The Tranche 2 guide
The canonical answers to the questions a sole practitioner, a small-firm partner, an accountant, and a real-estate principal actually ask in their first month with AMLify. Cited to the Act, written for humans.
The short version
From 1 July 2026, Tranche 2 expansions of the AML/CTF Act bring lawyers, accountants, real-estate agents, and trust/corporate-services providers into AUSTRAC’s reporting-entity perimeter. Most small firms can be compliant in 30 minutes with a system that does the heavy lifting — program drafting, customer due diligence, transaction monitoring, and AUSTRAC-ready reports.
This guide covers 25 of the 50 questions our customers ask in their first month, grouped by category. Each answer cites the Act or AML/CTF Rules where relevant.
Chapter
Getting started
About 30 minutes for a sole practitioner. Around 60 minutes for a 2–10 person practice — extra time mostly for customer mapping if you have an existing book. Bulk-importing 500+ customers can extend onboarding to a half-day.
Getting started
Yes. 14-day free trial, no credit card. Sign up at amlify.au/auth/signup. All features are unlocked during the trial.
Getting started
No — you can build your AML/CTF program in AMLify before enrolling. But you must enrol with AUSTRAC at online.austrac.gov.au before lodging any reports. Failing to enrol by 1 July 2026 (Tranche 2 commencement) is an offence under s.51E of the Act.
Getting started
Take the 2-minute scoping quiz at amlify.au/am-i-a-reporting-entity. The quiz checks your business activities against the Tranche 2 designated services definitions.
Getting started
Yes. Download the CSV template at /customers → Import CSV. Up to 1,000 rows per upload. Mapping fields: customer type, name, DOB, ABN, email, service provided, etc.
Getting started
No — you can complete onboarding without nominating one. But you must nominate one before the program is "complete" for AUSTRAC purposes. The wizard's last step (team setup) lets you nominate yourself or invite a colleague.
Chapter
Compliance basics
Threshold Transaction Report — required by AUSTRAC for any physical-currency transaction of $10,000 AUD or more (cash in or cash out). Filed within 10 business days. AMLify auto-drafts when you record one.
Compliance basics
Suspicious Matter Report — filed when you have reasonable grounds to suspect a matter relates to money laundering, terrorism financing, or other financial crime (s.41 of the Act). Filed within 3 business days (24 hours for terrorism financing).
Compliance basics
International Funds Transfer Instruction — filed when funds cross an Australian border. Filed within 10 business days. Most professional firms don't directly handle these; trust accounts that route funds offshore do.
Compliance basics
A service listed in s.6 of the AML/CTF Act that triggers reporting-entity obligations. Tranche 2 expansions add legal, accounting, real-estate, and trust-and-corporate services to the list from 1 July 2026.
Compliance basics
Part A is risk-based systems and controls (your overall approach). Part B is customer-identification procedures (how you do CDD). Both are required under Part 7 of the Act. AMLify generates both.
Compliance basics
As often as you have reasonable grounds to suspect. There's no minimum or maximum. Most small firms file 0–3 SMRs per year; larger firms may file dozens. Filing zero over a multi-year period when your customer base includes higher-risk types is a flag for AUSTRAC.
Compliance basics
Civil penalties up to A$22 million per breach (depending on the offence and entity size). Failing to enrol or to maintain a program is a criminal offence. AUSTRAC's enforcement appetite for genuinely-late vs deliberately-late filings is different — late but documented is treated more leniently than missing entirely.
Compliance basics
A lower threshold than "I'm sure" but higher than "I have a hunch". You don't need evidence; you need a defensible basis. AUSTRAC publishes typology reports listing red flags for each industry — they're a good reference.
Chapter
Customers + CDD
Customer Due Diligence — the process of identifying a customer, verifying their identity, understanding the nature of their business with you, and assessing their risk. Mandatory under AML/CTF Rules Chapter 4 before providing a designated service.
Customers + CDD
Standard CDD applies to most customers. Simplified applies to low-risk customers (e.g. a listed Australian company). Enhanced applies to high-risk customers (PEPs, sanctions-confirmed, high-risk-jurisdiction customers). AMLify computes the level from your risk rating.
Customers + CDD
Politically Exposed Person — a current or former senior public official, their family members, or close associates. Covered by AML/CTF Rule 4.13. Always trigger Enhanced Due Diligence. AMLify screens against PEP databases automatically.
Customers + CDD
The natural persons who ultimately own or control a customer entity (typically the 25%+ shareholders). The Act requires you to identify them for entity customers (companies, trusts, partnerships). AMLify's coverage banner tracks the 25% threshold.
Customers + CDD
Yes — the Act requires ongoing due diligence (Rule 15). AMLify auto-sets a periodic-review date based on the customer's risk rating: 3 years for LOW, 18 months for MEDIUM, 12 months for HIGH (configurable in /settings).
Customers + CDD
You can't provide a designated service without verifying identity. If they refuse and you proceed anyway, you're in breach. If their refusal is unusual or evasive, that may itself be grounds for suspicion (and an SMR).
Customers + CDD
You need to bring them up to current CDD standards. Bulk-import them, run screening, then walk each through the CDD checklist. AMLify's bulk-assess-risk feature speeds this up.
Chapter
Transactions + reports
Physical Australian or foreign currency. Bank transfers and EFTPOS are not cash. Cheques are not cash. Bullion is sometimes treated as cash; consult an AML lawyer if in doubt.
Transactions + reports
No — TTRs are specifically for physical currency. Bank transfers and electronic payments don't trigger TTRs (though they may trigger SMRs if suspicious or IFTIs if cross-border).
Transactions + reports
TTR and SMR lodgement is via AUSTRAC Online — they don't expose an API for those report types. AMLify produces upload-ready files. IFTI-E direct API is on the roadmap.
Transactions + reports
AMLify uses AEST/AEDT for deadline display (the legal Australian timezone for AML/CTF purposes). Server time is UTC; conversion is automatic. A deadline of "10 May 2026" means 11:59pm AEST on 10 May.
Start free
14-day trial, no credit card. Ami walks you through the program, the CDD checklist, and the reporting calendar.
Sarah Marlow
Sarah leads compliance at AMLify. Before AMLify she ran the AML programme at a top-100 Australian law firm and was a contributor to the AUSTRAC Tranche 2 industry consultation.
This guide is general information, not legal advice. AMLify provides compliance tools and educational content. For advice on your specific obligations, consult an Australian AML lawyer or AUSTRAC directly.
