Navigating AUSTRAC's Second AML/CTF Consultation: A Critical Call to Action for Australian Lawyers

WHITEPAPER

Executive Summary: The Urgency of Engagement for Legal Professionals

Writer Experts: Amy Bell and Rhiannon Davies 

Australia's financial regulatory landscape is undergoing a significant transformation with the impending Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) reforms.

These changes extend existing obligations to a new cohort of "Tranche 2" entities, which notably includes lawyers, accountants, trust and company service providers and real estate agents.

This legislative evolution, primarily driven by the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024, is designed to bolster the nation's defences against money laundering (ML) and terrorism financing (TF).

In a pivotal development, the Australian Transaction Reports and Analysis Centre (AUSTRAC) has released its second exposure draft of the new AML/CTF Rules.

Developed following the first round of consultation (that began in late 2024), the second draft is currently open for public consultation, with a critical deadline for submissions set for June 27, 2025.

This period represents a crucial window for legal professionals to actively participate and provide feedback, thereby influencing the final shape of the legislation. The imminent deadline underscores the necessity for proactive engagement, as lawyers must thoroughly understand the proposed changes and contribute their sector-specific perspectives to ensure the rules are both effective in combating financial crime and practical for the legal industry to implement.

For firms seeking guidance through this complex regulatory shift, specialised support is available. AML Sorted, under the leadership of Amy Bell, offers comprehensive programs tailored to legal firms, encompassing training, compliance reviews, and technology-driven solutions to navigate these evolving requirements.

Australia's Evolving AML/CTF AUSTRAC Landscape: A New Era for Tranche 2 Entities

The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 underwent significant amendments in 2024, broadening the scope of regulated entities and modernising regulations, particularly concerning virtual assets and payment technologies.

This expansion is a direct response to the dynamic nature of financial crime risks and the imperative to align with international standards.

The reforms specifically designate lawyers, accountants, trust and company service providers along with real estate professionals as 'reporting entities' if they provide certain 'designated services'. This reclassification marks a substantial shift for these sectors, bringing them under AUSTRAC's direct regulatory oversight.

The implementation of the AML/CTF regime for lawyers in Australia will occur in a phased manner. While the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 was enacted in late 2024, the substantive obligations for lawyers providing new designated services (often referred to as Tranche 2 services) are scheduled to commence on July 1, 2026.

However, for businesses involved in providing newly regulated virtual asset services, the obligations commence earlier, on March 31, 2026, with enrolment required by April 28, 2026, and registration before March 31, 2026. The general enrolment process with AUSTRAC for lawyers is slated to begin on March 31, 2026.

AUSTRAC functions as the primary regulator, tasked with developing and consulting on the AML/CTF Rules and associated Guidance, which will define the practical implementation of these obligations.  Following the current consultation period, AUSTRAC plans to finalise the changes to the AML/CTF Rules and publish them in August 2025.

The differentiated commencement dates for Tranche 2 obligations reveal a strategic prioritisation of risk by AUSTRAC.

The earlier and more stringent March 31, 2026, date for virtual asset services is not arbitrary; it reflects the inherently higher risk and rapidly evolving nature of virtual assets, which are frequently at the forefront of financial crime.

By bringing Virtual Asset Service Providers (VASPs) under the regime earlier and implementing a more robust registration process, including detailed due diligence on key personnel and comprehensive information on virtual asset types and wallet addresses, AUSTRAC is demonstrating a commitment to mitigating immediate, high-impact risks within this nascent and volatile sector.

This approach allows the regulator to refine its oversight and enforcement mechanisms for this complex area before the broader Tranche 2 rollout. 

For law firms, this means that if their practice involves any virtual asset-related designated services, their compliance urgency is significantly heightened and more intricate than for those solely dealing with traditional property or entity transactions. This also indicates AUSTRAC's intention to build a more transparent and robust oversight framework for higher-risk areas, as evidenced by the planned publication of the VASP Register.

Consequently, law firms must meticulously segment their service offerings and client base to identify if they fall under the earlier VASP-related obligations, necessitating an accelerated and specialised compliance strategy for virtual asset services, distinct from their broader Tranche 2 preparations.

