AUSTRAC Reporting Software for Small Australian Advisory Firms: What You Need, What to Avoid, and How to Choose

AUSTRAC reporting software is a category of tools that help a reporting entity meet its lodgement obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (the AML/CTF Act 2006). In plain terms, it captures the information a regulated business is required to collect, screens that information against sanctions and risk data, and lodges the resulting reports with AUSTRAC. The three report types it has to handle are Suspicious Matter Reports (SMRs), Threshold Transaction Reports (TTRs), and International Funds Transfer Instructions (IFTIs).

Until recently, these obligations applied mostly to banks, remitters, casinos, and similar businesses. That changed with the Tranche 2 reforms, which extend AML/CTF obligations to accountants, lawyers, real estate agents, and conveyancers for the first time in Australia. The Amendment Act passed into law in 2024, and AUSTRAC has published the timetable and guidance for the newly captured sectors (see AUSTRAC: Tranche 2 reform overview).

The important framing for a small firm is this: the software does not create the obligation, it operationalises it. You can meet the obligation manually, but the cost of doing so by hand (manual identity checks, manual list screening, manual record retention for seven years) usually exceeds the cost of a tool well before you reach any meaningful client volume.

Four profession categories are brought into the regime by the Tranche 2 reforms: accountants, lawyers, real estate agents, and conveyancers. The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 extended these obligations to those groups for the first time in Australia (AUSTRAC: Tranche 2 reform overview). A useful baseline number for context: Australia had roughly 280,000 registered reporting entities as at June 2023, the majority of them small businesses (AUSTRAC Annual Report 2022-23). Tranche 2 adds a large new cohort of small firms to that base.

The structural problem for small advisory practices is that the law does not scale obligations to firm size. A sole practitioner faces the same statutory lodgement duties as a national firm, but with far fewer compliance resources to meet them. That asymmetry is exactly what reporting software is meant to close.

Accountants and tax agents

Accounting and tax agent services that involve handling client funds or assisting with company formation fall within the designated service definitions under the expanded regime. If you set up corporate structures, manage client money, or act in transactions involving the transfer of value, you are likely to be captured. The detail of which specific services trigger obligations is set out in AUSTRAC guidance for the accounting sector. See our breakdown for accountants under Tranche 2.

Lawyers and legal practitioners

For legal practitioners, conveyancing, corporate structuring, and trust account management are the activities most clearly drawn into the designated-service net. Legal professional privilege is preserved, but it does not exempt the underlying designated service from the AML/CTF framework. See our breakdown for lawyers under Tranche 2.

Real estate agents

Buyer's agents, selling agents, and property managers who handle transactions face reporting obligations once the regime commences for their sector. Property is a long-standing money laundering vector, which is a core reason the sector was prioritised in the reforms. See our breakdown for real estate under Tranche 2.

Conveyancers

Conveyancers who facilitate property transfers are named explicitly as designated service providers under Tranche 2. Because conveyancing sits at the settlement point of a property transaction, customer due diligence and source-of-funds awareness matter most here. See our breakdown for conveyancers under Tranche 2.

A reporting entity has three lodgement duties to AUSTRAC, and good software should handle all three. A Suspicious Matter Report (SMR) has no minimum dollar threshold: it is triggered by a reasonable suspicion about a customer or transaction, and it must be lodged within the timeframes set by the Act once that suspicion forms. A Threshold Transaction Report (TTR) covers cash transactions at or above AUD 10,000 and must be lodged with AUSTRAC within ten business days of the transaction (AUSTRAC: Threshold Transaction Reports guidance). An International Funds Transfer Instruction (IFTI) covers international electronic funds transfers.

The cost of getting this wrong is not abstract. Failure to lodge a Suspicious Matter Report can carry a maximum civil penalty of 100,000 penalty units per contravention under the AML/CTF Act 2006, equivalent to roughly AUD 33 million at the 2024 penalty unit rate (AUSTRAC: Civil penalty orders). Penalties apply per contravention, so a recurring failure across many clients compounds rather than caps.

For a small firm, the practical takeaway is that the SMR is the report most likely to catch you out. TTRs and IFTIs are event-driven and obvious. An SMR depends on a judgement about suspicion, which is exactly where good screening and a clean audit trail earn their keep.

