Nominee Services and AML Risk: A TCSP Guide

Trust and company service providers (TCSPs) are among the most targeted professional enablers in financial crime schemes globally — and Australia's Tranche 2 AML/CTF reforms recognise this directly. By offering nominee director and shareholder services, company formation, registered office facilities, and trust administration, TCSPs can be used — wittingly or not — to obscure the true ownership of assets and move illicit funds through opaque corporate structures. From 1 July 2026, just 63 days away, TCSPs providing these services will be designated reporting entities under the AML/CTF Act 2006, with full obligations to AUSTRAC. Understanding the specific risks tied to nominee and corporate services is now a compliance imperative.

Why Are TCSPs a Prime Target for Financial Crime?

FATF — the Financial Action Task Force and the global standard-setter for AML/CTF policy — has repeatedly identified professional service providers as critical 'gatekeepers' to the financial system. TCSPs sit at a particularly sensitive intersection: the services they provide create distance between a criminal and their assets, making them attractive tools for layering and integration.

A nominee director puts a clean face on a structure; a nominee shareholder obscures who really profits; a registered office ties a shell company to a credible, legitimate address. A corporate trustee can hold substantial assets without those assets appearing to belong to anyone who might attract scrutiny. AUSTRAC has identified complex corporate structures and opaque beneficial ownership as core money laundering typologies in Australia. The very anonymity that makes nominee arrangements commercially useful is precisely what makes TCSPs high-risk under the AML/CTF framework.

Which TCSP Services Trigger Tranche 2 Obligations?

The Tranche 2 amendments to the AML/CTF Act 2006 extend designated service status to TCSPs that provide any of the following on a commercial basis:

• Company formation services — incorporating a company or other legal person on behalf of a client

• Nominee director or shareholder services — acting as, or arranging, a nominee for a client

• Registered office or business address services — providing a correspondence or registered address for a company

• Trust formation and administration — establishing or administering trusts where the client or a third party is the beneficiary

• Acting as a corporate trustee — holding assets or managing distributions on behalf of beneficiaries

If your firm provides any of these services commercially, you will be a reporting entity from 1 July 2026. This means you must enrol with AUSTRAC, adopt a written AML/CTF programme, conduct customer due diligence (CDD) on clients, and submit suspicious matter reports (SMRs) where you detect or reasonably suspect financial crime. Firm size does not affect this — a sole-practitioner corporate secretary carries the same core obligations as a large trust company.

What AML Red Flags Should TCSPs Watch For?

Because TCSPs deal primarily with corporate structures and legal arrangements rather than direct cash flows, the warning signs can look different from those in other industries. The following red flags warrant enhanced scrutiny — and in serious cases, an SMR to AUSTRAC:

• Unexplained urgency — a client who needs a company formed or a nominee arrangement established immediately, with no plausible commercial reason for the rush

• Reluctance to disclose beneficial owners — clients who resist, delay, or provide inconsistent information about who ultimately owns or controls the structure

• Complex layering without commercial logic — requests to create multi-jurisdictional structures involving jurisdictions with weak AML oversight, where no legitimate business purpose is evident

• Third-party instructions or payments — instructions arriving from someone other than the named client, or fees being paid by an unrelated third party

• Politically Exposed Persons (PEPs) or sanctions matches — clients connected to foreign government roles, or names matching DFAT's Consolidated List

• Inconsistent information — discrepancies between what a client tells you and what your identity verification, ASIC searches, or open-source research reveals

• Pressure to act as nominee without meeting the beneficial owner — requests to take on a nominee role without the standard verification and introduction process

These red flags do not automatically mean a client is committing financial crime. But each one should trigger a documented review, and where suspicion is reasonable, an SMR obligation arises under the AML/CTF Act regardless of whether any transaction has occurred.

How Does Enhanced Due Diligence Apply to Complex Corporate Structures?

Standard CDD — verifying a client's identity and understanding the nature of the relationship — is the baseline. Where clients present higher risk, the AML/CTF Act requires enhanced due diligence (EDD): a deeper, ongoing investigation into who controls the structure, the source of funds, and the purpose of the arrangement. For TCSPs, EDD typically involves:

1. Mapping the full ownership chain — identifying every layer between the client entity and the ultimate beneficial owner (UBO), defined as any natural person with 25% or more ownership or effective control

2. Independently verifying the UBO's identity — not relying solely on what the client tells you, but corroborating with official documents, ASIC records, and independent sources

3. Understanding source of wealth and funds — asking how the UBO accumulated their assets and where the capital funding the structure originates

4. Assessing jurisdictional risk — applying greater scrutiny to structures involving FATF grey-listed or blacklisted countries, or jurisdictions known for low corporate transparency

5. Conducting ongoing monitoring — EDD is not a one-time exercise. You must monitor the relationship over time, re-verify when circumstances change, and update your risk assessment accordingly

Where the ownership chain is deliberately obscured and a UBO cannot be identified after reasonable inquiry, this should itself be treated as a significant red flag. Continuing to provide services in that circumstance creates serious compliance exposure.

