Ray Martin hosts AUSTRAC CEO Brendon Thomas answering your biggest Tranche 2 questions.

easyAML's AML Countdown webinar on 28 January 2026 hosted by Ray Martin in conversation with AUSTRAC CEO Brendan Thomas and industry leaders Emma Elliott (ALPMA) and Brook Durling (AICWA). The session provided essential insights into Australia's new anti-money laundering requirements taking effect 1 July 2026 for legal, conveyancing, real estate, and accounting and Tranche 2 professionals. Key topics covered:

Why these changes matter – stopping billions in criminal proceeds flowing through Australia's economy
What AUSTRAC expects – genuine effort, not perfection from day one
Practical compliance steps – customer identity verification, suspicious activity reporting (with legal privilege protections), and risk assessments

To find out more how these changes impact your business, visit AUSTRACs reform guidance at: https://www.austrac.gov.au/about-us/amlctf-reform/reforms-guidance

To get started on your AML journey with easyAML - you can sign up for free at:
https://app.easyaml.com/signup

AML Countdown Webinar Q&A

Glossary of Terms

AML/CTF - Anti-Money Laundering and Counter-Terrorism Financing. Laws designed to prevent criminals from disguising illegally obtained funds as legitimate income and to stop the financing of terrorist activities.

AUSTRAC - Australian Transaction Reports and Analysis Centre. Australia's financial intelligence agency and regulator responsible for monitoring financial transactions and enforcing AML/CTF laws.

BAS Agent - Business Activity Statement Agent. A registered tax or BAS agent who prepares and lodges business activity statements on behalf of businesses.

CDD - Customer Due Diligence. The process of gathering and verifying information about customers to understand their identity, business activities, and the nature of their transactions.

Designated Service - A specific type of service or transaction that triggers AML/CTF obligations. For Tranche 2, this includes services like property transactions, legal services for transactions, and certain accounting services.

KYB - Know Your Business. The process of verifying the identity and legitimacy of a business entity, similar to KYC but for companies rather than individuals.

KYC - Know Your Customer. The process of verifying a customer's identity and assessing their risk profile. This includes VOI plus additional checks against watchlists and PEP lists.

ML/TF - Money Laundering and Terrorism Financing. Criminal activities that AML/CTF laws are designed to prevent.

PEP - Politically Exposed Person. An individual who holds or has held a prominent public position (such as a government official, senior executive of a state-owned company, or important political party official). These individuals are considered higher risk due to their position and influence.

PEXA - Property Exchange Australia. An online platform for property settlements and lodgements in Australia.

Pre-commencement rules - Rules that apply to contracts or agreements entered into before new legislation takes effect (in this case, before 31 March 2026). These contracts may be exempt from the new AML/CTF requirements.

Reporting Entity - A business or individual that is required to register with AUSTRAC and comply with AML/CTF obligations because they provide designated services.

Reporting Group - A group of related entities that can consolidate their AML/CTF reporting and compliance obligations under a single registration (replacing the previous term "designated business group").

Risk Assessment - A documented evaluation of the money laundering and terrorism financing risks your business faces based on factors like customer types, services offered, delivery channels, and geographic locations.

SMR - Suspicious Matter Report. A confidential report submitted to AUSTRAC when you have reasonable grounds to suspect that a transaction or activity may involve money laundering or terrorism financing.

Source of Funds - Documentation or evidence that shows where money used in a transaction came from (e.g., savings, property sale, inheritance, loan).

Source of Wealth - Documentation or evidence that shows how a person has accumulated wealth and assets over time that is being used in a transaction (e.g., career as a surgeon, ownership of a business, family trust distributions, long-term investments)

Starter Kits - Comprehensive guidance documents being released by AUSTRAC to help Tranche 2 businesses understand and implement their AML/CTF obligations.

Threshold Transaction Report - A report required when physical cash of $10,000 or more is received in a single transaction or related transactions.

Tipping Off - Illegally informing someone (directly or indirectly) that a Suspicious Matter Report has been or will be submitted about a person. This is a criminal offense.

Tranche 1 - The first phase of AML/CTF legislation that came into effect in 2006, covering banks, casinos, remittance providers, and other financial institutions.

Tranche 2 - The second phase of AML/CTF legislation coming into effect on 1 July 2026, expanding coverage to real estate agents, lawyers, conveyancers, accountants, and other professional service providers.

