How AUSTRAC’s New AML Reporting Groups Affect Law Firms & Accounting Firms

Reading Time: 11 minutes

Introduction

The Australian anti-money laundering and counter-terrorism financing (AML/CTF) landscape is undergoing a significant transformation following the passage of the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth). These reforms introduce substantial changes, expanding the regime to include law and accounting firms as ‘Tranche 2’ reporting entities and modernising compliance obligations to combat financial crime more effectively.

A central element of this modernisation is replacing the ‘Designated Business Group’ (DBG) structure with the new ‘Reporting Group’ concept, effective from 31 March 2026. Understanding this shift is paramount for law and accounting firms, as it fundamentally alters how related entities within an organisation can manage their AML/CTF compliance, reporting obligations, and risk assessment under the Australian Transaction Reports and Analysis Centre (AUSTRAC) framework.

Transition From Designated Business Groups (DBGs) to Reporting Groups

What Were Designated Business Groups (DBGs)?

Previously, the Australian AML/CTF framework utilised the DBG concept. This structure permitted certain related reporting entities, such as associated law practices or accounting firms, to collaborate on their compliance efforts.

Under a DBG, members could adopt a joint AML/CTF program and share specific obligations, including:

• Customer identification procedures
• Ongoing customer due diligence
• Record-keeping
• Lodging certain reports with AUSTRAC

DBGs were typically formed through a written agreement between eligible reporting entities, often related companies or joint ventures, and required formal designation. While allowing for shared administration, each member entity within the DBG remained individually responsible for its compliance with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).

Introducing Reporting Groups as the New Structure

The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth) introduces a significant change by replacing the DBG structure with a new concept known as ‘Reporting Groups’. This updated framework is scheduled to commence on 31 March 2026, marking a shift in how related entities can collectively manage their AML/CTF compliance. Existing DBGs that are operational on this date will automatically transition into Reporting Groups.

Reporting Groups represent a simplified and modernised approach that offers greater flexibility for businesses operating under shared control. This new structure aims to streamline compliance for related entities, including law and accounting firms operating within networks or corporate groups.

A key distinction is that Reporting Groups are formed based on common ‘control’ and can potentially include related non-reporting entities, facilitating broader information sharing for risk management and customer due diligence purposes across the organisation.

Understanding Reporting Groups for Your Law Firm or Accounting Firm

How Reporting Groups are Formed Under the Act

Reporting Groups, introduced by the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth), originate from the concept of a ‘business group’. A business group exists when one person (an individual, company, trust, or partnership) ‘controls’ every other person within that group. If a business group includes at least one member providing a ‘designated service’ under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), a Reporting Group is formed.

The definition of ‘control’, detailed in the new section 11 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), is central to forming these groups and varies depending on the entity type:

• For Bodies Corporate: Control is established if the potential group members share a common parent company, similar to the related companies test under the Corporations Act 2001 (Cth).
• For Non-Corporate Entities (e.g., Trusts, Partnerships): Control exists if a person can control the entity’s board or governing body, or determine the outcomes of its financial and operating policy decisions.

This assessment considers practical influence and any established practices or patterns of behaviour, not just legal rights. The broad definition, primarily focusing on ‘practical influence’ for partnerships and trusts common in the legal and accounting sector, means firms must carefully analyse their structures.

Under the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth), if the ‘control’ criteria are met within a business group providing a designated service, a Reporting Group forms automatically from 31 March 2026. Additionally, existing DBGs will transition automatically to Reporting Groups on this date.

Key Differences Between DBGs & Reporting Groups

The transition from DBGs to Reporting Groups involves several significant changes relevant to Australian law and accounting firms undertaking AML/CTF compliance:

• Basis of Formation:
  • DBGs generally require members to be related companies under the Corporations Act 2001 (Cth).
  • Reporting Groups are formed based on the broader concept of common ‘control’, allowing structures like franchises or networks under shared management to potentially form a group.
• Formation Process:
  • Forming a DBG required a formal designation process, involving notification to AUSTRAC.
  • Reporting Groups can form automatically if the ‘control’ and ‘designated service’ criteria are met, simplifying the process but requiring firms to proactively assess their status.
• Membership Scope:
  • DBGs were restricted to only include reporting entities.
  • The Reporting Group framework allows for the potential inclusion of related non-reporting entities (within categories specified by AUSTRAC Rules) to facilitate better information sharing for customer due diligence (CDD) and risk management across the organisation.
• Central Responsibility:
  • The DBG structure lacked a formally defined entity with overall responsibility and liability.
  • Reporting Groups introduce the mandatory role of a ‘Lead Entity’, responsible for the group’s AML/CTF program and shares liability for compliance breaches by members.

