How AUSTRAC’s New AML Reporting Groups Affect Law Firms

Introduction

AUSTRAC’s introduction of reporting groups, effective 31 March 2026, represents a significant shift in how law firms and other reporting entities manage their anti-money laundering and counter-terrorism financing (AML/CTF) obligations. This new framework replaces the previous Designated Business Group (DBG) structure, enabling related entities under common control to streamline compliance and risk management through a single, group-wide AML/CTF program.

For law firms providing designated services such as real estate transactions, trust account management, and corporate structuring, these changes bring new responsibilities, including enhanced customer due diligence, risk assessments, and reporting obligations. Understanding and preparing for this transition is essential for law firms to effectively manage their compliance risks and meet AUSTRAC’s evolving regulatory expectations.

AUSTRAC’s Shift to Reporting Groups

Rationale for Reporting Groups

AUSTRAC is implementing reporting groups as a significant measure to enhance the effectiveness of Australia’s AML/CTF regime. This shift aims to align the nation’s framework with international standards, particularly those set by the Financial Action Task Force (FATF).

The introduction of reporting groups serves multiple essential purposes:

Furthermore, this approach directly addresses concerns that criminal elements have targeted “gatekeeper professions,” such as law firms, to launder illicit funds.

Designated Legal Services & Reporting Entity Scope

Commencing 1 July 2026, an extensive array of legal services will be classified as “designated services” under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). This classification means law firms providing these services will become reporting entities with specific AML/CTF obligations.

Generally, services that involve handling significant client funds, property transactions, or corporate dealings are included. Key legal services that fall under this scope include:

It is important to note that routine legal advice, such as standard litigation representation, and court-ordered transactions are generally not captured as designated services. Law firms must carefully assess their service offerings against the legislative definitions to determine their status as reporting entities.

The Transition from DBGs to Reporting Groups

The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth) marks a pivotal change by replacing the long-standing DBG structure with the new reporting group framework. This updated system is scheduled to take effect on 31 March 2026.

A key aspect of this transition is that any existing DBGs operational on 31 March 2026 will automatically convert into reporting groups. This automatic transition ensures a seamless shift to the new framework for entities already operating under a group compliance structure.

The introduction of reporting groups signifies a move towards a more streamlined and modern approach to AML/CTF compliance for related entities within an organisation.

Formation & Structure of Law Firm Reporting Groups

Understanding ‘Control’ & the Basis for Formation

The formation of a reporting group hinges on the concept of a ‘business group’. A business group exists when one person (individual, company, trust, or partnership) ‘controls’ every other person within that group. If such a business group includes at least one member providing a ‘designated service’ under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), a reporting group is automatically formed. This principle was introduced by the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth).

The definition of ‘control’ is detailed in the new section 11 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and varies based on entity type:

• For Bodies Corporate: Control exists when potential group members share a common parent company, similar to the related companies test under the Corporations Act 2001 (Cth).
• For Non-Corporate Entities (e.g., Trusts, Partnerships): Control is present when a person can:
  • Control the entity’s board or governing body
  • Determine outcomes of financial and operating policy decisions

This assessment considers practical influence and established patterns of behaviour, not solely legal rights.

Given this broad definition, particularly the emphasis on ‘practical influence’ for partnerships and trusts prevalent in the legal sector, law firms must meticulously analyse their organisational structures. If the ‘control’ criteria are satisfied within a business group providing a designated service, a reporting group automatically forms from 31 March 2026. Furthermore, any existing DBGs will automatically transition to reporting groups on this date.

Role & Responsibilities of the Lead Entity

A’ Lead Entity’ must be nominated within the reporting group structure established by the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth). This entity plays a central coordinating and oversight role for the group’s AML/CTF compliance. It is important to note that the Lead Entity is treated as a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and is subject to obligations, even if it does not directly provide designated services.

While the definitive eligibility criteria for a Lead Entity will be detailed in the finalised Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1) (Cth), initial draft rules suggested requirements such as:

• The entity must be a resident of Australia.
• It must either provide a designated service or be a company registered under the Corporations Act 2001 (Cth).
• It must ‘control’ all other reporting entity members within the group that provide designated services.

The Lead Entity oversees the entire reporting group’s AML/CTF compliance and its efforts to mitigate financial crime risks. Key responsibilities include:

A critical aspect introduced by the new legislation is a shared liability model. If any reporting entity member within the group fails to comply with an obligation under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) or its Rules, both the contravening group member and the designated Lead Entity can be held legally responsible for the breach. This significantly elevates the risk for the Lead Entity, making it accountable for its actions and the compliance failures of other reporting group members.