Deep Dive into AUSTRAC's Second Exposure Draft: Key Updates and Clarifications

The second exposure draft of the AML/CTF Rules reflects a responsive approach from AUSTRAC, incorporating substantial feedback received during the first round of consultation which commenced in late 2024.

Key areas of focus from the initial consultation included customer due diligence (CDD), AML/CTF programs, value transfer services, and reporting groups.

Significant updates in the draft include enhanced flexibility, such as allowing delayed initial customer due diligence in a wider range of circumstances.

The rules also provide greater flexibility in determining the lead entity of reporting groups and offer more detailed guidance on how to form such groups.

This demonstrates an effort to move away from overly prescriptive requirements, granting reporting entities more adaptability in meeting their AML/CTF obligations.

The second exposure draft also introduces new requirements, particularly concerning:

• Reportable details for Threshold Transaction Reports (TTRs) and Suspicious Matter Reports (SMRs).  This includes specific details on what needs to be included in these reports which hadn’t yet been drafted when the first exposure draft was released. For both TTRs and SMRs this includes information about the firm, the person completing the report along with anyone else in the firm who can provide information. For TTRs this includes details about the people involved i.e. customer, non-customer, other persons. It also includes information about the transaction. For SMRs this includes the date the suspicious matter reporting obligation arose for the firm, a description of the circumstances that apply to the matter, and value associated with the transaction.   New online forms for SMRs and TTRs are also anticipated. 

• Information required for enrolment and registration applications. Again, this section had not yet been drafted when the first exposure draft was released. It now sets out the information that must be contained in an application for enrolment for a reporting entity. For law firms this includes a description of the designated services, when the firm started providing those services, address of registered office, names of any beneficial owners.

  
  

In addition, there is information on registering on the Remittance Sector Register* and the Virtual Asset Service Provide Register. For Virtual Asset Service Providers (VASPs), this entails providing detailed information on the types of virtual assets offered, wallet types, and addresses, alongside enhanced due diligence on key personnel, including criminal history and findings from court proceedings or regulators.

*more to come from AUSTRAC - we will update as and when

Crucial amendments and clarifications within the draft include:

• Deletion of 'Place of Birth' Requirement: Feedback from the first consultation overwhelmingly highlighted the practical difficulties associated with collecting and verifying an individual's place of birth. As a direct result, this requirement has been removed from the draft rules. However, it is important to note that if a date of birth is included in ‘payer information’ for the purposes of the ‘travel rule’ under Part 5 of the Amended AML/CTF Act, it must still be verified in accordance with global standards.

• Transitional Arrangements for International Value Transfer Reports (IVTRs): The Department of Home Affairs has proposed transitional rules that will extend the operation of current international funds transfer instruction (IFTI) reporting requirements until after 2026. This strategic delay is intended to provide AUSTRAC and industry with sufficient time to collaboratively develop reportable details for the new international value transfer service report (under section 46 of the Amended AML/CTF Act) and reports of transfers of value involving unverified self-hosted virtual asset wallets (under section 46A).

• The Travel Rule (Section 66A): A significant amendment to the AML/CTF Act is the introduction of the “travel rule,” which mandates that certain identifying information about the payer and payee must be transmitted with transfers of value, such as telegraphic transfers, remittances, virtual asset transfers and other value transfers. AUSTRAC has indicated that further guidance, including examples on how to assess the status of a third-party wallet, will be issued.

  
  

A separate exposure draft, titled the AML/CTF Rules (Class Exemptions and Other Matters) 2007, has also been released which in addition to the Draft Rules will make up the new AML/CTF Rules framework.

The Class Exemptions  document outlines amendments to current rules-based exemptions that will be retained, providing continuity for certain low-risk scenarios. To aid interpretation, an exposure draft explanatory statement with notes on clauses has been provided.

This statement helps reporting entities understand the interaction between the amended AML/CTF Act and the new Rules, offering insight into AUSTRAC's policy intent.

