How to Become AML Compliant in Australia (Step-by-Step)

If you are wondering how to be AML compliant in Australia, you are not alone. With Tranche 2 bringing thousands of new businesses under AUSTRAC's regulatory umbrella from 1 July 2026, real estate agents, accountants, lawyers, and conveyancers are scrambling to understand what is required. The good news is that the process is manageable when you break it into clear steps.

This guide walks you through exactly how to become AML compliant in Australia, with realistic timelines for each stage.

Step 1: Determine If You Are a Reporting Entity

Estimated time: 1 day

Confirm whether your business is classified as a reporting entity under the AML/CTF Act. Under Tranche 2, the following professions provide designated services:

Real estate agents involved in buying or selling property
Accountants managing client funds, forming companies, or creating trusts
Lawyers providing transactional services such as conveyancing or managing trust accounts
Conveyancers handling property transfers

If your business provides any of these services, you are a reporting entity. It does not matter how often — even a single transaction triggers your obligations.

Step 2: Register with AUSTRAC

Estimated time: 1-2 weeks

Every reporting entity must enrol with AUSTRAC online. You will need your ABN, details about your designated services, your compliance officer's contact details, and your business structure information.

The enrolment takes around 30 minutes online, but allow one to two weeks for AUSTRAC to process your registration. Do not wait until the deadline.

Step 3: Build Your AML/CTF Program

Estimated time: 2-4 weeks

Your AML/CTF program is the cornerstone of compliance — a written document with two parts:

Part A: Risk Assessment

Identify and document the money laundering and terrorism financing (ML/TF) risks specific to your business, considering:

Customer types — Politically exposed persons, overseas clients, complex structures
Services — Which are more susceptible to misuse
Delivery channels — Face-to-face, online, or through intermediaries
Geographic risk — Higher-risk jurisdictions

Part B: Compliance Procedures

Set out policies for managing the risks identified in Part A, including CDD procedures, enhanced due diligence, ongoing monitoring, suspicious matter reporting, staff training, and record keeping.

AUSTRAC expects your program to reflect your actual operations — not a generic template with your name on it.

Step 4: Set Up Customer Due Diligence (CDD)

Estimated time: 1-2 weeks

CDD means verifying who your customers are before providing a designated service. You must:

Collect identification — Name, date of birth, and address for individuals; company name, ABN/ACN, and beneficial owner details for entities
Verify the information — Using government-issued ID, electronic verification, or company registers
Identify beneficial owners — Determine who ultimately controls companies and trusts
Assess the relationship — Understand why the customer is engaging your services

If your risk assessment flags a customer as higher risk, apply enhanced due diligence such as verifying the source of funds or obtaining senior management approval.

Step 5: Train Your Staff

Estimated time: 1-2 weeks for initial training, then ongoing

Every person who provides designated services must receive training covering:

What money laundering and terrorism financing look like in practice
Your business's AML/CTF program and procedures
How to conduct CDD correctly
How to identify and escalate red flags
Tipping-off offences and consequences of non-compliance

Training must be delivered before staff begin relevant duties and refreshed at least annually. Keep records of all training.

Step 6: Establish Transaction Monitoring

Estimated time: 1-2 weeks

You must have systems to monitor transactions for unusual patterns, review customer information periodically, and flag suspicious activity for investigation. For small businesses, this can be a documented manual process rather than expensive software.

Step 7: Prepare for Reporting Obligations

Estimated time: 1 week

Reporting entities must lodge reports through the AUSTRAC Portal:

Suspicious Matter Reports (SMRs) — Within 24 hours for terrorism-related matters, three business days for all others
Threshold Transaction Reports (TTRs) — Physical currency transactions of $10,000 or more
International Funds Transfer Instructions (IFTIs) — If applicable to your services

Ensure your staff know the escalation process. Failing to lodge an SMR is one of the most common compliance failures.

Step 8: Implement Record Keeping

Estimated time: 1 week

Keep records for seven years from when a transaction completes or a business relationship ends:

Customer identification and verification documents
Transaction records
AML/CTF program documentation (including previous versions)
Training records
Suspicious matter reports and supporting documentation

Digital storage is acceptable provided records remain accessible for the full retention period.

Your Compliance Timeline

| Step | Task | Estimated Time | |------|------|---------------| | 1 | Determine reporting entity status | 1 day | | 2 | Register with AUSTRAC | 1-2 weeks | | 3 | Build AML/CTF program (Parts A and B) | 2-4 weeks | | 4 | Set up CDD processes | 1-2 weeks | | 5 | Train staff | 1-2 weeks | | 6 | Establish monitoring | 1-2 weeks | | 7 | Prepare reporting processes | 1 week | | 8 | Implement record keeping | 1 week |

Total estimated time: 8-14 weeks from start to finish.

Many steps can run in parallel — for example, training staff while finalising CDD procedures. The key is to start early.

