AML Mate
All posts
General6 min read

Do You Need an AML Certification for Tranche 2? What AUSTRAC Actually Requires

The global compliance industry has arrived for Australia's 90,000 newly regulated firms: certifications, conferences, training partnerships. None of it is a legal requirement. The AML/CTF Act does not require your compliance officer to hold any certification, and the training obligation is risk-based and tailored to your own program. Here is what the law actually asks of a small firm, when a certification is genuinely worth it, and where your money is better spent three weeks out from 1 July.

2026-06-12· AML Mate Team
Do You Need an AML Certification for Tranche 2? What AUSTRAC Actually Requires

If you run a law firm, an accounting practice or a real estate agency, your inbox has probably changed in the last few months. Webinar invitations. Certification brochures. Conference programs. The global compliance training industry has discovered Australia's Tranche 2 reforms, and it is moving fast.

It is not subtle. ACAMS, the world's largest association of anti-money laundering professionals, ran its Assembly Australasia conference in Sydney in May with Tranche 2 implementation at the top of the agenda. It has partnered with the Law Institute of Victoria to sell AML training to legal practitioners. It even ran a joint outreach event with AUSTRAC earlier this year. Add the consultants, the law firm seminar circuit and the training providers, and 90,000 newly regulated businesses are now a market.

To be clear: there is nothing wrong with any of this. ACAMS is a genuinely respected body, and its certifications mean something in the industry. The problem is the impression all of this marketing creates, which is that becoming compliant means buying credentials. For a small firm, it does not.

What the Law Actually Requires

Search the AML/CTF Act and AUSTRAC's guidance for newly regulated businesses and you will not find a certification requirement anywhere. Not for the business, not for the compliance officer, not for staff. (AUSTRAC, summary of obligations for Tranche 2 entities)

What you will find is this:

A compliance officer at management level. The requirements are that the person has real authority in the business (a partner, director, owner or senior manager) and passes a fit and proper assessment: no disqualifying convictions, not bankrupt, no serious regulatory sanctions. There is no qualification, diploma or certification attached to the role. For a sole practitioner, the compliance officer is usually you. (What the compliance officer role actually involves)

Risk-based training for your people. The Act requires that relevant staff are trained, but AUSTRAC does not prescribe a curriculum, a provider, a number of hours or an external course. The requirement is that training is appropriate to each person's role and built around your own program: your risks, your procedures, their specific obligations. A generic international course does not satisfy this by itself, because it does not know your business. (Who needs training and what it must cover)

Records that prove it happened. What AUSTRAC looks for in practice is evidence: who was trained, on what, when, and when they are due again. A folder of dated completion records for in-house training beats a framed certificate that nobody can connect to your actual procedures.

Notice the pattern. Every requirement points inward at your own program, not outward at someone else's credential.

When a Certification Is Genuinely Worth It

None of this means certifications are useless. They make sense in specific situations:

  • Compliance is your career. If you are building a professional life in financial crime prevention, a recognised certification is a real credential with real market value.
  • You are a larger firm with a dedicated compliance function. If someone's full-time job is running your program, investing in their professional development is sensible.
  • You want external structure. Some people learn better in a formal course, and a foundation course can be a reasonable way to get the concepts down before you build your program.

But be honest about the cost-benefit for a three-person conveyancing practice. A professional certification runs well into four figures once exam and membership fees are counted. A conference pass plus flights and a night in Sydney is similar. That is real money, and on 1 July AUSTRAC will not ask whether anyone in your firm holds a certificate. It will ask whether your risk assessment, your program, your customer due diligence and your training records exist. (What each of the July dates requires)

The Translation Table

Here is the honest mapping between what the compliance industry sells and what a small firm actually needs:

The conference becomes AUSTRAC's own guidance, which is free, current and written for newly regulated businesses. AUSTRAC has been explicit that it expects genuine effort, not perfection, from day one. (AUSTRAC, preparing for the changes if you are newly regulated)

The certification becomes documented, role-specific in-house training. A practical session on your own red flags, your own CDD procedure and your own escalation path, with a dated record of who completed it.