VOI - Verification of Identity. The process of confirming that a person is who they claim to be, typically using government-issued identification documents like driver's licenses or passports.

Watchlists - Official lists of individuals and entities that are subject to sanctions, suspected of money laundering or terrorism financing, or otherwise flagged by government authorities for monitoring.

Registration & compliance timeline

When do we have to register with AUSTRAC?
31 March 2026 is when registration opens. Starter kits will have guidance on the registration process.

When will the starter kits be available?
End of January 2026 (expected this week). Will be available to download free from www.austrac.gov.au

Don't wait to start preparing: While starter kits provide AUSTRAC's guidance, easyAML gives you the complete working solution. The starter kits tell you what to do—easyAML does it for you with automated verification, screening, risk assessments, and audit trails all in one platform. Start with easyAML now and be fully operational when registration opens 31 March 2026. To get started on your AML journey free at: https://app.easyaml.com/signup

Will there be a grace period for switching from "designated business group" to "reporting group"?
This is a question that would need to be answered directly by AUSTRAC regarding their system implementation timeline.

Scope of designated services

What is meant by residential property management not being covered as a designated service?
Residential property management is specifically excluded from designated services under the AML/CTF Act. Routine property management (rent collection, maintenance, tenant management) is NOT a designated service. However, involvement in property transactions (buying/selling property, assisting in transfer of property) is a designated service.

Are mortgage and finance brokers covered under designated services?
No generally, mortgage brokers are registered under Australian Financial Services Licence (AFSL) instead. There may be specific other designated services they provide, each broker would need to ensure they are fully compliant.

Do bookkeepers (BAS agents) with access to client bank accounts need to register?
Having access to a client bank account to process routine payments does not constitute a designated service. However, if you're receiving, holding, and controlling funds as part of specific transactions (like asset purchases), you may need to register. The key distinction is whether you're managing funds for routine operations versus transaction-specific purposes.

Does holding funds in trust for probate work require registration?
This is likely to be clarified when sector specific guidance is released. Typically, assisting with the sale or transfer of property can be considered a designated service under Item 1 of Table 6. The key point is whether the transfer is due to a court order.

If the property transfer is based on the terms of a will (which has been validated by the court but not directly ordered), it usually remains a designated service. However, if a court is directly involved (ie in cases of contested wills or intestacy), the transfer may be considered to be under a court order and therefore not a designated service.

Are financial advisers who deal with retirees covered?
Only if they're providing designated services such as receiving, holding, or managing client funds or providing specific advice as part of specific transactions, rather than just providing advice. Most financial advisers providing advice to retirees won't be caught by Tranche 2.

Financial planners (specifically Australian Financial Services Licensees - AFSLs) are already reporting entities under Australia's Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act). They are required to register with AUSTRAC, conduct customer identification (KYC), and report suspicious matters.

What about strata management?
Strata managers must assess whether their services constitute designated services. Routine levy collection and operations management typically don't qualify, but involvement in property transactions on behalf of owners will require registration.

Is there a minimum business size for registration requirements?
No. If you provide designated services, you must register regardless of business size - whether you're a sole practitioner or a large organisation.

What about real estate businesses with independent contractors?
Independent contractors can typically report under the real estate company's registration if they're operating as part of that business structure. Consult AUSTRAC on your specific arrangement to ensure it meets requirements.

Customer due diligence & verification

Do we need to keep ID documents for every buyer/purchaser?
You need to keep the outcomes of verification of identity (VOI), but not necessarily the actual ID documents unless the client is assessed as higher risk. easyAML securely stores verification outcomes and documents with appropriate access controls.

Does PEXA's verification of identity meet AML requirements?
PEXA's VOI is a good start, but AML requirements go beyond basic identity verification. You also need to check against money laundering/terrorism watchlists and Politically Exposed Persons (PEP) lists. easyAML integrates these additional checks into a single workflow.

What is the difference between VOI and KYC?
VOI (Verification of Identity) confirms someone's identity. KYC (Know Your Customer) is broader - it includes VOI plus additional checks to confirm the person isn't on money laundering or terrorism watchlists or PEP lists. easyAML handles the complete KYC process.