How ComplyReady Can Help

Building an AML/CTF program from scratch can feel overwhelming, especially if compliance is not your area of expertise. ComplyReady generates a tailored AML/CTF program based on your specific business, industry, and risk profile. From risk assessments to CDD checklists, staff training resources, and ongoing monitoring tools, ComplyReady helps Australian businesses become AML compliant faster and with confidence. Start your compliance journey today at ComplyReady.

This guide walks you through exactly how to become AML compliant in Australia, with realistic timelines for each stage.

Step 1: Determine If You Are a Reporting Entity

Estimated time: 1 day

Confirm whether your business is classified as a reporting entity under the AML/CTF Act. Under Tranche 2, the following professions provide designated services:

Real estate agents involved in buying or selling property
Accountants managing client funds, forming companies, or creating trusts
Lawyers providing transactional services such as conveyancing or managing trust accounts
Conveyancers handling property transfers

If your business provides any of these services, you are a reporting entity. It does not matter how often — even a single transaction triggers your obligations.

Step 2: Register with AUSTRAC

Estimated time: 1-2 weeks

The enrolment takes around 30 minutes online, but allow one to two weeks for AUSTRAC to process your registration. Do not wait until the deadline.

Step 3: Build Your AML/CTF Program

Estimated time: 2-4 weeks

Your AML/CTF program is the cornerstone of compliance — a written document with two parts:

Part A: Risk Assessment

Identify and document the money laundering and terrorism financing (ML/TF) risks specific to your business, considering:

Customer types — Politically exposed persons, overseas clients, complex structures
Services — Which are more susceptible to misuse
Delivery channels — Face-to-face, online, or through intermediaries
Geographic risk — Higher-risk jurisdictions

Part B: Compliance Procedures

Set out policies for managing the risks identified in Part A, including CDD procedures, enhanced due diligence, ongoing monitoring, suspicious matter reporting, staff training, and record keeping.

AUSTRAC expects your program to reflect your actual operations — not a generic template with your name on it.

Step 4: Set Up Customer Due Diligence (CDD)

Estimated time: 1-2 weeks

CDD means verifying who your customers are before providing a designated service. You must:

Collect identification — Name, date of birth, and address for individuals; company name, ABN/ACN, and beneficial owner details for entities
Verify the information — Using government-issued ID, electronic verification, or company registers
Identify beneficial owners — Determine who ultimately controls companies and trusts
Assess the relationship — Understand why the customer is engaging your services

If your risk assessment flags a customer as higher risk, apply enhanced due diligence such as verifying the source of funds or obtaining senior management approval.

Step 5: Train Your Staff

Estimated time: 1-2 weeks for initial training, then ongoing

Every person who provides designated services must receive training covering:

What money laundering and terrorism financing look like in practice
Your business's AML/CTF program and procedures
How to conduct CDD correctly
How to identify and escalate red flags
Tipping-off offences and consequences of non-compliance

Training must be delivered before staff begin relevant duties and refreshed at least annually. Keep records of all training.

Step 6: Establish Transaction Monitoring

Estimated time: 1-2 weeks

Step 7: Prepare for Reporting Obligations

Estimated time: 1 week

Reporting entities must lodge reports through the AUSTRAC Portal:

Suspicious Matter Reports (SMRs) — Within 24 hours for terrorism-related matters, three business days for all others
Threshold Transaction Reports (TTRs) — Physical currency transactions of $10,000 or more
International Funds Transfer Instructions (IFTIs) — If applicable to your services

Ensure your staff know the escalation process. Failing to lodge an SMR is one of the most common compliance failures.

Step 8: Implement Record Keeping

Estimated time: 1 week

Keep records for seven years from when a transaction completes or a business relationship ends:

Customer identification and verification documents
Transaction records
AML/CTF program documentation (including previous versions)
Training records
Suspicious matter reports and supporting documentation

Digital storage is acceptable provided records remain accessible for the full retention period.

Your Compliance Timeline

Total estimated time: 8-14 weeks from start to finish.

Many steps can run in parallel — for example, training staff while finalising CDD procedures. The key is to start early.

How to Become AML Compliant in Australia (Step-by-Step)

Step 1: Determine If You Are a Reporting Entity

Step 2: Register with AUSTRAC

Step 3: Build Your AML/CTF Program

Part A: Risk Assessment

Part B: Compliance Procedures

Step 4: Set Up Customer Due Diligence (CDD)

Step 5: Train Your Staff

Step 6: Establish Transaction Monitoring

Step 7: Prepare for Reporting Obligations

Step 8: Implement Record Keeping

Your Compliance Timeline

How ComplyReady Can Help

Ready to get AML/CTF compliant?

How to Become AML Compliant in Australia (Step-by-Step)

Step 1: Determine If You Are a Reporting Entity

Step 2: Register with AUSTRAC

Step 3: Build Your AML/CTF Program

Part A: Risk Assessment

Part B: Compliance Procedures

Step 4: Set Up Customer Due Diligence (CDD)

Step 5: Train Your Staff

Step 6: Establish Transaction Monitoring

Step 7: Prepare for Reporting Obligations

Step 8: Implement Record Keeping

Your Compliance Timeline

How ComplyReady Can Help

Ready to get AML/CTF compliant?