When do law firms need to comply with AUSTRAC Tranche 2?

AML/CTF obligations for law firms and conveyancers commence on 1 July 2026. Firms must enrol with AUSTRAC by 29 July 2026 and notify AUSTRAC of their AML/CTF Compliance Officer by the same date. The first independent program evaluation is not required until 1 July 2029.

Which legal services are captured under Tranche 2?

Legal services captured under Tranche 2 include: buying or selling real property on behalf of a client, managing client funds, securities, or other assets; creating, operating, or managing legal arrangements such as trusts or companies; acting as a nominee shareholder or director; and providing company secretarial services. Not all legal services are captured — services that are purely advisory and do not involve asset management or financial flows are generally outside scope.

Do conveyancers have the same obligations as solicitors?

Yes. Both solicitors and licensed conveyancers providing captured services are Tranche 2 reporting entities with identical obligations — enrolment, AML/CTF Program, CDD, ongoing monitoring, SMR/TTR reporting, and 7-year record retention. Conveyancers also have specific VOI obligations under the ARNECC Model Participation Rules that must be satisfied alongside AUSTRAC requirements.

What is VOI and how does it relate to AUSTRAC CDD for conveyancers?

VOI (Verification of Identity) is required under the ARNECC Model Participation Rules before a conveyancer can act on a property transaction. AUSTRAC CDD for conveyancers overlaps significantly with VOI — both require verifying identity against reliable documents and sources. AML software that is ARNECC-compliant (like ClearAML) allows conveyancers to satisfy both obligations in a single workflow.

Do law firms need to conduct CDD on corporate clients and trusts?

Yes. For corporate clients, law firms must identify the company, verify its registration, identify directors and beneficial owners, and in some cases verify the identity of senior managing officials. For trusts, firms must identify the trust, the trustee(s), and the beneficial owners — including the settlor and all beneficiaries who have entitlements above certain thresholds. CDD on complex structures is significantly more involved than CDD on individual clients.

Can law firms rely on third-party CDD conducted by another professional?

In limited circumstances, law firms may be able to rely on CDD conducted by another reporting entity (such as a bank or accountant), but only if the reliance arrangement meets the requirements in the AML/CTF Act, including confirmation that the other party has conducted adequate CDD and agreement to provide the records on request. This is complex and specific legal advice should be sought before relying on third-party CDD.

What are the penalties for law firms that fail to comply with AUSTRAC Tranche 2?

Civil penalties can reach AUD 22.2 million per contravention for law firms as corporate entities. Individual solicitors can face penalties of up to AUD 4.4 million. Serious non-compliance can also lead to criminal prosecution and professional conduct consequences, including referral to the relevant state law society or bar association.

AUSTRAC Tranche 2 for Lawyers and Conveyancers: Complete Compliance Guide (2026)

From 1 July 2026, Australian law firms and conveyancers providing designated services become reporting entities under the AML/CTF Act. This is the most significant change to legal profession regulation in Australia since the introduction of the uniform Legal Profession Acts — bringing lawyers into the same compliance framework as banks for the first time.

This guide explains exactly which legal services are captured, what your obligations are, how CDD works for legal clients (including companies and trusts), and how to build a compliant program before the deadline.

Key Deadlines for Law Firms and Conveyancers

1 July 2026 — AML/CTF obligations commence. CDD and monitoring obligations apply from this date.
29 July 2026 — Deadline to enrol with AUSTRAC.
29 July 2026 — Deadline to notify AUSTRAC of your AML/CTF Compliance Officer.
1 July 2029 — Deadline for first independent AML/CTF Program evaluation.

Which Legal Services Are Captured?

The AML/CTF Act captures firms providing designated services. For law firms and conveyancers, these include:

Real property transactions: Acting on the purchase or sale of real estate on behalf of a client — the core service of most conveyancers and a significant portion of solicitor work
Managing client funds or assets: Holding money in a trust account, managing investments, or controlling assets on a client's behalf
Company and trust formation: Creating, operating, or managing companies, trusts, foundations, or similar legal arrangements
Nominee arrangements: Acting as nominee shareholder, nominee director, or company secretary for a client
Business acquisitions: Acting for a client in the purchase or sale of a business

Purely advisory services — drafting contracts, providing legal opinions, litigation representation — are generally not captured, provided they do not involve managing client funds or creating legal structures.

