Are you a designated service provider?
The Act captures specific services, not professions. An accountant whose entire practice is preparing tax returns and BAS lodgements does NOT automatically inherit Tranche 2 obligations. An accountant who sets up client companies, arranges client trust structures, or handles client money in connection with a buying or selling transaction almost certainly does.
The shortest test that captures most practices in scope: do you, on behalf of a client, do any of the following?
- Form, incorporate or assist in setting up companies, partnerships, trusts or other legal arrangements
- Act as, or arrange for someone to act as, a director, partner, secretary, trustee or nominee shareholder
- Provide a registered office or business address for an entity that does not actually operate from there
- Manage client funds, securities, or other assets held in your trust account
- Buy or sell real estate on a client's behalf
- Buy or sell businesses or business assets on a client's behalf
- Arrange contributions for the creation, operation or management of legal entities
If any of those describe a service you provide, you are providing a designated service and Tranche 2 applies. If none do, you may be out of scope — but confirm with a lawyer before banking on it, because edge cases (a one-off company setup as a favour to a long-term client) can still pull a practice in.
The checklist, in order
Do these in sequence. Each step assumes the previous one is done. None require external help if your practice is small.
Enrol with AUSTRAC within 28 days of starting
Enrolment is the registration step. AUSTRAC issues you a reference number you use on every subsequent report. Lodge by the last week of June 2026 at the latest if you start providing designated services on 1 July.
Conduct an ML/TF risk assessment for the practice
One assessment per practice, covering customer types, geographies, services and delivery channels. A typical small accounting practice with local SME clients and no overseas exposure can complete the assessment in a single afternoon. Document it; the assessment itself is something AUSTRAC may ask for.
Write Part A and Part B of an AML/CTF Program
Part A: how the practice identifies and mitigates ML/TF risk. Part B: how the practice verifies customer identity. Both parts must be approved by the practice's governing body. For a sole-trader practice that is the principal; the approval still has to be documented and dated.
Name a Compliance Officer
The named person responsible for the AML/CTF program. They do not need an external certification but they do need to actually know the program and be reachable by AUSTRAC. In a sole-trader practice this is the principal. In a partnership it should be a named partner, not a shared duty.
Stand up a customer due diligence (CDD) process
Before providing a designated service to any new client, verify their identity. For individuals: full name, date of birth, address, photo ID. For companies: incorporation details, beneficial ownership down to a 25 percent threshold. Existing clients receiving a new designated service trigger CDD too.
Set up sanctions and PEP screening
Every new customer screened against DFAT, OFAC, UN, EU consolidated lists and PEP databases at onboarding. Re-screen at risk cadence afterwards: high 6-monthly, medium yearly, low every 3 years. The screening source needs to update regularly; a frozen sanctions list two years old is not screening.
Train every member of staff exposed to designated services
Includes the Compliance Officer and anyone touching a client file. New hires trained before they start client-facing work. Existing staff get refreshers; annual is the de facto standard. Training records kept for 7 years alongside the operational records.
Establish reporting workflows for SMRs, TTRs and IFTIs
Suspicious Matter Reports lodge within 3 business days of forming a suspicion (24 hours if terrorism financing is suspected). Threshold Transaction Reports for cash A$10,000+ within 10 business days. International Funds Transfer Instructions you give or receive as part of a designated service within 10 business days. Most accounting practices file zero TTRs and IFTIs in a typical year; the workflow still has to exist.
Build a 7-year records system
Customer records, transaction records, training records, AML/CTF Program versions. Records must be retrievable on AUSTRAC request. Soft-delete is the right pattern for archived clients; hard-delete is dangerous because the retention clock often runs from end-of-relationship, not from record creation.
Plan the first independent review
The Program must be independently reviewed at least once every 3 years (annual is the safer cadence). Reviewer must be independent of day-to-day program operation. For a sole-trader practice that means an external auditor or a peer-practice principal — never yourself.
TCSP-adjacent work deserves extra attention
The trust and company service provider (TCSP) overlap is the biggest risk concentration for accounting practices. If you form companies for clients, hold company secretarial roles, provide registered office addresses, or act as trustee or nominee shareholder, AUSTRAC will treat you as a higher-risk reporting entity than a tax-return practice. Practical implications:
- Customer due diligence runs deeper on clients you incorporate or for whom you act as a nominee. Beneficial ownership is the focus; expect to chase the 25 percent threshold harder than on a standard CDD.
- Source-of-funds questions become harder. A client putting A$2 million into a newly incorporated SPV needs more documentation than a client filing a tax return.
- Re-screening cadence shifts upward. TCSP-adjacent clients sit in the high-risk band by default unless you can document why they shouldn't.
- Suspicious matters travel through the practice differently. A request for unusual entity structuring, or a client who insists on a nominee director, is exactly the pattern AUSTRAC expects an SMR for.
