Australia’s New AML Laws Explained: What Small Businesses Need To Know In 2026

Australia’s anti-money laundering and counter-terrorism financing laws are changing. From 2026, the rules will no longer apply only to banks, casinos and financial institutions. Some small businesses in sectors such as accounting, real estate, trust and company services, virtual assets and high-value goods may also need to comply with AML/CTF obligations.

For affected businesses, this is not just a technical compliance issue. The reforms may change how you onboard clients, verify identity, collect personal information, manage records, train staff and respond to suspicious activity. They may also require updates to your client terms, privacy documents, engagement letters and internal compliance processes.

In this article, we’ll explain the background to the reforms, which businesses may be affected, what obligations could apply and what small businesses should do to prepare.

What Are The New AML/CTF Reforms?

Australia’s anti-money laundering and counter-terrorism financing regime is being expanded, simplified and modernised. The key change for many small businesses is that certain services in sectors that were previously outside the regime will now be regulated.

AML/CTF laws are designed to make it harder for criminals to use legitimate businesses to move, disguise or benefit from illegal funds. Until now, Australia’s AML/CTF framework has mainly focused on financial institutions, casinos, remittance providers and other existing reporting entities. However, the reforms expand the regime to capture additional services that may be vulnerable to money laundering risks.

For small businesses, this means AML/CTF compliance may become part of ordinary business operations. Depending on the services you provide, your business may need to assess customer risk, verify client identity, keep records, report suspicious activity and maintain an AML/CTF program.

Why Are The AML Laws Changing?

Money laundering does not only happen through banks. Criminals may also use professional services, property transactions, companies, trusts, high-value goods and digital assets to hide the origin of funds or disguise who owns or controls assets.

For example, a person may use a company or trust structure to purchase property, move funds through a professional adviser, or buy high-value goods using illicit money. These transactions can appear legitimate on the surface, which is why AML/CTF laws focus on identifying customers, understanding ownership structures and detecting suspicious activity.

The reforms are intended to close gaps in Australia’s AML/CTF regime and bring Australia more closely in line with international standards. They also aim to make the system more risk-based, meaning businesses should focus their compliance efforts on the areas of greatest money laundering and terrorism financing risk.

What Is Tranche 2?

“Tranche 2” is the term commonly used to describe the group of professional services and industries being brought into Australia’s AML/CTF regime.

This includes certain services provided by businesses such as accountants, real estate professionals, trust and company service providers, lawyers, conveyancers and dealers in precious metals and stones. These sectors can be exposed to money laundering risks because they may help clients create structures, transfer assets, manage transactions or deal with high-value property or goods.

Importantly, the reforms do not mean every business in these industries will automatically have the same obligations. The key question is whether your business provides a regulated service under the AML/CTF framework. This is why small businesses should review the specific services they offer, rather than assuming they are either completely covered or completely exempt.

When Do The New AML/CTF Changes Start?

The reforms have staged commencement dates. Existing reporting entities are expected to comply with some changes from 31 March 2026.

For newly regulated Tranche 2 businesses, obligations generally begin from 1 July 2026. Enrolment for Tranche 2 entities is expected to open from 31 March 2026, giving businesses a short window to prepare before the new obligations commence.

This timing matters because AML/CTF compliance usually cannot be addressed by a single document update at the last minute. Businesses may need time to review their services, update client onboarding processes, train staff, collect new types of information and prepare internal procedures.

Which Small Businesses May Be Affected?

The reforms may affect small businesses that provide certain services in sectors such as accounting, real estate, trust and company services, legal and conveyancing services, virtual assets, and dealing in precious metals or stones.

For example, an accounting firm that helps clients establish companies or trusts may have different AML/CTF risks from a business that only provides basic bookkeeping services. A real estate agency involved in property transactions may face different obligations from a business that only provides general property marketing services. A jeweller or precious metals dealer may need to consider whether high-value transactions create AML/CTF obligations.

The important point is that the law looks at the services being provided. Small businesses should assess their actual business activities, client base and transaction types to understand whether the reforms apply.

What Obligations Could Apply?

If your business is captured, you may need to comply with a range of AML/CTF obligations. These may include enrolling or registering with AUSTRAC, conducting customer due diligence, verifying customer identity, understanding beneficial ownership, keeping records, reporting suspicious matters and maintaining an AML/CTF program.

Customer due diligence is one of the central obligations. In practice, this means taking steps to know who your client is, and in some cases, who ultimately owns or controls the client. For companies and trusts, this may require collecting information about directors, shareholders, trustees, beneficiaries or beneficial owners.

Businesses may also need to adopt a risk-based approach. This means a low-risk client may require simpler checks, while a higher-risk client or transaction may require more detailed questions about source of funds, source of wealth or the purpose of the transaction.

How Could These Changes Impact Small Businesses?

For many small businesses, the biggest impact will be operational. AML/CTF compliance may affect the way a business takes on new clients, what information it requests, how quickly it can start work, how it stores records and how staff respond to suspicious behaviour.

There may also be a cost impact. Businesses may need to invest in new onboarding systems, update legal documents, train employees, implement internal processes or seek advice from legal specialists. While the reforms are intended to be risk-based, even a small business may need a clear and documented process for managing AML/CTF risks.

There can also be a client experience impact. Clients may be asked for more information than they are used to providing, such as identity documents, company ownership details or information about the source of funds. Businesses should make sure their client terms and privacy documents clearly explain why this information is being collected and how it will be handled.

Privacy And Data Handling Implications

The AML/CTF reforms are closely connected to privacy and data handling. If a business needs to collect more identity documents, ownership information or financial details, it also needs to consider how that information will be stored, protected, used and disclosed.

For small businesses, this may mean updating privacy policies and collection notices so clients understand why information is being collected. Businesses may also need to review internal access controls, document retention practices and procedures for sharing information with third parties.

This is particularly important because AML/CTF compliance may require businesses to retain records and, in some circumstances, report suspicious matters to AUSTRAC. Client-facing documents should be clear enough to explain these possibilities without creating unnecessary concern or confusion.

What Legal Documents May Need Updating?

The reforms may require businesses to review their client-facing and internal documents. This is not because documents alone will make a business compliant, but because they help set expectations and support the business’s broader compliance processes.

For example, engagement letters, client terms and service agreements may need to explain that the business can request identity documents or additional information before providing services. Privacy policies and collection notices may need to explain how personal information is collected, used, stored and disclosed for AML/CTF compliance. Internal policies may need to set out how staff should handle client verification, escalation and record keeping.

Other documents that may need review include onboarding forms, website terms, contractor agreements, referral agreements and data-sharing agreements. The exact documents will depend on the business model and the services provided.

What Should Small Businesses Do Now?

Small businesses should start by identifying whether their services may be captured by the reforms. This means looking at what the business actually does, who its clients are, what types of transactions it supports, and whether it deals with companies, trusts, property, client money, digital assets or high-value goods.

Once a business understands its potential exposure, it can review its onboarding process, privacy documents, client terms and internal policies. It may also need to consider whether staff training or specialist AML support is required.

A practical preparation process may include:

• Reviewing whether your services may be captured
• Mapping your current client onboarding process
• Identifying what customer information you currently collect
• Reviewing your privacy policy and collection notices
• Updating client-facing terms where needed
• Considering whether an AML/CTF program is required
• Training relevant staff
• Speaking to legal and AML specialists where appropriate

Need Help Preparing For The New AML Laws?

If your business may be affected by the AML/CTF reforms, it’s a good idea to start reviewing your legal documents and onboarding processes early.

Need help preparing your legal documents for the new AML laws? You can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.