AML Compliance for Trust Companies & TCSPs Australia

Why Trust & Company Service Providers Are High-Risk

Complex structures can hide beneficial owners and source of funds.

AUSTRAC has identified Trust and Company Service Providers (TCSPs) as a critical vulnerability in Australia's AML/CTF framework. TCSPs facilitate the creation of trusts, companies, and complex corporate structures that can be used to obscure beneficial ownership, hide assets, or launder money. Tranche 2 brings all TCSPs under mandatory compliance, requiring them to identify beneficial owners and understand the purpose of structures they create.

Why Your Services Are Regulated: When you form a company, establish a trust, act as a registered agent, administer an SMSF, or provide similar services, you now have AML/CTF obligations. You must verify the identity of all parties, identify the beneficial owners, understand the commercial purpose, and report suspicious structures or transactions within 3 business days.

Tranche 2 applies to TCSPs providing:

Trust administration and management
Company formation and registration services
SMSF administration and trustee services
Registered agent services
Nominee director and shareholder services
Corporate secretarial services

The core requirement: You must conduct Customer Due Diligence on all clients, identify beneficial owners (the people who ultimately own or control the entity), understand the business purpose of the structure, monitor for suspicious activity, file SMRs when warranted, and maintain records for 7 years. Failure results in civil penalties up to $6.26 million, criminal charges, and loss of business viability.

What You Need to Do

Follow these 5 critical steps before 1 July 2026.

1
Enrol with AUSTRAC

Enrolment opens 31 March 2026. Register at austrac.gov.au as a Trust and Company Service Provider. This is mandatory for all TCSPs. You'll need to provide information about your business, services, and compliance officer.
2
Implement Your AML/CTF Program

Create comprehensive written policies covering customer due diligence, beneficial owner identification, transaction monitoring, suspicious activity reporting, and staff training. Your program must specifically address complex structures and beneficial ownership verification.
3
Verify Identity and Identify Beneficial Owners

For every client engagement, collect government-issued ID and verify identity. For entities, identify all beneficial owners (people who ultimately control or own the entity, directly or indirectly). Obtain board resolutions, ownership documents, and declarations. Keep all records for 7 years.
4
Understand Business Purpose

Ask clients: Why are you establishing this trust or company? What is the commercial purpose? Is there a legitimate business reason for the structure? Document the answers. If the business purpose is vague, undefined, or doesn't make sense, this is a red flag for potential money laundering.
5
Report Suspicious Structures and Activity

If you identify red flags — unknown beneficial owners, structures designed to obscure ownership, layers of entities with no clear purpose, rapid transfers of assets — file a Suspicious Matter Report with AUSTRAC within 3 business days. Include all relevant documentation and your reasons for suspicion.

TCSP Red Flags & Scenarios

Here's what to watch for and how to respond.

Scenario 1: Complex Layered Structure with Hidden Beneficial Owner — A client asks you to establish a trust that owns a company, which holds another company, which is owned by an offshore entity. Each layer obscures the true owner. Ask: Who ultimately owns and controls this structure? If the client cannot clearly identify the beneficial owner, or if beneficial ownership is deliberately hidden, file an SMR. You cannot proceed if you cannot identify beneficial owners.
Scenario 2: Nominee Director or Shareholder Arrangement — A client asks you to appoint a nominee director or shareholder so the real owner is not visible in company records. While nominee arrangements can be legitimate (family privacy, business confidentiality), they are commonly used in money laundering. You must identify the true beneficial owner. Request a statutory declaration from the nominee confirming the real owner. If they refuse, decline the engagement.
Scenario 3: Shell Company with No Real Business Activity — You establish a company that has no employees, no real operations, no bank accounts, no assets — just a registered office. The company exists solely to hold assets or facilitate transactions. This is a classic money laundering structure. Question the client: What will this company do? How will it generate income? If there's no legitimate business purpose, report to AUSTRAC.
Scenario 4: Rapid Asset Transfers or Fund Movements — A client establishes a trust or company and within days instructs you to transfer large sums of money in and out, or to transfer assets to multiple other entities. This pattern suggests funds are being "washed" through structures to obscure their origin. Document the pattern and file an SMR explaining the suspicious movement of funds.