How often do checks need to be conducted on the same client?
Generally every 2 years for repeat clients, or when there's a significant change in their circumstances or transaction patterns. You can reuse verification results within this timeframe. easyAML tracks verification dates and alerts you when checks need refreshing.

For low-risk clients, is asking if they're a PEP sufficient, or must we check databases?
You must check databases to demonstrate proper due diligence. Self-declaration alone is not likely to sufficient. easyAML automatically performs these database checks as part of the standard KYC process.

When parents are helping children purchase property, what checks are needed?
You need to conduct the same KYC/AML checks on anyone who is a party to the transaction or providing funds, including parents providing financial assistance. This means verifying their identity and conducting PEP/watchlist screening. easyAML allows you to add multiple parties to a transaction and complete all required checks efficiently.

If a lender conducts credit checks, does that satisfy AML requirements?
No. Credit checks serve a different purpose than AML checks. You still need to conduct your KYC validation including identity verification and screening for money laundering/terrorism watchlists and PEP lists.

How do you check the money laundering or terrorism watchlists? Also how do you check the PEP lists?
easyAML automatically checks all relevant watchlists and PEP lists as part of the integrated KYC process. We partner with Dow Jones who maintains global lists. The system screens against money laundering and terrorism financing watchlists, checks PEP databases, provides documented results, and maintains records.

Suspicious matter reports (SMRs)

If I refuse to act for a client who won't provide source of funds evidence, do I still need to submit an SMR?
Yes. Once you've formed a suspicion, you have a legal obligation to submit an SMR regardless of whether you proceed with the client relationship. easyAML provides guided templates and workflows to make SMR submission straightforward.

Can clients ever find out who reported them to AUSTRAC?
No. SMRs are completely confidential and protected by law. Reports cannot be used in court proceedings or disclosed to individuals. It's illegal to inform anyone that an SMR has been submitted. If asked directly, your response must be: "No, we have not submitted an SMR."

Can I proceed with a transaction after lodging an SMR?
Yes. AUSTRAC expectation is that you will continue with transactions after lodging an SMR. You're not expected to be a detective—just to report suspicions. Law enforcement decides if any actions are be taken, and you face no legal risk by proceeding.

What's the difference between Suspicious Matter Reports and Unusual Matter Reports?
They are the same thing - different countries use slightly different terminology to reference the same broad type of reporting. In Australia, AUSTRAC use the term Suspicious Matter Reports (SMRs).

Should I report every client to avoid being fined for under-reporting?
No. You should only submit SMRs when you have formed a genuine suspicion based on red flags, unusual behavior, or inconsistent information. Over-reporting dilutes the value of genuine reports and doesn't fulfill your obligations appropriately.

What constitutes 'suspicion'?
Some activities are objectively suspicious, while others become apparent through industry experience and appropriate training to recognise red flags. Examples include: unusual payment patterns, reluctance to provide information, transactions inconsistent with known business activities, or unnecessarily complex transaction structures.

How can I decline a transaction without tipping off that I've submitted an SMR?
AUSTRAC provides guidance on legitimate business reasons that don't reveal an SMR has been lodged. Declining for "risk appetite" reasons is considered acceptable as it's a normal business practice. You might say the transaction "falls outside our current risk parameters."

Once I identify suspicious activity, can I avoid reporting by simply not taking on the client?
No. Once you've identified a suspicious matter, you have a legal obligation to report it even if you choose not to proceed with the client relationship.

Should businesses keep records of SMRs they've submitted?
Yes, you are obligated to keep records for 7 years but they must be held securely with access limited to authorised personnel only. easyAML manages this with appropriate security controls and access restrictions.

In terms of how many hands and businesses a transaction can pass, are you seeking for at least one to place the report or are you seeking all to report?
Each reporting entity has independent obligations. If you form a suspicion, you must report regardless of whether others have also reported. AUSTRAC wants multiple reports from different entities when appropriate as this provides a more complete picture.

How can we safely share VOI/KYC information between parties like real estate agents, conveyancers, and mortgage brokers?
Never share via email. easyAML has built-in secure sharing features that allow compliant sharing of KYC/CDD between parties. All actions are logged for security and audit purposes. All parties need an agreement in place, and the sharing must comply with privacy obligations. When all parties use easyAML, information can be shared seamlessly within the platform.

