Australia’s AML/CTF reforms for accountants Australia are no longer a future concern, they’re arriving in weeks. With the Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill extending obligations to accounting professionals from July 2026, practices across the country face a hard deadline to build compliant programs, verify client identities, and report suspicious activity to AUSTRAC.
If you’re an accountant or practice manager trying to work out exactly what’s required of you, you’re not alone. The reforms, commonly referred to as Tranche 2, bring accountants under the same regulatory framework that has applied to banks and financial services for years. That means new customer due diligence procedures, ongoing transaction monitoring, and significant penalties for non-compliance.
This article breaks down the key obligations, critical dates, and practical steps your practice needs to take to meet the new requirements. We’ll cover what AUSTRAC expects, which services trigger reporting duties, and how to set up an AML/CTF program that actually works without drowning your team in manual processes. At StackGo, we build identity verification (KYC) directly into your existing software stack, tools like HubSpot or Salesforce, so compliance checks happen where your team already works, not in yet another disconnected platform. That context shapes how we think about these reforms: as a workflow problem, not just a legal one.
Why the 2026 AML/CTF reforms matter for accountants
For most Australian accounting firms, compliance obligations have historically sat with banks, financial institutions, and remittance dealers. That changes on 1 July 2026, when the expanded Anti-Money Laundering and Counter-Terrorism Financing framework pulls accounting services firmly into AUSTRAC’s regulatory scope. The AML/CTF reforms for accountants Australia represent the most significant shift to the compliance landscape for the profession in two decades, and firms that treat this as a minor administrative update are the ones most likely to face enforcement action.
Accountants sit at the centre of financial crime risk
The reason regulators targeted accounting professionals is straightforward: accountants handle the exact financial structures that criminals use to move and conceal money. That includes establishing companies, managing trusts, handling large transactions, and advising on asset structures. The Financial Action Task Force (FATF) repeatedly flagged Australia’s Tranche 2 gap as a material weakness in its mutual evaluation reports, identifying professional services providers as high-risk channels for money laundering when they operate without formal AML/CTF obligations. Your firm, whether you specialise in tax, audit, or business advisory, now sits at a point in the financial system where client due diligence is no longer discretionary.
FATF mutual evaluation reports have consistently identified unregulated professional service providers, including accountants, as significant vulnerabilities in national financial crime frameworks.
Professional bodies including CPA Australia and Chartered Accountants Australia and New Zealand have already begun publishing guidance to help members prepare. That activity signals the breadth of the change: this is not a niche update aimed at large firms. Small and mid-sized practices are equally in scope if they deliver designated services, which covers a wide range of common accounting work.
What non-compliance actually costs your firm
The penalties under the AML/CTF Act are substantial. Civil penalties can reach tens of millions of dollars for serious or repeated breaches, and AUSTRAC has demonstrated a clear willingness to pursue enforcement through high-profile action against major Australian financial institutions. For an accounting practice, the reputational damage from an AUSTRAC investigation frequently exceeds the direct financial penalty.
Beyond fines, failure to maintain a compliant AML/CTF program can result in enforceable undertakings, court-ordered audits, and restrictions on your ability to continue delivering designated services. That translates to real business disruption, client attrition, and potential loss of professional registration. The July 2026 deadline gives your practice a narrow window to build the verification workflows, internal policies, and reporting procedures that regulators will expect to see in place.
What changed and when it starts in Australia
Australia’s AML/CTF framework has existed since 2006, but it only ever covered financial institutions, gambling operators, and bullion dealers. The 2024 Anti-Money Laundering and Counter-Terrorism Financing Amendment Act changed that by extending the regime to a broad category of previously unregulated professionals, including accountants, lawyers, and real estate agents. This is the reform commonly referred to as Tranche 2, and it marks the biggest expansion of AUSTRAC’s regulatory reach since the original legislation passed.
The legislative shift in plain terms
Parliament passed the amending legislation in November 2024, and AUSTRAC has since published its implementation timeline for affected professions. Rather than creating a separate regulatory framework, the reforms fold accountants directly into the existing AML/CTF Act. That means the same obligations that banks have operated under for years now apply to your practice. Enrolment with AUSTRAC, AML/CTF program development, customer due diligence, and suspicious matter reporting all become mandatory requirements under a single consistent framework.
The AML/CTF reforms for accountants Australia follow the same structural model used for financial institutions, which means established compliance frameworks and guidance already exist to draw from.
Key dates your practice needs to lock in
The timeline gives you a defined sequence of obligations rather than one single deadline:
| Date | Obligation |
|---|---|
| 31 March 2026 | Enrol with AUSTRAC if you deliver designated services |
| 1 July 2026 | Full compliance required, including AML/CTF program, CDD, and reporting |
| 1 July 2027 | Additional obligations around correspondent relationships take effect |
Missing the March 2026 enrolment date is itself a breach, separate from the July 2026 compliance deadline. Start your enrolment process now if you have not already done so.
Which accounting services become designated services
Not every service your practice delivers triggers AML/CTF obligations. The legislation targets specific activities where accountants act on behalf of clients in ways that create genuine money laundering exposure. Understanding the boundary between in-scope and out-of-scope work is the first practical step you need to take.
The services that bring your firm into scope
The aml/ctf reforms for accountants australia apply when you provide services that involve acting on behalf of a client in financial or corporate transactions. The following activities are designated services under the expanded framework:
- Managing client money, securities, or other assets on their behalf
- Opening or managing bank, savings, or securities accounts
- Organising contributions for the creation, operation, or management of companies
- Creating, operating, or managing trusts, partnerships, or similar structures
- Buying or selling business entities or legal arrangements
- Facilitating transactions involving real property on a client’s behalf
If your firm establishes a company structure, manages a trust, or moves funds on behalf of a client, you are almost certainly delivering a designated service.
