A risk-based approach to AML/CTF compliance
2 mins reading time
From 1 July 2026, anti-money laundering and counter-terrorism financing (AML/CTF) obligations will apply to professions and businesses captured as Tranche 2 entities – this includes law firms. Macpherson Kelley, being among many other Tranche 2 entities, is preparing for changes to Australia’s AML/CTF regime. As our team looks to meet our own regulatory obligations, we are keen to share our learnings and findings with clients and other Tranche 2 entities that are considering the many implications of the incoming AML/CTF regime.
Risk-based approach to AML/CTF compliance
AUSTRAC expects Tranche 2 entities to have systems and controls in place (by 1 July 2026) that are commensurate with the specific risks of money laundering, terrorism financing and proliferation financing. Assessing these risks is critical in creating a well-written AML/CTF Program.
Money laundering threats will vary compared to other entities based on:
- clients;
- the services provided;
- the delivery channels utilised; and
- jurisdictional reach.
We know the legislation intentionally does not support a “one-size-fits-all” approach, rather the emphasis is on a risk-based approach. This requires careful planning.
Risk profiles
One starting point is to analyse your operations to identify vulnerabilities that could be exploited for money laundering and terrorism financing purposes. This will include considering the risk profiles of your client base.
These are some examples of different types of clients; services; delivery channels and geographic locations based on three varying levels of risk.
(Illustrative only):
*based on Basel AML Index and FATF AML List
Subject to your risk appetite, you may also have a “Prohibited” level of risk regarding certain types of services (e.g. structuring to facilitate tax evasion, transactions involving countries subject to sanctions such as the Russian Federation or the Democratic People’s Republic of Korea), or certain types of clients (e.g. shell banks or companies).
Assess your risk as a starting point
Clearly differentiating between what you consider lower risk situations and high-risk situations, will be an important step for informing your decisions when developing and tailoring your internal systems and controls. If you need support complying with the incoming AML/CTF obligations, our team has the experience to guide you through the process. Contact our team today for advice.
The information contained in this article is general in nature and cannot be relied on as legal advice nor does it create an engagement. Please contact one of our lawyers listed above for advice about your specific situation.
more
insights
To register or not to register: Considerations when securing loan facilities
Accounting experts: Guidelines to Legal Professional Privilege (LPP)
Macpherson Kelley advises on sale of Kinder Australia to Attalis Capital and the Victorian Business Growth Fund
stay up to date with our news & insights
A risk-based approach to AML/CTF compliance
From 1 July 2026, anti-money laundering and counter-terrorism financing (AML/CTF) obligations will apply to professions and businesses captured as Tranche 2 entities – this includes law firms. Macpherson Kelley, being among many other Tranche 2 entities, is preparing for changes to Australia’s AML/CTF regime. As our team looks to meet our own regulatory obligations, we are keen to share our learnings and findings with clients and other Tranche 2 entities that are considering the many implications of the incoming AML/CTF regime.
Risk-based approach to AML/CTF compliance
AUSTRAC expects Tranche 2 entities to have systems and controls in place (by 1 July 2026) that are commensurate with the specific risks of money laundering, terrorism financing and proliferation financing. Assessing these risks is critical in creating a well-written AML/CTF Program.
Money laundering threats will vary compared to other entities based on:
- clients;
- the services provided;
- the delivery channels utilised; and
- jurisdictional reach.
We know the legislation intentionally does not support a “one-size-fits-all” approach, rather the emphasis is on a risk-based approach. This requires careful planning.
Risk profiles
One starting point is to analyse your operations to identify vulnerabilities that could be exploited for money laundering and terrorism financing purposes. This will include considering the risk profiles of your client base.
These are some examples of different types of clients; services; delivery channels and geographic locations based on three varying levels of risk.
(Illustrative only):
*based on Basel AML Index and FATF AML List
Subject to your risk appetite, you may also have a “Prohibited” level of risk regarding certain types of services (e.g. structuring to facilitate tax evasion, transactions involving countries subject to sanctions such as the Russian Federation or the Democratic People’s Republic of Korea), or certain types of clients (e.g. shell banks or companies).
Assess your risk as a starting point
Clearly differentiating between what you consider lower risk situations and high-risk situations, will be an important step for informing your decisions when developing and tailoring your internal systems and controls. If you need support complying with the incoming AML/CTF obligations, our team has the experience to guide you through the process. Contact our team today for advice.