AML/CTF Compliance for Australian Law Firms 2026: What Lawyers Need to Know
AML/CTF Tranche 2 is the extension of Australia's anti-money laundering and counter-terrorism financing regime to lawyers, accountants, real estate agents, and other designated non-financial businesses — and it commences on 1 July 2026, making it one of the most significant regulatory changes to affect Australian law firms in a decade. Under the reformed Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), law firms providing designated services must implement AML/CTF programs, conduct customer due diligence, monitor transactions, and report suspicious matters to AUSTRAC.
Australia has been one of the last FATF (Financial Action Task Force) member countries to extend AML obligations to lawyers. The FATF has repeatedly flagged Australia's failure to regulate these "gatekeeping" professions as a significant gap in its AML framework. The 2026 reforms bring Australia into line with international standards already adopted by the UK, EU, Canada, and New Zealand.
For law firms, the compliance burden is significant but manageable — provided firms begin preparation now, before the 1 July 2026 commencement date. Firms that wait until after commencement risk penalties from AUSTRAC, which has demonstrated a willingness to impose substantial civil penalties for non-compliance.
Which Legal Services Are Covered?
Not all legal work is captured by Tranche 2. The reforms apply only to "designated services" — specific categories of legal work that are considered higher risk for money laundering.
Designated services include: conveyancing and real property transactions (the highest-risk category for lawyers), creation, operation, or management of companies, trusts, and other legal entities or arrangements, management of client money, securities, or other assets, buying and selling of businesses or commercial enterprises, acting as or arranging for another person to act as a nominee director or shareholder, and providing a registered office or business address for a company or trust.
Not covered: general legal advice that does not involve any of the designated services, litigation and dispute resolution (unless it involves the management of client funds beyond trust account obligations), family law proceedings (unless involving property transactions or trust management), criminal defence work, and regulatory compliance advice.
The practical implication is that the impact varies significantly by practice area. A conveyancing firm is fully within scope. A criminal defence firm is largely outside scope. A commercial firm will have some matters in scope and others outside, depending on the specific services provided for each engagement.
Core Compliance Obligations
AML/CTF program
Every firm providing designated services must have a documented AML/CTF program. The program must include a risk assessment identifying the ML/TF (money laundering/terrorism financing) risks specific to the firm's practice areas, client base, and geographic exposure. The program must also document the firm's policies and procedures for customer due diligence, transaction monitoring, record-keeping, reporting, and staff training.
According to AUSTRAC, the program must be proportionate to the firm's size and the nature of its services. A sole practitioner doing occasional conveyancing work will have a simpler program than a large commercial firm handling complex corporate structuring for international clients.
Customer due diligence (CDD)
Before providing a designated service, the firm must verify the identity of the client and any beneficial owners. For individual clients, this means verifying identity using reliable and independent documentation (passport, driver's licence). For corporate clients, it means identifying the beneficial owners — the natural persons who ultimately own or control the entity.
Enhanced due diligence is required for higher-risk clients, including politically exposed persons (PEPs), clients from high-risk jurisdictions (as designated by FATF), complex corporate structures where beneficial ownership is difficult to determine, and transactions that have no apparent lawful purpose.
Ongoing monitoring
CDD is not a one-time exercise. Firms must monitor the client relationship on an ongoing basis, including reviewing transactions to ensure they are consistent with the firm's knowledge of the client, their business, and their risk profile. If a client's activities become inconsistent with the stated purpose of the engagement, the firm must conduct additional due diligence.
Record-keeping
Firms must retain records of all CDD conducted, transaction records, and any suspicious matter reports for a minimum of 7 years after the end of the client relationship. Records must be sufficient to enable AUSTRAC to reconstruct individual transactions and the firm's compliance activities.
Reporting
Firms must report suspicious matters to AUSTRAC. A suspicious matter is any transaction or activity that the firm suspects, on reasonable grounds, may be related to money laundering, terrorism financing, tax evasion, or other serious crime. The obligation to report overrides legal professional privilege in limited circumstances specified in the legislation, although the interaction between reporting obligations and privilege remains a contentious issue that the Law Council of Australia has raised with the government.
How Billing Records Support AML/CTF Compliance
Detailed billing records serve a compliance function that many firms have not yet recognised. In the context of AML/CTF obligations, billing records create a contemporaneous audit trail that demonstrates what services the firm provided, when they were provided, who was involved (both on the firm side and the client side), and the nature and scope of each transaction.
