AML Tranche 2 — What Australian Law Firms Must Do Before 1 July 2026

This is not a drill

If you run a law firm in Australia, you're about to become a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act. Not maybe. Not eventually. From 1 July 2026.

AML Tranche 2 brings lawyers, accountants, real estate agents, and other professional service providers into the same regulatory framework that banks and financial institutions have been operating under for years. It's the single biggest compliance change to hit the Australian legal profession in a generation, and it affects every firm — not just the ones doing conveyancing or handling trust funds.

AUSTRAC enrolment opened on 31 March 2026. If you haven't started the process, now is the time.

What your firm needs to do

The obligations under AML Tranche 2 aren't optional, and they aren't vague. Here's what every law firm in Australia will need to have in place:

1. Enrol with AUSTRAC. The enrolment portal is open now. This is the first step, and it needs to happen before your other obligations kick in. Don't wait until June.

2. Appoint an AML/CTF compliance officer. Someone in your firm needs to be formally responsible for your AML programme. This person needs to understand the obligations and be empowered to act on them.

3. Develop a written AML/CTF programme. This is your firm's documented approach to identifying, mitigating, and managing money laundering and terrorism financing risks. It needs to be tailored to your firm — not a generic template downloaded from the internet.

4. Conduct customer due diligence (CDD). You'll need to verify the identity of your clients before providing designated services. This includes collecting identification documents, verifying beneficial ownership of entities, and conducting ongoing monitoring of the client relationship.

5. Keep records for seven years. All AML-related records — enrolment details, client identification, transaction records, and compliance documentation — must be retained for a minimum of seven years. That's not a suggestion. It's a legal requirement.

6. Submit an annual compliance report to AUSTRAC. Each year, you'll need to report on your AML/CTF compliance. This means your systems need to be able to produce the data AUSTRAC requires — not just store it, but report on it.

7. Report suspicious matters. If something doesn't look right, you're legally obligated to file a suspicious matter report (SMR) with AUSTRAC. This needs to happen promptly, and your staff need to know what to look for.

Why this matters more than most firms realise

The scale of Tranche 2 is significant. AUSTRAC estimates between 80,000 and 90,000 new reporting entities will come under the regime. That's an enormous number of businesses that have never had to think about AML compliance before, and the regulator has made it clear they expect readiness from day one.

For law firms specifically, the challenge isn't just understanding the rules — it's operationalising them. Customer due diligence needs to happen at the start of every new matter. Records need to be stored securely and retrievable for seven years. Compliance reporting needs to draw on real data from your practice, not manual spreadsheets cobbled together at the end of the financial year.

This is a systems problem as much as it is a legal one.

The bolt-on trap

Here's what I'm already seeing across the market: firms being sold standalone AML compliance tools. Another subscription. Another login. Another system that sits outside your practice management software and requires you to duplicate data entry, manage separate records, and reconcile information across platforms.

If your practice management software doesn't handle AML compliance natively, you're going to end up with exactly the kind of fragmented setup that makes compliance harder, not easier. You'll have client data in one system, AML records in another, and no simple way to pull it all together when AUSTRAC comes asking questions.

We've seen this pattern before with trust accounting, with general accounting, with document management. Every time a law firm bolts on a separate system for something that should be built in, it creates more work, more risk, and more cost.

Where Law App stands

At Law Support Australia, we believe AML compliance belongs inside your practice management software — not beside it. It should be part of the same workflow you use to open a matter, record your time, manage your trust account, and bill your client.

We're building AML compliance directly into Law App. Customer due diligence, record keeping, compliance reporting — integrated into the platform you already use every day. No separate tool. No extra subscription. No duplicate data entry.

This is still in development, and I want to be upfront about that. But we're building it because we believe it's the right approach — and because the firms we work with have told us clearly that they don't want yet another system to manage.

What to do right now

If you haven't started preparing for AML Tranche 2, here's where to begin:

• Enrol with AUSTRAC now. The portal is open. Don't leave it until the last minute.
• Nominate your compliance officer. Someone needs to own this inside your firm.
• Start drafting your AML/CTF programme. Get advice if you need it — this isn't something to leave to chance.
• Audit your current systems. Can your practice management software store CDD records? Can it produce compliance reports? If not, you've got a gap to fill before July.
• Ask your software provider what they're doing about AML. If the answer is "integrate with a third-party tool," ask yourself whether that's really the simplest path forward.

Let's talk about it

AML Tranche 2 is complex, but it doesn't have to be chaotic. If you want to talk through how your firm can prepare — or how Law App can help — I'm happy to have that conversation.

You can reach me directly:

Kelly Mills
kelly@lawsupport.com.au
07 3040 3036
lawsupport.com.au

The deadline isn't going to move. But you've still got time to get this right.