Key Differences: Designated Business Groups & Reporting Groups

The shift from DBGs to reporting groups, effective from 31 March 2026, introduces several significant changes that law firms and other reporting entities must understand for their AML/CTF compliance. These distinctions fundamentally alter how related entities manage their obligations.

The primary differences include:

New AML Reporting & CDD Obligations

Changes to Threshold Transaction Report & Suspicious Matter Report Submissions for Reporting Entities

AUSTRAC reporting group members can influence how law firms manage their Threshold Transaction Report (TTR) and Suspicious Matter Report (SMR) submissions. The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) allows a reporting group member to discharge the reporting obligations of another member, potentially enabling centralised filing by the lead entity. This framework, outlined in section 236B of the Act, can streamline processes for reporting entities within a group structure.

While the fundamental obligations for submitting TTRs and SMRs remain, the group arrangement can affect how these are managed. For instance:

Remembering that “tipping off” a client about an SMR submission is a serious offence is crucial.

The intensity of scrutiny or the frequency of these transaction reports may also be influenced by your law firm’s internal ML/TF risk assessment. Firms with a higher-risk profile, as determined by their assessment, might implement more frequent or detailed reviews of transactions.

Additionally, AUSTRAC is introducing new reportable details for SMRs and TTRs, aiming to capture more specific and helpful information to combat financial crime. The lead entity within a reporting group is accountable if a group member fails to meet these obligations, as the lead entity can also be deemed in contravention.

Enhanced Customer Due Diligence & Beneficial Ownership Data Requirements for Your Organisation

The new AML/CTF compliance landscape brings more stringent CDD procedures for your organisation. There is a particular emphasis on collecting, verifying, and, where necessary, reporting comprehensive beneficial ownership information. These enhanced data-capture requirements are critical, especially when your law firm is involved in designated services such as property sales, or the formation and management of companies and trusts.

Identifying and verifying beneficial owners is a cornerstone of the updated CDD obligations. A beneficial owner is the natural person (or persons) who ultimately owns or controls a customer, or on whose behalf a transaction is conducted. Your firm must, at a minimum:

• Collect the full name of each beneficial owner.
• Obtain either their date of birth or full residential address.
• Take reasonable measures to verify this information using reliable and independent documentation or electronic data.

AUSTRAC guidance emphasises identifying any natural person who owns 25% or more of an entity or exercises control. This requires careful examination of company registers, trust deeds, and other constitutional documents, particularly for complex ownership structures.

For instance, when assisting a client with purchasing real estate through a company or trust, your organisation must diligently identify and verify all relevant beneficial owners, such as settlors, trustees, and directors.

The level of CDD will vary based on the ML/TF risk profile of the customer and the service being provided, encompassing:

• Standard CDD
• Simplified CDD for genuinely low-risk scenarios
• Enhanced CDD (ECDD) for higher-risk situations

ECDD involves obtaining additional information and undertaking more rigorous verification. This risk-based approach extends to ongoing CDD, which includes monitoring client transactions and regularly updating customer risk profiles.

While relief from beneficial ownership due diligence may be available for demonstrably low-risk customers like government bodies or certain publicly listed companies (provided no ECDD triggers apply), many transactions involving private companies or opaque trusts will necessitate full scrutiny.

Resource, Staffing, & Technology Impacts

Impact on Small vs. Large Law Firms

The introduction of reporting group compliance and new designated service obligations under the AML/CTF regime will affect law firms of different sizes in distinct ways. These changes, stemming from legislation like the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth), present unique operational and financial challenges for small and large practices.

Large law firms, particularly those with existing corporate or finance practices, may already possess some risk management infrastructure. For these organisations, the primary challenge often involves scaling existing compliance teams and absorbing the costs associated with more sophisticated AML software and technology upgrades.

They might need to:

• Expand their current compliance departments, potentially hiring dedicated full-time AML compliance officers (AMLCOs) or even data analysts
• Invest significantly in upgrading practice management and client onboarding software to automate enhanced CDD, integrate with electronic verification of identity (e-VOI) services, and manage complex transaction monitoring.
• Establish board-level AML committees and implement API integrations between trust accounting systems and AUSTRAC Online, which can represent a substantial financial outlay.