Your 5 Core Compliance Obligations

1. Enrol with AUSTRAC

All law firms and conveyancers providing designated services must create an AUSTRAC Online account and enrol by 29 July 2026. You must also nominate an AML/CTF Compliance Officer — a senior person with responsibility for overseeing the compliance program — and notify AUSTRAC of their details by the same deadline. For small firms, the principal solicitor or sole practitioner typically serves in this role.

2. Adopt a Written AML/CTF Program

Your program must be in place and operational from 1 July 2026. It must be tailored to the specific risks of your practice — not a generic template — and must cover CDD procedures, ECDD for high-risk clients, ongoing monitoring, staff training, reporting obligations, and record-keeping. The program must be formally adopted by senior management and kept current.

For law firms, the program should specifically address: how the firm identifies and manages conflicts between professional privilege obligations and AML/CTF reporting duties (particularly around the SMR tipping-off prohibition), and how CDD will be integrated into the client intake process without creating undue friction.

3. Conduct Customer Due Diligence

CDD must be completed before providing any designated service. For legal practices, this means integrating identity verification and screening into your client onboarding workflow. CDD requirements differ by entity type:

Individual clients

Collect full name, date of birth, and residential address. Verify at least one data point against a reliable and independent source — electronic verification (DVS check) satisfies this requirement for most clients.

Companies

Identify the company (name, ACN/ABN, registered address), verify its registration via ASIC, identify all directors, and identify beneficial owners — individuals who directly or indirectly own or control 25% or more of the company. Verify the identity of beneficial owners who are natural persons.

Trusts

Identify the trust (trust name, trustee details, type of trust), verify the trustee's identity (individual or corporate trustee), identify the settlor, and identify all beneficiaries who have a vested entitlement or who individually benefit significantly. For discretionary trusts with a wide class of beneficiaries, you must identify the class and document why individual beneficiary verification is not yet required.

SMSFs

Treat as a trust. Identify the SMSF trustee (individual or corporate), verify the trustee's identity, and identify all members. SMSF structures are common in property transactions — ensure your workflow handles them specifically.

4. VOI for Conveyancers

Conveyancers have a separate but complementary obligation under the ARNECC Model Participation Rules to conduct a Verification of Identity (VOI) before acting on any property transaction. AUSTRAC CDD and ARNECC VOI can be satisfied in a single workflow using compliant software, avoiding duplicate processes. Ensure any AML platform you use explicitly supports ARNECC-compliant VOI — not all do.

5. Report Suspicious Matters

Law firms and conveyancers must lodge an SMR with AUSTRAC when they suspect, on reasonable grounds, that a transaction involves money laundering, terrorism financing, or another serious offence. Critical for legal practitioners: the tipping-off prohibition means you cannot disclose to the client that you have filed or are considering filing an SMR — and you cannot allow your behaviour toward the client to signal this. This creates a tension with professional duties of candour that must be carefully managed and documented in your program.

Common red flags in legal practice include: unexplained sources of funds for property purchases, clients who resist providing identity documentation, structures that appear designed to obscure beneficial ownership, and transactions with high-risk jurisdiction links.

Professional Privilege and the SMR Obligation

Australian law provides a professional privilege exemption: a lawyer is not required to include in an SMR information that is protected by legal professional privilege. However, the privilege exemption is narrow — it applies to confidential communications made for the purpose of legal advice, not to all information a lawyer obtains in the course of a retainer. Your AML/CTF Program should include a specific procedure for assessing whether privilege applies before deciding whether to report.

Record-Keeping and the 7-Year Rule

All CDD records, transaction records, risk assessments, and compliance program documents must be retained for 7 years and must be producible to AUSTRAC on request. For conveyancers, this aligns with existing land transaction record-keeping obligations in most states.

Built for Lawyers and Conveyancers

ClearAML's platform for legal professionals handles ARNECC-compliant VOI, trust and company KYB, AUSTRAC SMR/TTR reporting, and built-in staff training — all in a single workflow designed for law firms and conveyancing practices. Get compliant before 1 July 2026.