AML/CTF for Accountants: A Complete Compliance Guide

Australia's Tranche 2 AML/CTF reforms bring accountants, tax agents, and BAS agents under AUSTRAC's regulatory umbrella for the first time. From 1 July 2026, accounting professionals who provide designated services must have a compliant AML/CTF program in place. This guide covers everything you need to know.

Which Accounting Services Are Designated?

Not every accounting service triggers AML/CTF obligations. Under the reforms, the following services are classified as designated services when provided to or on behalf of a client:

Company formation and management — Setting up, managing, or administering companies, partnerships, or other legal entities
Trust creation and administration — Establishing trusts, acting as trustee, or managing trust assets
Managing client money or assets — Holding, investing, or transferring funds through trust or client accounts
Buying and selling of business entities — Acting as an intermediary in the acquisition or disposal of a business
Tax structuring and planning — Where the service relates to the creation of legal arrangements that could be exploited for money laundering

Routine tax return preparation, general bookkeeping, and standard BAS lodgement are not designated services on their own. However, if your practice offers any combination of the above, you must assess your exposure carefully. AUSTRAC has emphasised that accounting firms should review their entire service offering rather than assuming they are not covered.

Why Accountants Are Considered High Risk

The FATF and AUSTRAC have identified accounting professionals as gatekeepers to the financial system. Criminals target accountants because they can:

Create complex corporate and trust structures that obscure beneficial ownership
Legitimise funds by channelling them through professional trust accounts
Provide a veneer of respectability to transactions that might otherwise attract scrutiny
Facilitate tax evasion schemes that overlap with money laundering

Serious and organised crime costs Australia up to $60.1 billion annually. Accountants who unwittingly facilitate these activities face both legal liability and severe reputational consequences.

Customer Due Diligence for Accountants

Before providing a designated service, you must conduct Customer Due Diligence (CDD). For accounting practices, this means:

Individual Clients

Collect and verify government-issued photo identification (passport or driver's licence) plus a secondary document. Record the client's full name, date of birth, and residential address.

Business Clients

Verify the entity's registration with ASIC, identify the beneficial owners (anyone who ultimately owns or controls 25% or more of the entity), and understand the ownership and control structure.

Trust Clients

Identify the trustee, the trust's beneficiaries, the appointer, and the settlor. Obtain a copy of the trust deed. Trusts are inherently higher risk due to the ability to obscure beneficial ownership.

Ongoing CDD

CDD is not a one-off exercise. You must conduct ongoing monitoring throughout the client relationship, updating identification information and reassessing risk when circumstances change — for example, when a client's ownership structure shifts, or when you observe unusual transaction patterns.

Key Risk Factors to Watch

When assessing ML/TF risk within your practice, pay close attention to:

Company formation requests from clients with no clear business purpose or with overly complex structures
Trust arrangements where the source of settled funds is unclear or where the beneficiaries are undisclosed
Large or unusual transactions through client trust accounts, especially where the amounts are inconsistent with the client's known financial profile
Clients reluctant to provide identification or who give inconsistent or evasive answers about the nature of their business
Politically exposed persons (PEPs) or clients connected to high-risk jurisdictions identified by FATF or DFAT
Requests for secrecy beyond normal professional confidentiality, or pressure to complete transactions urgently without proper due diligence

Training Requirements

Every staff member involved in providing designated services must receive AML/CTF training. AUSTRAC expects:

Initial training within 30 days of commencing duties that involve designated services
Ongoing training at regular intervals to keep staff updated on new risks, red flags, and regulatory changes
Role-specific content — a partner handling trust administration faces different risks than a graduate preparing tax returns

Training should cover the basics of money laundering and terrorism financing, your firm's specific AML/CTF program, how to identify and escalate suspicious activity, and record keeping responsibilities.

Key Dates for Accountants

| Milestone | Date | |-----------|------| | AUSTRAC enrolment opens | 31 March 2026 | | AML/CTF obligations commence | 1 July 2026 | | Enrolment deadline | 29 July 2026 | | Compliance officer notification to AUSTRAC | 29 July 2026 | | Initial CDD transition period ends | 30 March 2029 |

How to Get Started

Audit your services — Map every service your practice provides against the designated services list. Be thorough.
Enrol with AUSTRAC — Registration opened 31 March 2026. You will need your ABN, details of your designated services, and your nominated compliance officer.
Appoint a compliance officer — This person must be "fit and proper" with the competence, knowledge, and integrity to oversee your AML/CTF program. In smaller practices, this is often the principal.
Build your AML/CTF program — Document your risk assessment, CDD procedures, reporting processes, and training plan. AUSTRAC has published a sector-specific starter kit for accountants, but it is a static document — you will need systems to operationalise it.
Implement CDD workflows — Set up processes for verifying client identity before providing designated services.
Train your team — Deliver initial training and schedule regular refreshers.
Establish record keeping — All CDD records, risk assessments, and reports must be retained for seven years.