What Happens If You Don't Comply

The consequences are serious. Here's what you face.

$6.26M

Maximum civil penalty per breach for individuals. Corporations face up to $31.3 million.

Criminal charges — Up to 5 years imprisonment for failure to report, 10 years for money laundering, life for serious contraventions
Business closure — AUSTRAC can prohibit you from providing TCSP services
Asset seizure — Criminal proceeds can be seized under proceeds of crime legislation
Professional liability — Civil lawsuits from clients whose funds are frozen or seized due to suspicious activity
Reputational damage — Public enforcement action and loss of client trust and referrals

Recent enforcement trend: AUSTRAC has begun targeting professional service providers for failing to identify beneficial owners and report suspicious structures. TCSPs are now a priority for enforcement. Expect audits, investigations, and significant penalties for non-compliance.

How AMLPrep Helps

We simplify compliance for trust and company service providers. Start getting compliant in under 30 minutes.

📋
Free Readiness Quiz — 15 questions to identify your compliance gaps and get a customized action plan for TCSPs.
📚
TCSP-Specific Guides — In-depth guides on beneficial owner identification, complex structure analysis, red flags, and SMR procedures.
📄
Ready-Made Templates — AML/CTF policies, client intake forms, beneficial owner declaration forms, and SMR checklists for TCSPs.
🎓
Training Course — Comprehensive online training covering TCSP obligations, beneficial ownership identification, and red flags. Certificate of completion.
⚙️
Compliance Software — Automate client CDD, beneficial owner identification, transaction monitoring, and SMR documentation.
👥
Expert Consultants — Direct access to AML/CTF specialists experienced with trust, company, and SMSF services.

Frequently Asked Questions

Common questions from TCSPs.

Who counts as a "beneficial owner"? +

The person who ultimately owns or controls the entity. For a company, the beneficial owner is the person(s) who own 25% or more of shares or who exercise ultimate control. For a trust, it's the settlor, trustee, beneficiaries (if known), and any person who exercises control. For a partnership, it's each partner. If ownership is through another entity, you must trace through the layers to identify the natural person(s) who ultimately benefit or control. Keep in mind: beneficial ownership is not always visible in corporate records.

What if a client refuses to disclose beneficial owners? +

You cannot proceed. Beneficial owner identification is mandatory. If a client refuses to disclose beneficial owners or cannot do so, you must decline the engagement. Document the refusal. Do not form the company, establish the trust, or provide services. If you suspect the refusal is deliberate (to hide illicit activity), file an SMR.

Is every trust or company structure suspicious? +

No, but some require closer scrutiny. Legitimate reasons for structures include estate planning, asset protection, business confidentiality, and tax efficiency. However, structures designed specifically to obscure beneficial ownership, with no clear business purpose, or involving multiple layers with rapid fund movements are red flags. Use professional judgment. If the structure makes commercial sense and beneficial ownership is clear, proceed. If not, investigate further or decline.

What is "business purpose" and why does it matter? +

Business purpose is the legitimate reason for the structure. Examples: "Hold family investment property" (trust), "Operate a consulting business" (company), "Manage employee superannuation" (SMSF). Money laundering often uses structures with no genuine business purpose — they exist only to move and hide funds. Ask clients: Why do you need this structure? What business activity will it undertake? How will it generate income? If they can't articulate a clear purpose, it's suspicious.

Do I need to report if I suspect a client plans to use a structure for money laundering? +

Yes, file an SMR. If you form a company or trust and subsequently become aware (or suspect) the client intends to use it for money laundering, report to AUSTRAC within 3 business days. You have good-faith immunity — you cannot be sued for making a good-faith report to AUSTRAC, even if it's based on suspicion rather than certainty. This protection encourages reporting.

How long do I need to keep CDD and beneficial owner records? +

7 years minimum. Retain all Customer Due Diligence records, beneficial owner documentation, identity verification, and business purpose documentation for at least 7 years from the end of the client relationship. This means if a client engaged you in 2024, keep records until at least 2031. AUSTRAC may audit your files, so ensure records are organized, complete, and easily retrievable.

AML Compliance for Trust Companies & TCSPs — Your Obligation Starts July 1