The consultant's engagement becomes a risk-based program you build and understand yourself. The firms that struggle in regulator examinations are usually the ones holding a document someone else wrote that nobody inside the firm can explain.

The thread running through all three: AUSTRAC regulates your conduct, not your credentials. A certificate on the wall of a firm with no working program is worth nothing. A modest program that the whole firm understands and actually runs is exactly what the regulator has asked for.

What This Looks Like in Practice

For a typical small Tranche 2 firm, the training obligation, done properly, looks something like this:

  1. Identify who needs training. Anyone who provides designated services, handles customer identification, or files reports. In a small firm, that is usually everyone, including you.
  2. Train them on your program, not on theory. The three or four red flags that matter in your industry, your actual ID checking procedure, what to do when something feels wrong, and the tipping off rule.
  3. Do it before 1 July, then refresh it. Initial training before obligations commence, refreshers annually and whenever your program changes.
  4. Keep the records. Names, dates, content covered, completion status. This is the part that gets examined.

That is the whole legal requirement. It is measured in hours, not in thousands of dollars.

The Bottom Line

The compliance industry arriving in Australia is a sign that Tranche 2 is real and the deadline is close. Take that signal seriously. But do not confuse the marketing with the law. Nothing in the AML/CTF Act requires you to hold a certification, attend a conference or engage a consultant. What it requires is a risk assessment, a program, a compliance officer, working customer due diligence and trained staff with records to prove it.

If you want the training piece handled without building it from scratch, AML Mate includes built-in staff training with completion tracking, quiz records and an audit-ready export, tied to the same program your firm actually runs. (How the training and audit export works)

And if you are not sure where you stand with three weeks to go, start with the free check: it shows you which of the real requirements you are missing, in about two minutes. Start your free compliance check.

trainingcertificationacamscompliance-officertranche-2austracstaff-trainingaml-ctf-programcost

Related Articles

General

Is Your Deadline 1 July or 29 July 2026? What Tranche 2 Firms Have to Do, and When

Two dates are doing the rounds for the 90,000 newly regulated firms: 1 July 2026 and 29 July 2026. They are not the same deadline, and treating them as one is how firms get caught out. 1 July is the day your AML/CTF obligations switch on and your program has to already exist. 29 July is the administrative deadline to enrol with AUSTRAC. Here is exactly what each date requires, why the order matters, and what AUSTRAC actually expects with three weeks to go.

General

AUSTRAC Just Reopened Tabcorp. The Three Things It's Investigating Are What Every Tranche 2 Firm Has 40 Days to Get Right.

On 8 May 2026 AUSTRAC told Tabcorp it had commenced a fresh enforcement investigation into its AML/CTF compliance. The stock fell 35 percent. Nine years after Tabcorp's last AUSTRAC penalty, the regulator is back, focused on three areas: program design, program execution, and customer monitoring. Those are the same three areas the 80,000 entities entering the regime on 1 July 2026 need to have working.

General

Tranche 2 Enrolment Has Been Open Six Weeks. The 29 July Deadline Is Now 11 Weeks Away.

AUSTRAC's Tranche 2 enrolment portal opened on 31 March 2026. Around 90,000 lawyers, accountants, real estate agents, conveyancers and dealers in precious metals need to enrol by 29 July. Here's what enrolment actually involves, who needs to do it, and why the firms that wait until July will regret it.

Ready to get compliant?

AML Mate generates your AML/CTF program in 15 minutes using AUSTRAC's official templates. Start with a free compliance check.

This article is based on AUSTRAC's publicly available guidance. It does not constitute legal or compliance advice. Consult a licensed compliance professional for complex situations.

Do You Need an AML Certification for Tranche 2? What AUSTRAC Actually Requires | AML Mate Blog