Can we rely on KYC checks undertaken by other parties like real estate agents?
Yes, if there's an agreement in place and the other party is willing to share. However, each entity retains their own legal liability and must still form their own view on whether anything is suspicious based on their interactions with the client.

Can banks be compelled to share customer due diligence information with us?
No. Another reporting entity can choose to share but cannot be compelled to do so. You need a mutual agreement and a secure method to receive the information.

Do Privacy Act policies need to be updated to allow information sharing?
Yes. Privacy Act policies will need to be updated to reflect information sharing arrangements for AML/CTF purposes.

Record keeping & data security

Does easyAML store ID documents and verification outcomes?
Yes. easyAML securely stores verification outcomes and documents as required, with appropriate security measures including encryption, access controls, and audit trails. This ensures compliance while eliminating the need for manual filing systems or insecure storage methods.

Audits

Who conducts the required 3-yearly audits?
Independent audit firms provide these services. easyAML can recommend audit partners who understand AML/CTF requirements, or you can engage your own independent auditor with relevant expertise.

Do we need to pay for the audit?
Yes. The 3-yearly independent audit is a regulatory requirement, and audit firms charge for their services. This is a compliance cost for all registered reporting entities.

Can easyAML conduct our audit?
No. easyAML cannot conduct your audit as we're not independent from AUSTRAC's perspective. However, we can assist with audit preparation. easyAML's built-in reporting and documentation features help streamline the audit process.

Cash transactions

Do all transactions over $10,000 need to be reported?
Only physical cash payments of $10,000 or more require separate threshold transaction reports. Electronic transfers don't require threshold reporting unless you form a suspicion for other reasons.

If client funds transfer from their bank to our trust account, do we need to verify whether the bank received cash?
No. Once funds are in the banking system, it's the bank's AML responsibility to manage cash-related obligations. You focus on your client relationship and any suspicious indicators you identify directly.

How do I ask about source of funds without insulting my client?
Frame it as a legal requirement: "I'm required by law under AML legislation to verify the source of funds. Can you provide documentation showing where these funds came from?" Most clients understand regulatory requirements.

What types of source of funds evidence can we request?
You can request: bank statements, sale of asset documentation, employment records, inheritance documentation, loan documents, business sale contracts, investment statements, or other legitimate sources of funds documentation.

Legal professional privilege

Does AML legislation conflict with legal professional privilege?
No. The AML/CTF Act specifically provides protections allowing you to comply with AML requirements without breaching legal professional privilege. You're protected by law when reporting for AML purposes if the information you provide is limited by your legal privilege obligations.

How do we handle privacy/confidentiality complaints from people who suspect an SMR was lodged about them?
SMRs are protected by law - it's illegal to inform anyone that a report has been submitted. This protection supersedes the Privacy Act. If asked, your only response is: "No, we have not submitted an SMR," regardless of whether you actually have.

Are there legal protections if we wrongly report a client?
Yes. You are legally protected when submitting SMRs in good faith as part of your compliance obligations. The law protects reporting entities from civil or criminal liability for lodging suspicious matter reports made in good faith.

Specific transaction scenarios

Do court-ordered transactions require AML checks?

No. Court-ordered transactions that involve property transfers or other designated services do not typically require AML compliance.

Do contracts signed before 31 March 2026 that settle after that date require AML compliance?
No. Under pre-commencement rules, contracts entered into before 31 March 2026 are generally exempt from customer due diligence even if they settle afterward. However your other AML obligations such as submitting Suspicious Matter Reports are still required after 1 July 2026.

How does AML apply to property auctions? Do all bidders need to be identified beforehand?
Only the actual purchaser needs full KYC/AML checks. You may choose to pre-register bidders with basic identity verification, but complete checks are only required for the successful purchaser. These must currently be completed within 15 days of an agreement being signed and also require a conditional clause stating completion of Customer Due Diligence is required as part of sale. easyAML can complete checks rapidly once the purchaser is identified.

For repeat clients where there's no suspicion, do we still need to keep records?
Yes. You need to record the transaction and note that there is no suspicion. This demonstrates you've considered the transaction and made a risk-based assessment.

If all money flows through Australian banks that have already done AML checks, why do I need to do them too?
There is information or behavior that you might uncover that a bank has missed. You have direct client relationships and transaction knowledge that provides different visibility. This is part of why AML is expanding to Tranche 2.

