With the clock ticking down, AUSTRAC has released its finalised Tranche 2 rules, marking the last step in the rollout of the Anti-Money Laundering and Counter-Terrorism Financing Rules 2025.

As Personr Co-Founder Nick Ahrens explains, these reforms are a big deal: 

“They close long-standing gaps in Australia’s AML/CTF framework and finally bring high-risk ‘gatekeeper’ professions under proper regulation.”

The new rules extend AML/CTF obligations to Virtual Asset Service Providers (VASPs), Remittance Service Providers, Financial Institutions and related businesses, as well as Designated Non-Financial Businesses and Professions (DNFBPs) such as lawyers, accountants, real estate agents, and dealers in precious metals and stones.

This is one of the most significant shifts to Australia’s financial crime landscape in over a decade. Tranche 2 aligns Australia with global standards and closes loopholes that criminals have long exploited.

At Personr, our mission is to make complex regulations simple. 

This article offers a snapshot of our key takeaways. 

Next week, we will publish a full breakdown and practical guide to help you understand what these changes mean in practice. Sign up here.

Some of our Key takeaways: 

1. The Amendments

AUSTRAC made final tweaks in four main areas after receiving over 200 submissions across two public consultations:

• Reporting groups
• Customer due diligence (CDD)
• AML/CTF programs
• Value transfer and the travel rule
  

2. Reporting Groups

Related firms or those who choose to work together can now operate under a single AML/CTF program, led by one entity. 

This streamlined approach reduces duplication and compliance burdens.

3. Enrolment Requirements

When enrolling, businesses will need to provide:

• Designated services: what they are, start date, where offered (Australia or a foreign permanent establishment), and industry classification.
  
• Organisation details: legal/trading names; ABN/ACN/ARBN/ARSN/LEI; Australian addresses; legal form; beneficial owners; staff count; associations; domains; business description; and last year’s turnover.
  
• Governance information: directors, DOBs, Director IDs, and incorporation details for companies; equivalent details for trusts, associations, and co-ops.
  
• Reporting group status: whether you are in a group, the lead, or a member (with identifiers).
  
• Earnings: 12-month or consolidated group earnings (unless under $100m).
  
• Declarant: the individual completing the form, plus a declaration that the information is true and correct.
  

4. AML/CTF Programs

Every business must have a written AML/CTF program in place before providing any designated service.
It should clearly set out:

• your ML/TF risk assessment
• the controls you will apply
• who is accountable
• how staff are trained
• how you assure report quality
• when independent evaluations will occur
  

5. Customer Due Diligence (CDD)

The rules update CDD requirements:

• Simplified CDD is allowed in low-risk cases if permitted by policy.
  
• Reliance on third-party KYC is acceptable if data or evidence can be obtained on request.
  
• PEPs: if a customer becomes a politically exposed person, you must review and update CDD.
  
• And more! Have a look here.

To check if your business is impacted by the new rules, you can complete this survey. 

What happens if businesses don’t comply with the new rules? 

Non-compliance is costly.

A recent example is Revolut Payments Australia Pty Ltd, a remittance service provider that self-disclosed failures to submit International Funds Transfer Instructions (IFTIs) on time. AUSTRAC issued a $187,800 infringement notice, which Revolut paid in full.

AUSTRAC CEO Brendan Thomas reinforced the message:

“These are the real-life consequences of failures to report and it’s why failures to report need to have regulatory consequences, even where reporting entities detect, disclose and report the failures.”

The lesson is simple. Compliance is not optional. Even if you self-report, AUSTRAC will enforce penalties.

Why is it important

By requiring more sectors to identify clients, monitor transactions, and report suspicious activity, Tranche 2 makes it significantly harder for criminals to launder money or finance terrorism through unregulated channels.

As Nick Ahrens puts it:

“These laws make it harder for criminals to exploit weak links in Australia’s financial system.”

What are the next steps for businesses now?
With AUSTRAC locking in the new rules and the ASO releasing guidance on sanctions and proliferation financing, reporting entities should start planning now to be ready for their impending deadlines. 

According to risk and compliance expert Ron Vidal AML compliance is about leveraging the right technology.

"Gaining clarity over current processes and identifying deficiencies allows for planning of technology implementation, and the assistance they might need to embed new practices within the business," he said.

Personr will continue to post helpful resources for businesses tackling Tranche 2.

Sign up for our guide today.

‍