AML/CTF Compliance Software
Built for Law Firms
Australian lawyers and solicitors face new anti-money laundering obligations under Tranche 2, including complex interactions with legal professional privilege. ComplyAU assists your firm in building a compliant AML/CTF program that respects the unique requirements of legal practice.
What Tranche 2 Means for Law Firms
The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 brings Australian lawyers and solicitors into the AML/CTF regime for the first time. Known as “Tranche 2,” this expansion means law practices providing certain designated services will become “reporting entities” subject to the full suite of AUSTRAC obligations.
For the legal profession, Tranche 2 is particularly significant because of the interaction between AML/CTF reporting obligations and legal professional privilege. Section 242 of the AML/CTF Act 2006 explicitly provides that privilege does not excuse you from lodging suspicious matter reports. This creates new obligations that sit alongside your existing duties to clients and the court.
Law firms managing trust accounts face additional complexity. AML/CTF monitoring requirements will overlay existing state-based trust account rules, requiring firms to implement transaction monitoring, flag unusual patterns, and report suspicious activity without tipping off clients.
The legislation commences 1 July 2026. AUSTRAC enrolment opens 31 March 2026. Firms should be preparing their AML/CTF programs now.
Your Obligations Under the AML/CTF Act
The following obligations apply to law practices providing designated services under s6AA of the AML/CTF Act 2006.
Enrol with AUSTRAC (s75C)
Law practices providing designated services must enrol with AUSTRAC. Enrolment opens 31 March 2026, ahead of the 1 July 2026 commencement date.
Establish an AML/CTF Program (Part 7A)
You must develop and maintain a written AML/CTF program with Part A (risk-based customer identification, ongoing CDD, and transaction monitoring procedures) and Part B (employee due diligence). The program must be tailored to the specific ML/TF risks of legal practice.
Customer Identification (CDD) (s28–35)
Before providing a designated service, you must verify your client’s identity. For law firms, this extends to verifying beneficial owners of trusts, companies, and other legal structures you help create or manage. Enhanced CDD applies to PEPs and high-risk jurisdictions.
Suspicious Matter Reporting (SMR) (s41–49)
You must report suspicious matters to AUSTRAC when you form a suspicion on reasonable grounds. Critically, legal professional privilege under s242 does NOT exempt you from SMR obligations — this is one of the most significant aspects of the legislation for the legal profession.
Legal Professional Privilege (s242)
The AML/CTF Act contains a specific carve-out: legal professional privilege does not apply to your obligation to lodge suspicious matter reports. This means you cannot rely on privilege to avoid reporting a suspicious matter. However, privilege continues to apply to other communications and documents in the ordinary course of legal practice.
Tipping-Off Prohibition (s123)
It is a criminal offence to disclose to any person that an SMR has been, is being, or will be made. For lawyers, this creates particular challenges when managing ongoing client relationships. Penalties include imprisonment up to 2 years.
Trust Account Obligations (Part 7A + State rules)
Lawyers managing trust accounts must incorporate AML/CTF monitoring into their trust account management. This includes monitoring for unusual patterns, large cash transactions, and transactions inconsistent with the client’s profile. These obligations interact with existing state-based trust account rules.
Record Keeping (Part 10)
All CDD records, transaction records, and AML/CTF program records must be retained for a minimum of 7 years. Records must be stored securely and produced to AUSTRAC upon request.
How ComplyAU Assists Law Firms
ComplyAU provides compliance tools designed for the specific needs and challenges of legal practice, including privilege-aware workflows and trust account monitoring.
AML Program Generator
AI builds your Part A and Part B AML/CTF program for legal practice, covering client identification, transaction monitoring, and employee due diligence. Aligned with the specific risk profile of law firms.
Client Due Diligence Workflows
Guided CDD and ECDD workflows for complex structures. Beneficial ownership identification for trusts, companies, and partnerships. PEP screening and sanctions checks integrated into your intake process.
Suspicious Matter Reporting
Structured SMR workflow with AUSTRAC-aligned fields. Built-in guidance on the interaction between reporting obligations and professional privilege. Complete audit trail for every report.
Privilege-Aware Compliance
ComplyAU is designed with the legal profession’s privilege considerations in mind. Clear workflows help you navigate the boundary between privileged communications and reportable matters under the AML/CTF Act.
