Australia's AML/CTF Tranche 2 laws make compliance mandatory for bookkeepers lodging BAS, managing payroll, and handling financial records. You'll be front-line gatekeepers for detecting suspicious financial activity. Act now or face civil penalties up to $6.26 million.
Take the Free Readiness Quiz →Bookkeepers manage daily financial flows, bank reconciliations, payroll, and tax compliance — giving you visibility into suspicious transaction patterns that others miss.
AUSTRAC recognizes bookkeepers as key intermediaries in detecting money laundering. Criminals structure transactions, use cash-heavy businesses, create false invoices, and move funds between related entities. Bookkeepers who prepare BAS statements, manage bank accounts, and maintain financial records are uniquely positioned to spot these schemes — but only if they understand what to look for.
Bookkeepers' Unique Vulnerability: You handle transaction-level data daily, reconcile bank deposits, record invoices, and manage payroll. You may notice patterns (frequent round-dollar transfers, unexplained cash deposits, invoice irregularities) that red-flag money laundering. Historically, bookkeepers had no AML/CTF obligations, making the sector an attractive channel for criminals who knew you weren't monitoring for suspicious activity.
Tranche 2 specifically targets bookkeepers including:
The impact? You are now responsible for verifying client identities, monitoring transactions for unusual patterns, filing Suspicious Matter Reports (SMRs) to AUSTRAC when you detect red flags, and maintaining records for 7 years. Non-compliance can result in criminal charges and penalties up to $6.26 million.
Follow these 5 critical steps before 1 July 2026.
Here's what to watch for in daily transactions and records.
Use this checklist to ensure you're ready before 1 July 2026. Click each item as you complete it.
The stakes are real. Here's what you're facing if you don't comply.
Maximum civil penalty per breach for individuals. Corporations face up to $31.3 million.
Recent precedent: AUSTRAC issued penalties of $1.3 billion to Westpac and $700 million to Crown Resorts for AML/CTF breaches. As bookkeepers now fall under the regime, enforcement will extend to bookkeeping practices. Individual bookkeepers who fail to report suspicious transaction patterns can face both civil and criminal liability.
We make compliance simple. Start getting compliant in under 30 minutes.
Answers to common questions from Australian bookkeepers.
Any transaction or pattern that doesn't make business sense. Examples: frequent large cash deposits without corresponding invoices, round-dollar transfers to unknown recipients, payroll payments to non-existent employees, invoicing at inflated prices, repeated transfers to overseas accounts, or fund movements that don't align with the client's stated business. If you can't explain why a transaction occurred, it's suspicious enough to query the client and potentially report to AUSTRAC.
New clients from 1 July 2026 must be verified. For existing clients, AUSTRAC recommends updating CDD when you next provide substantial services. You don't need to re-verify long-standing clients immediately, but implement CDD on a rolling basis. If you discover suspicious activity with a historical client at any time, file an SMR immediately regardless of when you first engaged them.
File an SMR. You don't need certainty — you just need suspicion. AUSTRAC's threshold is "on reasonable grounds." If a transaction or pattern looks wrong and you can't get a satisfactory explanation from the client, report it. SMRs are confidential and don't automatically trigger an investigation — they help AUSTRAC identify trends and patterns across the financial system.
You can ask — but be careful. You can ask a client for supporting documentation or explanation of a transaction as part of normal record-keeping. However, don't directly accuse them or say you're reporting them to AUSTRAC. "Tipping off" — warning a client that an SMR has been filed or is about to be filed — is a criminal offence. Keep your inquiry professional and document their response.
At least 7 years. Keep client ID documents, CDD records, and transaction documentation for a minimum of 7 years from the date of the transaction or end of engagement. Store securely and ensure you can retrieve records quickly if AUSTRAC audits your business. Destroy records securely after 7 years.
Verify the director and identify beneficial owners. For business clients, verify the identity of at least one director and understand who the beneficial owners are (anyone with 25%+ ownership interest). You may need to request a company search, shareholder register, or trust deed to identify beneficial owners. If ownership is complex, conduct Enhanced Due Diligence and document your findings thoroughly.
Take our free quiz and get a personalised action plan to start your compliance journey.
Start the Free Quiz →