Lawyers have always been trusted gatekeepers of the financial system. From 1 July 2026, that trust comes with formal AML/CTF obligations. If you're a solicitor, barrister, or legal practitioner providing designated services in Australia, you are now a reporting entity under AUSTRAC's Tranche 2 reforms.
This guide covers everything you need to know — including the unique complexities around legal professional privilege that make legal compliance different from every other sector.
Why Lawyers Are Now Regulated
Australia's legal sector has been a gap in AML/CTF coverage for over a decade. While banks, remittance dealers, and casinos have been regulated since 2006, lawyers were exempt — despite handling some of the highest-risk activities for money laundering:
- Trust accounts move billions of dollars annually with limited external oversight
- Company and trust formation can create opaque structures to hide beneficial ownership
- Property transactions involve large sums and complex ownership arrangements
- Professional legitimacy — a lawyer's involvement gives transactions an appearance of propriety
The FATF has repeatedly flagged Australia's lack of coverage for legal professionals. Tranche 2 brings Australia in line with the UK, EU, Canada, and New Zealand — all of which already regulate lawyers under AML/CTF law.
Which Services Trigger Your Obligations?
Not all legal work is covered. Your AML/CTF obligations are triggered only when you provide designated services:
| Designated Service | Examples |
|---|---|
| Conveyancing / property transfers | Acting for buyer or seller in a property transaction |
| Trust and company services | Establishing, operating, or managing trusts, companies, or other legal entities |
| Trust account management | Receiving, holding, or paying funds through your trust account |
| Managing financial assets | Managing client bank accounts, savings, or securities |
| Arranging transactions | Organising contributions for creation or management of a legal entity |
What's Not Covered?
General legal advice, litigation, dispute resolution, family law (excluding property settlements involving designated services), criminal defence, and employment law are generally not designated services.
However, if any of those matters involve trust account transactions, company/trust formation, or property transfers, those specific activities within the matter are caught.
Key point: It's the nature of the service, not the area of law. A family lawyer who handles a property settlement through their trust account is providing a designated service for that part of the engagement.
Legal Professional Privilege — The Unique Challenge
This is the most significant difference between lawyers and every other reporting entity. Legal professional privilege (LPP) intersects with AML/CTF obligations in important ways:
What's Protected
- Privileged communications between you and your client made for the dominant purpose of providing legal advice or in connection with litigation remain protected
- You are not required to include privileged information in an SMR
- AUSTRAC cannot compel production of privileged material
What's Not Protected
- CDD information (client identity, verification documents) is generally not privileged — it's administrative, not legal advice
- Transaction details processed through your trust account are not privileged
- Privilege does not apply if communications are made to further a crime or fraud (the crime/fraud exception)
- The existence of a client relationship is not privileged
Practical Implications
- You must still file SMRs — but you can exclude privileged content from the report
- You must still conduct CDD — identity verification is not a legal communication
- You must still monitor trust account transactions — these are financial records, not legal advice
- When in doubt, describe the suspicious activity without disclosing the privileged communication that led you to identify it
AUSTRAC's position: Privilege is respected, but it cannot be used as a blanket excuse to avoid all obligations. The obligation to report exists; what goes into the report may be modified.
Both Parties Are Your Clients
In property transactions, AUSTRAC requires CDD on both the buyer and the seller — even if you only act for one side. This is because:
- You are facilitating a designated service (property transfer) involving both parties
- The risk of money laundering exists on either side of the transaction
- AUSTRAC's conveyancing and legal starter kits both emphasise this requirement
In practice, this means your intake process for property matters must include CDD steps for the counterparty, not just your direct client.
Key Deadlines
| Date | What Happens |
|---|---|
| 31 March 2026 | AUSTRAC enrolment opens (now live) |
| 1 July 2026 | Full AML/CTF obligations commence |
| 29 July 2026 | Registration deadline |
| 1 July 2026 – 30 March 2029 | Transitional period for initial CDD on existing clients |
Your 7-Step Compliance Roadmap
Step 1: Audit Your Service Lines
Go through your practice areas and identify which ones involve designated services. Common triggers for law firms:
- Property/conveyancing team — almost certainly caught
- Corporate/commercial team — company and trust formation, M&A with trust account use
- Wills and estates team — trust establishment, trust account management
- Family law team — property settlements through trust accounts
- General practice — any matter that touches trust accounts or entity formation
Step 2: Enrol with AUSTRAC
Register at AUSTRAC Online with your ABN, firm details, and designated services. Free, takes 20-30 minutes.
Step 3: Appoint a Compliance Officer
For sole practitioners, this is you. For firms, it should be a partner or senior associate with sufficient authority to implement the program and allocate resources.
The compliance officer doesn't need to be a specialist — but they need to understand the program and have management support.