AUSTRAC's approach to these reforms demonstrates a careful balancing act between pragmatism and adherence to global standards. The removal of the 'place of birth' requirement, for instance, is a clear indication of AUSTRAC's willingness to respond to genuine industry feedback regarding practical difficulties in data collection and verification.

This flexibility is balanced by a steadfast commitment to core international AML/CTF standards. This commitment is evident in the explicit retention of the 'travel rule' requirement for date of birth verification where applicable and the stated goal of aligning VASP registration processes with international benchmarks, such as those in the UK, Singapore, and Hong Kong. 

Furthermore, the transitional arrangements for International Value Transfer Reports delay the implementation of complex new reporting elements not to avoid them, but to allow for a more considered and consultative development process, ensuring effective implementation of these critical global standards. 

This approach suggests that AUSTRAC is not simply imposing a rigid set of rules but is actively seeking to create a workable, effective, and internationally compliant regime. The regulator is willing to ease burdens where practical difficulties genuinely outweigh the AML/CTF benefit, but it will maintain a firm stance on areas critical for international cooperation and the mitigation of high-risk activities.

This provides a crucial opportunity for industry stakeholders, including lawyers, to influence how rules are implemented in detail, but not if fundamental international standards are met.

Unpacking the Obligations: What "Designated Services" Mean for Lawyers - AUSTRAC AML/CTF Consultation

It is imperative for lawyers to understand that not all legal services will automatically trigger AML/CTF obligations. The new regime specifically targets "transactional work that carries a higher inherent risk of being exploited for money laundering purposes". If a lawyer provides any of these specified services, their firm will be classified as a 'reporting entity' under the Act.

The AML/CTF Act, as amended, specifies a range of legal services now categorised as “designated services,” which trigger AML obligations for lawyers. These include:

• Property Transactions: This encompasses assisting clients in the buying, selling, or transferring of real estate. This area is recognised globally as a high-risk sector for money laundering.

• Trustee: Acting as a Trustee of an express trust. Read specifics HERE.

• Entity Transactions: This category covers assisting clients in the buying, selling, or transferring of legal entities such as companies or trusts; facilitating the sale or transfer of a shelf company; and assisting in the creation or restructuring of a legal entity or legal arrangement. These structures are frequently used to obscure beneficial ownership.

• Funds Management: This involves receiving, holding, controlling, or managing clients’ funds and/or property, which can include money, accounts, securities, or other assets. A crucial exception applies here: payments solely for the lawyer’s or firm’s legal fees are generally excluded. This carve-out is vital for the day-to-day operations of legal practices.

• Transactional Work: This includes carrying out certain transactional work, such as equity and debt financing.

• Fiduciary/Nominee Roles: This explicitly covers acting, or arranging for another person to act, as a director, partner, trustee, or pursuant to a power of attorney; and acting, or arranging for another person to act, as a nominee shareholder. The explicit inclusion of these roles underscores a specific focus on preventing lawyers from being utilised as intermediaries in complex financial arrangements designed to conceal the origins of illegal funds.

• Registered Office Services: Providing a registered office address or principal place of business.

Law firms providing designated services must establish and maintain a robust AML/CTF framework to effectively mitigate the risks of money laundering and terrorism financing. 

This framework is built upon several core compliance pillars:

1. Enrolment and Registration with AUSTRAC: Lawyers providing designated services are required to enrol with AUSTRAC within 28 days of commencing the provision of a designated service. Enrolment involves providing basic information about the business, such as its structure, services, key personnel, and contact details. For certain high-risk services, such as virtual asset services, an additional registration process is required before commencement, involving AUSTRAC's assessment of the application.

2. Developing and Maintaining an AML/CTF Program: This must be a comprehensive, documented program tailored to the business's nature, size, and complexity, and it must be approved by a senior manager of the business.

   
   

 Key components include:

• Risk Assessment: A thorough and regularly updated assessment of specific money laundering, terrorism financing, and proliferation financing (ML/TF/PF) risks inherent in their client base, the types of services they provide, their service delivery channels (e.g., online, in-person), and any relevant geographic exposures.  Adverse findings from an independent evaluation report will trigger a requirement to review and update the risk assessment "as soon as practicable".

