%20(2).png)
AUSTRAC’s AML August 2025 Update
- Amy Bell
- Oct 14
- 4 min read
Authors: Amy Bell and Rhiannon Davies
AUSTRAC released its latest AML/ CTF (Anti-Money Laundering and Counter-Terrorism Financing) Rules at the end of August 2025 and Amy Bell and Rhiannon Davies have gone through the updates with a fine tooth comb to summarise for you.
When examining the August update, and in conjunction with AUSTRAC’s explainer pages, the following are a few practical new bits that matter for lawyers and conveyancers gearing up for 1 July 2026.
Dates and scope for AML/CTF Reforms
AUSTRAC tabled the new Rules on 29 August 2025. The instrument starts on 31 March 2026. Tranche 2 entities, including lawyers and conveyancers, pick up obligations from 1 July 2026, with enrolment opening 31 March 2026. Threshold and suspicious matter reporting stay in current form until 2029 for existing reporters. (austrac.gov.au)
AUSTRAC’s Tranche 2 summary confirms the professions covered and gives the quick admin dates, including “enrol within 28 days” once you start a designated service. It also flags that pre-commencement customers do not need CDD unless certain triggers occur, which will reduce remediation load for existing client books.
Real estate transactions, a new operational model
For firms acting on sales, purchases or transfers of real estate, the Rules add a clear framework you can build into your file-opening and settlement workflows.
Delayed verification, tightly bound: You may begin the service and complete initial CDD within a specified window that ends at the earlier of 15 days after exchange or settlement. This applies to brokering and assisting services for buyers or sellers, provided the service is delivered through your Australian permanent establishment. Put simply, you can start work, but you must lock in CDD by that hard stop.
Relying on another reporting entity in the deal: You can be “taken to have established” certain initial CDD matters where you participate in an arrangement with another reporting entity in the same property transaction, as long as that other party collects and verifies KYC no later than 15 days after exchange and you can obtain their KYC and verification data before settlement. Your arrangement must also document who does what and record-keeping. This is the formal, deal-level reliance model many in the market asked for.
Policy knock-on: If you are using that arrangement, your AML/CTF policies must say how you will verify KYC before settlement in cases where you are not getting the KYC package from the other reporting entity. This is an explicit policy content requirement to add to your program.
Reliance and third parties, now much clearer
Written CDD arrangements, minimum content and oversight: The Rules prescribe what a CDD reliance agreement must include, who you can rely on, the ability to obtain all KYC information before you start or within the delayed-verification period, and to get copies of underlying verification data “immediately or as soon as practicable” on request. You must assess these agreements at least every two years, and again if circumstances change. There is also a mirrored set of conditions for case-by-case reliance. This will let multi-firm property matters, panel arrangements and cross-border instructions run more efficiently, but you will need templated agreements and a review calendar.
Governance and program content, more specific expectations
Board reporting cadence: Your AML/CTF compliance officer must report to the governing body at least once every 12 months on policy effectiveness and legal compliance. Bake this into your governance calendar.
Fit and proper test for the AML/CTF compliance officer: The Rules spell out what to consider, including competence, integrity, insolvency, and relevant regulatory history. Good to integrate into your role description and appointment memo.
Training and personnel due diligence: Training must match function and risk, and be readily understandable. You must also assess staff integrity and competence on hire and during employment. Useful for your LMS and HR checklists.
Independent evaluation scope: Evaluations must test your risk assessment steps, program design, compliance with your own policies, and whether you are actually mitigating risk. Evaluations are a legal requirement in the AML/CTF Act and AUSTRAC’s Tranche 2 page also notes a three-year cycle expectation. (austrac.gov.au)
Program documentation timing: You must document your risk assessment and AML/CTF policies before you provide your first designated service, and document updates within 14 days when you change them. That is a tight SLA for change control.
PEPs, senior approvals and ECDD triggers
Domestic PEPs listed: The Rules spell out domestic PEP offices and positions, which is helpful for screening logic and manual overrides.
Senior manager approvals and ECDD: Approvals are required before onboarding foreign PEPs and, where risk is high, domestic or international organisation PEPs. You also have to establish source of funds and source of wealth in these contexts, and refresh KYC if a customer becomes a PEP. Align your escalation matrix and file-note templates.
Legal professional privilege, clearer protection and process
The Tranche 2 summary confirms that legal professional privilege remains protected. AUSTRAC will publish a dedicated form to assert privilege and Ministerial guidelines will detail the process.
If you would like support in preparing for the 1 July 2026 reforms, would like to start your Data Collection (you can use our Free Data Collection Tool HERE), need an audit, AML training or simply want a specialist partner to hold your hand through the necessary requirements, please do get in touch.
Why not email us directly (hello@amlsorted.com) and Amy, Rhiannon or Simon and the wider team will get back to you ASAP.
All our initial consultations are complimentary.
