AUSTRAC Tranche 2: AML compliance guide for law firms.
TL;DR
- From 1 July 2026, law firms providing designated services — conveyancing, managing trust-account money for a transaction, forming or administering companies and trusts, acting as a nominee director or shareholder — become reporting entities under the AML/CTF Act 2006 (Cth).
- Five obligations: enrol with AUSTRAC before providing the service; adopt an AML/CTF program (Part A risk assessment + Part B customer due diligence); appoint an AMLCO; run customer identification and verification; report SMRs and threshold transactions of AUD 10,000 or more.
- Legal professional privilege is not extinguished by Tranche 2, but its interaction with reporting obligations is narrow. AUSTRAC guidance and Law Council commentary set out the boundary — privileged communications remain privileged, but factual transaction data and CDD records are reportable.
- Record-keeping: seven years from the date the designated service was provided or the customer relationship ended.
- Ironbark screens an ABN against ABR, ASIC, AUSTRAC, DFAT sanctions, AFSA insolvency, and the Federal Court in one report. $0.49 per screen, credits never expire.
What changes on 1 July 2026
Law firms become reporting entities for the first time at federal level.
State Legal Profession Uniform Law regulates trust-account conduct and fiduciary obligations. It does not establish federal AML reporting obligations. The AML/CTF Amendment Act 2024 (Cth) closes that gap by extending the AML/CTF Act 2006 (Cth) 'designated services' list to cover specified legal services effective 1 July 2026.
Conveyancing is squarely captured.
Conveyancing — acting for a vendor, purchaser, lessor, lessee, transferor, or transferee in a transfer of real estate — is a designated service under Tranche 2. Whether you are a full-service firm or a conveyancing-only practice (admitted under state licensing), the AML/CTF obligations attach.
Threshold transaction reports apply to money moving through the trust account.
Where a transaction the firm is involved in results in AUD 10,000 or more being received, paid, or transferred (including aggregation across connected transactions), a threshold transaction report (TTR) must be lodged with AUSTRAC within 10 business days.
Suspicious matter reports sit alongside existing tipping-off prohibitions.
If the firm forms a suspicion on reasonable grounds that a transaction is related to money laundering, terrorism financing, tax evasion, or serious proceeds-of-crime offences, an SMR must be lodged within three business days (24 hours for terrorism financing). The 'tipping off' offence in s 123 AML/CTF Act 2006 prohibits disclosing that fact to the client.
Legal professional privilege is preserved for privileged communications — but factual CDD and transaction records are reportable.
AUSTRAC guidance and the Law Council of Australia's commentary confirm that the amendments do not compel disclosure of privileged communications. They do require lodgement of factual reports about transactions and the outputs of customer identification and verification. Firms need to document the boundary in their AML/CTF program.
Who is in scope
The Tranche 2 cohort covers approximately 36,700 reporting entities in the law firms profession. Around 78% of AU law firms are sole practitioners or small practices (1–4 principals).
Law Society and Law Council of Australia data, combined with ASIC and state-regulator rolls. Based on admitted practitioners in private practice at 1 July 2025. Government, in-house, and academic practitioners are generally out of scope.
Admitted legal practitioners in private practice providing designated services.
The capture is services-based, not practitioner-wide. Barristers whose practice is purely advisory and advocacy are typically out of scope. Solicitors conducting conveyancing, forming companies, running trust-account transactions for clients, acting as executors or trustees, or providing nominee-director services are typically in scope.
Conveyancers admitted under state legislation.
State-licensed conveyancers (NSW, Vic, SA, WA, Qld, Tas) performing real-estate transfers are captured on the same terms as solicitors performing the same service. The capture follows the service, not the admission stream.
In-house, government, and academic lawyers are generally not captured.
A lawyer who does not provide designated services to external clients — for example, in-house counsel for a corporate employer, a Commonwealth or State Government lawyer, a university legal counsel — is not a reporting entity by reason of practising law alone.
