Anti-money laundering laws demand transparency. Legal professional privilege demands confidentiality. When both apply to the same client relationship, practitioners face a genuine dilemma, the conflict between AML and legal privilege creates obligations that can seem to pull in opposite directions. For lawyers and legal practitioners in Australia, getting this wrong carries serious consequences, from regulatory penalties to breaching a client’s fundamental rights.
The tension isn’t theoretical. As AML/CTF reforms expand across professional services, with accountants, lawyers, and other regulated entities increasingly brought under AUSTRAC’s oversight, understanding where reporting obligations end and privilege begins has become a practical, day-to-day concern. The line between complying with suspicious matter reporting requirements and protecting privileged communications is rarely as clear-cut as either regime suggests on its own.
This article breaks down the core of that conflict: what AML legislation actually requires, what legal professional privilege protects, where the two collide, and how practitioners can navigate both without compromising on either compliance or ethics. We also cover how operational decisions, like the way you handle client data during onboarding and verification, play a direct role in managing this tension. That’s where platforms like StackGo fit in, enabling firms to run identity verification and KYC checks directly within their existing software, with built-in privacy controls that keep sensitive client information properly contained from the outset.
Why this conflict matters in Australia
Australia is in the middle of a significant shift in how it regulates professional services for AML/CTF compliance. For years, lawyers, accountants, and conveyancers sat outside the formal AUSTRAC reporting framework. That is changing. The Tranche 2 reforms to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) are bringing legal practitioners directly into the regulated population, meaning firms that have never had to file suspicious matter reports (SMRs) or conduct formal customer due diligence will soon be legally required to do so. The conflict between AML and legal privilege is no longer a concern reserved for large financial institutions.
What the Tranche 2 reforms introduce
The reforms extend AUSTRAC obligations to designated non-financial businesses and professions (DNFBPs), which include lawyers, conveyancers, accountants, and real estate agents. Once captured under the regime, these professionals must implement AML/CTF programs, identify and verify clients, monitor transactions, and report suspicious activity. Each of those requirements has the potential to intersect with privileged client communications, particularly where legal advice is sought about structuring financial affairs, acquiring property, or managing corporate transactions.
The challenge is not just understanding what to report, it is knowing when reporting would cross into disclosing information your client gave you in confidence.
Why legal practitioners face a sharper tension than other regulated entities
Banks and other financial institutions hold transactional data. Lawyers hold something more sensitive: communications made in the course of seeking or giving legal advice. That information carries privilege, and privilege is a fundamental right under Australian common law, not simply a professional courtesy. When a lawyer suspects money laundering based on what a client said during a confidential consultation, the question of whether to file an SMR directly conflicts with the duty to maintain confidentiality and protect privileged material. Other regulated entities rarely face this same collision.
Unlike accountants, who deal primarily with financial records and operational information, lawyers regularly receive instructions that are, by their nature, privileged. Once those instructions raise suspicion under AML legislation, the lawyer must decide whether the privilege claim survives, whether a reporting exemption applies, and what disclosure, if any, can lawfully be made to AUSTRAC. Getting that decision wrong puts the firm at risk from both directions. AUSTRAC can penalise failures to report, while a client whose privileged communications were unnecessarily disclosed may have grounds for a complaint or civil action. That dual exposure is unique to legal practitioners.
What legal professional privilege covers and excludes
Legal professional privilege protects confidential communications between a lawyer and their client made for the dominant purpose of giving or receiving legal advice, or for use in anticipated litigation. In Australia, it operates as both a common law right and, in some contexts, an evidentiary rule under the Evidence Act 1995 (Cth). Understanding its boundaries is essential when you are working through the conflict between AML and legal privilege, because the protection is not unlimited.
What privilege actually covers
Privilege applies to communications, not to underlying facts. If a client tells you they transferred funds to a particular account while seeking your legal advice on a transaction, the communication itself is privileged. The fact that the transfer occurred is not. This distinction matters significantly because it shapes what you can and cannot shield from disclosure when AUSTRAC obligations come into play. Advice privilege covers legal advice given in your professional capacity, while litigation privilege covers materials prepared for the dominant purpose of actual or reasonably anticipated legal proceedings.
Privilege protects the communication, not the conduct it describes.
Where privilege ends
Privilege does not protect communications made to facilitate a crime or fraud. This is the crime-fraud exception, and it is directly relevant to AML scenarios. If a client engages you to help structure a transaction designed to conceal proceeds of crime, those communications attract no privilege. You also cannot claim privilege over documents that exist independently of the lawyer-client relationship, such as financial records a client hands to you that were created for another purpose. Knowing these limits helps you identify what can, and cannot, be withheld when a suspicious matter report becomes relevant.