Conversely, small and mid-sized law firms often face a steeper learning curve and more pronounced resource constraints. Many currently rely on manual checks and may not have formal AML staff or advanced practice management software.

The new obligations mean these firms must:

• Address a potentially significant increase in non-billable compliance workload for existing partners or senior staff
• Consider hiring their first dedicated AML compliance officer, which can be a considerable new expense
• Face the financial hurdle of acquiring AML-compliant software, engaging external AML consultants for program development and risk assessments, and allocating resources for essential staff training.
• If feasible, explore outsourcing options for certain CDD or SMR processes, or consider joining a reporting group with other firms to share compliance costs and expertise.

The financial and resource strain of implementing these changes, including upgrading systems to meet data-collection and reporting requirements for any designated service they provide, can be particularly acute for smaller practices. AUSTRAC has acknowledged these challenges and is developing resources like an AML/CTF Starter Kit for small businesses to assist them in their compliance journey.

AML Officer Training & Software Upgrade Needs

The new AUSTRAC reporting group rules and expanded AML/CTF obligations necessitate significant staffing, training, and technology adjustments for every law firm providing a designated service. These changes are crucial for effective compliance and risk management within your organisation.

A key requirement is the appointment of an AMLCO. This individual must be:

• A fit and proper person
• Employed or engaged at a management level within the firm
• Ordinarily resident in Australia
• Possessed of sufficient authority, independence, and access to information and resources to effectively oversee the firm’s AML/CTF program

For smaller firms, this might mean an existing partner takes on these duties, consuming valuable fee-earning time, or it could necessitate external recruitment. Larger firms may need to hire or dedicate multiple full-time AMLCOs and analysts to manage the increased workload.

Comprehensive and ongoing AML training for all relevant staff is another critical need. This includes:

• Lawyers, paralegals, and administrative staff involved in client onboarding, transaction handling, or any designated service
• Training on the firm’s specific AML/CTF policies and procedures, how to identify red flags for money laundering or terrorism financing, and the internal processes for reporting suspicious matters to the AMLCO
• Understanding new data capture requirements for CDD, including beneficial ownership verification

Finally, upgrading practice management software and other technological tools is almost certainly required. Firms will need systems that can:

• Effectively capture, store, and manage the additional client and transaction data required for AML compliance, including CDD records and risk assessments
• Integrate e-VOI solutions to streamline client identification
• Support transaction monitoring to detect unusual activities
• Facilitate efficient internal and external reporting, including TTRs and SMRs, to AUSTRAC

Investment in such technology, ranging from AML-integrated practice management systems for smaller firms to complex API integrations for larger ones, will be essential for meeting the new AML/CTF compliance demands.

Best Practices & Transition Roadmap

Measures to Reduce AML Risk & Manage Compliance

To effectively manage AML/CTF risks and ensure compliance, your law firm can implement several proactive measures. These practices strengthen your defences against financial crime, particularly when providing a designated service.

Key recommended measures include:

Key Timelines & AUSTRAC Engagement

Navigating the transition to the new AUSTRAC reporting group framework requires a clear understanding of key timelines and proactive engagement with AUSTRAC. The obligations for Tranche 2 entities, including law firms, commence on 1 July 2026.

A high-level transition roadmap includes several critical phases and dates:

Proactive engagement with AUSTRAC is crucial throughout this transition. Law firms should:

• Diligently review all guidance materials published by AUSTRAC.
• Utilise resources such as the AML/CTF Starter Kits, especially for smaller firms.
• Appoint an internal AML Champion or ensure the designated AML/CTF compliance officer leads the implementation process.
• Monitor AUSTRAC’s official channels for updates and participate in any further consultations or educational opportunities.

By staying informed and preparing systematically, your organisation can ensure a smoother transition to meet the new AML/CTF compliance requirements.

Conclusion

AUSTRAC’s new reporting group framework, effective 31 March 2026, significantly alters how law firms manage AML/CTF compliance, necessitating a thorough understanding of designated service obligations, internal risk assessment, enhanced CDD, and resource planning. Preparing strategically for these changes, including understanding the role of a lead entity and new reporting requirements, is crucial for all reporting entities to meet their obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).

To navigate these complex new requirements and ensure your organisation is prepared for the upcoming deadlines, contact AML House today for trusted expertise and specialised legal consulting services. Our experts can help your law firm effectively manage the transition to reporting groups and meet your new AML/CTF compliance obligations, transforming regulatory challenges into strategic opportunities.

Frequently Asked Questions (FAQ)