AML/CTF Compliance for Law Firms
Australia's Tranche 2 reforms bring law firms within the AML/CTF regime as reporting entities for the first time. If your firm provides conveyancing, manages client money, or assists in financial and property transactions, you have obligations to AUSTRAC. Enrolment deadline: 31 March 2026. Full compliance: 1 July 2026.
Key compliance deadlines
31 March 2026
AUSTRAC enrolment deadline for all Tranche 2 entities including law firms providing designated services
1 July 2026
Full compliance required — AML/CTF program, KYC, transaction monitoring, and AUSTRAC reporting obligations all in effect
Contents
- 01Why law firms are now reporting entities
- 02Which legal services are designated services
- 03Client legal privilege and AML/CTF obligations
- 04Tipping-off provisions — what you can and cannot say
- 05Your six core AML/CTF obligations
- 06How IntelliCompli helps your firm comply
- 07Frequently asked questions
Why law firms are now reporting entities
Legal professional services have long been recognised as a significant money laundering risk. Lawyers provide access to trust accounts, facilitate high-value property and corporate transactions, and can create the complex legal structures that criminals use to layer and integrate illicit funds. Australia's previous AML/CTF framework — which covered financial institutions but not professional services — left this vulnerability unaddressed.
The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 closes this gap. From 1 July 2026, law firms providing designated services must maintain AML/CTF programs, verify client identities, monitor transactions, and report suspicious activity to AUSTRAC — just as banks and financial institutions have done for many years.
This brings Australia into alignment with jurisdictions including the UK, EU, and US, where lawyers have operated under AML/CTF frameworks for over a decade. FATF's mutual evaluation of Australia repeatedly identified the absence of professional service obligations as a material weakness.
The obligations apply to firms of all sizes — from sole practitioners to national firms. If your practice provides any designated service, you must enrol with AUSTRAC by 31 March 2026.
Relevant legislation
- AML/CTF Act 2006 — the primary legislation
- Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 — Tranche 2 obligations
- AML/CTF Rules 2007 — detailed procedural requirements
Which legal services are designated services?
Not all legal work is regulated under the AML/CTF Act. The obligations attach to specific designated services — primarily those involving financial transactions, property, and legal entity management.
Conveyancing and property transactions
Acting in the purchase, sale, or transfer of real property on behalf of a client. This is the most common designated service for law firms and applies to both residential and commercial conveyancing.
Managing client money
Receiving, holding, or disbursing money in a trust account or client account on behalf of a client in connection with a legal service. This includes managing settlement funds, deposits, and similar arrangements.
Creating or managing legal entities
Establishing companies, trusts, foundations, or other legal structures for a client. Acting as a nominee director, trustee, shareholder, or foundation council member for a client.
Acting in financial transactions
Arranging, facilitating, or acting in financial transactions on a client's behalf — including business acquisitions, mergers, and other significant commercial transactions.
Buying or selling businesses
Acting in the purchase or sale of a business where that transaction involves real property or significant funds flows through your firm's trust account.
Client legal privilege and AML/CTF obligations
Client legal privilege (also known as legal professional privilege) is a fundamental right that protects confidential communications between lawyers and clients made for the purpose of obtaining or giving legal advice or for use in litigation. However, it has a limited role in the AML/CTF context.
The AML/CTF Act does not create a blanket exemption from compliance obligations on the basis of privilege. Your obligations to enrol with AUSTRAC, maintain an AML/CTF program, conduct KYC, and monitor transactions are not displaced by privilege claims.
The most nuanced area is Suspicious Matter Reports (SMRs). The Act includes provisions recognising that some information may be privileged, but the threshold for privilege to excuse non-reporting is high. If you have suspicion based on observable transaction conduct — rather than on confidential legal advice — privilege is unlikely to apply. Law firms should develop internal protocols for assessing when privilege arguments are genuinely available.
Important: Privilege is not a compliance exemption
Firms that assume privilege excuses them from Tranche 2 obligations are taking a significant risk. AUSTRAC has not issued guidance suggesting a broad privilege exemption. Until definitive guidance is available, law firms should treat their AML/CTF obligations as applying in full and take specific advice on particular privilege questions as they arise.
Tipping-off provisions — what you can and cannot say
Once you lodge a Suspicious Matter Report (SMR) with AUSTRAC, the tipping-off prohibition under section 123 of the AML/CTF Act applies. You must not disclose to the client — or to anyone else — that:
- You have lodged or are considering lodging an SMR
- AUSTRAC has received or may receive an SMR about the client
- The client is under investigation by AUSTRAC or law enforcement based on your report
For law firms, this creates a professional tension. You have duties of candour and disclosure to clients under professional conduct rules. However, the tipping-off prohibition overrides these duties in relation to AML/CTF reporting — it is a criminal offence to breach the prohibition.
In practice, many firms manage this by ceasing to act for the client without giving reasons that would alert the client to the SMR. Your AML/CTF program should include clear guidance on how to handle this situation, including scripts for withdrawing from a matter without triggering suspicion.
What you can disclose
- General information about AML/CTF obligations and why you are requesting identity documents
- That you are required to comply with AML/CTF laws as a reporting entity
- That you cannot proceed with a transaction without completing identity verification
Your six core AML/CTF obligations
Once enrolled with AUSTRAC, your firm must meet these obligations across all designated service transactions. The obligations apply to all lawyers in the firm who provide those services.
Customer Identification (KYC)
Verify the identity of clients before providing a designated service. Individual clients require name, date of birth, and address verification. Corporate clients require entity and beneficial ownership identification.