• Policies and Procedures: Clearly defined policies, procedures, systems, and internal controls to manage identified risks and ensure ongoing compliance.

• Governance Arrangements: Establishment of appropriate governance structures, including oversight and approval by senior management or a governing board.

• AML/CTF Compliance Officer: Designation of a senior-level, fit and proper individual responsible for overseeing the program's implementation and effectiveness, and regularly reporting to the governing body.

• Employee Due Diligence & Training: Procedures for conducting due diligence on employees performing AML/CTF functions and regular, relevant training for all employees on risks, obligations, and firm policies.

• Independent Review: A process for an independent evaluation of the program at least every three years to ensure its effectiveness.

• Customer Due Diligence (CDD): Lawyers must conduct CDD on clients before providing designated services and on an ongoing basis throughout the business relationship. This involves:

• Identifying and Verifying Identity: Identifying the customer and beneficial owners, and verifying their identity using reliable and independent sources.

• Understanding Business Relationship: Comprehending the nature and purpose of the business relationship with the client.

• Assessing Risks: Evaluating potential ML/TF/PF risks associated with the client.

• Ongoing Monitoring: Continuously monitoring client transactions and activities for unusual or suspicious behaviour, and updating the customer's risk profile in response to various triggers.

• Applying Enhanced Due Diligence (EDD) for high-risk clients (e.g., politically exposed persons).

• Applying Simplified Due Diligence (SDD) in certain low-risk scenarios.

• Note: Initial or ongoing CDD is not required for pre-commencement customers until a suspicious matter report is required or there is a significant change in the business relationship resulting in a medium or high ML/TF/PF risk assessment.

• Reporting Obligations: Lawyers, as reporting entities, have several reporting obligations to AUSTRAC:

• Suspicious Matter Reports (SMRs): Submitted promptly when there are reasonable grounds to suspect that a transaction or client activity is related to criminal activity, proceeds of crime, terrorism financing, proliferation financing, or if a client's identity is suspected to be false. The threshold for reporting is low and broad, and there is a strict prohibition against “tipping off” a client about an SMR.

• Threshold Transaction Reports (TTRs): Required for any transaction involving physical currency of AUD 10,000 or higher.

• International Value Transfer Service (IVTS) reports: Necessary for all transactions involving the transfer of value into or out of Australia.

• Cross Border Movement (CBM) reports: Required when AUD 10,000 or more in cash or bearer negotiable instruments is physically moved into or out of Australia.

• Annual Compliance Reports: May be required to summarise compliance with AML/CTF obligations throughout the year.

• Record-Keeping Requirements: Reporting entities must maintain accurate and complete records relevant to their AML/CTF obligations for a minimum of seven years. These records include documentation from the customer due diligence process, details of all transactions related to designated services, and records pertaining to the firm’s AML/CTF program (risk assessments, policies, training materials, independent reviews). Copies of all reports submitted to AUSTRAC must also be kept. Records must be readily accessible for audit and investigations, and maintained securely in compliance with privacy regulations. Small legal practices previously exempt from the Privacy Act will now need to comply with it when handling personal information for AML/CTF purposes.

  
  

The explicit exemption for payments solely for a lawyer's or firm's legal fees, as outlined in the designated services, is a critical carve-out with significant operational implications.

Without this specific exemption, every retainer payment, disbursement, or fee received by a law firm could potentially trigger extensive AML/CTF obligations, leading to an unmanageable and disproportionate compliance burden for the vast majority of legal transactions. 

This exemption acknowledges the fundamental nature of legal practice and its fee structures. 

However, it simultaneously places a heightened responsibility on firms to maintain meticulously clear internal accounting, client money handling procedures, and robust documentation. 

Firms must be able to unequivocally distinguish between funds received solely for legal fees (exempt) and client funds/property that do fall under the definition of designated services (e.g., funds held in trust for property settlements or managed for investment purposes). 

