Almost everything written about 1 July 2026 is addressed to the newcomers. Around 90,000 lawyers, accountants, real estate agents, conveyancers and dealers join the AML/CTF regime on that date, and the coverage reflects it. If your firm has held a reporting obligation for years, it is easy to read all of that and conclude the date belongs to someone else.
It does not. Existing reporting entities have their own deadline on 1 July 2026, and it has been quietly sitting behind the transitional rules since March. With three weeks to go, it is worth saying plainly: the relief that let you run a lighter program through the first half of this year ends on 30 June.
What The Transitional Rules Actually Gave You
The reformed Anti-Money Laundering and Counter-Terrorism Financing Act commenced for existing reporting entities on 31 March 2026, not 1 July. So in a strict sense you have already been operating under the new Act for over two months.
What softened that start was a piece of transitional relief. If you were enrolled as a reporting entity on 30 March 2026 and met the criteria, the transitional rules treated your services as the equivalent of the old arrangements and allowed you to continue applying a reduced AML/CTF program and reduced governance requirements until 30 June 2026. In effect, the new Act applied, but the heavier program obligations were deferred for one quarter. (AUSTRAC, AML/CTF transitional rules 2026)
That quarter is now almost over. From 1 July 2026 the reduced program relief falls away and the full reformed program obligations apply to existing reporting entities in the same way they apply to everyone else. (AUSTRAC, summary of changes for current reporting entities)
What The Full Program Now Looks Like
If the last time you seriously rewrote your program was under the old framework, the shape of what is required has changed underneath you.
The biggest single change is structural. The long-standing split between Part A and Part B is gone. You no longer separate your program into the two prescribed parts. In its place is a single, outcomes-focused, risk-based AML/CTF program that you can organise however suits your business, provided it meets the requirements of the Act. (AUSTRAC, about the reforms)
Underneath that structure, two things must be present and current:
A risk assessment that covers money laundering, terrorism financing and proliferation financing. Proliferation financing is the addition many existing entities have not yet built into their assessment. You must identify and assess your ML, TF and PF risks across your services, customers, channels and jurisdictions, and keep that assessment current rather than treating it as a one-off document.
AML/CTF policies that manage and mitigate the risks you identified. The policies are where the risk assessment turns into action: how you do customer due diligence, when you escalate, who is responsible, and how you meet each reporting obligation. The Act expects the policies to flow from the risk assessment, not to sit beside it as boilerplate.
There is also a change to assurance that is easy to miss. The old independent review of Part A has been replaced by an independent evaluation of your entire program, and your own policies must set how often that evaluation happens. A firm that scoped its last independent review narrowly around Part A is now scoping the wrong thing. (What a full Part A to F program covers in practice)
What Is Not Changing On 1 July, And Where You Have Longer
It is just as important to be clear about what you do not have to do by 1 July, because panic is as expensive as complacency.
You do not have to switch reporting forms immediately. From 1 July 2026 you may choose to lodge suspicious matter reports and threshold transaction reports on either the current form or a new form that asks for additional information, and you can keep using the current forms right through to 30 March 2029. The new data fields are coming, but they are not a 1 July obligation. (How SMR and TTR reporting works today)
You also have a long runway on customer due diligence. The transitional rules give existing reporting entities a three year initial CDD transition from 31 March 2026 to 30 March 2029. You can continue applying your pre-reform customer identification procedures for existing customers, or opt in to the reformed initial CDD requirements early if you prefer. Either way, you are not re-onboarding your whole book by 1 July.
Two smaller technical changes do switch on for the regime on 1 July 2026: the definitions around bearer negotiable instrument reporting change, and the legal professional privilege provisions change. Whether either touches your firm depends on what you actually do, but they are worth a deliberate read rather than an assumption that nothing moved.
So the honest summary of the 1 July deadline for an existing entity is narrower than the headlines suggest, and also non-negotiable: your program, your risk assessment and your governance must meet the full reformed standard. The reporting-form switch and the CDD rebuild can wait. The program cannot.
The Notification You Should Already Have Made
One related deadline has already passed, and it is worth checking you did not miss it. Existing reporting entities had until 30 May 2026 to notify AUSTRAC of their AML/CTF compliance officer. Newly regulated businesses get until 29 July, but the earlier date was for firms already in the regime. If that notification did not go in, it is not a thing to leave sitting, because a missed administrative obligation is exactly the kind of failure AUSTRAC has shown it will pursue. (What ignoring a routine AUSTRAC obligation cost two small firms)
What To Do In The Three Weeks Left
The work between now and 30 June is not a rebuild. It is a gap-close. Three questions get you most of the way there.
First, does your program still read as a single risk-based program, or is it still written as Part A and Part B? If it is the old shape, it needs restructuring around your risk assessment and policies, not a cosmetic relabel.
Second, does your risk assessment cover proliferation financing alongside money laundering and terrorism financing, and is it current? If PF is missing or the assessment is years old, that is the first thing to fix.
Third, is your independent evaluation scoped to the whole program rather than just the old Part A, and do your policies say how often it happens? If not, set the scope and the frequency now, in writing.
Where AML Mate Fits
AML Mate builds the reformed program directly: a single risk-based AML/CTF program with an ML, TF and PF risk assessment, policies that map to your designated services, a named compliance officer structure, and the reporting obligations laid out so nothing falls through. If your program still carries the old Part A and Part B bones, the free compliance check at /check gives you a fast read on where the gaps are before 30 June, while there is still time to close them rather than explain them.