With the AML/CTF obligations for Australian lawyers commencing on July 1, 2026, there is a considerable amount of preparatory work that needs to be done now. AUSTRAC and legal professional bodies are already providing guidance and resources to help firms get ready.

Here are the key steps you can take to prepare for your AML/CTF obligations:

1. Understand if You'll Be Regulated

• Identify Designated Services: The first and most critical step is to determine if your practice provides any of the services that will be regulated under the Act. Review the list of designated services, which includes activities like real estate conveyancing, managing client funds, and creating legal entities. If you provide any of these services, you will be a "reporting entity" and must comply.

2. Conduct a Risk Assessment

• Know Your Risks: Begin to get to know your practice from an AML/CTF risk perspective. Conduct an enterprise-wide risk assessment that considers your customers, the designated services you provide, your delivery channels (e.g., in-person vs. online), and the foreign jurisdictions you operate in.

• Document Everything: The risk assessment should be a documented process. This will form the foundation of your AML/CTF program and demonstrate to AUSTRAC that you have a proactive approach to managing risk.

3. Develop Your AML/CTF Program

• Start Drafting: A written AML/CTF program is mandatory. You can either develop your own or, for smaller, lower-risk firms, AUSTRAC is developing "starter program kits" that will be available in December 2025.

• Key Components: The program must include policies and procedures for:

  • Governance: Appointing an AML/CTF Compliance Officer and ensuring senior management oversight.

  • Customer Due Diligence (CDD): Procedures for identifying and verifying customers, including beneficial owners.

  • Employee Due Diligence and Training: Screening and training your staff on AML/CTF risks and their obligations.

  • Ongoing Monitoring: How you will continuously monitor your clients and their transactions.

  • Reporting: The process for making suspicious matter reports (SMRs) and other required reports to AUSTRAC.

  • Record-Keeping: How you will create and retain all necessary records for at least seven years.

4. Staff Training and Education

• Start Training Now: Begin to train all relevant staff—from front-line employees to senior management—on the new obligations and the risks of money laundering and terrorism financing. This training should be tailored to your practice and cover red flags specific to legal services.

• Utilise Resources: AUSTRAC provides free e-learning modules and webinars that can be used as a resource for your staff training. Professional bodies like the Law Council of Australia are also offering courses and guidance.

5. Plan for Implementation

• Create an Action Plan: Develop a detailed implementation plan that sets out the steps you will take to become fully compliant by July 1, 2026. This plan should include timelines for key activities like completing your risk assessment, drafting your program, and training your staff.

• Technical Solutions: Consider whether you can use existing technology or whether you need to invest in new software to assist with customer due diligence, sanctions screening, and transaction monitoring.

6. Stay Informed and Engage

• Enrol with AUSTRAC: Remember that enrolment with AUSTRAC will open on March 31, 2026. You will need to complete this process by the commencement date.

Monitor Guidance: Keep up to date with the latest guidance from AUSTRAC, the Law Council of Australia, and your state/territory law society. The rules are still being finalised, and new resources are being released regularly.Description text goes here

To enrol with AUSTRAC, you'll need to provide information about your business, its structure, and the people in key roles. This information is submitted via the AUSTRAC Business Profile Form (ABPF) online. Tranche 2 entity enrolment opens 31 March 2026

Here are the key details you'll need to provide:

Business and Contact Details

You'll need to provide fundamental information about your legal practice:

• Business Name: Your official business or firm name.

• Contact Information: The main contact details for your business, including a physical address, postal address, phone number, and email.

• Business Structure: The legal structure of your business (e.g., sole trader, partnership, company, trust).

• Identification Numbers: Any relevant registration numbers like your Australian Business Number (ABN), Australian Company Number (ACN), or Australian Registered Body Number (ARBN).

Services and Operations

AUSTRAC needs to understand the specific services you provide that fall under the AML/CTF Act.

• Designated Services: You must specify which of the "designated services" your practice offers. This includes services related to real estate transactions, managing client funds, or creating legal entities.

• Business Activities: A description of your business and the nature of the services you provide.

• Foreign Registration: If your business is registered in any foreign countries, you'll need to provide those details.

Key Personnel

AUSTRAC requires information on the individuals who hold significant roles in your business.

• Key Personnel: The names and contact details of all key personnel, which includes directors, officeholders, and the appointed AML/CTF Compliance Officer.

• Criminal History: You may be required to disclose any criminal, civil, or enforcement action relating to the business and its key personnel. While lawyers are not yet subject to the requirement for police checks like remittance and digital currency providers, it is important to disclose any relevant information.

