← Back to Home News · AU

Tranche Two Is Live: Thousands of Australian Firms Just Became AML-Regulated Overnight

Make RegTech.com preferred on Google
Tranche Two Is Live: Thousands of Australian Firms Just Became AML-Regulated Overnight


Australia has spent the better part of the past two decades as an international outlier. Alongside a small number of other jurisdictions, it had never extended anti-money laundering obligations to the "designated non-financial businesses and professions" (or the DNFBPs, in Financial Action Task Force shorthand) that most peer countries brought into scope years ago. From July 2026, that gap closes. Real estate agents, lawyers, accountants, conveyancers, trust and company service providers, and dealers in precious metals and stones now carry AML/CTF obligations: customer due diligence, ongoing monitoring, record-keeping and suspicious-matter reporting.

The scale of the change is not incremental. It brings thousands of businesses — many of them small partnerships and sole practitioners with no compliance infrastructure whatsoever — under the supervision of AUSTRAC, the national financial-intelligence and regulatory agency, effectively overnight. Where a bank has spent years building onboarding systems, monitoring engines and a compliance function, a suburban conveyancing practice is starting from a standing position: no customer risk-rating methodology, no transaction-monitoring capability, no MLRO, and in many cases no clear sense of what a suspicious matter even looks like in its own business.

The enforcement climate they are joining is not a forgiving one. Australian regulators have made clear through recent penalties that financial-crime failings carry a real price and, increasingly, come attached with a technology remediation requirement. In the gaming sector, the NSW Independent Casino Commission penalised The Star Sydney with a AUD 10 million penalty and required a further AUD 5 million investment specifically in financial-crime risk-management technology, addressing deficiencies spanning customer risk assessment, enhanced due diligence and ongoing monitoring. The signal to newly regulated professions is unambiguous: regulators expect not just policies on paper but working controls, and they are willing to mandate spending on the tools to deliver them.

The combination of a vast population of unprepared entrants and a regulator that expects functioning systems creates one of the clearest greenfield opportunities the RegTech sector has seen in a mature market. Onboarding, identity verification, risk-rating and simplified monitoring tools built for small professional firms, rather than for banks, are suddenly addressing a market of thousands of mandatory buyers who did not exist as customers a month ago. The firms that win it will be the ones that make compliance proportionate and near-turnkey for a sole practitioner, not the ones that try to sell bank-grade complexity to a two-partner law firm.

Australia as everyone else's case study


What makes this more than a domestic regulatory story is that Australia is not alone in facing the problem. The FATF has long encouraged member states to bring "gatekeeper" professions into the AML regime, yet the same questions continue to divide policymakers elsewhere. How do you regulate lawyers and accountants without undermining legal professional privilege? How much compliance is proportionate for a sole practitioner?

Australia is now answering those questions in real time. A G20 economy has brought thousands of gatekeeper professions into scope at once, creating a live test of how quickly a previously unregulated sector can adapt. Whether the result is widespread technical non-compliance, a rush towards RegTech adoption or a more measured supervisory approach will offer useful lessons well beyond Australia.

That is the story worth following. The legislation is only the starting point; what happens over the next 12 months will be the real measure of whether the model works.

Regulatory Implications


For newly regulated firms, the priority is straightforward: build the fundamentals before the first reporting obligation arrives. That means enrolling with AUSTRAC, assigning clear accountability for the AML/CTF programme, documenting a customer risk-assessment methodology and establishing a process for suspicious matter reporting. The programme can be proportionate to the size of the business, but it still needs to exist.

Established financial institutions face a different challenge. Lawyers, accountants and real estate agents now become regulated counterparties in their own right, which should improve the quality of customer and transaction information over time. The transition, however, is unlikely to be seamless. Many newly regulated firms will be applying AML obligations for the first time, making a period of inconsistent risk assessment and more cautious suspicious matters reporting realistic expectations. Firms with Australian exposure should plan for that adjustment rather than assume the regime will mature overnight.
Link copied to clipboard
AI Bot
AI Bot
Hi! I'm the RegTech.com assistant. How can I help you today?
Ask me anything — top trending news, latest regulatory changes in the EU, or simply search for topics.