What AML and CTF obligations can require from lawyers
Once captured under AUSTRAC’s regime, your firm takes on a specific set of obligations that directly shape how you handle client relationships. The conflict between AML and legal privilege becomes most acute when these obligations intersect with confidential instructions, and understanding exactly what the law requires helps you prepare before that tension arises.
Customer due diligence
Customer due diligence (CDD) requires you to identify and verify your clients before providing a designated service. This means collecting government-issued identity documents, confirming the person is who they claim to be, and understanding the nature and purpose of the business relationship. For legal firms, this process applies at onboarding and must be refreshed when circumstances change or risk increases. The verification itself does not breach privilege because it concerns identity facts, not legal communications.
Suspicious matter reporting
If you form a suspicion that a client is engaged in money laundering or financing terrorism, you are required to file a suspicious matter report (SMR) with AUSTRAC. You must do this regardless of whether the transaction proceeds. Critically, you are also bound by a tipping-off prohibition, which means you cannot tell the client that you have filed or are considering filing a report.
The tipping-off rule can put you in a difficult position during an ongoing client engagement, since you must continue acting without signalling that a report has been made.
Both obligations, CDD and suspicious matter reporting, are where operational decisions about data handling and verification workflows directly affect your compliance risk. Setting up clean, auditable processes from the start reduces the likelihood of mistakes that expose your firm to penalties on either side.
How to comply without waiving privilege
The conflict between AML and legal privilege does not force you to choose one regime over the other. With the right approach, you can meet your reporting obligations while preserving the protections your clients are entitled to. The key is building clear separation between privileged communications and the factual, identity-level information that AML obligations actually target.
Separate identity verification from legal advice
Your CDD obligations focus on who your client is, not what they told you in confidence. Conduct identity verification as a standalone step at the start of the engagement, before privileged communications occur. This keeps verification data factually separate from anything that could attract a privilege claim, and it makes your audit trail cleaner if you ever need to demonstrate compliance to AUSTRAC.
Treat client identification as an administrative process that sits outside the legal advice relationship entirely.
Seek independent advice before filing an SMR
If you form a suspicion and you are unsure whether reporting it would require disclosing privileged material, get independent advice before filing. Many law societies and professional bodies provide guidance on exactly this scenario. You should also document your reasoning at each decision point, recording why you concluded that certain information was or was not privileged. That contemporaneous record protects your firm if your approach is later scrutinised.
Use systems that contain sensitive data properly
How you store and handle client information during onboarding affects your exposure. Platforms that write verification outcomes back into your existing CRM without retaining raw identity documents reduce the risk of privileged or sensitive material sitting in unsecured locations, giving you both compliance and control from the start.
Common situations where the conflict shows up
The conflict between AML and legal privilege does not arise in the abstract. It surfaces in specific, recurring fact patterns that legal practitioners encounter in practice. Recognising those patterns early gives you the chance to manage the tension before it becomes a crisis.
Property transactions involving unusual payment structures
Property transactions are one of the most common contexts where AML obligations and privilege collide. A client may instruct you on a conveyancing matter and, in the course of giving those instructions, disclose information about the source of funds that raises concerns. Because the disclosure happened during a legal consultation, privilege may attach to the communication itself. However, the underlying transaction and the funds involved are not protected by that privilege, and your reporting obligations still apply to the suspicious activity you have observed.
What the client told you may be privileged, but what the client did is not.
Corporate restructures and complex transaction advice
When clients seek legal advice on restructuring corporate entities, layering ownership structures, or moving assets across jurisdictions, the potential for money laundering activity is elevated. Instructions given in that context often carry privilege, yet they may simultaneously trigger suspicion thresholds under your AML/CTF program. You need to assess whether the information you hold relates to the legal advice itself or to conduct that falls outside the scope of privilege protection.
Ongoing client relationships where circumstances change
Clients you have acted for previously can become higher-risk over time as their financial circumstances or business activities change. Your ongoing monitoring obligations require you to reassess risk throughout the relationship, which can surface suspicion based on information disclosed across multiple engagements, some of it privileged and some of it not.
Key takeaways and next steps
The conflict between AML and legal privilege comes down to one practical reality: both regimes apply simultaneously, and neither automatically overrides the other. Privilege protects communications, not underlying facts or conduct. Your AML obligations target identity, transactions, and suspicious activity, not the legal advice you give. Keeping those two categories clearly separated in your workflows is the foundation of managing this tension well.
Your firm’s biggest risk is not the conflict itself but failing to prepare for it before it surfaces. Set up identity verification as a standalone process that sits outside privileged communications. Document your reasoning when suspicion arises. Get independent advice before filing a suspicious matter report if you are uncertain about what information you can lawfully disclose.
If you want a straightforward way to run compliant identity checks directly inside your existing software, explore how IdentityCheck supports Tranche 2 obligations without adding new systems to your workflow.
