Does MYOB Handle AML/CTF Compliance? What MYOB Practice Covers Under Tranche 2

MYOB has been part of the Australian accounting landscape since the early 1990s, and MYOB AccountRight, MYOB Business, and MYOB Practice remain the operating system of choice for thousands of established Australian firms — particularly those serving long-tenured SME clients with mixed desktop and cloud needs. With 48 days remaining until the AML/CTF Act 2006 Tranche 2 reforms take effect on 1 July 2026, MYOB-based practices are right to ask whether their existing setup covers the new obligations. This article works through what MYOB actually covers, what its practice-management modules do, and where the gap to AUSTRAC compliance still sits.

What MYOB is built for

MYOB's product family covers three layers:

• MYOB AccountRight and MYOB Business — accounting software for SMEs, covering invoicing, payroll, GST and BAS reporting, inventory, and bank reconciliation. AccountRight retains a hybrid local/cloud model; MYOB Business is fully cloud-native.
• MYOB Practice — a practice-management layer for accounting firms, covering client onboarding, document management, tax compliance (against the ATO), workflow, and engagement management.
• MYOB Advisor — analytics and reporting features that surface SME client insights to the accounting firm.

These products are mature, deeply integrated with Australian tax law, and well-supported by an Australian customer-success operation. None of them is an AML/CTF compliance product. MYOB is not a reporting entity under the AML/CTF Act 2006, and the platform does not perform customer due diligence, draft AML/CTF Programmes, or interface with AUSTRAC Online.

A common point of confusion: "compliance" in MYOB Practice

MYOB Practice uses the word "compliance" prominently — in module names, marketing materials, and workflows. In the MYOB context, "compliance" means tax and statutory accounting compliance — meeting your clients' obligations to the ATO and ASIC. That is a different statutory regime from AML/CTF compliance, which is administered by AUSTRAC under the AML/CTF Act 2006.

Both regimes use the word "compliance". Only one is an MYOB product. The other — the AML/CTF regime — is the obligation that Tranche 2 brings into force for accountants, bookkeepers, tax agents, lawyers, real estate agents, trust and company service providers, and dealers in precious metals and stones.

What the MYOB Practice ecosystem can integrate with

MYOB Practice integrates with several Australian eKYC and identity-verification providers, typically through MYOB's partner programme or direct API:

• GreenID, APLYiD, and similar Australian eKYC providers — verify a driver licence, passport, or Medicare card at client onboarding.
• PracticeProtect — covers practice-level cybersecurity, access management, and policy enforcement. Not an AML/CTF programme.
• Document-management bridges — FYI Docs and Suitebox integrate with MYOB Practice for client document storage and digital engagement.

These integrations help with the identity-verification component of customer due diligence and with practice-level cybersecurity hygiene. They do not produce an AML/CTF Programme, run a documented ML/TF risk assessment, or lodge SMRs with AUSTRAC.

What MYOB does not cover under the AML/CTF Act 2006

Mapped against the seven obligations in Part 2 of the AML/CTF Act 2006, MYOB does not cover any of the following:

1. AUSTRAC enrolment — a direct lodgement by your firm via AUSTRAC Online.
2. AML/CTF Programme (Part A and Part B documents) — a board- or partner-approved document covering governance, customer acceptance, CDD procedures, training, and review.
3. ML/TF risk assessment methodology and documentation — calibrated to your firm's clients, services, channels, and jurisdictions.
4. Beneficial-ownership mapping for layered trust and company structures.
5. PEP and sanctions screening with ongoing re-screening cycles — tied to client risk ratings.
6. Customer risk-rating engine and enhanced due diligence workflow — including senior-management sign-off for high-risk relationships.
7. Ongoing monitoring against client risk profiles and service-activity expectations.
8. Suspicious Matter Reports to AUSTRAC within three business days of identification (24 hours for terrorism financing).
9. Threshold Transaction Reports to AUSTRAC within 10 business days where applicable.
10. AMLCO appointment and reporting structure.
11. Annual AML/CTF training delivery, currency tracking, and record retention.
12. Independent review of programme effectiveness every two years, with findings reported to senior management.

The five-question test for any MYOB-based firm

Sit with the partner who will be your AMLCO and answer these five questions in writing, using only your current MYOB stack:

1. Where is the firm's AML/CTF Programme stored, who signed it off, and when was it last reviewed?
2. What is our documented methodology for risk-rating new clients, and where do PEP and sanctions screening results sit in the file?
3. For our highest-risk current client, when was ongoing monitoring last performed, and what did it find?
4. If a suspicious matter were identified today, what is the SMR workflow — and can we lodge with AUSTRAC inside three business days?
5. When is the next independent review scheduled, who will perform it, and what will it assess?

