A sweeping new compliance regime is about to land on tens of thousands of Australian small businesses; unlike the ATO or ASIC, AUSTRAC doesn’t negotiate, says Dr Michael King, it detonates.
On 1 July 2026, lawyers, accountants, real estate agents, conveyancers and dealers in precious metals and stones will come under AUSTRAC’s regulatory umbrella for the first time, as the Tranche 2 rollout of Australia’s reformed Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Act takes full effect. The reforms will bring approximately 100,000 new entities into the compliance fold, most of them small and medium-sized businesses that have never dealt with a financial crime regulator in their lives.
The stated purpose is unimpeachable. Australia has long been an outlier among Financial Action Task Force (FATF) member nations in failing to regulate so-called “gatekeeper” professions: the lawyers and accountants who facilitate property transactions, manage trusts and structure corporate vehicles. Extending regulation to these sectors aligns Australia with comparable jurisdictions, where such obligations have existed for years. Few would argue with that goal.
But the way AUSTRAC enforces its mandate is a different story altogether, as tens of thousands of small firms are about to find out the hard way.
The compliance mountain
Enrolment with AUSTRAC opened 31 March 2026, with full obligations commencing 1 July 2026. Within that window, newly captured businesses must appoint a dedicated AML/CTF compliance officer, develop and document a written risk-based compliance programme, conduct initial and ongoing customer due diligence, train staff, and begin filing suspicious matter reports and certain transaction disclosures.
For more than 80,000 newly captured reporting entities, the scale of the challenge is substantial. Many are starting from scratch. A sole-practitioner conveyancer in regional Queensland, or a family-run jewellery business in suburban Perth has no compliance infrastructure, no dedicated legal team and no prior relationship with a financial crime regulator.
AUSTRAC has responded by releasing sector-specific Programme Starter Kits for small legal, conveyancing and accounting practices. AUSTRAC CEO Brendan Thomas has publicly framed the regime as one of “risk awareness”, not complexity, promising that businesses won’t be expected to do it alone.
Industry bodies are considerably less sanguine. CPA Australia welcomed the intent of the reforms, but raised explicit concerns about compliance burden and the possible impact on small businesses. The ACT Law Society noted that the Law Council of Australia continues to advocate for clarity and transitional support, particularly for small legal practices. The wealth of guidance from AUSTRAC is real, but as CPA Australia observed, there is much to wade through and it is unlikely that smaller entrants will engage in earnest until starter kits are in hand.
Two regulators that know how to negotiate
To understand why AUSTRAC’s expansion is alarming for small business, it helps to contrast its enforcement culture with Australia’s other major regulators.
The Australian Taxation Office has spent decades building a model of graduated compliance. It offers payment plans, voluntary disclosure incentives and accessible guidance designed to bring taxpayers back into compliance rather than punish them out of existence. Its penalty regime is tiered. Mistakes are distinguished from fraud. The ATO’s public posture is educational as much as enforcement-oriented.
The Australian Securities and Investments Commission earned lasting criticism including from the 2019 Banking Royal Commission for a culture of negotiating rather than litigating against well-resourced defendants. ASIC’s enforcement record has been patchy; its chronic underfunding has meant it must pick its battles. Critics argue it has been too cautious. But patchiness is not the charge levelled at AUSTRAC.
When the regulator does not do graduated
AUSTRAC operates on a strict liability model. Intent does not matter. A software misconfiguration causing hundreds of international fund transfer instructions to go unreported does not produce one contravention, it produces hundreds, each with its own civil penalty exposure.
The numbers are not theoretical. The Commonwealth Bank paid $700 million in 2018 after AUSTRAC applied for a civil penalty order over AML/CTF breaches involving more than 53,000 failures to report cash deposits. Westpac paid $1.3 billion in 2020 — the largest civil penalty in Australian history, after admitting to over 23 million contraventions, including failures linked to a child exploitation network. Crown paid $450 million in 2023. SkyCity Adelaide paid $67 million in 2024.
Those were institutions with armies of compliance professionals. The question now is what happens when the same penalty architecture, designed to discipline Australia’s largest banks, is applied to a two-partner accounting firm that failed to properly document a client risk assessment. Under the reformed Act, civil penalties can reach up to A$33 million per contravention for a body corporate —and they compound.
Who will survive — and who won’t
The honest answer is that many businesses will not survive Tranche 2 compliance. Not because they are criminals. But because the cost, complexity and liability exposure of becoming a reporting entity will simply exceed the commercial viability of their operations.
Some businesses will restructure to avoid providing designated services altogether. Others will merge into larger practices capable of absorbing compliance overhead. Many sole operators, particularly those approaching retirement age, will simply close. Regional communities, already underserved by professional services, will likely lose the most.
A cottage industry of AML compliance platforms and consultants is already forming around the Tranche 2 opportunity. But technology costs money and not every suburban conveyancer or regional jeweller has the margin to absorb a compliance platform subscription on top of a designated compliance officer and a mandatory independent audit.
The proportionality question
Australia needs to fight money laundering. Its real estate market, legal profession and accountancy sector have been identified by AUSTRAC’s own regulatory priorities as genuine vectors for illicit finance. The FATF has repeatedly flagged Australia’s failure to regulate gatekeeper professions and the consequences of inaction are real.
None of that is in dispute. What is in dispute is whether the enforcement architecture built to punish Australia’s largest banks for billions of dollars of systemic failures is an appropriate first point of contact for a regional solicitor managing rural property conveyances, or a small accountant helping family businesses with their tax structures.
The ATO and ASIC, whatever their flaws, have developed graduated enforcement cultures calibrated to the size and sophistication of the entities they regulate. AUSTRAC’s penalty regime, by design, is not calibrated that way. And while the regulator’s public messaging emphasises collaboration and education, its enforcement record tells a different story: when AUSTRAC moves, it moves decisively and the consequences are existential.
Whether that model transplanted wholesale from banking regulation into the world of small professional service firms produces better compliance outcomes and fewer financial criminals, or simply produces a wave of business closures and a generation of frightened professionals avoiding legitimate client work to stay off AUSTRAC’s radar, will be one of the defining regulatory questions of the next two years.
And if it’s the latter? AUSTRAC may well have earned the title of Australia’s most hated regulator — not through malice, but through the blunt application of an instrument designed for giants, wielded against minnows.
Dr Michael King is an adjunct senior lecturer with the Australian Graduate School of Policing and Security, Charles Sturt University. His research focus is financial crime.
Support independent journalism Subscribe to IA.
Â