Understanding the Lead Entity’s Role, Responsibilities & Liability

Designating the Lead Entity & Eligibility Requirements

A ‘Lead Entity’ must be nominated within the Reporting Group structure established by the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth). This entity assumes a vital central coordinating and oversight role for the group’s AML/CTF compliance. Importantly, the Lead Entity is treated as a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), subject to obligations even if it doesn’t directly provide designated services.

While the final requirements will be set out in the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1) (Cth), the initial draft rules proposed specific eligibility criteria for a Lead Entity. These potential criteria included:

• Residency: The entity must be a resident of Australia.
• Status: It must either provide a designated service itself or be a company registered under the Corporations Act 2001 (Cth).
• Control: It must ‘control’ (as defined in section 11 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) all other reporting entity members within the group that provide designated services.

Concerns were raised during consultations, notably by the Law Council of Australia, that the draft ‘control’ requirement might inflexibly designate an entity based on hierarchy rather than operational suitability. Firms should monitor communications from AUSTRAC for the finalised Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1) (Cth) detailing the definitive eligibility requirements.

Lead Entity Core Responsibilities & Shared Liability

The Lead Entity is responsible for the entire Reporting Group’s AML/CTF compliance posture and efforts to mitigate financial crime risks. Its primary duties involve overseeing the group’s adherence to Australian AML/CTF obligations.

Key responsibilities mandated for the Lead Entity include:

• Developing, documenting, and maintaining a single, group-wide AML/CTF program that applies to all reporting entity members within the organisation.
• Conducting a comprehensive, group-wide money laundering and terrorism financing (ML/TF) risk assessment to identify and evaluate the group’s specific risks.
• Establishing and implementing group-wide AML/CTF policies, procedures, systems, and controls to effectively mitigate and manage the identified ML/TF risks across the sector.
• Taking reasonable steps to ensure that all reporting entity members within the group comply with the group-wide AML/CTF program requirements and reporting obligations.

Implementing a shared liability model is a critical change introduced by the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth). This means that if any reporting entity member within the group fails to comply with an obligation under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) or Rules, liability can extend beyond that member.

The contravening member and the designated Lead Entity can be held legally responsible for the breach. This shared liability significantly elevates the risk profile for the Lead Entity. It becomes accountable not only for its actions but also for the compliance failures of other members, necessitating robust oversight mechanisms, strong internal controls, effective communication channels, and potentially audits across the reporting group to manage this exposure.

Strategic AML Compliance Models for Your Law or Accounting Firm

Centralised Model Using the Reporting Group Structure

This model involves a corporate-led approach where AML/CTF compliance responsibilities are managed centrally, often aligning with the ‘Reporting Group’ structure introduced by the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth). The head office or a designated Lead Entity develops and enforces AML policies across all network members or offices.

Compliance processes, such as CDD and transaction monitoring, are standardised, and centralised compliance staff oversee these activities. Regular audits and monitoring ensure adherence across the group, while the central body provides training and compliance tools to all members. For instance, a national accounting firm might implement a single AML compliance program with a centralised CDD system that all offices use.

Adopting a centralised model offers several advantages for reporting entities:

• Greater Control and Consistency: Central management ensures uniform application of policies, reducing the risk of inconsistent practices and enhancing overall compliance for the organisation.
• Leveraging Expertise: The group can utilise specialised compliance knowledge centrally, minimising the burden on individual offices that might lack dedicated resources.
• Reduced Risk: Consistency lowers the likelihood of compliance failures in individual offices, protecting the firm’s brand and reputation.
• Potential Cost-Effectiveness: Sharing resources, technology, and personnel can lead to lower aggregate compliance costs than if each entity managed its systems.
• Streamlined Obligations: Central oversight can make managing reporting obligations and interactions with AUSTRAC more efficient.