What sits outside the scope
Standard tax return preparation, general financial advice, and bookkeeping do not trigger designation on their own. The key distinction regulators draw is between advising a client and acting for a client in a transaction or structural arrangement. A firm that only prepares tax returns and financial statements may have limited exposure, but most practices in Australia deliver a broader service mix that will cross into designated territory.
You should map your actual service list against the designated services definition rather than assume your firm is out of scope. Most full-service accounting practices will find at least one designated service in their current offering.
Your 2026 obligations and what they mean in practice
Once you enrol with AUSTRAC by 31 March 2026, four core obligations apply to your practice from 1 July 2026. Each requires active implementation, not just a written policy sitting in a drawer. The aml/ctf reforms for accountants australia are built around a continuous cycle of verification, monitoring, and reporting that must run across every designated service you deliver.
Build and maintain a written AML/CTF program
Your firm must develop a written AML/CTF program before 1 July 2026. Part A covers your ML/TF risk assessment and the controls your business puts in place to manage that risk. Part B covers your customer due diligence (CDD) procedures, including how you identify and verify clients before delivering a designated service. AUSTRAC can request this document at any time, so it needs to reflect your actual workflows, not a generic template copied from another firm.
The program is a living document. You must review and update it as your client base grows, your service mix changes, or new risk guidance from AUSTRAC is published. Regulators assess whether your program is current and fit for purpose, not just whether it exists.
A written program that matches how your firm actually operates carries far more weight with regulators than a template that has never been applied.
Verify clients, monitor transactions, and report suspicious activity
Customer identification and verification must happen before you deliver a designated service. You need to collect and verify identifying information from reliable, independent sources, typically government-issued photo ID for individuals and beneficial ownership documentation for corporate clients. Beyond initial verification, you must monitor ongoing client activity for unusual patterns and submit suspicious matter reports (SMRs) to AUSTRAC whenever you form a reasonable suspicion of financial crime. All CDD records must be retained for seven years after the client relationship ends.
How to get your firm ready before 1 July 2026
The 31 March 2026 enrolment deadline has already passed, which means if your firm delivers designated services and has not yet enrolled with AUSTRAC, you are already in breach. Your priority now is to address that gap immediately and shift focus to the full compliance deadline of 1 July 2026, roughly six weeks away. There is no time for a staged approach: you need a compressed implementation plan and you need to start executing it this week.
Prioritise the highest-risk gaps first
Rather than building a perfect program from scratch overnight, identify the designated services your firm currently delivers and focus first on where your verification gaps are most exposed. The following gaps carry the greatest risk of scrutiny from AUSTRAC:
- New clients onboarded without formal identity verification since November 2024
- Existing clients with complex trust or corporate structures lacking beneficial ownership documentation
- Any client file where suspicious activity was noted but not reported
Build your AML/CTF program around real workflows
Generic templates will not satisfy regulators reviewing your firm. Your written AML/CTF program must reflect how your practice actually operates: which staff handle CDD, which services trigger obligations, and how suspicious matter reports get escalated internally. Assign a compliance officer within the firm now if you have not done so, someone accountable for maintaining the program, training staff, and submitting reports to AUSTRAC on time.
The aml/ctf reforms for accountants australia require a program that reflects your actual procedures, not a document filed away and reviewed once a year.
Once the program is drafted, test your verification process against real client scenarios and run at least one staff training session before 1 July.
What to automate and where tech helps most
The aml/ctf reforms for accountants australia create a repeating operational burden: every new client requires verification, every designated service requires a CDD check, and every suspicious matter requires a documented report. If your team handles that manually across hundreds of clients, the process becomes slow, inconsistent, and prone to gaps that regulators will find. Automation does not replace judgment, but it removes the low-value steps that eat time and introduce human error.
The highest compliance risk in most accounting firms is not a lack of policy, it is verification steps that staff skip under time pressure.
Automate identity verification at the point of onboarding
The biggest efficiency gain comes from running client identity checks directly inside the software your team already uses, rather than switching to a separate verification platform. When verification is embedded in your CRM or practice management tool, staff complete it as part of the normal onboarding workflow rather than as an extra step. Verified outcomes write back to the client record automatically, which means your audit trail builds itself without manual data entry. This is the core approach StackGo takes with its IdentityCheck integration: identity verification runs inside HubSpot or Salesforce, and no PII is stored in the CRM, keeping your data handling clean and compliant.
Where manual processes create the most risk
Beneficial ownership documentation for trusts and corporate structures is the area where manual tracking breaks down fastest. These records need to be collected upfront, verified against reliable sources, and retained for seven years. A centralised, automated record against each client file keeps that documentation accessible when AUSTRAC requests it, rather than scattered across email threads and shared drives.
Next steps for your practice
The aml/ctf reforms for accountants Australia have left very little runway. 1 July 2026 is six weeks away, and every week you delay tightens the window for building a compliant program, training your staff, and closing verification gaps across your client files. Start by confirming whether your firm delivers any designated services, then address your AUSTRAC enrolment status immediately if you have not already done so.
From there, focus on three things: a written AML/CTF program that reflects your actual workflows, a reliable process for verifying client identities before delivering designated services, and a clear internal escalation path for suspicious matter reports. Manual verification across hundreds of clients is the most common breakdown point for practices under time pressure. Embedding identity checks directly into the software your team already uses removes that friction and keeps your audit trail current. If you want to see how that works in practice, explore how IdentityCheck runs AUSTRAC compliance inside your existing stack.