The right way to evaluate a tool is obligation-first, not feature-first. A long feature list means little if it does not map to the duties you carry. For a small advisory firm, the obligations that matter most are: direct lodgement to AUSTRAC Online or an equivalent API path, customer identity verification (KYC) at onboarding, ABN and ACN verification against the register, ongoing screening of politically exposed persons (PEPs) and sanctions against the relevant Australian and international lists, audit-trail retention for seven years, and staff training records.

The seven-year retention point is statutory, not optional. Reporting entities must retain KYC and transaction records for a minimum of seven years under section 114 of the AML/CTF Act 2006 (AUSTRAC: Record-keeping obligations). A tool that stores records for less than seven years, or that makes export difficult, is a liability rather than a help.

ABN and entity verification: why it matters at onboarding

Verifying a client's ABN and ACN at onboarding is part of Customer Due Diligence (CDD) under Part 2 of the AML/CTF Act 2006. A mismatch between the trading name a client gives you and the entity actually registered against that ABN is a classic red flag: it can indicate a shelf company, a recently re-registered entity, or a simple data error that needs resolving before you act. The Australian Business Register is the public source of truth, and automated verification removes the manual-lookup errors that creep in when a busy practice checks by hand. Our entity verification approach is built around exactly this check.

PEP and sanctions screening frequency

AUSTRAC guidance treats screening as an ongoing obligation, not a one-time onboarding event. The common failure pattern in small firms is to screen a client once at onboarding and never again, which misses the case where a client's status changes mid-engagement (a new directorship, a sanctions listing, a change in beneficial ownership). Ongoing customer due diligence means screening at a sensible cadence across the life of the relationship, which is difficult to do reliably by hand and straightforward to automate.

Each of these questions maps to a specific statutory obligation. Frame the conversation around the duty being protected, not the feature being sold.

1. Does the platform lodge directly to AUSTRAC Online, or does it require manual re-entry? Manual re-entry is where lodgement deadlines slip. Direct lodgement protects your TTR ten-business-day window and your SMR timeframes.
2. Does it screen against the Australian consolidated sanctions list, not only global lists? An AU practice needs the Australian Sanctions Office consolidated list and the relevant designated-persons data, not just a global feed that may miss local listings.
3. Is the audit trail retained on AU-based servers for the full seven-year period? This protects your section 114 retention obligation and keeps data within AU jurisdiction.
4. Does it support AML/CTF Program Part A and Part B documentation? Your program (Part A risk management, Part B customer identification) is a standing obligation, and the tool should help you evidence it.
5. What is the per-search cost at the volume a five-to-ten-person firm actually runs? Pricing built for banks rarely fits a small practice. Ask for the real cost at 20 to 200 checks per month.

Honest cost context matters here because the category is dominated by tools that were never priced for small firms. Enterprise AML platforms commonly sit in the range of AUD 500 to AUD 2,000 per month ex-GST (roughly AUD 550 to AUD 2,200 inc-GST) and are sized for banks and large corporates with dedicated compliance teams. A small advisory firm typically needs somewhere between 20 and 200 KYC checks per month, which makes a per-seat or high monthly minimum a poor fit.

These figures are indicative, not quoted from any single vendor. The category splits broadly into subscription-based AU-native platforms, global screening tools priced for enterprise, and pay-as-you-go incumbents. The right model for a small practice is usually per-search pricing, because it tracks your actual workload rather than forcing you to pre-commit to a seat count you will not use. The practical instruction is simple: always ask for a per-search price and model it against your real monthly volume before signing. See who Ironbark is built for to check the fit against your practice.

Ironbark is built for AU-context advisory firms rather than for banks. It does four things that map directly to the obligations above: ABN and entity lookup against the register, PEP and sanctions screening, Trust Score generation that turns scattered checks into a single defensible signal, and audit-trail export for your records. It prices per search rather than per seat or per monthly minimum, so a five-person firm pays for what it uses.

The Trust Score is the part worth understanding before you buy: it combines the underlying checks into one transparent, versioned score so that your file shows not just a pass or fail but the reasoning behind it. The methodology is published and change-logged rather than hidden, which is what a defensible audit trail needs. You can read the full Trust Score methodology and see exactly how each signal is weighted.

A note on scope.This page is general compliance information to help you evaluate the category. It is not legal advice, and it does not assess your firm's specific obligations. Whether and how Tranche 2 applies to your practice depends on the services you provide. For a definitive view, rely on AUSTRAC's published guidance and, where needed, your own professional adviser.