However, this approach also presents challenges:

• Initial Investment: Significant upfront and ongoing investment is required for central compliance staff, technology, and infrastructure.
• Cost Allocation: Establishing a fair system for allocating the costs of the central function across different group members can be complex.
• Lead Entity Liability: Under the Reporting Group structure, the Lead Entity bears significant shared liability for compliance breaches by any group member.
• Flexibility: A highly centralised model might lack the flexibility to adapt to specific local needs or the nuances of different practice areas within the firm.

Decentralised Model (Independent Compliance)

In a decentralised model, each law or accounting office, partner firm, or entity within a network operates independently regarding its AML/CTF compliance. Every office is responsible for developing and implementing its AML/CTF program, including policies, procedures, risk assessments, training, and reporting obligations.

Any central head office provides minimal oversight or enforcement of uniform compliance measures. Consider independent law firms operating under a shared brand, each handling its own AML checks and CDD processes separately.

The primary benefits of this model are:

• Autonomy: Individual offices or partners retain full control over their compliance approach, tailoring it to their specific perceived needs.
• Minimal Central Oversight: It requires little coordination or overhead from any central body or head office.

Conversely, the decentralised approach carries significant drawbacks:

• Higher Risk of Inconsistency: Disparate practices across entities increase the likelihood of compliance failures and non-adherence to AML/CTF requirements.
• Increased Reputational Risk: A compliance failure in one office can damage the reputation of the entire brand or network.
• Higher Aggregate Costs: Each entity must individually invest in its own AML systems, training, and compliance personnel, likely leading to higher overall costs due to duplication of effort and resources.

Hybrid Model Balancing Central Guidance & Local Implementation

The hybrid model seeks a middle ground, balancing central oversight with local implementation autonomy. A central body, such as the head office, establishes general AML/CTF guidelines and standards. It might also negotiate and provide access to group-wide compliance tools, like customer verification systems or screening software, to foster consistency.

Individual offices or member firms follow these guidelines but retain autonomy in implementing the day-to-day compliance procedures. For example, a legal network might require firms to use preferred software but allow each office to manage its CDD procedures within the corporate framework.

This model offers potential advantages:

• Shared Responsibility: Compliance duties are shared between the central body and individual businesses or offices.
• Enhanced Consistency: It promotes a more consistent approach than the decentralised model, helping to mitigate risk across the organisation.
• Reduced Burden: Individual firms benefit from central guidance and tools, reducing the need to develop everything independently.
• Negotiating Power: The central body can potentially negotiate better group-wide terms for compliance software and services.

Potential challenges include:

• Reliance on Adherence: The model’s effectiveness hinges on individual offices consistently following the central guidelines and using the provided tools effectively.
• Alignment Challenges: Achieving buy-in and ensuring all partners or offices align with the shared responsibility model can be difficult, particularly in less integrated networks.
• Residual Risk: Some risk remains if individual entities fail to implement the central directives properly.

Choosing Your Law Firm or Accounting Firm’s AML Compliance Model

Assessing Your Firm’s Risk Tolerance, Structure & Resources

Selecting the appropriate AML/CTF compliance model requires careful consideration of your firm’s unique characteristics. Your organisation’s risk tolerance, operational structure, and available resources are pivotal factors in this decision.

Firms must evaluate whether a centralised, decentralised, or hybrid approach best aligns with their specific context. Consider your business’s nature, size, and complexity when determining the most suitable model.

Factors influencing this choice include:

• Organisational Structure: Whether your firm operates as a multi-office partnership, a network, a corporate group, or a sole practice significantly impacts the practicality of different models. Integrated corporate groups might favour centralised control, while looser networks may lean towards hybrid or decentralised options.
• Risk Appetite: Your firm’s willingness to accept compliance risk influences the choice. Centralised models generally offer greater control and consistency, reducing the risk of non-compliance, whereas decentralised models grant autonomy but increase the risk of inconsistency.
• Available Resources: Assess the financial and human resources available for AML compliance. Centralised models require upfront investment in staff and technology but may offer long-term cost-effectiveness, while decentralised models can lead to higher aggregate costs due to duplication.

Comparing Costs Across Compliance Models

The financial implications vary significantly between the different AML compliance models. Reporting entities must compare the potential costs of each option before making a strategic decision.