If TCSP work is a small fraction of your practice, consider whether you want to keep doing it once Tranche 2 is live. The obligations are heavier than the revenue often justifies. If it is core to your practice, build the workflow to assume high-risk handling by default.
Records and retention
Seven years is the headline retention. The trap is that the start date varies by record type. Customer identity records run from the date the client relationship ends. Transaction records run from the transaction date. AML/CTF Program versions run from the date that version was superseded. Training records run from when the staff member left. Get the start date wrong and a record can be technically compliant today but under-retained when AUSTRAC asks in 2033.
For an accounting practice that already keeps tax workpapers for 5 years, the 7-year AML/CTF retention is an extension, not a new system. Consider unifying the two retention policies under the longer of the two (7 years) so staff do not have to remember which clock applies.
What to do this quarter
Concrete sequence for a small practice that has not started yet.
- Run the scope test in this guide (15 minutes).
Decide honestly whether your practice provides designated services. Most practices that offer anything beyond pure tax-return work will be in scope. Document the decision either way.
- Score readiness honestly (15 minutes).
Twelve-question self-assessment, free, no signup. The result is a numbered score, a band, and a per-obligation diagnostic.
Try the readiness check - Cost it out (15 minutes).
Get a realistic dollar figure on the page so you can budget. Whether you choose software, a consultant, or internal time, the budget matters.
Open the cost calculator - Decide build / buy / hire by 31 March 2026.
Three options. Build it in spreadsheets (cheap, painful, fragile under audit). Buy software (recurring cost, less custom). Hire a consultant (high cost, dependent on their availability). The Tranche 2 deadline does not move; the decision should be made well before June 2026 to give whichever path you pick time to settle.
- Enrol with AUSTRAC by end of June 2026.
Even if your program is not fully finalised, lodge the enrolment. Penalty for late enrolment is greater than the penalty for an early enrolment with a thin program.
Common questions
Is bookkeeping by itself a designated service?
Generally no. Pure bookkeeping (recording transactions, reconciling accounts, preparing BAS) is not on AUSTRAC's designated-services list. But many bookkeeping practices also touch payroll, manage client trust accounts, or set up payment workflows for clients. Each of those can pull a practice into scope. If your practice is bookkeeping-plus, run the scope test on the plus.
My practice prepares SMSF documents. Am I in scope?
Yes, almost certainly. Establishing a self-managed super fund and acting in connection with the SMSF's ongoing administration involves setting up legal arrangements (the SMSF trust) and arranging contributions on the trustee's behalf. Both are designated services. SMSF-heavy practices should plan for full Tranche 2 compliance.
What about a CPA or CA membership? Does that change anything?
Your professional body membership affects ethics obligations and professional discipline. It does not change AUSTRAC's scope test. CPA Australia, CA ANZ and IPA all publish Tranche 2 guidance for members but the obligations come from the AML/CTF Act, not from your professional body. AUSTRAC supervision is in addition to professional body oversight, not instead of it.
I run a one-person practice from home. Do I still need all this?
Yes. The Act applies based on whether you provide designated services, not on practice size. A sole practitioner doing client company incorporations from a home office has the same obligations as a 20-partner firm doing the same work. The implementation can be simpler (one Compliance Officer, smaller training cohort, fewer customer files) but the obligations are the same set.
What about the trust account my bank manages for me?
The bank runs its own AML/CTF on the banking relationship. That is separate from your obligations as a reporting entity providing accounting designated services. Both parties have parallel obligations covering the same money flow. The bank screens the account holder (you); you screen the underlying client; the chain works both ways.
Can I outsource the AML compliance work to a consultant?
You can use a consultant to write the Program or run the annual review, but you cannot transfer the obligation. AUSTRAC holds the reporting entity responsible. If a consultant's Program is found inadequate, the practice principal is the one AUSTRAC pursues, not the consultant. A consultant accelerates the work; a consultant does not remove the responsibility.
How does Caltury fit a small accounting practice specifically?
Self-serve 14-day trial, no credit card. Enrolment wizard, program builder, CDD workflow and sanctions screening usable on day one. Bookkeeping-only practices can use the scope test in the dashboard to confirm they are out of scope before subscribing. TCSP-active practices get the same workflow as larger firms at the same A$99 entry tier. CSV import for migrating an existing client book. No call required, no demo, no consultant.
Caltury is AML/CTF software for independent Australian practices entering Tranche 2. Founded by Ben Horne (ex-ADF, sole trader, ABN 49 452 393 782, Australian-based). Sydney hosted on Supabase and Vercel. Async written support, no calls or demos. The readiness assessment is the right next step if this guide was useful and you want it applied to your specific practice.
This guide is general information about Australian AML/CTF obligations for accounting practices. It is not legal or tax advice. AUSTRAC has not reviewed this content. For situations specific to your practice consult an Australian-qualified lawyer or AML/CTF adviser.