The designated services
An entity is captured only in respect of designated services it provides. Services the AML/CTF Amendment Act 2024 (Cth) adds to cover law firms include:
- Acting for a client in the sale, purchase, or transfer of real estate — conveyancing
- Managing client money, securities, or other assets in connection with a transaction
- Creating, operating, or managing legal persons or legal arrangements (companies, trusts, partnerships)
- Acting as (or arranging for another to act as) a nominee shareholder, nominee director, or nominee trustee
- Providing a registered-office, business-address, or correspondence-address service for a company or other legal person
- Buying or selling a business entity on behalf of a client (share sale or asset sale advisory)
What you must do
Five obligations attach to every reporting entity. The AML/CTF program scales to the nature, size, and complexity of the business — a sole practitioner and a mid-firm follow the same framework at different scales.
Enrol with AUSTRAC
Before you commence providing a designated service after 1 July 2026, enrol your business via the AUSTRAC Online portal. Enrolment is free. AUSTRAC enrolment opened 31 March 2026 — processing takes several weeks, so do not defer this.
Write an AML/CTF program (Part A + Part B)
Part A is a risk assessment of the business — customers, services, channels, jurisdictions. Part B covers the customer due-diligence procedures that flow from the risk assessment. The program must be in writing, approved by the governing body, reviewed periodically, and provided to AUSTRAC on request.
Appoint an AML Compliance Officer (AMLCO)
The AMLCO must be an employee or partner at management level, fit and proper, able to have the AML/CTF program amended, and able to discharge reporting obligations. The role cannot be outsourced to an external consultant — consultants may advise and draft, but the AMLCO sits inside the reporting entity.
Run customer identification and verification (CDD)
Identify and verify the customer before providing the designated service. Run enhanced due diligence where risk indicators are present (foreign PEPs, opaque ownership, high-risk jurisdictions). Re-verify on trigger events. Record each CDD step with source documents, dates, and the identity of the staff member who ran the check.
Report SMRs, TTRs, and keep records
Lodge a suspicious matter report (SMR) within three business days of forming a suspicion on reasonable grounds (24 hours for suspected terrorism financing). Lodge a threshold transaction report (TTR) within 10 business days for any transaction involving AUD 10,000 or more. Keep CDD, transaction, and report records for seven years from the date the service was provided or the customer relationship ended.
How Ironbark helps
Ironbark is an AU-native screening product. It is not an end-to-end AML/CTF programme — the programme, AMLCO, and reporting workflow remain the reporting entity’s responsibility. Ironbark discharges the screening component, specifically.
Ironbark pulls an entity's current ABR status (active, cancelled, registered for GST), ASIC company and director particulars, and ASIC banned-and-disqualified-persons intersection in one screen. For trusts and partnerships, trustees and partners are resolved and screened. The report is a timestamped artefact that can be attached to the matter file.
The Ironbark Trust Score exposes AUSTRAC enforcement action history, cross-director networks indicating phoenix activity, and insolvency or external-administration events. Firms can set a Trust Score threshold (commonly 70/100) below which enhanced due diligence is mandated by practice policy.
Ironbark walks the ASIC company chain to surface immediate and ultimate beneficial owners where shareholder data is available. For complex structures (foreign ownership, bearer-share proxies) the screen flags where further source-document evidence is required — it does not invent beneficial ownership that ASIC does not hold.
Every screen checks the DFAT consolidated list. Hits are flagged for confirmation with a second source and recorded as 'screen' rather than 'hit' until the AMLCO confirms. The sanctions module is updated daily — DFAT changes propagate within a business day.
Each screen is a downloadable artefact (PDF and JSON) carrying the full source-data trace. Records are retained in Australian-region infrastructure.
Pricing for your firm size
All prices ex-GST in AUD. Credits never expire — a PAYG screen purchased in 2026 is still valid in 2028. Overage on Professional tier runs at $0.40 per screen; Business tier overage runs at $0.30 per screen.
| Firm size | Screens / month | Recommended tier | Price ex-GST |
|---|---|---|---|
| Sole practitioner (under 20 matters per month involving designated services) | < 20 | PAYG | $0.49 per screen |
| Small firm (2–5 principals, 20–300 screens per month) | 20–300 | Professional | $99 per month (inc-GST $108.90) |
| Mid-size firm (6–25 principals, 300–1,000 screens per month) | 300–1,000 | Business | $249 per month (inc-GST $273.90) |
FAQ
Does legal professional privilege protect my client from Ironbark screening?