• Financial Details: You will need to provide financial statements for the most recent financial year.Description text goes here

From March 31, 2026: Law firms that provide "designated services" will be able to begin the process of enrolling with AUSTRAC, the regulatory body.

From July 1, 2026: The full range of AML/CTF obligations will come into effect.

Australia's decision to finally regulate the legal profession under its AML/CTF Act is a response to this international pressure and a recognition that the country's previous regime had a significant gap that was being exploited by criminals.

A great number of countries have already implemented AML/CTF regimes that apply to lawyers, aligning with the global standards set by the Financial Action Task Force (FATF). Australia has been a notable exception and is currently in the process of rectifying this by extending its AML/CTF Act to the legal profession from July 1, 2026.

Jurisdictions that have lawyers under their AML/CTF regimes include:

• The European Union (EU): All 27 member states of the EU are required to have AML/CTF laws that apply to legal professionals. 

• The United Kingdom (UK): The UK has a robust AML/CTF regime that has applied to legal professionals for a number of years. 

• Canada: Canada's Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) places AML/CTF obligations on legal professionals.

• New Zealand: New Zealand extended its AML/CTF regime to lawyers, accountants, and real estate agents in 2018, bringing it into line with international standards.

• Singapore: Singapore also has a well-established AML/CTF framework that covers the legal profession.

• Hong Kong: Like Singapore, Hong Kong has laws that place AML/CTF obligations on legal professionals.

The regulation of lawyers as gatekeepers is a direct result of the FATF's recommendations, which are considered the global benchmark for fighting financial crime. The FATF has consistently called on all member countries to extend their AML/CTF frameworks to "Designated Non-Financial Businesses and Professions" (DNFBPs), which includes lawyers.

Key Obligations include:

• Enrolment with AUSTRAC: Mandatory by July 1, 2026.

• Appointing a Compliance Officer: The compliance officer must be an Australian resident at a senior management level with sufficient authority, independence, and resources to oversee the day-to-day implementation of the AML/CTF program and act as the primary point of contact with AUSTRAC.

• Developing an AML/CTF Program: A documented set of policies, procedures, and controls to identify, mitigate, and manage the risks of being exploited for money laundering and terrorism financing.

• Customer Due Diligence (CDD): Identifying and verifying your customer's identity and assessing the initial and ongoing ML/TF/PF risks they pose to your business.

• Employee Due Diligence: An EDD program must be designed to screen employees and contractors based on the level of ML/TF risk associated with their role. Higher-risk roles should be subject to more rigorous checks.

• Reporting Obligations: Reporting certain transactions and suspicious activities

• Record Keeping: Maintaining detailed compliance records for 7 years.

• Staff Training: Ensuring all relevant staff understand your program and their AML/CTF responsibilities.

Independent Evaluations: Regular reviews of your AML/CTF program.tem description

Law firms will be required to develop and maintain a comprehensive, risk-based AML/CTF program tailored to their specific business. This program must include a money laundering and terrorism financing (ML/TF) risk assessment identifying and assessing the risks faced, and detailed AML/CTF policies, procedures, systems, and controls to mitigate and manage those risks. The program must be documented, approved by senior management, kept up-to-date, and independently evaluated at least once every three years.

Yes, law firms will be required to appoint an AML/CTF compliance officer at a management level. This officer is responsible for overseeing and coordinating the firm's AML/CTF program, ensuring day-to-day compliance, communicating with AUSTRAC, and ensuring any program changes are approved by senior management. While specific "fit and proper" person requirements are not exhaustively detailed, the role generally requires a person with sufficient authority, knowledge, and understanding of AML/CTF risks and obligations to effectively manage compliance.

The Compliance Officer's duties include:

• Oversight: Coordinating and overseeing the entire AML/CTF program.

• Reporting: Reporting to the board or senior management about the business's compliance status.

• Communication: Acting as the primary contact point for AUSTRAC.

• Implementation: Helping to create, implement, and maintain the internal policies, procedures, and systems for AML/CTF compliance.

Non-compliance with the AML/CTF Act carries significant penalties, including substantial civil penalties and, in serious cases, criminal liabilities for individuals and corporations. These penalties can include large fines and, for individuals, potential imprisonment. While directly impacting a practicing certificate is usually a matter for professional conduct bodies, a finding of serious non-compliance with AML/CTF laws could certainly lead to disciplinary action, including suspension or cancellation of a practicing certificate, due to implications for a lawyer's fitness to practice.

Absolutely. We partner with some of the world’s leading companies and support global regulators, law enforcement and many others from detection to prosecution in the fight against financial crime. We welcome partnerships with reputable AML firms, sharing technology and expertise to tackle financial crime together.