If you run a small firm joining the AML/CTF regime on 1 July 2026, you have probably read AUSTRAC's most-quoted line by now: it doesn't expect perfection immediately, but it expects to see genuine effort to comply. With under two weeks left, that sentence is doing a lot of emotional work. For some firms it's permission to relax. It shouldn't be.
The phrase is real and AUSTRAC means it. The reformed regime is risk-based, and the regulator has been clear it understands 90,000 newly captured businesses can't flip a switch into mature compliance overnight. (AUSTRAC, about the reforms) But "genuine effort" is a standard, not a holiday. The difference between a firm that gets the benefit of it and a firm that doesn't comes down to evidence: can you show you took the obligations seriously and started doing the work, or did you simply run out of time and hope?
What "genuine effort" actually means
Read it the way a regulator reads it. Genuine effort is demonstrable, contemporaneous action toward compliance. In practice that looks like:
- A program that exists and reflects your business, even if it's a first version you intend to refine.
- A named compliance officer who has actually started doing the role.
- CDD applied to new clients from day one, recorded consistently, even if your process is still maturing.
- A record that shows decisions were made on purpose, not skipped.
What it is not: an empty folder, a template you downloaded and never read, a compliance officer who exists only on paper, or a plan to "sort it out after tax season." The protection AUSTRAC is offering rewards firms that are moving. It does nothing for firms that haven't started. If your file shows a dated program, a real risk assessment and CDD records from your first July clients, you are clearly inside the spirit of the regime. If it shows nothing until an auditor asks, the genuine-effort line won't save you.
The obligations that get no grace at all
Here is the part the reassuring quote can obscure. A few things are bright lines from 1 July, and "we're still getting ready" is not a defence for any of them.
Enrolment and registration. You must enrol with AUSTRAC, and the registration deadline is 29 July 2026. This is administrative, it's free, and there is no risk-based softening of it. Leaving it is one of the easiest and most visible ways to be non-compliant. (When enrolment opens and the 29 July deadline)
Reporting obligations. If a suspicion forms on reasonable grounds, a suspicious matter report is due within the statutory timeframe (24 hours for terrorism-related matters, 3 business days otherwise). A threshold transaction report is due for any cash transaction of $10,000 or more. These are tied to events, not to how settled your program is, and the tipping-off rule applies regardless. (SMR and TTR reporting, step by step) · (The tipping-off rules)
CDD before you provide a designated service to a new customer. You identify and verify the customer before you act. The depth of verification is risk-based and your process can improve over time, but skipping it entirely on a new client is not "imperfect," it's non-compliant. (A practical CDD checklist)
Treat these four as non-negotiable for 1 July, and let "genuine effort" cover the parts that genuinely take time to mature.
Where transitional relief does help
The reforms include deliberate softening for the things that can't reasonably be done instantly. Initial CDD on your existing customer book has grace, so you are not expected to re-identify every legacy client by 1 July. There are transitional allowances around compliance officer arrangements and the timing of independent evaluation as well. The relief is targeted at the heavy, backward-looking work, not at your obligations to new customers and not at reporting. (What "an AML/CTF program in place" actually requires)
The trap is reading transitional relief as broader than it is. It buys time on the existing book and on evaluation cadence. It does not pause CDD on the client who walks in on 2 July, and it does not pause an SMR.
A realistic minimum for 1 July
If you're behind, stop trying to perfect everything and lock in the floor. By 1 July, a small firm should have:
- A written program that fits your business and a risk assessment behind it, even as a first version. (Operating the program once it exists)
- A named compliance officer who understands the role and owns it. (What the compliance officer is responsible for)
- A working CDD process for new clients that someone is responsible for, with records kept the same way every time.
- A clear escalation path so a staff member who sees something odd knows how to raise it and who decides whether to report.
- Enrolment underway, with registration locked in before 29 July.
That is not a mature program. It is a defensible starting point, and it is exactly the picture AUSTRAC describes when it talks about genuine effort. Everything past that line, deeper monitoring, refined indicators, fuller training, you build out in the weeks after, on the record, as you go.
What to do with the 12 days left
Triage, don't polish. Write down the five items above and put a name next to each. Anything with no name next to it is your priority this week. Generate the program if you don't have one, confirm your compliance officer, decide how new-client CDD gets recorded, and book your enrolment. The firms that come out of 1 July well are not the ones who were perfect. They're the ones who can show they started.
Where AML Mate fits
AML Mate is built to get a small firm from nothing to a defensible day-one position fast. Generate a program tailored to your industry, capture your risk assessment, set up new-client CDD with screening and beneficial-ownership records, assign your compliance officer, and keep everything in one audit-ready place so the genuine-effort story tells itself. Start a 14-day free trial, no credit card, and lock in your minimum before 1 July. Not sure you're even in scope? The free compliance check tells you in two minutes, no login required.