The July 1, 2026 Deadline

The Tranche 2 deadline penalties AUSTRAC regulatory framework sets July 1, 2026 as the operative date from which lawyers, conveyancers, real estate agents, and certain accountants become "reporting entities" under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006. From that date, the full obligations of the AML/CTF regime apply — enrolment with AUSTRAC, maintenance of a documented AML/CTF program, customer due diligence, transaction monitoring, suspicious matter reporting, threshold transaction reporting, and seven-year record retention.

The deadline is not a soft launch. AUSTRAC has not signalled any intention to grant a grace period for non-compliant firms that were simply slow to act. The Financial Action Task Force (FATF) and the Asia-Pacific Group on Money Laundering (APG) have already identified Australia's failure to regulate the Tranche 2 sector as a systemic vulnerability in the international AML regime. Australia's re-engagement with those international standards depends, in part, on demonstrated enforcement of Tranche 2 obligations.

Firms that have not yet enrolled with AUSTRAC need to treat that as their most urgent task. Enrolment itself is a regulatory requirement — failure to enrol by July 1, 2026 is a separate, standalone contravention that carries its own penalty exposure, independent of any deficiencies in the firm's program or procedures.

Who Is Now Regulated

The Tranche 2 reforms extend the AML/CTF regime to any entity that provides a "designated service" as defined by the amended Act. For the legal and property sectors, the captured categories are broad.

Law firms are regulated when they provide services relating to real property transactions, managing or transferring client money or assets, company or trust formation or management, and certain financing and investment arrangements. The obligation attaches to the firm as a legal entity, not to individual solicitors — though individual partners and directors can face personal liability in circumstances of serious non-compliance.

Conveyancers are regulated across all property settlement services. There is no materiality threshold — a conveyancer handling a $300,000 residential transaction is as obligated as one handling a $30 million commercial settlement.

Real estate agents are regulated when they facilitate the purchase or sale of real property. Property management activities — leasing and tenancy — are not currently designated services, though this may be revisited in subsequent legislative amendments.

Accountants face targeted regulation: tax advice and audit services are not captured, but trust account management, company formation, and certain financial advisory services may be. Accounting firms should seek specific advice on whether their particular service mix creates reporting entity obligations.

The Penalty Regime

Australia's AML/CTF civil penalty regime is one of the most substantial in the Asia-Pacific region, and it has been materially strengthened as part of the Tranche 2 reform package.

For corporate entities — which includes incorporated law practices, conveyancing companies, and real estate agencies operating as companies — the maximum civil penalty is $23 million per contravention. That figure is per contravention, not per enforcement action. A firm that has failed to maintain a compliant AML/CTF program across multiple years, while conducting hundreds of property transactions without adequate customer due diligence, could theoretically face multiple distinct contraventions. AUSTRAC has the discretion to aggregate or separate contraventions in how it frames enforcement actions, and the severity of its approach correlates with the evidence of systemic failure versus isolated breach.

For individuals — sole practitioners, individual conveyancers, and real estate agents operating in their own name — the maximum civil penalty per contravention is calculated differently, but remains material. The failure to enrol with AUSTRAC carries a specific penalty of $19,800 per day for each day that the obligation remains unmet. That daily accrual begins from July 1, 2026.

In addition to civil penalties, AUSTRAC can issue remediation directions, requiring a firm to engage an independent AML/CTF expert at its own expense to assess and remediate its program. These remediation processes typically cost between $50,000 and $250,000, and the cost is borne entirely by the non-compliant firm.

Criminal liability — including imprisonment — applies in cases of deliberate non-compliance or active facilitation of money laundering. For firms that simply failed to act in time, civil penalties are the more immediate risk. But the distinction between "negligent non-compliance" and "reckless non-compliance" can be fine, and AUSTRAC has the resources to investigate thoroughly.

AUSTRAC Enforcement History

AUSTRAC's enforcement capability and appetite have grown substantially over the past decade. The $1.3 billion penalty against Commonwealth Bank in 2018 — at the time the largest civil penalty in Australian corporate history — established that AUSTRAC is prepared to pursue major institutions aggressively. Subsequent actions against Westpac ($1.3 billion), Crown Resorts, and SkyCity Adelaide demonstrated that the enforcement approach was not a one-off.