Trust Account Monitoring
Overlay your existing trust account management with AML/CTF monitoring. Flag unusual patterns, large cash receipts, and transactions inconsistent with the stated purpose of the retainer.
Staff Training for Legal Teams
AML/CTF training modules tailored for legal staff, covering the unique obligations of the legal profession including privilege boundaries, tipping-off risks, and trust account requirements.
Legal Professional Privilege Does Not Apply to SMR Obligations
This is the single most important aspect of Tranche 2 for the legal profession. Section 242 of the AML/CTF Act 2006 provides that legal professional privilege is not a reasonable excuse for failing to comply with suspicious matter reporting obligations under s41\u201349.
This means that if you form a suspicion on reasonable grounds that a matter relates to money laundering, terrorism financing, or another serious offence, you must lodge an SMR with AUSTRAC regardless of any claim of privilege. The tipping-off prohibition (s123) then prevents you from disclosing the existence of the report to your client.
ComplyAU provides structured workflows that help you navigate this boundary, with clear guidance at each decision point. However, given the significance of these obligations, we strongly recommend obtaining independent legal advice on how privilege interacts with your specific practice areas.
Frequently Asked Questions
Does legal professional privilege protect lawyers from AML/CTF obligations?
No — not for suspicious matter reporting. Section 242 of the AML/CTF Act 2006 explicitly provides that legal professional privilege does not apply to the obligation to lodge suspicious matter reports under s41–49. This is a critical distinction for the legal profession. While privilege continues to protect other communications in the ordinary course of legal practice, it cannot be used to avoid reporting a suspicious matter to AUSTRAC.
Which legal services are designated services under Tranche 2?
Under s6AA of the AML/CTF Act 2006 (as amended), designated services for lawyers include: providing financial advisory services, preparing for or carrying out transactions for the creation, operation, or management of trusts, companies, or other legal entities, buying or selling real estate on behalf of a client, managing client money or assets, and providing conveyancing services. Routine litigation, general legal advice unrelated to these services, and criminal defence work are generally not captured.
How do state law society rules interact with AML/CTF obligations?
State and territory law societies are expected to update their professional conduct rules to reflect the new AML/CTF obligations. In practice, a failure to comply with your AUSTRAC obligations may constitute unsatisfactory professional conduct or professional misconduct under your state’s legal profession legislation. This creates dual regulatory exposure — both AUSTRAC and your state regulator.
What happens if I tip off a client about an SMR?
Tipping off is a criminal offence under s123 of the AML/CTF Act. If you disclose to a client (or anyone else) that an SMR has been, is being, or will be lodged, you face penalties including up to 2 years imprisonment. For lawyers, this is particularly challenging because of ongoing client relationships and duties of communication. ComplyAU provides workflow guidance to help you manage these obligations without inadvertently tipping off.
Do I need to retrospectively verify existing clients?
Yes, but on a risk-based timeline. Existing clients (‘back-book’) must be subject to CDD at the next appropriate opportunity or when you identify a higher risk. AUSTRAC does not require immediate verification of all existing clients on day one, but you must have a documented plan for back-book remediation as part of your AML/CTF program.
Does ComplyAU provide legal advice about AML/CTF compliance?
No. ComplyAU is a compliance management tool that assists you in building, maintaining, and evidencing your AML/CTF program. It does not provide legal advice. Given the complexity of privilege interactions and state-based variations, we recommend consulting a specialist AML/CTF lawyer for advice specific to your practice.
Compliance Solutions for Other Professions
Sources
All information on this page is based on the following primary sources. This page does not constitute legal advice.
- Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Federal Register of Legislation)
- AML/CTF Rules 2024 (Federal Register of Legislation)
- AUSTRAC \u2014 Tranche 2 Information (austrac.gov.au)
- AUSTRAC \u2014 Enrolment Guidance (austrac.gov.au)
- FATF Recommendations (Financial Action Task Force)
Prepare Your Firm for Tranche 2
Join the waitlist for early access to ComplyAU. Purpose-built compliance tools for law firms, with privilege-aware workflows.
Join the WaitlistAUSTRAC enrolment opens 31 March 2026. Tranche 2 commences 1 July 2026.