The Great Divide: Tranche 1 vs. Tranche 2

A major update since late 2025 is the clarification of the three-year transition period for initial Customer Due Diligence (CDD).

• Tranche 1 (Existing Reporting Entities): Current businesses have a flexible window from 31 March 2026 to 30 March 2029 to transition their onboarding procedures to the new reformed initial CDD standards. However, there is a catch: you must comply fully with a single method at a time - either your old procedures or the new ones - for all new customers during this period.
• Tranche 2 (Newly Regulated Sectors): Lawyers, accountants, and real estate agents do not receive this three-year transition window for initial CDD. These firms must be fully compliant with the new identification and verification rules for every new client engagement starting 1 July 2026.
• The Universal Deadline: Regardless of your sector or transition date, all entities must implement reformed ongoing CDD (transaction monitoring and KYC refreshes) by 31 March 2026.

Privacy is No Longer Optional for Small Businesses

New guidance from the OAIC confirms that all reporting entities, including small businesses with an annual turnover of less than $3 million, must comply with the Privacy Act 1988 when handling personal information for AML/CTF purposes.

A critical shift in record-keeping is now clear: once the new laws commence, entities should not keep scanned copies or photocopies of full identification documents (like driver’s licenses or passports) for AML/CTF purposes. Instead, you are expected to record the specific data verified (e.g., name, DOB, and document number) to satisfy your obligations without maintaining high-risk image repositories. Furthermore, all collection must meet an objective "reasonably necessary" test - you cannot collect more information than is required to manage the specific ML/TF risks of the transaction.

Chatbot Insights: Lessons from the Frontline

Our AI-powered consultant has been engaging with firms across Australia, revealing common points of confusion that businesses should address now:

• Incidental Transactions: Law firms have frequently asked about clients who repay disbursements after a matter is cancelled. Our insights confirm these are often considered incidental payments and may not trigger designated service obligations, provided they do not pass through a trust account as a de facto banking service.
• Real Estate Counterparties: Chatbot data shows significant interest in delayed CDD. For real estate agents, it is now confirmed that while you must identify your client (the seller) upfront, you can delay CDD on the counterparty (the buyer) until 15 days after contract exchange or before settlement, whichever is earliest.
• Self-Managed Super Funds (SMSFs): Inquiries regarding SMSF refunds highlight the need for robust internal controls to ensure compliance before funds are released, particularly when dealing with complex trust structures.

Sector-Specific Tools: Program Starter Kits

To support the "70,000-entity uplift," AUSTRAC has recently released Program Starter Kits tailored for small, low-complexity businesses in the accounting, legal, real estate, and jewellery sectors.

• Legal Professionals: Mixed practices are encouraged to download specialised risk assessments for conveyancing versus other commercial services.
• Accountants: Guidance now emphasises scaling controls based on client risk; low-to-medium risk clients require fewer steps, while high-risk clients mandate senior manager approval and source of wealth checks.

Next Steps for Your Firm

The timeline to be operationally compliant is narrowing. By 31 March 2026, existing entities must notify AUSTRAC of their appointed Compliance Officer, with newly regulated firms following by 29 July 2026.

Is your firm ready to stop scanning IDs and start automating risk-based onboarding? LAB Group’s platform is already aligned with these evolving requirements, providing the governance, screening, and audit trails needed to meet AUSTRAC's "sustained effort" expectations. Schedule a demo today to ensure your 2026 transition is seamless.

Disclaimer

This article draws on AUSTRAC's published guidance, which sets out how AUSTRAC interprets the AML/CTF Act along with its associated Rules and regulations. Australian courts are ultimately responsible for interpreting these laws. The examples and scenarios referenced are intended to illustrate AUSTRAC's position and are not exhaustive - they do not cover every possible circumstance or entity type.

The information in this article is general in nature and is not a substitute for legal advice. It may include generalisations about how the law applies and does not account for the specific facts and circumstances of your business. Some provisions of the law carry exceptions or qualifications that may be material to your situation.

LAB Group is a technology provider, not a legal or compliance advisory firm. Nothing in this article should be relied upon as legal advice. We recommend obtaining independent legal or compliance advice to confirm how these obligations apply to you. We have a strong network of compliance advisory partner firms and are able to make introductions upon request.