Legal professional privilege attaches to communications between lawyer and client for the dominant purpose of legal advice or litigation. It does not protect the objective fact that an ABN exists, holds a particular ASIC status, has listed directors, or appears on a public sanctions list. Ironbark screens public registers. The CDD record you build is a factual record — not a privileged communication — and must be produced to AUSTRAC on request in the context of a reporting obligation.
Do I need to enrol each partner of the firm, or just the firm?
The reporting entity is the legal entity providing the designated service. A partnership, an incorporated legal practice (ILP), or a sole-trader practice enrols as the reporting entity. Partners do not enrol individually by virtue of being partners. Practitioners with separate practice structures (e.g. a practitioner operating through a service company alongside the partnership) should check whether the service company is a separate reporting entity.
What is the threshold transaction reporting timeframe?
Threshold transaction reports (TTRs) must be lodged within 10 business days of the transaction. Structured transactions — multiple transactions deliberately kept below the $10,000 threshold to avoid reporting — must also be reported. Conveyancing settlements and business-sale completions routinely exceed the threshold, so TTR workflow is a day-one consideration for most firms.
How does Tranche 2 interact with the Legal Profession Uniform Law trust-account rules?
The two regimes are cumulative. The Legal Profession Uniform Law (or the equivalent state Act in non-uniform jurisdictions) governs trust-account integrity, auditing, and fiduciary conduct. The AML/CTF Act 2006 (Cth) governs AML/CTF obligations. Trust-account records are the evidentiary backbone for many TTRs — a well-run trust account makes TTR compilation faster, but compliance with LPUL does not discharge AML/CTF obligations.
Can the AMLCO be shared across multiple firms (e.g. a service arrangement)?
The AMLCO must be an employee or partner of the reporting entity at management level. They cannot be a third-party contractor or shared-services provider external to the firm. In very small firms the principal typically is the AMLCO. External AML consultants can advise and draft the program — they cannot hold the office.
What happens if I just don't enrol?
Providing a designated service without being enrolled is a contravention carrying civil penalties per occurrence. AUSTRAC can also issue infringement notices and, in serious cases, seek injunctions and civil-penalty orders in the Federal Court. The reputational risk to a firm of an AUSTRAC enforcement action is material — AUSTRAC publishes enforcement outcomes, which feed into reputation screening products used by counterparties.
How long does an Ironbark screen take?
Under 30 seconds end-to-end for a standard Australian company or sole-trader ABN. Trust and partnership structures with multiple parties to resolve take longer — typically 1 to 2 minutes depending on the depth of the resolution. Results are delivered as a downloadable PDF and machine-readable JSON.
Are enterprise AML platforms or global screening tools sufficient?
Two broad categories are common in the AU market today. Enterprise AML platforms focus on beneficial-ownership resolution and are priced for large law and accounting firms — licensing typically starts in the low tens of thousands per year, which puts them beyond most sole practitioners. Global sanctions-and-PEP screening tools cover international lists well but do not cover ABR, ASIC directorship, AUSTRAC enforcement, AFSA insolvency, or Federal Court data. Ironbark consolidates the AU-native dataset into a single screen at $0.49 per check with no minimum purchase — complementary to either category if your firm already subscribes.
Where does the data come from?
Primary AU government registers. Australian Business Register for ABN and GST status. ASIC for company and director particulars. AUSTRAC's reporting-entity register and enforcement actions register. DFAT for consolidated sanctions. AFSA for personal insolvency. Federal Court of Australia for public matters. Every sub-score in the Ironbark Trust Score is documented on our /methodology page with its data source, refresh cadence, and known limitations.
Can I use Ironbark for pre-engagement client screening before I've formally accepted a matter?
Yes. Nothing in the AML/CTF Act or in professional-conduct rules prevents a firm from screening a prospective client or opposing party as part of conflict checking and intake. Where the screen results inform a decision not to take on the matter, the firm retains the screen as part of its intake records, not as a CDD record.
Run a free check
10 screens per month on the free tier. No card required. Credits never expire.