AML obligations are coming for financial advisers on 1 July. Are you ready?

Most advisers assume anti-money laundering obligations belong to banks and financial institutions. That assumption is now outdated, and the price of holding onto it is high. Australia AML obligations for financial advisers have expanded considerably, and the advice profession is only beginning to grasp what that means in practice.

From 1 July 2026, Australia’s expanded Anti-Money Laundering and Counter-Terrorism Financing regime brings a new set of designated services and reporting entities into full effect.

Legal firm Kit Legal is warning that routine advice work, the kind that fills an ordinary week, may already bring a firm within scope. Catherine Evans, founder and Head of Legal at Kit Legal, is direct about the risk.

“I still hear advisers say I’m just setting up the structure, or I’m just the adviser. That distinction is becoming increasingly irrelevant. If you are facilitating the establishment of companies, trusts, transactions or the movement of money, you are part of the controls ecosystem.”

What triggers the Australia AML obligations

This is where many firms are underestimating the complexity. The designated services are worded broadly, and they do not always map neatly to how advice businesses operate.

Here is an example: recommending an SMSF and referring the client to their accountant probably does not trigger a designated service. But, facilitating the set-up by completing forms or using a document provider, will.

It goes further than SMSF work. Holding authority over a client’s account to make payments is a designated service. Providing a registered office address is a designated service. Neither of these is unusual in an advice practice. They are everyday occurrences, and precisely the kinds of arrangements the regime is designed to capture.

Evans also flags a group-level issue that has caught integrated professional services firms off guard. Where an advice business has an associated accounting arm, both entities may need to be separately enrolled with AUSTRAC.

Corporate authorised representatives providing designated services may also need to enrol in their own right. “The days of assuming the licensee handles all of this are gone,” she says.

What compliance actually requires

Once one or more services are regulated, the obligations become even more extensive. They span a money laundering and terrorism financing risk assessment, policies and controls, personnel due diligence, training, governance and annual reporting to AUSTRAC.

The most common mistake Evans sees is treating this as a documentation exercise. A policy gets written, filed away and never touched again. That is not compliance.

“The framework only holds up when it is embedded in how the business operates. What does the team do day to day? How are concerns escalated? How are decisions recorded? That is what AUSTRAC, and an independent evaluation, will examine.”

Compliance is also not a one-time event. Customer due diligence continues throughout the client relationship. Suspicious matter reporting is triggered by reasonable suspicion, not proof, with a report due within three business days. AUSTRAC has already flagged concern that the advice industry is lodging too few of these reports.

A low risk profile is not a free pass

This is a critical point that Evans says many otherwise well-run firms miss. Risk shapes how you comply with parts of the framework. It does not determine whether you comply.

“Risk shapes how you comply with parts of the framework; it does not determine whether you comply. This is where many otherwise well-run firms find themselves exposed.”

Knowing your clients well is not sufficient. Being able to show your workings is what matters.

What advisers should do before 1 July

The deadline is close but Evans says there is still time to get this right. The starting point is understanding which services the firm actually provides and whether any of them are designated services under the new regime.

From there, the work involves building a framework that is genuinely embedded in day-to-day operations, not filed away in a folder. That means a documented risk assessment, clear policies, trained staff and a process for escalating and recording concerns.

For self-licensed advisers in particular, this represents a fundamental change.

Historically, the licensed entity was the only regulated party under what was known as Item 54. From 1 July, that changes. New designated services capture many corporate authorised representative entities that were not previously regulated at all.

Understanding the full scope of Australia AML obligations for financial advisers is no longer optional. The regime is here. The question is whether your firm is ready for it?

The advisers who navigate this well will not be the ones who minimised the issue. They will be the ones who moved early, mapped their services honestly and built a compliance framework that can withstand scrutiny.