Platforms like AMLify are built to guide TCSPs through structured CDD and EDD workflows — ensuring every ownership layer is documented, every verification step is completed, and a full audit trail is maintained for AUSTRAC inspection.

What Should TCSPs Do in the Next 63 Days?

Sixty-three days is workable if you start now. Here is a prioritised action plan for TCSPs approaching the 1 July 2026 deadline:

1. Enrol with AUSTRAC — register as a reporting entity via the AUSTRAC Business Portal if you have not already done so

2. Complete a ML/TF risk assessment — document the money laundering and terrorism financing risks specific to your TCSP services, client base, delivery channels, and any jurisdictions you operate in

3. Draft your AML/CTF programme — your Part A programme (governance, risk management, and oversight) and Part B programme (CDD procedures) must be in writing and approved by your board or senior management

4. Establish CDD and EDD procedures — document exactly how you will verify client identities, identify beneficial owners, and apply enhanced scrutiny to higher-risk relationships such as PEPs, complex structures, or cross-border arrangements

5. Train your staff — all employees who provide designated TCSP services must complete AML/CTF training before 1 July 2026; your programme must document training completion

6. Set up transaction monitoring and SMR processes — define how suspicious activity will be detected, internally reviewed, and reported to AUSTRAC, including clear escalation paths

If you are unsure where to start, AMLify's TCSP compliance tools provide a structured path from AUSTRAC enrolment through to a fully operational programme — built specifically for the Tranche 2 framework.

Key Takeaways

• TCSPs providing nominee, company formation, registered office, or trust services will be designated reporting entities under Tranche 2 from 1 July 2026 — 63 days away.

• Nominee and corporate formation services are high-risk for money laundering because they can conceal beneficial ownership, create layers of opacity, and distance criminals from their assets.

• Key red flags include unexplained urgency, reluctance to disclose UBOs, multi-jurisdictional structures without commercial logic, third-party instructions, PEP exposure, and pressure to act as nominee without standard verification.

• Enhanced due diligence for complex structures requires mapping the full ownership chain to a natural person, independently verifying that person's identity, and conducting ongoing monitoring throughout the relationship.

• TCSPs should enrol with AUSTRAC, complete a risk assessment, and finalise a written AML/CTF programme well before the 1 July 2026 deadline — the time to act is now.

Frequently Asked Questions

Q: Do all TCSPs need to comply with Tranche 2?

Yes, if you provide designated services commercially. Under the Tranche 2 amendments to the AML/CTF Act 2006, any business providing company formation, nominee director or shareholder services, registered office facilities, trust formation, or trust administration on a commercial basis will be a reporting entity from 1 July 2026. This applies regardless of firm size — a sole-practitioner corporate secretary has the same core obligations as a large trust company.

Q: What is a nominee arrangement and why is it considered high-risk?

A nominee arrangement is where one person (the nominee) acts on behalf of another (the beneficial owner) — for example, appearing as a company director or shareholder on public records while the true controller remains hidden. These arrangements are legitimate in many circumstances but are also a well-documented method for concealing the identity of the person actually controlling assets. FATF and AUSTRAC have specifically highlighted nominee services as a key money laundering vulnerability, which is why they are expressly captured under Tranche 2.

Q: How do I identify the ultimate beneficial owner of a complex corporate structure?

Under AUSTRAC guidance and the AML/CTF Act 2006, TCSPs must identify any individual who owns 25% or more of the entity, or who otherwise exercises effective control over it. For complex structures, this means working through each layer — holding companies, trusts, partnerships, foreign entities — until you reach a natural person. Where the ownership chain is deliberately obscured or a natural person cannot be identified after reasonable inquiry, this should be treated as a significant red flag warranting enhanced due diligence and potentially an SMR to AUSTRAC.

Q: What are the penalties for a TCSP that fails to comply by 1 July 2026?

Civil penalties under the AML/CTF Act 2006 can reach into the tens of millions of dollars for serious or systemic non-compliance. AUSTRAC has broad enforcement powers including issuing infringement notices, entering enforceable undertakings, applying for injunctions, suspending or cancelling enrolment, and referring matters to the Australian Federal Police for criminal investigation. Beyond financial penalties, a public AUSTRAC enforcement action carries significant reputational risk — particularly for trust-based professional service firms whose clients depend on them for credibility and discretion.

Q: How can AMLify help my TCSP build its AML/CTF programme?

AMLify is purpose-built for Australian Tranche 2 businesses, including TCSPs. The platform guides your firm through risk assessment, structured CDD and EDD workflows, beneficial ownership mapping, transaction monitoring, and AUSTRAC reporting — with a complete, time-stamped audit trail at every step. You can explore how it works at /features or reach out to discuss your firm's specific compliance needs.

This is general information only and not a substitute for legal advice.