AML/CTF Compliance for Accountants & Tax Agents: What You Must Do Before July 2026

If you're an accountant, tax agent, BAS agent, or bookkeeper in Australia, you are now a reporting entity under the AML/CTF Act. AUSTRAC enrolment opened on 31 March 2026, and full obligations begin 1 July 2026. With fewer than 90 days to go, here's your practical guide.

Why Accountants Are Now Regulated

Australia was one of the last FATF member countries to bring professional services under AML/CTF regulation. The gap was significant — criminals have long used accountants to:

• Set up shell companies and trusts to hide beneficial ownership
• Move money through trust accounts to create layers of separation
• Obtain tax advice to structure illicit income as legitimate
• Use professional relationships to gain legitimacy for transactions

The 2024 AML/CTF reforms (Tranche 2) close this gap. AUSTRAC now treats accountants the same way it treats banks and remittance dealers — you must know your customer and report suspicious activity.

Which Services Trigger Your Obligations?

Not everything accountants do is captured. Your obligations are triggered when you provide designated services:

What About Standard Tax Work?

This is the most common question. Standard tax return preparation, BAS lodgement, and financial statement preparation are generally not designated services — unless they're provided in connection with one of the services above.

However, if you're a tax agent who also helps clients set up companies, manage trust accounts, or buy property, those specific activities are caught.

Key principle: It's the nature of the service, not your professional title, that determines your obligations. A bookkeeper who manages client trust funds has the same obligations as a Big 4 partner doing the same work.

Key Deadlines

Don't wait: AUSTRAC expects you to have your AML/CTF program in place by 1 July 2026. If you start now, you still have time. If you wait until June, you don't.

Your 8-Step Compliance Roadmap

Step 1: Determine If You're Covered

Review the designated services list above. If you provide any of those services — even occasionally — you're a reporting entity. If you're unsure, AUSTRAC's accountant starter kit includes a self-assessment tool.

Step 2: Enrol with AUSTRAC

Register at AUSTRAC Online. You'll need:

• Your ABN
• Business contact details
• Details of the designated services you provide
• Your compliance officer's details

Enrolment is free and takes about 20-30 minutes.

Step 3: Appoint a Compliance Officer

You need a nominated AML/CTF compliance officer at management level. For sole practitioners, this is you. For firms, it's typically a partner or director.

The compliance officer is responsible for:

• Overseeing the AML/CTF program
• Ensuring staff training is completed
• Managing AUSTRAC reporting
• Acting as the primary regulatory contact

You must notify AUSTRAC of your compliance officer's details.

Step 4: Conduct Your ML/TF Risk Assessment

Assess the money laundering and terrorism financing risks specific to your practice. Consider:

• Customer risk: Do you have clients with complex structures, international connections, or high-net-worth individuals?
• Service risk: Do you form companies/trusts, manage trust accounts, or handle property transactions?
• Geographic risk: Do any clients have connections to high-risk jurisdictions?
• Delivery channel risk: Do you engage with clients you've never met face-to-face?

Document your risk assessment — AUSTRAC will want to see it.

Step 5: Build Your AML/CTF Program

Your program must follow the Part A-F structure:

• Part A: Governance, risk management, compliance officer
• Part B: Employee screening and training
• Part C: Customer identification and verification (CDD)
• Part D: Transaction monitoring procedures
• Part E: Reporting obligations (SMR, TTR, IVTS)
• Part F: Record keeping and program review

AUSTRAC has published an Accountant Starter Kit designed for small practices (15 or fewer staff). It provides templates you can adapt. For larger or more complex practices, you'll need to go beyond the starter kit.

Step 6: Implement Customer Due Diligence

Before providing any designated service, you must verify your client's identity:

For individual clients:

• Full legal name, date of birth, residential address
• Government-issued photo ID (driver's licence or passport)
• Sanctions screening (DFAT consolidated list)
• PEP (Politically Exposed Person) check
• Risk rating assignment

For company clients:

• Company name, ACN/ABN, registered address
• ASIC verification
• Identify directors and beneficial owners (25%+ ownership or control)
• Verify identity of at least one director and all beneficial owners
• Screen all against sanctions/PEP lists

For trust clients:

• Trust name, type, and ABN (if applicable)
• Identify trustees, appointors, and beneficiaries
• Identify beneficial owners
• Verify identity of the trustee(s)
• Obtain a copy of the trust deed (or relevant extracts)

Step 7: Train Your Team

All staff involved in providing designated services must complete AML/CTF training covering:

• Recognising suspicious activity in an accounting context
• CDD procedures specific to your practice
• How and when to escalate concerns
• SMR filing procedures and tipping off rules
• Record keeping obligations

Training must be completed before staff begin relevant duties and refreshed regularly.