AML/CTF Program
Maintain a written AML/CTF program with Part A (risk assessment and procedures) and Part B (client identification). The program must reflect the specific risks of your legal practice and be reviewed annually.
Suspicious Matter Reporting
Lodge a Suspicious Matter Report (SMR) with AUSTRAC within 3 business days when you suspect a client or transaction is linked to serious crime. The tipping-off prohibition applies — you cannot inform the client.
Ongoing Due Diligence
Monitor the client relationship across all matters. Re-screen against sanctions and PEP lists when circumstances change. Apply enhanced due diligence to high-risk clients and high-risk transactions.
Record Keeping
Retain all KYC records, transaction records, and reports for at least 7 years. Law firms must be able to produce these records promptly in response to AUSTRAC requests.
Annual Compliance Reporting
Submit an annual AML/CTF compliance report to AUSTRAC. The report covers your compliance activities, any SMRs lodged, staff training completed, and changes to your business risk profile.
How IntelliCompli helps your law firm comply
IntelliCompli is purpose-built for Australian reporting entities, including law firms navigating the unique complexity of AML/CTF obligations alongside professional conduct requirements.
Tension between AML/CTF obligations and professional duties to clients
Law-firm-specific workflows with built-in tipping-off and privilege guidance
Large volumes of new matter openings requiring client verification
Digital KYC with automated document verification — verify new clients in minutes
No existing AML/CTF program tailored to legal practice
Program Builder with law firm templates covering conveyancing, transactions, and trust management
Uncertainty about which practice areas trigger AML/CTF obligations
Designated service mapping tool to identify which practice groups are in scope
Staff not trained on SMR requirements and tipping-off provisions
Interactive training modules with legal scenarios and professional conduct guidance
Complex corporate structures and trust arrangements hard to verify
Beneficial ownership mapping and structured entity verification workflows
Frequently asked questions
Are lawyers required to comply with AML/CTF laws in Australia?
Yes. The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 brings lawyers and law firms into Australia's AML/CTF regime as reporting entities. This applies to legal practitioners who provide designated services such as conveyancing, managing client money, creating legal entities, or acting in financial or real estate transactions. Full compliance is required by 1 July 2026.
Does client legal privilege protect lawyers from AML/CTF reporting obligations?
Client legal privilege has limited application to AML/CTF obligations. While the tipping-off provisions (which prevent you from telling a client you have filed an SMR) recognise the sensitive nature of the lawyer-client relationship, privilege does not generally excuse lawyers from enrolling with AUSTRAC, maintaining an AML/CTF program, conducting KYC, or filing Suspicious Matter Reports. The legislation does include some carve-outs for genuinely privileged communications, but these do not extend to general compliance obligations.
What are the tipping-off provisions and why do they matter for lawyers?
Under the AML/CTF Act, once you lodge a Suspicious Matter Report (SMR) with AUSTRAC, you are prohibited from disclosing to the client — or anyone else — that you have done so. This is the 'tipping-off' prohibition. For lawyers, this creates a significant professional tension: you have duties of candour to clients, but you cannot tell a client you have reported them to AUSTRAC. Law firms should have clear internal protocols for managing this tension, including guidance on when to cease acting for a client without raising suspicion.
Which legal services are designated services under Tranche 2?
Designated services for lawyers include: conveyancing (acting in the purchase or sale of real property); managing client money or assets on behalf of a client; creating, managing, or providing advice on legal entities (companies, trusts, foundations); acting as a nominee director, shareholder, or trustee; acting in financial transactions on a client's behalf; and assisting with business sale or acquisition transactions involving real estate or significant financial flows.
What is the AUSTRAC enrolment deadline for law firms?
Law firms providing designated services must enrol with AUSTRAC by 31 March 2026. Full compliance — including maintaining an AML/CTF program, KYC procedures, transaction monitoring, and reporting — is required by 1 July 2026. Both large firms and sole practitioners must comply.
Do barristers need to comply?
The Tranche 2 obligations primarily target solicitors who engage directly in transactions and client money management. Barristers who only provide legal advice and advocacy, and who do not manage client money or act in transactions, are generally not within scope. However, barristers who also provide services that would be designated services (rare in practice) would be covered. If in doubt, seek specific advice from AUSTRAC or your state law society.
What penalties apply to law firms that don't comply?
AUSTRAC can impose civil penalties of up to $22.2 million per contravention for companies and significant penalties for individuals. Non-compliance can also result in criminal prosecution for serious or systematic failures. For law firms, the additional risk is regulatory and reputational: state law societies and the Legal Services Commissioner can take disciplinary action if AML/CTF failures also amount to professional conduct breaches.
How does IntelliCompli handle the unique compliance requirements for law firms?
IntelliCompli includes law-firm-specific AML/CTF program templates, KYC workflows calibrated for legal practice onboarding, built-in tipping-off reminders in the SMR workflow, and staff training modules designed for legal environments. The platform is built to help firms meet their obligations without compromising their professional duties.
Related guides
Tranche 2 Reform Overview
Everything you need to know about Australia's 2024 AML/CTF amendments and what they mean for legal services.
Complete AML/CTF Compliance Guide
The six core obligations every reporting entity must meet under the AML/CTF Act 2006.
Customer Due Diligence
Standard, simplified, and enhanced due diligence procedures for legal practice clients.
KYC Verification
Identity verification requirements for individual and corporate clients under the AML/CTF Rules.
Ready to get your law firm compliant?
IntelliCompli helps law firms meet Tranche 2 obligations with law-firm-specific templates, digital KYC, and workflows designed for legal professional environments.