If any of those answers is not immediately available from your current stack, your firm has gaps to close before 1 July 2026.

How MYOB firms typically close the gap

The configuration we see most often among MYOB-based firms preparing for Tranche 2:

1. Retain MYOB AccountRight, MYOB Business, and MYOB Practice for their existing roles — accounting, payroll, tax compliance, document management, and practice workflow.
2. Add a purpose-built AML/CTF compliance platform that handles the seven AUSTRAC obligations end-to-end.
3. Integrate identity verification through the AML platform's built-in eKYC, or by routing your existing GreenID or APLYiD subscription through both systems.
4. Appoint an AMLCO, schedule training, and run a dry-run of the SMR workflow before 1 July 2026 so the operational mechanics are tested before they are needed in earnest.

AMLify was built specifically as the AML/CTF layer alongside Australian accounting platforms — MYOB included. The CDD workflow assumes your bookkeeping and tax compliance sit in MYOB, and the integration model is designed so client records reconcile between systems. To see how the configuration looks against an MYOB-centric practice, explore the accountants industry guide or watch the AMLify demo.

Key Takeaways

• MYOB is accounting and practice-management software, not an AML/CTF compliance product. "Compliance" in MYOB Practice refers to tax compliance, not AUSTRAC compliance.
• MYOB Practice integrates with eKYC providers, which cover identity verification — a subset of customer due diligence. They do not cover the other six AML/CTF obligations.
• All seven core AML/CTF obligations apply from 1 July 2026, including programme, risk assessment, ongoing monitoring, SMR lodgement, AMLCO appointment, training, and biennial independent review.
• The pragmatic configuration is MYOB plus a dedicated AML/CTF platform. Each remains best-in-class at its core task.
• The 1 July 2026 deadline is fixed. Firms that wait until the last week typically discover programme drafting alone takes longer than they planned.

Frequently Asked Questions

Q: MYOB has a partnership with PracticeProtect — doesn't that cover AML/CTF?

PracticeProtect provides cybersecurity, password management, and policy enforcement for accounting firms — including some practice-level compliance training. It is not an AML/CTF programme platform. PracticeProtect does not draft Part A or Part B documents, run an ML/TF risk assessment, manage CDD or EDD workflows, monitor clients against risk profiles, or lodge SMRs with AUSTRAC. Many firms use PracticeProtect for cybersecurity and a separate AML/CTF platform for Tranche 2 obligations.

Q: Can MYOB Practice store our AML/CTF Programme and CDD files?

MYOB Practice's document-management capabilities can store any file you upload to a client record, including a Word version of an AML/CTF Programme and scanned CDD evidence. Storage, however, is the easy part of compliance. AUSTRAC expects regulated entities to demonstrate that the programme is being operated — that procedures are followed, alerts are reviewed, decisions are documented, training is current, and the AMLCO is performing their role. A document store is not a workflow system; storing the file does not satisfy the operational obligation.

Q: We use MYOB AccountRight (the hybrid product). Does that change anything?

No. The platform's deployment model (cloud, hybrid, or desktop) does not alter your firm's AML/CTF obligations. What matters is the designated services you provide. If your firm provides services that fall within Tranche 2's definitions — and most accounting practices serving SMEs do — the seven obligations apply regardless of which MYOB product you run.

Q: MYOB's roadmap mentions "AML" — is a compliance module coming?

MYOB publishes a roadmap that highlights features under active development. As of the date of this article, no fully integrated AML/CTF programme platform — covering enrolment, programme drafting, CDD, ongoing monitoring, SMR lodgement, training, and independent review — has been confirmed inside MYOB Practice. Firms preparing for 1 July 2026 should plan on the assumption that AML/CTF compliance will be delivered by a dedicated partner that integrates with MYOB, not by MYOB itself.

Q: How does AMLify fit alongside MYOB?

AMLify operates in parallel with MYOB. MYOB AccountRight, MYOB Business, and MYOB Practice continue to run accounting, payroll, BAS, tax compliance, and document management. AMLify becomes the system of record for AML/CTF decisions: programme, risk assessment, CDD, EDD, ongoing monitoring, SMR lodgement, training delivery, and audit trail. Client records can be reconciled between systems so that data is entered once and is visible everywhere it matters. Practices interested in seeing the configuration end-to-end can watch the AMLify demo.

This is general information only and not a substitute for legal advice.

Related articles