Any ambiguity or commingling could lead to compliance breaches. Therefore, law firms must proactively review and, if necessary, revise their trust accounting, billing, and client onboarding practices to ensure clear segregation and transparent documentation. This is essential to demonstrate that funds received are indeed solely for legal fees where an exemption is claimed, thereby avoiding unintended AML/CTF obligations. This area represents a potential blind spot for non-compliance if not carefully managed and audited.

The various core compliance pillars (AML/CTF Program, CDD, Reporting, and Record-Keeping) while presented as distinct categories, are profoundly interdependent. 

Robust Customer Due Diligence (CDD) procedures help firms to understand who their customers are and the ML/TF/PF risks they pose to the firm. The level of CDD that needs to be applied will depend on the risk factors that are identified in the risk assessments that are completed. These risk assessments, in turn, are foundational to the design and implementation of the firm's comprehensive AML/CTF program. The program then dictates the procedures that are in place to mitigate the risks the firm faces, specific triggers for reporting suspicious matters (SMRs) and threshold transactions (TTRs), and the meticulous record-keeping requirements that underpin all compliance activities. 

Furthermore, the mandatory independent review of the AML/CTF program serves as a critical feedback mechanism: adverse findings in such a review necessitate immediate updates to the risk assessment and the program itself. 

This framework is not a mere checklist of isolated tasks, but rather a continuous, cyclical, and integrated process. A weakness or failure in one area, such as inadequate staff training on red flags, can directly compromise the effectiveness of the entire framework, potentially leading to missed suspicious matter reports or insufficient customer due diligence.

AUSTRAC's emphasis on an "outcomes-based approach to compliance" strongly reinforces this holistic view; the regulatory expectation is not just about having policies in place, but demonstrating the effectiveness of the entire system in identifying, mitigating, and managing ML/TF risks. 

Law firms cannot afford to treat these compliance elements in isolation. They must foster a firm-wide culture of compliance, integrate AML/CTF considerations seamlessly into their operational workflows, and ensure continuous feedback loops between their risk assessments, program development, implementation, and ongoing review. This highlights the critical value of comprehensive solutions that address policies, training, and audits as interconnected and mutually reinforcing elements of a robust compliance ecosystem.

To provide a clearer understanding of the specific obligations, the following table outlines key designated services for lawyers and their associated compliance requirements:

Table 1: Key Designated Services for Lawyers and Associated Obligations

Navigating the Legal Nuances: Privilege, Powers, and Penalties

The new legislation carefully addresses the interaction with Legal Professional Privilege (LPP), a cornerstone of the legal profession. The laws provide clear protections for LPP, explicitly stating that the common law doctrine of LPP will remain unchanged under the reformed AML/CTF regime. 

This is a crucial safeguard for client confidentiality. A reporting entity is specifically not required to file a Suspicious Matter Report (SMR) if the information that would form the basis of the suspicion is subject to LPP. 

However, a formal process exists for asserting privilege: if AUSTRAC requests information or documents and the firm believes they are subject to LPP, a prescribed LPP Form must be submitted to the AUSTRAC CEO in lieu of the requested information. This ensures accountability while respecting the privilege.

Concurrently, the Amended AML/CTF Act significantly expands AUSTRAC's investigation and enforcement powers. This includes granting AUSTRAC new examination powers akin to those currently held by the Australian Securities and Investments Commission (ASIC). 

AUSTRAC is now authorised to issue written notices to anyone reasonably believed to possess relevant information or documents, not solely reporting entities. These notices can compel individuals to produce documents or appear before an examiner for examination.

The Act establishes a framework for these examinations: they are to be conducted in private, an examinee's lawyer may intervene to address the examiner or examine the examinee, and examinations may be recorded.

A particularly significant and challenging change for individuals within regulated entities, including lawyers, is the abrogation of the privilege against self-incrimination. This means individuals may be required to provide documents or answers to AUSTRAC, even if doing so could incriminate them personally.

While such evidence is admissible in proceedings related to money laundering, terrorism financing, or proliferation financing, it cannot be used in unrelated criminal proceedings. This provides a limited safeguard but still represents a profound shift in personal exposure for individuals.