Programs & risk assessments

What does it mean to "create a program"?
A program refers to your policy and procedure documents outlining how you'll meet your AML compliance obligations. This includes your risk assessment, customer due diligence procedures, monitoring processes, reporting protocols, and training requirements. easyAML provides templates and frameworks to help you develop these documents efficiently.

What are the core obligations for Tranche 2 entities?
Core obligations include: conducting risk assessments, creating a compliance program, training staff, verifying customer identity, screening against watchlists and PEP lists, monitoring transactions, reporting suspicious matters to AUSTRAC, maintaining records, and undergoing independent audits every 3 years. easyAML provides an integrated platform that addresses all these requirements.

Does easyAML support board-level review of risk assessments?
Yes. easyAML includes features for board-level review and approval of risk assessments, maintaining appropriate governance and documentation trails.

easyAML solution

Does easyAML integrate Scantek for VOI?
Yes. You conduct your VOI/AML verification through easyAML using integrated Scantek technology - it's a single check, not two separate processes.

Can we comply without using easyAML?
Yes. You can register with AUSTRAC independently and use other solutions or manual processes. However, easyAML provides an end-to-end solution designed specifically for Tranche 2 entities.

What other AML software does easyAML integrate with?
easyAML is a complete end-to-end solution providing KYC/KYB directly in the platform. Rather than requiring integration with multiple third-party services, easyAML consolidates the necessary functionality into a single system.

How can easyAML help businesses with multiple service lines?
easyAML provides a unified solution across all your business units, allowing you to streamline compliance with a single platform, shared workflows, and consolidated reporting. Visit www.easyaml.com

Training & support

Will AUSTRAC provide training for staff?
AUSTRAC provides free resources and guidance materials at www.austrac.gov.au that can be adapted for staff training. easyAML also provides industry-specific training and support, with training integrated into the same platform where staff perform compliance checks, automatically tracked for audit purposes.

When will there be specific guidance for accountants?
While accountant-specific designated services differ slightly from other sectors, the core obligations are the same. AUSTRAC have released Starter Kits and sector specific guidance in late January 2026. easyAML is planning future webinars and guidance specifically for accounting professionals.

Will there be additional support for existing reporting entities?
Yes. easyAML plans to provide additional webinars and resources for existing reporting entities transitioning to the new requirements, as well as sector-specific guidance.

https://www.austrac.gov.au/business/industry-specific-guidance/all

Costs & compliance

What are the costs associated with AML compliance?
Costs vary depending on your business size and chosen approach. Consider: software/platform costs (easyAML offers scalable pricing), audit fees (every 3 years), training costs, and staff time. Remember that non-compliance carries significant penalties plus reputational risk. You can find out easyAML pricing at: https://easyaml.com/pricing/

Is there government compensation for compliance costs?
No. Like many other regulatory changes mandated by Parliament, there is no government compensation. Businesses must meet these compliance requirements to continue providing designated services legally.

What's the business benefit of AML compliance beyond avoiding penalties?
AML compliance: (1) protects your business from legal and reputational risk, (2) builds client trust and confidence, (3) helps detect fraud that could harm your business, (4) provides competitive advantage by demonstrating professionalism, and (5) is a legal requirement to continue operating in your sector.

Policy & regulatory questions

What was the policy objective behind expanding designated services to Tranche 2?
The expansion primarily focused on greater coverage and risk reduction across the Australian economy, as well as consistency with global standards on AML compliance established by international bodies like the Financial Action Task Force (FATF).

How will AUSTRAC approach enforcement for small businesses doing their best to comply?
AUSTRAC has indicated they want implementation to succeed and are looking for best efforts rather than perfection, particularly during the transition period. However, they will enforce the law where there is clear non-compliance or negligence.

Why doesn't AUSTRAC provide all the compliance tools instead of businesses paying for systems?
The regulatory model in Australia and internationally requires reporting entities to implement their own compliant systems, with AUSTRAC providing starter kits, guidance, standards, and oversight rather than technology solutions.

Will Australia implement a "Defence Against Money Laundering" (DAML) process like the UK?
This would be a policy decision for the Australian Government. Australia currently doesn't have a DAML regime. You can proceed with transactions after lodging SMRs without seeking permission.