The July 1 deadline that could catch your practice off guard 

The majority of advisers rely on the idea that anti‑money laundering is someone else’s problem. Catherine Evans spends a lot of her time explaining the contrary.

As founder and head of legal at Kit Legal, Evans has been deep inside the anti-money laundering and counter-terrorism financing (AML/CTF) Tranche 2 reforms since they were first tabled. She has advised businesses straddling both Tranche 1 and Tranche 2, worked through hundreds of hours of legislation and watched the guidance evolve in real time.

Her advice for advisers who are still assuming that the licensee will carry the load, July 1 is the deadline that could catch your practice off guard.

During the recent In Practice Compliance and Regulatory webinar, Evans pointed out that the obligations are much broader than most firms expect, and the window? It’s closing in fast.

Why Australia had no choice

The reforms did not arrive out of nowhere. Australia has been well behind the rest of the world on AML legislation for years, and the pressure to catch up has been building.

“There’s been a lot of pressure on Australia to uplift our regime so that we’re not grey-listed as a country from international trade,” Evans says. “That puts some context into why some of these changes seem quite rushed. There is another assessment coming soon, and if these laws weren’t in place and fully operational, there would be significant implications for Australia.”

This urgency sets the pace of change. The laws passed last year; regulator guidance from AUSTRAC, the Australian Transaction Reports and Analysis Centre, followed at the end of 2024.

Regulators issued further guidance earlier this year and pushed through last-minute changes in March before the law took effect for existing entities on March 31. New services and new entities come under the regime from July 1.

The assumption that keeps catching practices out

The most common mistake Evans encounters is the belief that AML/CTF is a licensee problem, not a practice problem. That has always been partially true and is now much less so.

“We’re moving away from ‘my licensee will handle this’ or ‘it’s only a licensed entity that’s regulated’ to really doing a deep dive on these services to work out if you are providing them.”

What trips practices up is the breadth of what now counts as a designated service. Assisting a client to set up a self-managed superannuation fund (SMSF) with a corporate trustee, providing a registered office address, managing client accounts or payments, helping clients buy or sell a business.

Each of these can trigger obligations that sit directly with the practice, not the licensee. “If an entity is providing a designated service, even just one, it must be enrolled with AUSTRAC and have a compliance program,” Evans says.

Integrated firms with an accounting arm face particular exposure. From July 1, other entities within a corporate group can be caught, not just the licensed entity at the top.

What the new obligations actually involve

For practices that are caught, the compliance program required under the new regime is significantly more detailed than what came before. There must be a money laundering and terrorism financing risk assessment. Documented policies and controls. Personnel due diligence and training requirements. A governance framework with internal reporting in writing. And annual reporting to AUSTRAC. The list is longer than most practices expect.

The customer due diligence (CDD) process has also changed. The way certain structures are identified is different. The risk assessment component is more detailed; and what needs to be documented has expanded considerably.

“The risk assessment process is much more fleshed out as to what you need to do and what you need to document,” Evans says.

The governance framework has shifted too. Under the old legislation, the board approved the program and the risk assessment.

Under the new regime, a senior manager must approve the overall risk assessment and all policies in writing. There is now a formalised AML/CTF compliance officer role. Risks must be reported up to the board through a structured reporting framework. The governance responsibilities have moved closer to the top of the business, and that shift is deliberate.

The opportunity hiding inside the obligation

Evans is not simply sounding an alarm. Practices that get this right, she argues, come out the other side in better shape than when they went in.

“There are also significant opportunities if you get it right: moving from this reactive to proactive approach and seeing it as a business opportunity, a core part of your business to make a difference in,” she says.

“For firms that are already doing this well we’re seeing significant efficiencies in how they’re doing not only customer due diligence, but the whole end-to-end process.”

Integrated practices, in particular, stand to gain. Forming a reporting group across an advice and accounting business opens up real efficiencies. Data gets shared. The onboarding process becomes one, not two. And client insights that were never visible before suddenly are. Done well, it is also a faster way to identify high-risk clients early.

First step to survival

For practices still working out where they sit, Evans is direct about the first step: get clear on whether you are providing a designated service and which entities in your group are providing it.

From there, the path is manageable, but it requires the right support. The AUSTRAC enrolment form alone is notoriously difficult to navigate, and the way it describes services does not always match the language in the legislation.

“While this seems very overwhelming, it doesn’t have to be with the right support,” Evans says. “All of the entities we work with are already set up on this new regime and ready to go, so you can do this.”

With the clock on compliance ticking and regulators’ patience running out, now is the time to build the system. Clarity on designated services is the starting line; embedding compliance into workflows is the finish line. Firms that delay pay the price, in risk, efficiency, and valuation.