AML for accountants Australia isn’t a hypothetical anymore, it’s less than two months away. From 1 July 2026, accounting practices across the country will fall under the Anti-Money Laundering and Counter-Terrorism Financing Act as part of Tranche 2 reforms. That means new obligations around client identification, risk assessment, and ongoing transaction monitoring that most firms have never had to deal with before.
If you’re an accountant or practice manager who hasn’t started preparing, you’re not alone, but you are running out of runway. The good news is that compliance doesn’t have to mean chaos. With the right processes, tools, and understanding of what’s actually required, you can get your practice ready without ripping up your existing workflows.
This guide breaks down what the Tranche 2 reforms mean for your practice, what you’ll need to have in place before the deadline, and how to approach identity verification and client onboarding in a way that’s both compliant and efficient. We built StackGo’s IdentityCheck to solve exactly this problem, running KYC/AML verification directly inside the software you already use, like HubSpot or Salesforce, so we’ll also cover how the right tech stack fits into your compliance program.
What Tranche 2 means for accountants in Australia
The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 expanded Australia’s AML/CTF regime to cover designated non-financial businesses and professions, which includes accountants. Until now, AML for accountants Australia was largely governed by professional body guidelines rather than enforceable law. From 1 July 2026, it sits firmly under AUSTRAC’s oversight, with real penalties for non-compliance.
AUSTRAC can issue civil penalties of up to AUD $33.5 million for serious breaches, and criminal penalties apply for deliberate non-compliance.
Who is captured under Tranche 2
Not every accountant is automatically captured. The reforms target specific designated services, so you need to check whether the work your practice does falls within the defined categories. Generally, if you provide services related to real property transactions, company formation, managing client funds, or tax advice linked to business structuring, your practice is likely a reporting entity under the new rules.
Sole practitioners are not exempt. If you run a small firm and provide any of the listed designated services, you carry the same obligations as a large accounting practice, which includes enrolling with AUSTRAC, completing a risk assessment, and producing a written AML/CTF program.
What new obligations look like in practice
Your practice now needs to treat compliance as an ongoing operational function, not a one-off task. You must collect and verify client identity information before providing designated services, maintain records for at least seven years, and report suspicious matters to AUSTRAC. You also need a nominated AML/CTF Compliance Officer within your firm, even if that role falls to you personally.
Existing clients are not automatically off the hook either. Where you have not formally verified a client’s identity against the new standards, you will need to remediate those records before continuing to provide designated services to them.
Step 1. Confirm you are captured and map services
Before you build any program or buy any software, you need to confirm whether your practice is actually a reporting entity under the new rules. For AML for accountants Australia, AUSTRAC’s Tranche 2 reforms don’t capture every accounting service, so checking your specific service list first saves you from over-engineering your compliance program or, worse, missing obligations that genuinely apply to you.
If you provide any designated service under the amended AML/CTF Act, you must enrol with AUSTRAC regardless of your firm’s size.
Map your designated services against the trigger list
Go through every service your practice offers and match it against the designated service categories in the AML/CTF Act. The services most likely to trigger obligations for accountants include:
- Acting as a company formation agent or registered agent
- Managing client funds or assets on their behalf
- Providing advice connected to real property transactions
- Business structuring linked to tax planning or asset protection
Any single service from this list is enough to make your practice a reporting entity. Once you confirm which services are captured, document this as a services scope register, listing each service, whether it triggers AML/CTF obligations, and the client types it applies to. This document becomes the foundation for your risk assessment in Step 2.
Step 2. Run your ML and TF risk assessment
Your money laundering (ML) and terrorism financing (TF) risk assessment is the document that justifies every control you build into your compliance program. AUSTRAC requires you to complete this before finalising your AML/CTF program, and for AML for accountants Australia, this step is where most practices invest the most time upfront.
Your risk assessment does not need to be exhaustive, but it must be documented, defensible, and reviewed whenever your business changes.