The three main models have distinct cost profiles:

• Centralised Model (Reporting Group Structure): This approach typically requires a notable initial investment in central compliance staff, technology, and infrastructure. However, it can prove cost-effective in aggregate over time as resources, systems, and expertise are shared across the group, avoiding duplication.
• Decentralised Model (‘Go it Alone’): While requiring minimal central investment, this model likely results in higher overall costs for the organisation. Each office or entity must independently invest in its own AML systems, training, and compliance personnel, leading to duplicated expenditure.
• Hybrid Model (‘Directed by Corporate’): Costs are shared between the central body and individual firms. While there is investment in shared tools and central guidance, individual offices bear implementation costs. The central body might negotiate better group-wide terms for software and services, potentially offering some cost benefits compared to a fully decentralised approach.

Balancing Info Sharing Benefits & Privacy Act Obligations

Reporting Groups facilitate information sharing between members for CDD and risk management purposes. This can streamline processes, allowing members to rely on CDD conducted by others within the group and share insights for risk mitigation.

However, this enhanced information sharing capability must be carefully managed alongside obligations under the Privacy Act 1988 (Cth). Sharing client information, including sensitive CDD data, necessitates robust governance and clear protocols.

Firms must ensure that any sharing complies with the Australian Privacy Principles, addressing aspects like:

• Notice
• Consent
• Data security
• Access rights

This careful management helps avoid breaches under AML/CTF and privacy legislation. Establishing clear intergroup agreements and safeguarding the confidentiality of shared information is essential.

Preparing Your Law Firm or Accounting Firm for Reporting Group Changes (31 March 2026)

Reviewing Your Law or Accounting Firm’s Structure & Reporting Group Status

Law and accounting firms must proactively prepare for the commencement of the Reporting Group framework on 31 March 2026. A critical first step involves thoroughly analysing your firm’s existing ownership and control structures to determine if your organisation will automatically form a Reporting Group under the new definitions.

The assessment should focus on the concept of ‘control’ as defined in the new section 11 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). This analysis should consider:

• Both formal corporate relationships
• The ‘practical influence’ test for non-corporate entities like partnerships and trusts

This thorough review will help identify if your firm is part of a ‘business group’ providing a designated service, which triggers automatic Reporting Group formation.

Additionally, it is essential to identify the likely Lead Entity within any potential Reporting Group, considering both the eligibility criteria and the significant responsibilities this role entails.

Updating Your Law or Accounting Firm’s AML/CTF Program & Policies

Firms must develop or significantly revise their AML/CTF program to align with the updated requirements effective 31 March 2026. The revised obligations move from prescriptive checklists to an outcomes-focused approach, demanding a program tailored to your firm’s risks.

This revision involves documenting a comprehensive, business-wide risk assessment of ML/TF. Your assessment must consider factors such as:

• Customer types
• Services provided
• Delivery methods
• Geographic exposure

Your updated AML/CTF program and associated policies must reflect the findings of this risk assessment and detail the systems and controls implemented to mitigate and manage identified risks.

Furthermore, the program must articulate the chosen compliance operating model, whether operating within a formal Reporting Group structure, adopting a decentralised approach, or implementing a hybrid model.

Engaging with AUSTRAC Guidance & Finalised Rules for Your Law or Accounting Firm

Staying informed about regulatory developments from AUSTRAC is crucial for effective preparation. Firms should actively monitor AUSTRAC communications for the finalised Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1) (Cth).

These Rules will provide critical details supplementing the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth), including:

• Specifics on Reporting Group operations
• Lead Entity requirements
• Potentially an ‘opt-out’ mechanism

Beyond the Rules, look for sector-specific guidance tailored to the legal and accounting professions, which AUSTRAC is expected to develop. Engaging with these materials, educational resources, and FAQs published by AUSTRAC will help ensure your firm fully understands regulatory expectations and requirements before the 31 March 2026 deadline.

Conclusion

Introducing Reporting Groups under the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth) fundamentally reshapes Australian AML/CTF compliance, replacing the DBG structure effective 31 March 2026. Law and accounting firms, particularly new reporting entities under Tranche 2, must understand these changes, including the ‘control’ concept, Lead Entity responsibilities, available compliance models, and the critical need for strategic preparation to mitigate risk and ensure adherence to reporting obligations set by AUSTRAC.

Navigating these significant reforms requires careful planning; contact AML House today for trusted expertise and specialised legal consulting services tailored to help your law or accounting organisation effectively manage the transition to Reporting Groups and meet your new AML/CTF compliance obligations, transforming regulatory challenges into strategic opportunities.

Frequently Asked Questions