Tranche 2 AML/CTF compliance for accountants: What you need to know and how to prepare

Tranche 2 AML/CTF compliance for accountants: What you need to know and how to prepare

From 1 July 2026, accountants providing certain designated services will come under Australia’s expanded anti-money laundering and counter-terrorism financing (AML/CTF) regime. Often referred to as Tranche 2, these reforms introduce new obligations around risk assessment, client due diligence, ongoing monitoring and reporting.

A recent practical session featuring Alan Connor, Director at Grant Thornton Australia, together with Tristan Poole, National Corporate Sales Manager at InfoTrack, unpacked what the rules mean in practice and how firms can prepare efficiently.

This guide breaks down the key requirements, and the practical steps accounting firms need to take.

What is Tranche 2 AML/CTF regulation?

Tranche 2 expands Australia’s AML/CTF framework to include additional professional service providers, including certain accounting activities. 

Regulation is overseen by AUSTRAC, and focuses on preventing money laundering and terrorism financing by requiring firms to: 

  • Understand and document risk exposure  
  • Verify client identity and beneficial ownership  
  • Monitor client activity over time  
  • Report suspicious matters and certain transactions  
  • Maintain a formal AML/CTF compliance program  

 

The key shift is that compliance is no longer optional or informal. It becomes a structured, documented obligation.

Which accounting services are in scope?

Not all accounting work is captured. Tranche 2 applies only when providing specific “designated services”, such as: 

  • Assisting with structuring or executing transactions involving companies or legal arrangements  
  • Facilitating business acquisitions or restructures  
  • Acting in roles that involve financial facilitation or asset movement  

 

Routine compliance work, such as standard tax returns, is generally outside scope unless combined with a designated service. 

A critical first step for firms is confirming whether they actually provide in-scope services. InfoTrack has an interactive designated services checker tool that you can use to determine if the services you provide full under Tranche 2 regulations.  

The four pillars of AML/CTF compliance for accountants

1. Firm-wide risk assessment

Firms must assess their exposure to money laundering and terrorism financing risk across: 

  • Client types (individuals, trusts, companies, PEPs)  
  • Services offered (designated services and complexity)  
  • Delivery channels (in-person, remote, intermediated)  
  • Geographic exposure (including higher-risk jurisdictions)  


The outcome is typically a risk rating (low, medium or high), which drives the level of controls required. 

Alan Connor highlighted that risk assessment is not a one-off exercise. It must be reviewed and updated as the firm’s clients or services change.

2. AML/CTF policies, procedures and controls

Firms must document how they comply with their obligations, including: 

  • Roles and responsibilities within the firm  
  • Staff training and due diligence requirements  
  • Client onboarding and verification processes  
  • Escalation pathways for suspicious activity  
  • Procedures for terminating relationships where necessary  

 

These policies must be actively used, not stored away. Regulators expect them to be current and operational. 

3. Customer due diligence (CDD)

Client onboarding becomes a structured compliance process, including: 

  • Identity verification (individuals and entities)  
  • Beneficial ownership identification (for companies and trusts)  
  • Politically exposed person (PEP) screening  
  • Sanctions and adverse media checks  
  • Understanding the purpose and nature of the engagement  

 

Where higher risk is identified, enhanced due diligence is required. 

Importantly, firms must also apply ongoing customer due diligence, meaning they monitor client behaviour over time and reassess risk where needed. 

4. Reporting obligations

Once registered with AUSTRAC, firms may be required to submit: 

  • Suspicious matter reports (SMRs)  
  • Threshold transaction reports (for certain cash transactions)  
  • Annual compliance reports  

 

A key principle is “tipping off” prohibition. Firms cannot inform clients that a suspicious matter report has been lodged. 

How firms can prepare before 1 July 2026

A practical readiness roadmap typically includes five core steps: 

  1. Enrol with AUSTRAC  
  2. Complete a firm-wide risk assessment  
  3. Implement AML/CTF policies and procedures  
  4. Onboard and train relevant staff  
  5. Establish client onboarding and screening workflows  

Moving from preparation to day-to-day compliance

After 1 July 2026, compliance becomes operational. Firms will need to: 

  • Screen and onboard clients before providing designated services  
  • Perform identity and beneficial ownership checks  
  • Complete risk assessments for each client relationship  
  • Maintain ongoing monitoring and documentation  
  • Store audit-ready records for regulators  

 

The shift is from planning compliance to embedding it into everyday client work. 

Practical tools and digitised compliance

InfoTrack demonstrated how AML/CTF obligations can be digitised through its Compliance Center, including: 

  • Guided firm risk assessments mapped to AUSTRAC starter kits  
  • Policy generation aligned to regulatory requirements  
  • Staff onboarding and role-based checks (VOI, PEP, sanctions)  
  • Client onboarding workflows with built-in risk scoring  
  • Centralised audit trails and reporting records  

This reflects a broader trend towards embedding compliance into operational workflows rather than managing it in spreadsheets or documents. 

Key takeaways for accountants

InfoTrack’s Compliance Centre is now available to accounting firms at no cost, offering a complete, all-inclusive solution built specifically for the Tranche 2 obligations that take effect on 1 July 2026. Developed in collaboration with Grant Thornton Australia, the Compliance Centre digitises every step of the compliance journey, from AUSTRAC-mapped firm risk assessments and policy generation aligned to regulatory starter kits, to staff onboarding workflows, client identity verification, PEP and sanctions screening, and centralised audit trail reporting. Rather than managing obligations across spreadsheets and documents, accounting firms can embed compliance directly into day-to-day client workflows, all within a single platform. To see the Compliance Centre in action, watch the full session on demand. To find out how it can work for your firm, speak with our team today.