Why 31 March 2026 is a critical deadline – even if your organisation already has an AML program

A major update to the AML/CTF program requirements shifts the focus from a compliance-based approach to a risk-based, outcomes-oriented approach. AUSTRAC 24 June 2025

AML reforms for entities already AUSTRAC reporting entities

With much of the current focus on how the upcoming anti-money laundering (AML) Tranche 2 reforms will affect lawyers, accountants, and real estate professionals from July 2026, it’s easy to overlook the significant impact these reforms will also have on entities already subject to AML laws – known as ‘Tranche 1 entities’. Notably Tranche 1 entities face an earlier compliance deadline: they must be fully compliant by the 31 March 2026, which is three months ahead of the Tranche 2 deadline.

Tranche 1 entities include a wide range of organisations such as banks, credit unions, non-bank lenders, managed investment schemes, guarantors, arranges of securities and derivatives, crypto currency exchanges, remittance providers, gold bullion dealers, gambling and gambling venues, stored value card providers, life insurers with sinking funds, certain superannuation funds and trustee companies. This is not an exhaustive list, but it highlights the breadth of businesses already operating under AML obligations.

AUSTRAC timeline

Part 1: Risk and governance issues 

The first part of the series explores risk and governance issues for Tranche 1 entities, with part two to follow on customer identification and verification.

New focus on identification and assessment of AML and proliferation financing risks

The original AML laws encouraged AML programs focused on management of compliance risk. Because of this, many Tranche 1 entities assumed that the upcoming AML reforms would only require them to make small adjustments to their existing AML programs. However, this is not the case.

The new laws shift the focus from compliance to the management of risk and require a significant shift in the focus of existing AML programs. Gone are the days of a template Part A and Part B AML/CTF Program.

Under the Tranche 2 reforms, reporting entities (RE) must adopt a risk-based, outcomes focused approach. The Board and senior management must:

1. conduct a comprehensive risk assessment of the specific money laundering and terrorism financing ML/TF risks the business faces
2. apply risk-based systems and controls to manage risks, and
3. identify emerging risks and modify relevant systems and controls to minimise and manage these risks.

An AML program that merely identifies and addresses general compliance risks, whilst failing to address the risks relevant to the entity, is no longer sufficient. Contravening these requirements could attract a civil penalty.

New governance requirements require reporting to governing body

Each RE is required to implement a formal governance reporting structure where the RE identifies the governing body legally responsible for a number of significant decisions including:

1. approval of the AML program
2. approval of the risk management assessment
3. approval of the policies required to be made for the implementation of the AML Policy
4. appointment of the Compliance Officer
5. receiving sufficient information to discharge its oversight responsibilities
6. receiving independent evaluations that assess risk assessments, policy design, compliance, and effectiveness, and
7. receiving the reports from the Compliance Officer in relation to implementation of the AML program.

Role of the Compliance Officer – Eligibility and qualifications

The AML reforms elevate the Compliance Officer role from a token position for many REs to a senior one reporting to the Board. Eligibility now requires the Compliance Officer to be a resident of Australia, a fit and proper person under AML laws, and to have sufficient management authority, independence and resources to perform the function effectively.

Role of the Compliance Officer – Responsibilities

The role of the Compliance Officer’s has significantly broadened and now includes:

1. Oversight and co-ordination of the day to day compliance with the AML laws
2. Assessment and management of the AML risks of the business initially and on an on-going basis
3. Development and implementation of appropriate systems and controls to mitigate identified risks
4. Fostering and managing of the compliance culture
5. Preparation and submission of AUSTRAC reporting documents including suspicious and threshold reports

Do you need help?

Sparke Helmore’s AML Team offers comprehensive expertise across all aspects of AML from Tier 1 to Tier 2. We assist with helping you understand the reforms, conducting an AML risk analysis, reviewing your existing AML program, or writing your new one, and establishing governance frameworks – including identifying Compliance Officers and drafting governance charters. Our services include program review, documentation, training, or a tailored combination to meet your needs.

You can download the information contained on this page in a PDF fact sheet here.