AUSTRAC Tranche 2: What Australian accountants need to know
The AML/CTF Amendment Act 2024 extends anti-money laundering obligations to accountants, tax agents, and other "gated professions" for the first time. This guide explains what Tranche 2 means for your practice, the key deadlines, and how to prepare.
1. What is Tranche 2?
Australia's Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) regime has historically applied to financial institutions, gambling operators, and bullion dealers ("Tranche 1"). Tranche 2 extends these obligations to "gated professions" -- also known as Designated Non-Financial Businesses and Professions (DNFBPs).
The AML/CTF Amendment Act 2024 was passed by Parliament in late 2024 and introduces requirements for accountants, tax agents, real estate agents, lawyers, and trust and company service providers to identify, assess, and mitigate money laundering and terrorism financing risks.
For accounting practices, this means implementing a formal AML/CTF program, conducting Customer Due Diligence (CDD) on clients, and reporting suspicious matters to AUSTRAC.
2. Who does it affect?
Tranche 2 applies to any person or entity that provides "designated services" on a professional basis. For accountants and tax agents, designated services include:
- Preparing or reviewing financial statements
- Managing client money or securities
- Creating, operating, or managing companies, trusts, or other legal structures
- Buying or selling business entities
- Acting as or arranging for another person to act as a nominee director or secretary
- Providing a registered office or business address for a company
- Real property transactions above threshold amounts
3. Key deadlines
Compliance day
- AML/CTF program must be in place
- CDD on all new clients from this date
- Suspicious Matter Report (SMR) obligations begin
- Register with AUSTRAC as a reporting entity
Retrospective CDD -- high risk
- CDD completed on all existing high-risk clients
- Enhanced Due Diligence (EDD) where required
Retrospective CDD -- all clients
- CDD completed on all remaining existing clients
- Full practice-wide compliance
4. CDD requirements by entity type
Customer Due Diligence requirements vary based on the type of client entity. Below is a summary of what you need to collect and verify.
Individuals
- Full legal name and any aliases
- Date of birth
- Residential address (not PO Box)
- Government-issued photo ID (passport, driver licence)
- Source of wealth (for high-risk clients)
- PEP and sanctions screening
Companies
- Full company name, ACN/ABN, registered address
- ASIC company extract
- Identification of all directors
- Identification of beneficial owners (25%+ ownership)
- Identification of any person with effective control
- Company structure chart (for complex structures)
- PEP and sanctions screening on all identified persons
Trusts
- Full name of trust and ABN/TFN
- Trust deed (or certified extract)
- Identification of all trustees (individual or corporate)
- Identification of settlor
- Identification of beneficiaries (or class of beneficiaries)
- Identification of appointor/guardian (if applicable)
- PEP and sanctions screening on all identified persons
SMSFs
- Fund name, ABN, and registration details
- Trust deed
- Identification of all individual trustees or corporate trustee directors
- Identification of all members
- PEP and sanctions screening on all identified persons
- Verification that fund is regulated by ATO
5. Your AML/CTF program
Every reporting entity must develop and maintain an AML/CTF program that is appropriate to the nature, size, and complexity of the business. Your program must include two parts:
Part A: General
- ML/TF risk assessment of your practice
- Customer identification and verification procedures
- Ongoing customer due diligence procedures
- Employee training program
- AML/CTF compliance officer appointment
- Record-keeping procedures (7-year retention)
- Reporting procedures (SMRs, TTRs, IFTIs)
Part B: Customer Identification
- Procedures for verifying client identity before providing designated services
- Procedures for different client types (individuals, companies, trusts)
- Enhanced due diligence for high-risk clients
- Simplified due diligence for low-risk clients
- Procedures for when identification cannot be completed
- Ongoing monitoring of client relationships
6. Penalties for non-compliance
AUSTRAC has significant enforcement powers. Penalties under the AML/CTF Act are severe and have been enforced against major institutions including Westpac ($1.3 billion) and Crown Resorts ($450 million).
7. How to prepare your practice
Assess your exposure
Review which of your services qualify as "designated services" under the Act. Map your client base by entity type and risk level.
Develop your AML/CTF program
Create Part A (general compliance procedures) and Part B (customer identification procedures). These must be documented and approved by a senior officer.
Appoint a compliance officer
Designate a person within your practice who is responsible for AML/CTF compliance. This person must have sufficient authority and resources.
Train your team
All staff who provide designated services must receive AML/CTF training. Training must be ongoing, not just a one-time event.
Implement technology
Manual compliance processes are error-prone and do not scale. Implement KYC/AML software that automates risk assessment, screening, and record keeping.
Start with new clients now
Begin CDD on new client engagements immediately. This builds your processes and team capability before the deadline, and you will not have to do it retrospectively later.
Let Fedix handle your compliance
Automate CDD, sanctions screening, PEP detection, and record keeping. Focus on your clients, not paperwork.