AML/CTF Tranche 2: what accountants and bookkeepers in Australia need to know

Published 3 June 2026

Table of contents

• What is AML/CTF Tranche 2?
• Who the reforms may apply to: Designated services
• Key dates your practice needs to know
• What firms in scope may need to do
• How to identify potential AML/CTF risk in your practice
• How to use technology and training to stay compliant
• Apps that integrate with Xero
• FAQs on AML/CTF Tranche 2 for accountants and bookkeepers

Key takeaways

• AML/CTF Tranche 2 expands anti-money laundering and counter-terrorism financing obligations to new professional services sectors, including some accounting practices, from 1 July 2026.
• Whether your practice is in scope depends on whether you provide designated services. This means not all accounting practices need to comply. AUSTRAC's self-assessment tool can help you check.
• Practices that are in scope need to enrol with AUSTRAC by 29 July 2026 and will need an AML/CTF program, which will include a customer due diligence processes, staff training, and record-keeping processes in place.
• Xero Practice Manager and Xero HQ give you the tools to manage data securely and monitor clients. Xero-integrated apps may assist with elements of your AML/CTF program such as identity verification, client onboarding, and documentation processes.

What is AML/CTF Tranche 2?

AML/CTF Tranche 2 refers to the expansion of Australia’s anti-money laundering and counter-terrorism financing (AML/CTF) regulations to new entity types, beginning 1 July 2026. The new entity types are known as gatekeeper businesses, and include real estate businesses, lawyers and legal services, dealers in precious metals, stones and products, and professional services including accountants. These businesses provide an intermediary for managing client assets and setting up businesses.

The extension of these regulations comes as part of wider AML/CTF reforms. 2026 changes to the regulations are designed to close the gaps that criminals use to commit financial crimes, and bring Australian regulation in line with the global FATF Recommendations. For some accounting and bookkeeping practices, this could mean carrying out more checks on clients and reporting to AUSTRAC, the financial regulator.

Who the reforms may apply to: Designated services

AML/CTF Tranche 2 obligations don’t automatically apply to all accounting and bookkeeping practices. Only firms providing specific designated services need to comply. If you offer any of the following services, you could be in scope of the regulations:

• Providing a registered office
• Managing client funds, including the transfer of assets and accounts
• Creating or managing companies, trusts, or other legal entities
• Assisting clients with the sale of a business entity
• Assisting clients with the planning or execution of a company restructure

Practices offering tax compliance, BAS preparation, and general bookkeeping services may not be in scope. Read AUSTRAC’s professional designated services guidance and seek independent legal advice if you’re unsure. You can also check if you need to enrol or register using AUSTRAC’s self assessment tool.

Key dates your practice needs to know

There are three dates practices should be aware of:

• Enrolment for Tranche 2 entities opened on 31 March 2026
• AML/CTF obligations apply to entities providing designated services from 1 July 2026
• Enrolment closes for Tranche 2 entities on 29 July 2026.

If you begin providing designated services at a later date – for instance, your practice starts offering a registered office for clients – you need to enrol with AUSTRAC within 28 days of providing that service. If your enrolment details change, you need to update them with AUSTRAC within 14 days of the change.

If you don’t comply with AML/CTF rules, AUSTRAC can enforce compliance and issue penalties, so it’s important to enrol and take note of the requirements before they become law.

What firms in scope may need to do

If your practice provides designated services, here’s what you need to do to comply with AML/CTF regulations:

• Create an AUSTRAC Online account and enrol by 29 July 2026.
• Create and implement an AML/CTF program that includes a risk assessment for your practice, as well as procedures, processes, and controls to manage and mitigate risks. (There’s an AUSTRAC AML/CTF program accountants can use to get started).
• Appoint a compliance officer who oversees your practice’s approach to managing AML/CTF risk and handles communication with AUSTRAC.
• Perform customer due diligence checks in the beginning and throughout the course of your relationship, including identity verification and transaction monitoring.
• Provide AML/CTF training for staff who are engaged with compliance activities.
• Submit an annual compliance report to AUSTRAC, as well as suspicious matter reports within 24 hours of terrorism suspicion (within three days for other matters).
• Submit threshold transaction reports for single amounts of A$10,000 or more (or the foreign currency equivalent) within 10 days of the transaction.
• Keep records on your AML/CTF program and compliance activities for at least seven years.

AML/CTF programs should reflect the size and complexity of your practice. If your business grows, your exposure to risk may grow too, and your AML/CTF program should be updated to reflect this. Check AUSTRAC’s guidance for accountants if you’re stuck.

How to identify potential AML/CTF risk in your practice

The risks your practice faces will be unique to your client base and the services you provide. Take both of these things into consideration for your risk assessment. Start by looking at your practice’s inherent risks – these are areas of your business that are naturally more exposed, with weaknesses that might be exploited by criminals.