Step 4: Conduct Your Risk Assessment
Assess ML/TF risks across four categories:
Customer risk:
- International clients or clients with connections to high-risk jurisdictions
- Complex corporate or trust structures
- Clients with no clear connection to Australia
- High-net-worth individuals with opaque sources of wealth
Service risk:
- Trust account exposure (volume and frequency)
- Company/trust formation volume
- Property transaction values
- International elements in transactions
Geographic risk:
- Client connections to FATF high-risk jurisdictions
- Cross-border transactions
- Foreign-owned entities
Delivery channel risk:
- Non-face-to-face client engagements
- Referrals from intermediaries in high-risk jurisdictions
- Instructions from third parties rather than the client directly
Step 5: Build Your AML/CTF Program (Parts A-F)
| Part | Key Legal-Specific Considerations |
|---|---|
| Part A | Document how LPP interacts with your risk framework |
| Part B | Trust account staff need enhanced training |
| Part C | CDD procedures for both parties in property matters |
| Part D | Trust account monitoring is critical — flag unusual patterns |
| Part E | SMR procedures that respect LPP while meeting reporting obligations |
| Part F | 7-year retention, separate from legal matter files if needed |
AUSTRAC's Legal Profession Starter Kit is designed for firms with 15 or fewer staff. Larger firms will need to expand significantly.
Step 6: Implement Trust Account Monitoring
Your trust account is your highest-risk area. Monitor for:
- Funds received with no clear connection to the legal matter
- Funds disbursed to third parties not involved in the matter
- Round-dollar amounts or amounts just below $10,000
- Multiple transactions for the same client in a short period
- Funds passing through trust and being returned to the client without a transaction completing
- Unexplained delays — money sitting in trust with no progress on the matter
Step 7: Train Your Staff
All staff who provide designated services or handle trust account transactions must be trained. Tailor the training to your practice:
- Fee earners: Red flags, CDD procedures, SMR triggers, LPP considerations
- Trust account staff: Transaction monitoring, threshold reporting, structuring awareness
- Support staff: Basic awareness, escalation procedures
- Partners/management: Governance obligations, program oversight
Red Flags for Legal Practitioners
Client Behaviour
- Client is reluctant to provide ID or provides inconsistent identity documents
- Client instructs you through an intermediary who is evasive about the client's identity
- Client has no clear connection to the jurisdiction where the transaction takes place
- Client wants to use your trust account as a bank — depositing and withdrawing funds unrelated to legal services
- Client is unconcerned about costs or the commercial merits of a transaction
- Client changes the ownership structure of a transaction at the last minute
Trust Account Red Flags
- Deposits from unknown third parties
- Requests to pay settlement proceeds to a different entity than expected
- Funds received before you've been formally engaged
- Client asks you to hold funds for an extended period with no clear purpose
- Multiple small deposits that aggregate to a large sum
- Instructions to transfer funds internationally with no connection to the matter
Transaction Red Flags
- Property purchased significantly above or below market value
- Back-to-back transactions — property bought and immediately resold
- Complex structures used for straightforward transactions
- Client insists on cash settlement or cash payments to your trust account
- Transaction involves entities in secrecy jurisdictions
Penalties
AUSTRAC's enforcement powers apply equally to legal practitioners:
- Civil penalties: Up to $18.78 million per contravention (individuals) or $93.9 million / 3x benefit / 10% turnover for firms
- Criminal penalties: For serious offences including tipping off and false reporting
- Professional consequences: State law societies may take disciplinary action for AML/CTF failures, separate from AUSTRAC enforcement
The Law Society Angle
State law societies and the Law Council of Australia have been engaging with AUSTRAC on implementation. Key points:
- Law societies acknowledge the obligations and are not challenging the reforms
- Most are developing guidance materials and CPD programs for members
- Trust account audit requirements may be expanded to incorporate AML/CTF checks
- Professional indemnity insurers are starting to ask about AML/CTF compliance in renewal applications
This is not going away. The profession has accepted the reforms — the question is whether individual practitioners are prepared.
How AML Mate Helps Legal Practitioners
AML Mate is designed for Tranche 2 professionals, with features specifically relevant to lawyers:
- Legal-specific AML/CTF Program — Parts A-F built from AUSTRAC's legal profession starter kit, with LPP considerations baked in
- Risk assessment — identifies your ML/TF risk profile based on your services, client types, and trust account exposure
- Client CDD for both parties — manage identification for clients and counterparties in one place
- Sanctions screening and PEP checks — automated DFAT and PEP screening on every client
- SMR and TTR forms — complete and export for AUSTRAC submission
- Staff training — 5 modules with quizzes and certificates, covering legal-specific scenarios
- Audit-ready export — complete compliance pack for regulatory examinations or law society audits
Start your free compliance check →
This guide is for general information only and does not constitute legal advice. For specific guidance on your obligations, refer to AUSTRAC's website, your state law society, or a qualified AML/CTF professional.