The legislation’s protection of Legal Professional Privilege (LPP) and the concurrent abrogation of the privilege against self-incrimination for individuals create a complex and potentially perilous dynamic for lawyers and staff within a firm. While the firm might successfully assert LPP over client communications, an individual lawyer or staff member could still be compelled to provide information that incriminates themselves personally. 

This compelled information could relate to their own knowledge, actions, or omissions concerning a suspicious matter, even if it does not directly reveal client-privileged communication. For example, a lawyer might be compelled to explain their decision-making process or actions in a transaction, which could expose them to personal liability, even if the underlying client communication remains privileged. This means lawyers must not only be vigilant about maintaining client privilege but also acutely aware of their individual personal exposure and the critical need for independent legal advice if they receive an AUSTRAC notice. 

The LPP form serves as a procedural safeguard for the firm's privileged information, but it does not shield the individual from compelled testimony about non-privileged, potentially self-incriminating facts. Therefore, law firms need to implement robust internal policies that clearly delineate LPP boundaries and provide immediate, expert legal support to any employee who receives an AUSTRAC notice.

This support should ensure the employee fully understands their rights and obligations in this nuanced legal landscape, particularly the distinction between client privilege and individual self-incrimination. This also underscores the necessity for comprehensive staff training that extends beyond just identifying red flags to understanding the personal implications of non-compliance and interactions with regulatory enforcement bodies.

The consequences of non-compliance are substantial. Failure to comply with a Section 172A notice (to disclose documents or attend an examination) is an offence carrying a maximum penalty of two years imprisonment or 100 penalty units (currently up to $31,300). The overarching message from AUSTRAC and the new legislation is clear: businesses, including legal professionals, must ensure they understand and implement these new requirements to avoid severe consequences.

Your Voice Matters: Responding to the Second Consultation and Preparing for 2026

The current consultation period for AUSTRAC's second exposure draft of the AML/CTF Rules, is open from May 19, 2025 to 27 June 2025.

This consultation represents a critical and final opportunity for legal professionals to provide feedback and shape the final AML/CTF Rules. 

AUSTRAC intends to finalise and publish these rules in August 2025.

Industry engagement has already demonstrated its impact; feedback from the first round of consultation directly influenced the second exposure draft, leading to practical adjustments such as the deletion of the 'place of birth' requirement due to implementation difficulties. This clearly indicates that submissions are valued and can lead to further adjustments.

Lawyers possess unique, practical insights into the complexities of legal practice, client relationships, transactional nuances, and the application of LPP. 

Their input is invaluable to ensure the final rules are both effective in combating financial crime and practical for the legal sector to implement. Submissions can be made using the consultation form (DOCX or PDF) available on the AUSTRAC website, and firms can choose to submit their response under their name or anonymously.

Participating in the AUSTRAC consultation, particularly by preparing a formal submission, directly influences the final AML/CTF rules. 

However, the act of preparing such a submission itself provides a significant, often overlooked, internal benefit for law firms. It compels the firm to deeply engage with the proposed rules, meticulously identify their specific impacts on existing services and operations, and begin the critical internal process of risk assessment and gap analysis. This early, forced engagement serves as a de facto, highly effective preparatory exercise. It compels the firm to confront potential operational challenges, identify necessary resource allocations (e.g., for technology, training, or personnel), and pinpoint areas where existing practices fall short of future requirements.

This proactive identification of gaps and challenges, well in advance of the July 2026 commencement date, allows for strategic planning and resource allocation, significantly accelerating the firm's overall readiness. 

Essentially, it transforms a regulatory request for feedback into a crucial internal strategic planning opportunity, reducing the likelihood of last-minute scramble and costly reactive measures.

Law firms should view the consultation not merely as a civic duty or a burden, but as an integral and invaluable component of their internal compliance readiness strategy. The intellectual and practical effort invested now in formulating a submission can significantly reduce friction, mitigate future compliance risks, and potentially lower long-term costs associated with adapting to the new regime.

