AUSTRAC’s registration team provides guidance on borderline cases before you commit to full compliance implementation.
Step 1. Do a business-wide ML/TF risk assessment
Your first compliance task requires you to assess money laundering and terrorism financing risks across your entire practice before you build any procedures or policies. The accounting aml starter kit provides a risk assessment template, but you need to populate it with real data about your clients, services, and business operations. This assessment becomes the foundation for everything else in your AML/CTF program, determining which clients need enhanced due diligence and where you allocate compliance resources.
AUSTRAC expects you to complete this assessment by 31 March 2026 at the latest, though starting earlier gives you time to address high-risk areas before the hard deadline. Your assessment must cover four specific risk categories: services you offer, clients you serve, delivery channels you use, and geographic locations where you operate or have clients.
Identify your risk factors
Start by listing every service your firm provides that could potentially facilitate money laundering or terrorism financing. Entity formation services carry higher inherent risk than standard tax preparation because they can obscure beneficial ownership. You also need to evaluate whether your clients include politically exposed persons, businesses operating in high-risk industries, or entities with complex ownership structures.
Your assessment should document specific risk indicators such as:
- Clients who use cash-intensive businesses
- Trusts with non-resident beneficiaries
- Entities formed in multiple jurisdictions
- Clients refusing to provide ownership documentation
- Unusual transaction patterns or service requests
The more specific your risk identification, the more targeted and effective your compliance procedures become.
Document your assessment process
Record how you evaluated each risk factor and the rationale behind your risk ratings (low, medium, high). The template in the starter kit includes matrices for scoring inherent risk versus residual risk after controls, which helps you demonstrate to AUSTRAC that you’ve applied genuine analysis rather than generic assumptions.
Update your assessment annually or when your business changes significantly, such as adding new service lines or expanding into new client sectors. Your documentation needs to show who conducted the assessment, when it occurred, and what evidence supported your conclusions.
Step 2. Tailor your AML/CTF program and governance
Once you complete your risk assessment, you need to build an AML/CTF program that addresses the specific risks your firm faces. The accounting aml starter kit provides a template program, but you must customise every section to reflect your actual procedures, controls, and governance arrangements. AUSTRAC reviews programs for evidence of genuine risk-based thinking, which means generic templates fail compliance audits.
Your program document should specify who does what when it comes to AML/CTF obligations, including appointment of a compliance officer, board oversight responsibilities, and escalation procedures for suspicious matters. This step establishes the governance framework that turns your risk assessment into operational reality.
Customise program policies to your practice
Transform the template sections by replacing placeholder text with your firm’s actual procedures. If the template suggests monthly client reviews but your risk assessment indicates quarterly reviews suffice for low-risk clients, document that decision with supporting rationale. Your program needs to cover customer due diligence procedures, ongoing monitoring requirements, reporting obligations, and recordkeeping standards.
Include specific position titles and responsibilities rather than generic roles. State whether your Practice Manager, Senior Partner, or dedicated compliance officer handles suspicious matter reporting, and document backup arrangements for leave periods.
Your program becomes a working document that staff actually use, not a compliance exercise that sits in a drawer.
Establish clear governance structures
Appoint a compliance officer with appropriate authority to implement and monitor your AML/CTF program. This person needs direct access to senior management and the ability to halt transactions or client engagements that pose unacceptable risks. Document their qualifications, responsibilities, and reporting lines in your program.
Set up regular compliance reviews with your management team or board, typically quarterly for most accounting firms. These reviews should assess program effectiveness, discuss suspicious matter reports, and approve any program amendments based on emerging risks or regulatory changes.
Step 3. Set up CDD, SMR and recordkeeping workflows
Your third step transforms the policies in your AML/CTF program into operational workflows that staff actually follow when onboarding clients or identifying suspicious activities. The accounting aml starter kit provides procedural templates, but you need to integrate these workflows into your existing client intake systems and practice management software. This step determines whether your compliance program functions in daily operations or remains theoretical documentation.
Build your customer due diligence process
Create a standardised client onboarding checklist that captures all required verification documents before you commence designated services. Your CDD workflow must collect client identity documents, verify them against approved sources, and document beneficial ownership for companies and trusts. Most firms integrate this process into their engagement letters and new client forms.
Specify which staff members perform verification tasks and when they escalate to senior practitioners. Your workflow should include verification timeframes (typically within 14 days of service commencement), acceptable identity documents for Australian and foreign clients, and storage locations for verified copies.
Build verification into your normal intake process rather than treating it as a separate compliance exercise.
Establish suspicious matter reporting procedures
Document clear triggers that require staff to escalate potential suspicious matters to your compliance officer, such as clients refusing to provide ownership details, unusual entity structures without business rationale, or transactions inconsistent with stated purposes. Your SMR workflow must outline investigation steps, documentation requirements, and reporting deadlines (typically 24 hours after forming suspicion).
Set up compliant recordkeeping systems
Maintain all verification documents and transaction records for seven years from when you complete services or close the client relationship. Your recordkeeping workflow needs to specify document formats (digital or physical), storage locations with appropriate access controls, and backup procedures to prevent data loss.
Next steps before 1 July 2026
Your firm needs to complete three critical tasks between now and the compliance deadline. First, finish your risk assessment and document all findings in the template provided by the accounting aml starter kit. Second, appoint your compliance officer and establish governance structures with clear reporting lines. Third, implement your CDD workflows and train all staff who interact with clients on verification procedures and suspicious matter indicators.
Most accounting firms underestimate the time required to integrate identity verification into existing client management systems. You need working processes that staff can follow consistently, not just documented policies. IdentityCheck runs AUSTRAC Tranche 2 compliance directly inside your CRM or practice management software, which eliminates manual document handling and reduces verification time from hours to minutes.
Start with your highest-risk clients first, then roll out procedures across your entire client base before the deadline arrives.
