2026-07-06
Tranche 2 AML/CTF: what it means for real estate, legal, and accounting, and how to screen efficiently
Tranche 2 of Australia's AML/CTF reform is now live. If your business is in a newly captured sector, real estate, legal, accounting, conveyancing, trust and company services, or dealing in precious metals and stones, you have obligations that commenced on 1 July 2026. This is an overview to help you get oriented. It is informational only, not legal advice; AUSTRAC is the authoritative source for what your business must do.
What Tranche 2 is, and the dates that matter
The AML/CTF Amendment Act 2024 received Royal Assent on 10 December 2024. It extends Australia's anti-money-laundering and counter-terrorism-financing regime, previously limited mostly to banks, casinos, and remittance providers, to a wider set of professions. The rollout has followed a fixed timeline:
10 December 2024 Royal Assent (AML/CTF Amendment Act 2024)
31 March 2026 Enrolment opened
1 July 2026 Obligations commenced for newly captured entities
29 July 2026 Enrolment deadline
If you are a newly captured business, you are expected to already be operating under the new regime, and you have a short window left to complete enrolment with AUSTRAC if you have not already.
Who is newly captured
Tranche 2 brings the following sectors into scope for the first time:
Real estate professionals
Lawyers and solicitors
Accountants
Conveyancers
Trust and company service providers
Dealers in precious metals and precious stones
If your business provides any of the designated services in these sectors, such as facilitating a property settlement, forming a company or trust for a client, or acting as a registered agent, you are likely captured. AUSTRAC's own guidance is the authoritative test; this post is a starting orientation, not a determination.
The new obligations
Being newly captured means new, ongoing obligations, not a one-off form. In summary:
Enrol with AUSTRAC
Build and maintain an AML/CTF program
Run customer due diligence (KYC/KYB) BEFORE providing a designated service
Screen customers for sanctions and politically exposed persons (PEPs)
File suspicious-matter reports and threshold-transaction reports
Keep records for seven years
The due-diligence and screening steps are the ones that hit hardest day to day. Before you can act for a client, you need to know who you are dealing with: is the entity real and active, is it a company or a trust, who sits behind it, and does it appear on any watchlist.
How to screen efficiently with AUO
The API lets you verify a business and screen it in the same flow, then keep watching it, so a newly designated entity triggers an alert later instead of going unnoticed. Resolve gives you a verified entity record from Australia's free government sources in one call:
curl https://api.auo.com.au/v1/resolve \
-H "Authorization: Bearer auo_sk_test_your_key" \
-H "Content-Type: application/json" \
-d '{"abn": "46008583542"}'
Screen runs the same entity, or a name plus available details, against the DFAT sanctions consolidated list and ASIC's banned and disqualified persons and organisations registers:
curl https://api.auo.com.au/v1/screen \
-H "Authorization: Bearer auo_sk_test_your_key" \
-H "Content-Type: application/json" \
-d '{"name": "Example Pty Ltd"}'
Be clear-eyed about what this does and does not cover. Its screening is possible-match, never a clearance: a hit returns a "review" verdict naming the underlying register, and a no-hit returns "no match found as of" a given date, never "pass" or "cleared." List coverage is narrower than a dedicated multi-jurisdiction AML product; it currently checks DFAT's sanctions list and ASIC's banned-persons and banned-organisations registers. On PEPs specifically, do not assume this gives you comprehensive PEP screening on its own, confirm your obligations and check what a name hit actually represents before you rely on it for a file note. If a customer is a trust, screening should run against the corporate trustee, not the trust itself, since that is where liability sits.
Once onboarding is done, subscribe to watch the entity so you hear about changes without re-checking manually:
curl https://api.auo.com.au/v1/watch \
-H "Authorization: Bearer auo_sk_live_your_key" \
-H "Content-Type: application/json" \
-d '{"events": ["sanctions_match", "banned_match", "deregistration"],
"webhook_url": "https://example.com/hooks/auo",
"entities": ["46008583542"]}'
That covers a meaningful slice of ongoing customer due diligence: you find out if a customer is later sanctioned, banned, or deregistered, rather than only knowing their status on the day you onboarded them.
Honest boundaries
The API is a verification, screening, and monitoring layer, not a full AML/CTF program and not a KYB platform. It helps you perform customer due diligence and ongoing monitoring using free Australian government sources, but it does not write your AML/CTF program, does not file your suspicious-matter or threshold-transaction reports, and does not replace legal or compliance advice. For what your business must do under Tranche 2, AUSTRAC's guidance is the authoritative reference.
Try it free
The full API works against a sandbox at no cost. Integrate your due-diligence and screening flow now, then flip to live data when you are ready.