Proactive preparation is paramount to ensure a smooth transition and avoid penalties. Law firms are advised to:

• Proactively Review Services: Carefully review all legal services currently offered against the detailed list of 'designated services' to definitively determine if their practice will be classified as a reporting entity under the new regime. This initial assessment is fundamental.

• Conduct Thorough ML/TF/PF Risk Assessments: Develop and maintain a comprehensive understanding of the specific money laundering, terrorism financing, and proliferation financing risks inherent in their client base, the types of services they provide, their service delivery channels (e.g., online, in-person), and any relevant geographic exposures. This risk assessment forms the bedrock upon which the entire AML/CTF program is built.

• Develop a Tailored AML/CTF Program: Create a comprehensive, documented AML/CTF program that is specifically tailored to the firm's assessed risks, nature, size, and complexity.  This program must include robust CDD procedures, ongoing monitoring protocols, clear internal controls, and be formally approved by senior management. It must also be independently reviewed at least every three years.

• Implement Robust Customer Due Diligence (CDD) Processes: Establish clear, consistent methods and processes for identifying and verifying the identity of customers and their beneficial owners. This includes understanding the nature and purpose of the business relationship and applying appropriate levels of due diligence (initial, ongoing, enhanced, simplified) based on assessed risk.

• Nominate an AML/CTF Compliance Officer: Designate a senior, fit and proper person within the firm to be responsible for overseeing the AML/CTF program's implementation, ensuring its effectiveness, and regularly reporting to the firm's governing body or senior management.

• Provide Regular and Relevant Staff Training: Ensure that all employees, particularly those involved in providing designated services or client-facing roles, receive regular and relevant training on the firm's AML/CTF obligations, how to identify red flags, the specific reporting procedures, and the firm's internal policies and procedures.

• Review Practice Management Systems and Technology: Assess existing practice management, accounting, and client relationship management systems for their capability to support the new record-keeping, reporting, and CDD requirements. Investigate and invest in appropriate technological solutions to streamline compliance processes and enhance efficiency.

• Stay Continuously Informed: Regularly check the AUSTRAC website, subscribe to their updates, and monitor communications from relevant Law Societies and professional bodies for specific guidance, updates, and any further changes to the AML/CTF regime.

  
  

Conclusion: Proactive Compliance for a Secure Future

The impending AUSTRAC AML/CTF reforms represent a fundamental and unavoidable shift for Australian lawyers.

Proactive engagement with the current second public consultation and early, comprehensive preparation for the July 2026 commencement are not merely advisable but absolutely essential for mitigating significant legal, financial, and reputational risks.

The detailed updates in the second exposure draft, including clarifications on Customer Due Diligence (CDD), reporting, and the deletion of the 'place of birth' requirement, underscore AUSTRAC's dynamic approach and the value of industry input.

To navigate this evolving landscape effectively, law firms are urged to take immediate action:

• Submit Feedback by June 27, 2025: This is the critical window to ensure that the unique perspectives and practical realities of the legal profession are heard and considered in shaping the final AML/CTF Rules. Input can directly influence the practicality and effectiveness of the regime.

• Prioritise Readiness Now: Firms should not delay in commencing their preparation. This involves meticulously reviewing services against the 'designated services' list, conducting thorough risk assessments, developing a tailored AML/CTF program, implementing robust CDD processes, training all relevant staff, and exploring appropriate technological solutions.

  
  

Navigating these complex and evolving regulatory requirements can be challenging. Leveraging the deep expertise and comprehensive solutions offered by specialists like AML Sorted can provide the necessary support. 

Their tailored programs, ongoing training, independent audits, and technology-led solutions can ensure that firms are not only compliant but also resilient against the evolving threats of financial crime. By embracing these changes proactively and strategically, the Australian legal profession can play a vital role in safeguarding the nation's financial integrity and protecting communities from the harms of illicit finance.

Amy and Rhiannon will continue to update you regarding AML/CTF reforms.

If you’d like AML Sorted to offer you simple, safe and thorough AML solutions, please do email us - we’re right here by your side.  

hello@amlsorted.com