Don't Wait Until July

The compliance deadline is approaching and AUSTRAC has made clear that Tranche 2 enforcement is a priority. The maximum corporate penalty is $33 million per contravention, and criminal penalties also apply. Getting started now gives your practice time to build robust procedures without rushing.

Ready to simplify your AML/CTF compliance? Try ComplyReady free for 14 days.

Which Accounting Services Are Designated?

Not every accounting service triggers AML/CTF obligations. Under the reforms, the following services are classified as designated services when provided to or on behalf of a client:

Company formation and management — Setting up, managing, or administering companies, partnerships, or other legal entities
Trust creation and administration — Establishing trusts, acting as trustee, or managing trust assets
Managing client money or assets — Holding, investing, or transferring funds through trust or client accounts
Buying and selling of business entities — Acting as an intermediary in the acquisition or disposal of a business
Tax structuring and planning — Where the service relates to the creation of legal arrangements that could be exploited for money laundering

Why Accountants Are Considered High Risk

The FATF and AUSTRAC have identified accounting professionals as gatekeepers to the financial system. Criminals target accountants because they can:

Create complex corporate and trust structures that obscure beneficial ownership
Legitimise funds by channelling them through professional trust accounts
Provide a veneer of respectability to transactions that might otherwise attract scrutiny
Facilitate tax evasion schemes that overlap with money laundering

Serious and organised crime costs Australia up to $60.1 billion annually. Accountants who unwittingly facilitate these activities face both legal liability and severe reputational consequences.

Customer Due Diligence for Accountants

Before providing a designated service, you must conduct Customer Due Diligence (CDD). For accounting practices, this means:

Individual Clients

Collect and verify government-issued photo identification (passport or driver's licence) plus a secondary document. Record the client's full name, date of birth, and residential address.

Business Clients

Verify the entity's registration with ASIC, identify the beneficial owners (anyone who ultimately owns or controls 25% or more of the entity), and understand the ownership and control structure.

Trust Clients

Identify the trustee, the trust's beneficiaries, the appointer, and the settlor. Obtain a copy of the trust deed. Trusts are inherently higher risk due to the ability to obscure beneficial ownership.

Ongoing CDD

Key Risk Factors to Watch

When assessing ML/TF risk within your practice, pay close attention to:

Company formation requests from clients with no clear business purpose or with overly complex structures
Trust arrangements where the source of settled funds is unclear or where the beneficiaries are undisclosed
Large or unusual transactions through client trust accounts, especially where the amounts are inconsistent with the client's known financial profile
Clients reluctant to provide identification or who give inconsistent or evasive answers about the nature of their business
Politically exposed persons (PEPs) or clients connected to high-risk jurisdictions identified by FATF or DFAT
Requests for secrecy beyond normal professional confidentiality, or pressure to complete transactions urgently without proper due diligence

Training Requirements

Every staff member involved in providing designated services must receive AML/CTF training. AUSTRAC expects:

Initial training within 30 days of commencing duties that involve designated services
Ongoing training at regular intervals to keep staff updated on new risks, red flags, and regulatory changes
Role-specific content — a partner handling trust administration faces different risks than a graduate preparing tax returns

Key Dates for Accountants

How to Get Started

Audit your services — Map every service your practice provides against the designated services list. Be thorough.
Enrol with AUSTRAC — Registration opened 31 March 2026. You will need your ABN, details of your designated services, and your nominated compliance officer.
Appoint a compliance officer — This person must be "fit and proper" with the competence, knowledge, and integrity to oversee your AML/CTF program. In smaller practices, this is often the principal.
Build your AML/CTF program — Document your risk assessment, CDD procedures, reporting processes, and training plan. AUSTRAC has published a sector-specific starter kit for accountants, but it is a static document — you will need systems to operationalise it.
Implement CDD workflows — Set up processes for verifying client identity before providing designated services.
Train your team — Deliver initial training and schedule regular refreshers.
Establish record keeping — All CDD records, risk assessments, and reports must be retained for seven years.

Don't Wait Until July

Ready to simplify your AML/CTF compliance? Try ComplyReady free for 14 days.

AML/CTF for Accountants: A Complete Compliance Guide

Which Accounting Services Are Designated?

Why Accountants Are Considered High Risk

Customer Due Diligence for Accountants

Individual Clients

Business Clients

Trust Clients

Ongoing CDD

Key Risk Factors to Watch

Training Requirements

Key Dates for Accountants

How to Get Started

Don't Wait Until July

Ready to get AML/CTF compliant?

AML/CTF for Accountants: A Complete Compliance Guide

Which Accounting Services Are Designated?

Why Accountants Are Considered High Risk

Customer Due Diligence for Accountants

Individual Clients

Business Clients

Trust Clients

Ongoing CDD

Key Risk Factors to Watch

Training Requirements

Key Dates for Accountants

How to Get Started

Don't Wait Until July

Ready to get AML/CTF compliant?