Accounting and bookkeeping practices have a close view on clients’ bank accounts and financial records. For this reason, you could see a range of client activity that might raise alarm. For example – unexpected large cash movements, high volumes of transactions in a short period, or sudden unexplained increases in client wealth.

Your ability to identify risk hinges on how well you know your clients. Keeping their information stored in secure practice systems, updating this data regularly, and performing checks throughout the relationship is key. Use AUSTRAC’s accounting risk assessment framework to guide your approach.

Apps that integrate with Xero

For AML/CTF Tranche 2, accountants will need a program containing procedures, systems, and controls to maintain compliance with regulations. There are a range of apps that integrate with Xero accounting software, that can help you streamline and manage certain aspects of compliance. They are:

• Identity verification: These tools take care of the identity checking process for you, gathering client data and automatically uploading it to Xero Practice Manager. Identity checks can be set up to trigger at certain moments, automatically, meaning less manual admin for you.
• Document capture and storage: Instead of requesting physical documents or exchanging emails, your clients can use document capture tools to simply snap a photo of the paperwork and upload it to Xero automatically. The information is securely stored and searchable in the cloud.
• Digital signature and client data management: These tools store and centralise all client and contact data, helping you spot missing and outdated information, and get digital signatures for sign off from clients.
• Client onboarding: Create a professional, branded onboarding experience that ticks the compliance boxes too. Send onboarding forms securely, complete identity verification checks, and sync contact information with Xero.

You can find a selection of these apps on the Xero App Store.

How to use technology and training to stay compliant

Keeping tabs on your clients is easier when you have their information in a secure, searchable system. With Xero Practice Manager, our product for helping you run a successful firm, you can see clients and their current financial performance at a glance. This is great for spotting sudden changes in income, or outdated contact information.

And with Xero HQ, you can securely request client documents and data from inside Xero, without needing to email private information externally. This also provides a clear audit trail, so you can retrace every step with a client. Additional capability is available through Xero integrated apps. You can find and connect tools for identity verification, onboarding, and document management on the Xero App Store.

As your practice evolves, risk profiles change too. Alongside controls and procedures, make sure you’re providing staff with regular training on AML/CTF.

Join the partner program

FAQs on AML/CTF Tranche 2 for accountants and bookkeepers

Here’s some more information about AML/CTF Tranche 2 accountants and bookkeepers should know.

Where can I get authoritative guidance on AML/CTF Tranche 2?

AUSTRAC is the primary source – and you can find sector-specific guidance for accountants, as well as a self-assessment tool, and an accounting program starter kit.CPA Australia and Chartered Accountants ANZ have also published member guidance. For advice specific to your firm's situation, consult a lawyer with AML/CTF expertise.

Does AML/CTF Tranche 2 apply to all accountants and bookkeepers in Australia?

No – only practices providing designated services. Check AUSTRAC’s guidance on designated services to see if the regulations apply to you.

When do I need to enrol with AUSTRAC?

If you provide designated services, as defined by AUSTRAC, you must enrol online by 29 July 2026.

What is an AML/CTF program?

An AML/CTF program is the framework and actions you put in place to prevent and address risks. The scale and complexity of your program should reflect the scale and complexity of your business; smaller practices will generally have simpler plans than large firms.

Your program needs to include a risk assessment of your practice, assigning roles and providing training for staff working on AML/CTF tasks, updated client processes and policies, identity checks, transaction and client monitoring, and reporting annually and in instances of suspicious behaviour to AUSTRAC. You need to review, test, and update your program regularly to reflect new and developing risks.

Do I need to verify the identity of all existing clients?

Yes, you need to perform identity checks for all clients you provide designated services to. AUSTRAC provides guidance on identity checks, as well as verifying clients who have Alternative ID.

Can Xero help my firm with AML/CTF compliance?

You can get a clearer view on your client records, allocate compliance tasks, and track your team’s workload with Xero Practice Manager and Xero HQ. These products are not AML/CTF compliance solutions and don't replace your firm's legal obligations. Xero-integrated apps in areas like identity verification and client onboarding may support specific compliance processes.

If I'm a BAS agent or bookkeeper, how will these changes impact me?

If you’re a BAS agent or bookkeeper, these AML/CTF changes may affect you depending on the services you provide. However, if you are only helping clients make routine business payments, such as payroll, super, or creditor payments, under the client’s authority and as part of your normal bookkeeping or BAS service, AUSTRAC has indicated this would not usually be treated as a designated service requiring AML/CTF enrolment.

The key thing to do now is review your service offerings, engagement terms, and payment authority arrangements carefully. If you think you may be affected, it is also worth keeping a close eye on updates from your professional body, such as ICB or ABN as more practical guidance becomes available.