This audit trail is directly relevant to several compliance requirements.
Ongoing monitoring. Billing records that describe the specific work performed for a client — "Attending upon client and advising in relation to acquisition of commercial property at [address]" — create a documented history of the client relationship. If a client's activities change — for example, a client who initially engaged the firm for a straightforward residential purchase begins requesting assistance with complex offshore trust structures — the billing records make the change in activity pattern visible.
Transaction records. Under the AML/CTF Act, firms must maintain records sufficient to reconstruct each transaction. Detailed billing entries that specify the nature of the work, the matter reference, and the parties involved form part of this transaction record. Vague entries like "Various work on matter — 3.0 hours" provide no compliance value because they do not specify what the firm actually did.
Staff training and awareness. When fee-earners are trained to write detailed billing descriptions as part of their standard practice — identifying the specific service, the parties involved, and the nature of the transaction — they are simultaneously creating the documentation that AML compliance requires. AI billing tools that generate detailed entries from meetings, emails, and documents automate this documentation process.
Preparing Before 1 July 2026
Firms providing designated services should begin compliance preparation immediately if they have not already started.
Conduct a risk assessment. Identify which of your practice areas and client relationships fall within the designated services categories. Assess the ML/TF risk level of each — conveyancing carries higher risk than commercial advisory, and clients from high-risk jurisdictions carry higher risk than domestic individuals.
Document your AML/CTF program. Write the policies and procedures that address each of the core obligations: CDD, ongoing monitoring, record-keeping, reporting, and staff training. AUSTRAC provides guidance materials and templates, and the Law Council of Australia has published sector-specific guidance for legal practitioners.
Implement CDD procedures. Establish a standard process for verifying client identity before providing designated services. This may involve updating your client intake forms, acquiring identity verification technology, and training staff on the new requirements.
Review your record-keeping. Ensure your billing and file management systems can retain records for the required 7-year period and can produce those records in a format that AUSTRAC can review during an audit or investigation.
Train your team. Every fee-earner and relevant support staff must understand the new obligations, know how to identify suspicious matters, and know the firm's internal process for escalating concerns. Training must be documented and updated regularly.
Penalties for Non-Compliance
AUSTRAC has demonstrated a willingness to impose significant penalties for AML/CTF non-compliance. While the penalties for Tranche 2 entities are still being finalised in the detailed rules, the existing penalty framework for financial services entities includes civil penalties of up to $22.2 million per contravention for corporations. Enforcement actions against financial institutions in recent years have resulted in penalties exceeding $1 billion in aggregate.
For law firms, the more immediate risk may be reputational. An AUSTRAC investigation or enforcement action against a law firm would be widely reported in the legal media and could affect the firm's client relationships, insurer confidence, and ability to attract talent.
Detailed Billing Records for AML Compliance
LexUnits generates detailed billing entries that create the contemporaneous audit trail AML/CTF compliance requires — automatically documenting what services were provided, when, and for whom.
Try LexUnits FreeWhen do AML/CTF Tranche 2 obligations start for Australian law firms?
The AML/CTF Act reforms extending obligations to lawyers, accountants, and real estate agents commence on 1 July 2026. From that date, law firms providing designated services (conveyancing, company formation, trust management, client fund management) must have an AML/CTF program in place, conduct customer due diligence, monitor transactions, maintain records for 7 years, and report suspicious matters to AUSTRAC.
What legal services are covered by AML/CTF Tranche 2?
Tranche 2 covers designated services including conveyancing, property transactions, company and trust formation and management, management of client money or assets, and business acquisitions. General legal advice, litigation, family law proceedings, and criminal defence work are not covered unless they involve designated services like managing client funds or forming legal entities.
How do billing records help with AML/CTF compliance?
Detailed billing records create a contemporaneous audit trail showing what services were provided, when, and for whom. This supports ongoing monitoring (documenting the pattern of services provided to each client), transaction records (identifying the nature and scope of each piece of work), and audit readiness (providing AUSTRAC with reconstructable records of each engagement). Vague billing entries provide no compliance value; specific entries generated by AI billing tools create the documentation that AML compliance requires.
Last verified: April 2026. The AML/CTF Tranche 2 reforms are subject to final rules and guidance from AUSTRAC. This article provides a general overview based on the legislation as passed and publicly available guidance. It does not constitute legal advice. Consult AUSTRAC's website and your state Law Society for the latest compliance guidance.