AML changes a ‘valuable opportunity’ for accounting firms to evolve compliance culture

In late 2024, federal parliament passed the Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2024, which amended the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.

The transformative legislative updates extend the AML/CTF regime to certain designated services provided by real estate professionals, lawyers, accountants, and trust and company service providers, and aim to improve the effectiveness of the regime by making it easier for businesses to comply with their obligations, as well as modernise the regime to reflect changing business structures, technologies, and illicit financing methodologies.

The new regime is the focus of the upcoming AML Edge event, being hosted on 21 October in Sydney. As previously reported, AUSTRAC deputy chief executive Katie Miller is set to speak at the event.

Prepare early

In conversation with Accounting Times, partner Jessica Tsiakis and special counsel David Chambers from national law firm Holding Redlich said that the changes aren’t just a regulatory update – they demand a shift in compliance culture by aiming to close long-identified gaps in Australia’s financial crime framework.

“Businesses that prepare early will not only avoid regulatory pain but will also demonstrate their commitment to responsible corporate conduct in an increasingly transparent business environment,” Tsiakis said.

Chambers added that businesses must use this new financial year to risk exposure, understand new obligations, and build a solid AML/CTF compliance program.

“Prioritise by having risk assessment conducted, appoint key personnel, and develop policies and training programs. Engage expert legal advisors to ensure your approach is tailored and compliant. Preparing now will reduce pressure closer to 29 July 2026, the deadline for enrolment,” he said.

Actions and challenges

When asked what practical steps accounting firms need to take to get ready for the regime ahead of 1 July 2026, Tsiakis said that tranche 2 entities first need to understand which designated services are covered by the legislation, and check whether they are captured using AUSTRAC’s tool.

If captured, she said, “entities should seek legal advice to clarify their obligations, audit their services to identify which activities fall within scope, segment their client base to assess where money-laundering, terrorism financing or proliferation financing risks may arise, and engage with AUSTRAC and industry bodies for guidance”.

“They then need to conduct a risk assessment, draft an AML/CTF compliance program specific to their business, and appoint a dedicated compliance officer in preparation for enrolment with AUSTRAC within 28 days of providing a ‘designated service’.”

There will be, however, various headwinds that firms and their teams will face in properly implementing the right steps ahead of the next financial year. Chambers said that the greatest challenge is how extensive and detailed the AML/CTF requirements are.

“Businesses not only need to undertake a risk assessment, but are also required to have written policies, procedures, systems, and controls that are tailored to their operations based on the money laundering, terrorism financing and proliferation financing risks they may face,” he said.

“The higher the risk, the stronger and more detailed the program must be. Many firms underestimate how much time it takes to interpret multiple legal instruments and apply the outcome of the risk assessment to meet the specific requirements under the AML/CTF compliance program, which comprises Part A and Part B and is of significant volume.”

For example, Chambers continued, “Part A requires entities to conduct a business-wide risk assessment, ensure board or senior management oversight, appoint a suitable AML/CTF compliance officer, carry out ongoing employee and customer due diligence, deliver AML/CTF risk training, implement robust systems for reporting, regularly update the program and undertake an independent review at least every three years”.

“Businesses subject to the regime need to begin preparing now,” he said.

Responsible corporate conduct and opportunities

Firms looking to ensure best practice will have to appreciate, Chambers said, that responsible corporate conduct under the new regime means more than mere compliance – it’s about prioritising genuine risk management.

“Best practice requires engaging legal and compliance professionals early to tailor an AML/CTF compliance program specifically to its business and enrolling by the due date on 29 July 2026.”

“The initial development and ongoing steps to maintain the AML/CTF program requires conducting proper risk assessments, designating an AML/CTF compliance officer and senior manager for oversight, training staff, regularly reviewing, and updating the program, ensuring timely implementation of those reviews, identifying ‘red flags’, escalating and reporting suspicious transactions internally and externally within prescribed timeframes, and keeping records to ensure compliance.”

This all said, the new regime gives teams and their firms a “valuable opportunity”, Tsiakis said, to strengthen their risk management frameworks and build a compliance culture that protects both their reputation and clients’ trust.

“Proactively managing financial crime risks saves costs and avoids significant penalties, which can reach up to $33 million for businesses,” she said.

“While the obligations do not commence until 1 July 2026, the preparation required is significant. Businesses should capitalise on this opportunity to identify any hidden risks, rethink existing processes and ensure they are not unknowingly facilitating financial crime.”