Which Legal Services Trigger Tranche 2 AML Obligations?

With 56 days until the Tranche 2 deadline on 1 July 2026, Australian law firms are asking one urgent question: which of our services actually trigger AML/CTF obligations? The AML/CTF Act 2006, as amended by the AML/CTF Amendment Act 2024, does not capture all legal work — it targets specific 'designated services' that carry elevated money-laundering risk. Getting this scoping exercise right is the most critical compliance step your practice can take right now.

Which legal services are designated services under Tranche 2?

The Tranche 2 reforms identify five categories of legal work as designated services. If your firm provides any of the following to clients, you become a 'reporting entity' under the AML/CTF Act 2006 and must comply with its full suite of obligations.

1. Real property transactions. Acting for a client in buying, selling, or transferring real property — residential, commercial, rural, or industrial — is a designated service. This means conveyancing work sits squarely within Tranche 2 scope. If your firm handles any form of property transaction, this obligation almost certainly applies to you.

2. Managing client funds, accounts, or assets. Holding or managing money, securities, or other assets on behalf of a client — including funds held in your trust account — is a designated service when connected to one of the listed transaction types. This does not capture all trust account activity; the funds must be held in connection with another designated service.

3. Creating, operating, or managing legal persons or arrangements. Setting up companies, trusts, partnerships, or other legal structures for clients brings your practice into scope. This includes providing a registered office address, acting as a registered agent, or advising on and executing the formation of any vehicle used to hold or manage assets.

4. Buying or selling business entities. Acting for a client in the acquisition or disposal of a business, a significant business interest, or shares in a private company is a designated service. This covers most M&A work involving private entities and the sale of professional practices.

5. Nominee services. If a solicitor, firm director, or related entity acts as a nominee director, nominee secretary, or nominee shareholder on behalf of a client, that service is designated. Many commercial and corporate law firms provide nominee arrangements as part of a broader structuring service.

What legal work falls outside the Tranche 2 scope?

Pure advisory or litigious work is generally not captured by Tranche 2. Criminal defence, employment law, intellectual property filings, immigration advice, and general contract drafting are unlikely to trigger AML/CTF obligations on their own. The key question is always whether the work involves one of the five transaction-based categories above — not which practice area the matter sits in.

Family law is a useful illustration. A matter involving only parenting arrangements or financial negotiations between parties does not involve a designated service. But if a settlement requires the sale of a jointly owned property, the conveyancing component becomes a designated service. The trigger is the nature of the service performed, not the file name on the folder.

How should your firm handle matters that mix designated and non-designated work?

Many firms will encounter single client engagements that span both designated and non-designated services. A commercial lawyer handling a business acquisition — a designated service — may also advise on the employment aspects of the deal, which is not a designated service.

AUSTRAC's approach is clear: your AML/CTF obligations apply to the designated components of the engagement. You are not required to apply your full AML/CTF programme to non-designated elements of a matter, but your policies and procedures must draw this distinction clearly. Practically, your client intake and due diligence processes need to identify which services trigger obligations at the point of engagement — not retrospectively when a suspicious transaction has already occurred.

What obligations apply once a service is designated?

Once you are providing a designated service, your firm becomes a reporting entity for that service and must meet the following core obligations under the AML/CTF Act 2006:

• Enrol with AUSTRAC as a reporting entity before providing any designated service

• Develop and maintain an AML/CTF programme covering risk assessment, internal controls, employee due diligence, and ongoing monitoring

• Conduct customer due diligence (CDD) — verifying the identity of clients and beneficial owners before or as soon as practicable after providing the service

• Apply enhanced due diligence (EDD) for high-risk clients, including politically exposed persons (PEPs), clients from high-risk jurisdictions, and complex or opaque ownership structures

• Report suspicious matters to AUSTRAC promptly and lodge threshold transaction reports where required

• Retain records of CDD information and transaction documentation for a minimum of seven years

For a practical walkthrough of what each obligation means in a legal practice context, the AMLify guide for law firms covers each step in detail.

How much time does your firm have — and what should you prioritise?

With just over eight weeks until the 1 July 2026 deadline, the window for preparation is narrowing fast. Firms that have not yet completed their scoping exercise — determining which services are designated — should do that first. Everything else flows from it: the risk assessment, the AML/CTF programme, staff training, and CDD procedures.

AMLify is designed to help law firms move quickly through these steps. The platform's compliance workflow guides you from service scoping through to AUSTRAC enrolment, and Ami, AMLify's AI compliance copilot, can assist with drafting your risk assessment and AML/CTF programme documentation. Firms beginning the process now can still reach a compliant position before 1 July 2026 — but they need to start today. Explore how AMLify supports law firms at /industries/lawyers.

Key Takeaways

• Five categories of legal work are designated services under Tranche 2: real property transactions, managing client funds, entity formation, business sales, and nominee services

• Litigation, advisory work, and many specialist practice areas are not designated services unless they involve one of the five transaction-based triggers

• Mixed-service engagements require AML/CTF obligations to apply to designated components only — clear intake procedures are essential to identify this at the start of a matter

• Reporting entity obligations include AUSTRAC enrolment, an AML/CTF programme, CDD, suspicious matter reporting, and seven-year record retention

• The 1 July 2026 deadline is 56 days away — service scoping is the critical first step and should begin immediately if it has not already

Frequently Asked Questions

Q: Does Tranche 2 apply to all Australian lawyers?

No. Tranche 2 AML/CTF obligations apply to a legal practitioner only when they provide a designated service. A solicitor who exclusively practises criminal law, immigration law, or employment law — and does not conduct property transactions, form entities, or manage client funds in connection with designated activities — may not be a reporting entity at all. However, most commercial, property, and corporate solicitors will be captured by at least one category of designated service.

Q: Are sole practitioners and small law firms subject to the same obligations as large firms?

Yes. The AML/CTF Act 2006 does not create an exemption based on firm size. A sole practitioner who acts on property transactions is a reporting entity with the same obligations as a large national firm doing the same work. The scale of the AML/CTF programme required will reflect the risk profile and volume of designated services the practice provides, but the legal obligations are identical regardless of size.

Q: Does legal professional privilege protect lawyers from having to file Suspicious Matter Reports?

This is a nuanced area. The AML/CTF Act 2006 includes limited protections where reporting would require disclosure of privileged communications. However, privilege does not remove the obligation to file a Suspicious Matter Report (SMR) where the suspicion arises from observable facts and conduct — such as the structure of a transaction or a client's unexplained instructions — rather than from the content of privileged communications. Solicitors should seek specific legal advice on how privilege interacts with their AML reporting obligations.

Q: When does my firm need to verify a client's identity?

Under the AML/CTF Act 2006, customer due diligence must generally be completed before providing a designated service, or as soon as practicable after commencement where completing it beforehand is not practical. For most legal matters, this means completing identity verification at intake, before substantive work on the designated service begins — not at settlement or execution when the transaction is already underway.

Q: What are the penalties for non-compliance with Tranche 2 after 1 July 2026?

AUSTRAC has broad enforcement powers including infringement notices, enforceable undertakings, and civil penalty orders. Penalties for serious or systemic non-compliance can be substantial. AUSTRAC has demonstrated a clear willingness to pursue entities across a range of industries that fail to meet their AML/CTF obligations, and legal practitioners should not assume that enforcement attention will not reach their sector.

This is general information only and not a substitute for legal advice.

Related articles