Step 8: Set Up Reporting Procedures

You must be ready to submit:

• SMRs (Suspicious Matter Reports): 24 hours for terrorism-related, 3 business days otherwise
• TTRs (Threshold Transaction Reports): For cash transactions of $10,000+
• IVTS reports: For international value transfer services

Red Flags Specific to Accounting

These are the warning signs AUSTRAC expects accountants to watch for:

Client Behaviour

• Client is reluctant to provide identification or provides inconsistent information
• Client asks you to hold large sums in your trust account with no clear purpose
• Client is unusually secretive about the source of their funds or wealth
• Client wants to set up multiple companies or trusts with no clear commercial rationale
• Client pressures you to complete work unusually quickly
• Client pays your fees in cash (especially large amounts)

Transaction Patterns

• Round-dollar transactions or transactions just below $10,000
• Multiple entities controlled by the same person with no clear business purpose
• Funds flowing through trust accounts with no connection to the services you're providing
• Instructions to send funds to third parties or overseas accounts
• Complex restructuring with no apparent tax or commercial benefit
• Revenue that is inconsistent with the client's stated business activities

Structure Red Flags

• Company or trust formation where the client has no involvement in the entity's operations
• Use of nominee directors or shareholders without clear commercial purpose
• Layered structures across multiple jurisdictions
• Last-minute changes to beneficial ownership before a transaction completes

Common Mistakes to Avoid

1. "I Only Do Tax Returns, So I'm Not Covered"

If you also provide any designated service — even occasionally — you're covered for those services. Review your full service offering carefully.

2. Applying CDD Only to New Clients

You must also apply CDD to existing clients when you provide a designated service. The transitional period (until March 2029) gives you time, but you should prioritise high-risk existing clients immediately.

3. Treating CDD as a One-Off Exercise

CDD is ongoing. You must monitor the relationship, update client information when things change, and re-assess risk periodically.

4. Not Documenting Your Risk Assessment

A risk assessment that exists only in your head isn't a risk assessment. AUSTRAC requires documented evidence of your methodology and findings.

5. Ignoring the Tipping Off Rules

If you suspect a client of money laundering and file an SMR, you must not tell the client. This is a criminal offence. Be aware of what you can and cannot say.

6. Assuming Your Professional Indemnity Insurance Covers AML/CTF Failures

Most PI policies exclude regulatory penalties and fines. AML/CTF non-compliance is a personal and firm-level liability.

What AUSTRAC Has Said

AUSTRAC has been clear about their approach to Tranche 2 entities:

"We don't expect perfection immediately, but we expect to see genuine effort to comply."

This means:

• Having an AML/CTF program in place by 1 July 2026
• Making a reasonable effort to apply CDD
• Training your staff
• Filing reports when required
• Improving your program over time

They've also said they will take a risk-based, proportionate approach to supervision — small practices won't be held to the same standard as Big 4 firms, but the core obligations are the same.

How AML Mate Helps Accountants

AML Mate is purpose-built for Tranche 2 professionals:

• Accountant-specific AML/CTF Program — Parts A-F pre-filled using AUSTRAC's accountant starter kit templates
• Automated risk assessment — identifies your specific ML/TF risk profile based on your services and client base
• Client CDD management — identity verification, sanctions screening, PEP checks, and document storage in one place
• SMR and TTR forms — ready to complete and export for AUSTRAC submission
• Staff training — 5 modules with quizzes and completion certificates
• Audit-ready export — one-click ZIP with your program, client records, reports, and training logs

Most accountants using AML Mate have their program ready in under an hour — compared to weeks of manual work or thousands in consulting fees.

Start your free compliance check →

This guide is for general information only and does not constitute legal advice. For specific guidance on your obligations, refer to AUSTRAC's website or consult a qualified AML/CTF professional.