With Tranche 2 AML/CTF reforms approaching, law firms and conveyancing practices are under increasing pressure to understand their obligations and implement compliant processes ahead of 1 July.
For larger firms, the challenge is not just meeting regulatory requirements. It is applying those requirements consistently across teams, offices and a high volume of matters, without creating unnecessary operational burden.
In a recent webinar featuring Richard Storey, Partner – Risk Consulting at Grant Thornton, we explored what large legal practices need to do now and how to build a scalable, audit-ready AML/CTF framework.
There are four core steps every firm must complete before 1 July. While these requirements apply across the board, the way they are implemented in larger firms is typically more complex.
First, firms must assign clear AML/CTF roles and responsibilities. This includes defining the governing body, a senior manager responsible for oversight and approvals, and an AML/CTF compliance officer who manages day-to-day operations. In larger firms, these roles often sit across different teams, making clarity and accountability critical.
Second, firms need to enrol with AUSTRAC. Although there is a short grace period after providing your first designated service, early enrolment is strongly recommended to avoid delays and ensure readiness from day one.
Third, an AML/CTF program must be developed and in place before 1 July. This program forms the foundation of your compliance framework and includes your risk assessment, policies and procedures.
Finally, all relevant staff must be trained before they begin providing designated services. This training should cover not only regulatory obligations, but also how to identify suspicious behaviour and apply processes in practice.
In short, yes.
AUSTRAC’s starter kits provide a useful baseline, but they are primarily designed for smaller firms, of 15 or less staff, with simpler structures and lower risk exposure. For larger law firms and conveyancing practices, the level of complexity is significantly higher.
This means most larger firms will need to move beyond templated approaches and develop a more tailored framework. In practice, that typically involves building a bespoke risk assessment, creating policies that reflect the firm’s specific operating model, and implementing stronger controls around higher-risk clients and matters.
As highlighted in the webinar, size, structure and client profile all increase exposure to financial crime risk. As a result, regulatory expectations also increase.
At the centre of every AML/CTF program is the risk assessment. While AUSTRAC defines the legal sector as inherently high risk for money laundering, each firm must assess how that risk applies in its own context.
A well-developed risk assessment considers four key areas:
For larger firms, the key shift is moving from simply identifying risk to actively managing it. This means defining your risk appetite, documenting how risks will be mitigated, and ensuring those controls are consistently applied across the business.
Once risks are understood, they need to be translated into clear, practical processes that staff can follow.
For large firms, this is where many challenges arise. It is not enough to have policies documented. Those policies must be embedded into day-to-day workflows, ensuring that onboarding, due diligence and escalation processes are applied consistently across different teams and offices.
This includes clearly defined steps for client onboarding, guidance on how to identify and escalate high-risk matters, and structured processes for reporting suspicious activity. Without this level of consistency, compliance becomes difficult to manage and even harder to demonstrate.
One of the most significant challenges for large firms is implementing AML/CTF requirements at scale.
Staff onboarding is a key example. Firms must conduct due diligence on employees, including identity verification and, in some cases, additional checks such as criminal history or bankruptcy screening. Unlike client onboarding, these costs cannot be passed on and must be absorbed by the firm.
Training is another critical component. All staff must complete AML/CTF training before providing designated services, and firms need visibility over completion rates and any gaps across the organisation. For larger firms, this often requires a structured and trackable approach to training delivery.
Client onboarding also becomes more complex, particularly when dealing with non-individual clients. Companies, trusts and partnerships introduce additional layers of complexity, requiring firms to identify beneficial owners, understand control structures and assess risk accordingly. This shift towards Know Your Business (KYB) processes is one of the most significant operational changes under the reforms.
AML/CTF compliance extends well beyond onboarding.
Firms are required to submit suspicious matter reports when necessary, complete annual compliance reporting, and retain records for at least seven years. For large firms, this creates a broader governance challenge.
It is not just about storing information. Firms must be able to demonstrate a clear and consistent audit trail, showing what actions were taken, when they occurred, and who was responsible. This level of transparency is essential for meeting regulatory expectations and responding to any future audits or reviews.
Given the scale and complexity involved, manual processes are rarely sustainable for larger firms.
Technology plays a critical role in enabling firms to manage AML/CTF obligations more effectively. By centralising compliance activities, standardising workflows and automating record keeping, firms can reduce duplication and improve consistency across the business.
As demonstrated in the webinar, platforms like InfoTrack’s all-inclusive AML/CTF Compliance Centre are designed to support the full compliance lifecycle, from initial program setup through to client onboarding, reporting and ongoing record keeping.
AML/CTF compliance is not a one-off project. For large law firms and conveyancers, it is an ongoing operational requirement that must be embedded into the way the firm works.
Those that take a structured approach, supported by clear processes and the right technology, will be better positioned to manage risk, reduce administrative burden and remain compliant as the regulatory landscape continues to evolve.
To learn more, watch the AML/CTF for large firms webinar on demand, or book a complimentary demonstration to see the Compliance Centre in action.