For Tranche 2 entities, the more instructive precedents are the actions against smaller firms. In December 2025, AUSTRAC commenced civil proceedings against Castra and Princeton — two smaller-scale operators — specifically alleging failures in AML/CTF program documentation, customer due diligence procedures, and ongoing monitoring. These actions are significant not just for their outcomes but for what they signal: AUSTRAC is not limiting its enforcement attention to systemically important institutions. It is actively monitoring the extended sector.

AUSTRAC's supervisory approach combines intelligence-led risk targeting with industry-wide compliance checks. It uses transaction data, referrals from other agencies, and its own analytical capabilities to identify entities that appear to be outliers in their reporting or transaction patterns. An entity that is enrolled but reports suspiciously little — or nothing — relative to its apparent transaction volume will attract scrutiny. An entity that is not enrolled at all will be identified through cross-referencing ASIC, state licensing, and AUSTRAC registration databases.

The practical implication is that non-compliance is not a viable strategy even for small firms. The enforcement net is designed to be comprehensive, and the penalty exposure — even at the lower end — exceeds the cost of implementing a compliant program by several orders of magnitude.

What AUSTRAC Looks for in an Audit

AUSTRAC audits of Tranche 2 entities — whether triggered by a compliance check, a suspicious matter report, or a referral — follow a structured framework. Understanding what AUSTRAC looks for allows firms to self-assess their readiness before an audit arrives.

First, AUSTRAC will confirm enrolment and assess whether the firm's enrolment details accurately reflect its current designated services and business structure. Outdated enrolment details — a firm that has changed its structure but not updated its AUSTRAC registration — are themselves a compliance issue.

Second, AUSTRAC will request the firm's AML/CTF program and assess whether it is current, internally consistent, and specific enough to guide staff behaviour. A generic document that does not reflect the firm's actual business activities will be identified as non-compliant.

Third, AUSTRAC will test whether the program is actually implemented — by reviewing customer due diligence records, training logs, AMLRO activity records, and transaction monitoring documentation for a sample of matters. The gap between a policy document and actual practice is one of the most common findings in AML/CTF audits globally.

Fourth, AUSTRAC will assess whether the firm's suspicious matter reporting is proportionate to its transaction volume and client risk profile. A firm that handles dozens of complex property transactions a year but has never filed a suspicious matter report will face questions about whether its ongoing monitoring is functioning as documented.

Fifth, record-keeping will be assessed. Can the firm produce, on request, customer identification records, SoW documentation, and transaction monitoring records for a specified matter from two, three, or five years ago? If not, the firm may be in breach of its retention obligations even if its current procedures are sound.

Steps to Get Compliant Now

With the July 1, 2026 deadline now operative for many firms and approaching for others, the priority sequencing is important. There are six steps, and they must be completed in the right order.

Step one: enrol with AUSTRAC. If your firm is not yet enrolled as a reporting entity, this is the single most urgent action. Enrolment is through AUSTRAC Online and requires your firm's ABN, legal structure, and details of the designated services you provide. Do not defer this step — the daily penalty for late enrolment begins accruing from July 1.

Step two: complete your risk assessment. This requires senior management attention, not delegation to a junior staff member. The risk assessment must reflect genuine consideration of your firm's client base, services, and operating environment.

Step three: generate your AML/CTF program documentation. Both Part A and Part B must be complete, current, and specific to your firm. Tranche's wizard can guide you through this process and generate a compliant PDF manual.

Step four: appoint your AMLRO. Document the appointment formally, brief the appointee on their responsibilities, and ensure they have the authority and resources to discharge those responsibilities.

Step five: train your staff. All staff in AML/CTF-sensitive roles must receive documented training before they conduct designated services. Training records must be retained.

Step six: implement your customer due diligence and record-keeping procedures. From the operative date, every new client engagement in a designated service must follow your documented procedures. There is no retrospective fixing of records from before you had a program in place — the focus is on what happens from now on.