What to assess
You need to evaluate risk across four key dimensions: the clients you serve, the services you deliver, the channels you use, and the jurisdictions involved. A client who operates internationally and transacts through multiple accounts carries higher inherent risk than a local sole trader with straightforward financials.
- Client type (individual, company, trust, or SMSF)
- Service type (tax advice, business structuring, or fund management)
- Delivery channel (in-person, online, or via intermediary)
- Jurisdiction (Australia, FATF member country, or high-risk country)
Risk rating template
Rate and record each factor across your client base using this table, then write a brief note explaining your rationale for each rating. Retain every version of this document for at least seven years, as AUSTRAC may request it during a compliance review.
| Risk Factor | Low | Medium | High |
|---|---|---|---|
| Client type | Domestic individual | SME | Offshore or complex structure |
| Service type | Tax return | Business structuring | Fund management |
| Delivery channel | In-person | Third-party intermediary | |
| Jurisdiction | Australia | FATF member | High-risk country |
Step 3. Build your AML and CTF program and CDD
Your risk assessment from Step 2 feeds directly into this step. For AML for accountants Australia, AUSTRAC requires every reporting entity to produce a written AML/CTF program that documents your controls, procedures, and responsibilities. This is not optional paperwork; it is a core legal obligation and your primary evidence of compliance if AUSTRAC ever reviews your firm.
Your AML/CTF program must be approved by senior management and kept up to date whenever your services, clients, or risk profile changes.
What your written program must cover
Your program needs to address how your practice identifies and manages ML/TF risk across the services you mapped in Step 1. At minimum, it must include:
- Governance structure and your designated AML/CTF Compliance Officer
- Staff training obligations and frequency
- Ongoing customer due diligence (CDD) procedures
- Record-keeping and reporting processes for suspicious matter reports (SMRs)
Customer Due Diligence procedures
CDD is the client-facing part of your program. Before delivering any designated service, you must collect and verify each client’s identity using reliable, independent documentation. For individuals, that typically means photo ID plus proof of address. For companies or trusts, you need to identify beneficial owners holding 25% or more control. Document every check and store records for at least seven years.
Step 4. Enrol, implement, and stay compliant by July 2026
With your risk assessment and written program ready, you need to enrol with AUSTRAC and activate your procedures. AML for accountants Australia moves into an enforceable obligation from 1 July 2026, so the time to register is now, not after the deadline.
AUSTRAC’s enrolment portal asks for your ABN, business structure, and designated services list, so have your Step 1 services scope register open before you start.
Enrol and run your first CDD checks
Go to austrac.gov.au and submit your reporting entity enrolment using the details you documented in Steps 1 through 3. Once enrolled, apply your CDD procedures to every new client before delivering any designated service:
- Photo ID plus proof of address for individuals
- Beneficial owner identification (25%+ control) for companies and trusts
- Written record of the verification outcome, stored for at least seven years
Keep your program current after the deadline
Schedule an annual review of your AML/CTF program and update it whenever your services or client base changes materially. Train new staff within 30 days of joining, document every session, and report suspicious matters to AUSTRAC as soon as they arise.
Your Compliance Officer is responsible for keeping these records current. Even if that role falls to you personally, AUSTRAC expects evidence of active oversight, so document every review decision with a date and a brief summary of what was assessed and why no changes were needed.
Next steps for your practice
You now have the four steps to build a compliant AML for accountants Australia program before the 1 July 2026 deadline. The framework is clear: confirm your services, complete your risk assessment, write your program, and enrol with AUSTRAC. What separates practices that get this right from those that scramble is how efficiently they handle CDD at scale, verifying every client before delivering a designated service.
Manual identity checks slow you down and create gaps in your records. IdentityCheck by StackGo runs KYC/AML verification directly inside your existing CRM, so your team verifies clients without switching tools or chasing documents across email threads. Every check result is written back to the contact record automatically, giving you an auditable trail that satisfies AUSTRAC’s seven-year record-keeping requirement.
See how IdentityCheck handles Tranche 2 AML/CTF compliance or create a free account to test it with your practice today.
