Compliant client onboarding and identity verification
Complimentary, all-inclusive AML/CTF solution
Order all your searches and certificates in one place
A dynamic, matter specific environment
Manage family law matters with one solution
Simplify estate administration and planning
Review contracts faster with AI-assisted precision
Electronically lodge registry documents and settlements
Securely collate client financial documentation
Serve documents fast with tracking
Practice Management Integration
Streamline administrative tasks and optimise workflows
Access our support guides for comprehensive self-help assistance
Allows suppliers to connect their products and services with the InfoTrack Ecosystem
Learn how software and integrations can transform the way you work
Find out the latest industry updates
Take on compliance with confidence
Take your professional development to the next level
Cyber Security Awareness Training
Build your cyber resilience
Discover leading edge property insights
Access InfoTrack directly inside Claude Cowork
Yesterday, for the first time, four of Australia’s Tranche 2 professions shared a single forum. Lawyers, conveyancers, accountants and real estate agents, along with AUSTRAC CEO Brendan Thomas and peak industry bodies, sat in the same room and had the conversation that has never happened before: not within a single sector, not at arm’s length through guidance documents, but openly, together, with the hard questions on the table.
InfoTrack hosted the Industry Collective Speaks in partnership with Australian Conveyancer, Securexchange and triSearch, and the discussion covered everything from suspicious matter reporting and legal professional privilege to off-boarding clients, technology misconceptions, and what AUSTRAC actually notices when it reviews a firm. With obligations commencing in the coming weeks, the session was both timely and clarifying.
Here are the most important things practitioners in legal and conveyancing should take away.
Before the panel got into the mechanics of compliance, Brendan Thomas opened with an anecdote that framed everything that followed. A conveyancing firm, preparing for the regime before it had even commenced, had been studying AUSTRAC’s red flag indicators. In doing so, they identified a client who was giving them pause.
The law had not yet started, so they could not file a suspicious matter report. Instead, they contacted AUSTRAC directly and disclosed the information through a general public disclosure, with AUSTRAC noting it did not carry the same legal protections as a formal SMR.
The client, Brendan Thomas said, appeared to be entirely ordinary. “The most innocent-looking member of the public that you could ever see.” It turned out that person was the Australian fulcrum for multiple international organised crime groups funnelling tens of millions of dollars into the Australian real estate market.
“We had no idea that person was there,” Brendan Thomas said, “and we had no idea that that money was coming into the economy.”
The case is still under investigation. But the point Brendan Thomas was making was precise: that was one conveyancer, with one piece of information, before the regime had even started. The regime is not regulation for regulation’s sake. The money is already moving through the transactions these professions handle every day.
AUSTRAC’s enrolment figures are tracking well, with more than 22,000 businesses enrolled as of the day before the forum, including more than 4000 lawyers and 1,200 conveyancers. But a consistent theme from panel members was the number of practitioners who still believe they fall outside scope because their volume is low.
Brendan Thomas was direct: if you provide a designated service, even once, you need to have enrolled within 28 days of commencing that service. Volume does not determine scope. The nature of the service does.
For conveyancers, this is already familiar territory. For sole practitioners and small firms in the legal sector, the message is the same. Enrolment is the baseline, not a formality that larger firms deal with.
One of the most consistent questions InfoTrack receives from legal practitioners is whether a particular service falls within scope at all, and family law is a particularly common area of uncertainty. Property settlements, trust structures, and the transfer of assets that arise in family law matters can carry AML obligations depending on the nature of the service being provided. If you are unsure whether a specific service you offer is designated under the Act, InfoTrack has built a designated services checker tool drawn directly from AUSTRAC’s own guidance. It is a straightforward way to work through the question before committing to a position, and to document that you considered it.
This was one of the more counterintuitive clarifications of the morning, and practitioners should read it carefully.
AUSTRAC monitors suspicious matter reporting rates across every regulated sector and every individual business. Brendan Thomas confirmed that businesses operating in areas where money laundering is known to occur yet consistently rating every client as low risk and filing no suspicious matter reports, attract scrutiny.
“If you are not putting in those reports, we notice that,” he said.
Businesses that file suspicious matter reports are not drawing negative attention to themselves. The report itself is a report of suspicion, not a report of crime, and it carries legal protections that mean the subject of that report cannot obtain a copy, including through legal proceedings.
For practitioners who have been anxious about identifying themselves as the source of a report, especially in small towns and regional communities where everyone knows each other, the message is clear: you are protected. A single suspicious matter report is not the basis on which AUSTRAC acts. It becomes one piece in a much larger intelligence puzzle, combined with data from other sources to build a picture of criminal activity over time. The concern about personal safety and business reputation is real and was acknowledged openly by the panel, but in more than 20 years of the existing regime, those protections have never been breached.
This point generated significant discussion and deserves direct attention.
There is a widespread assumption among practitioners that once a suspicious matter report obligation arises, the transaction must be paused or terminated. AUSTRAC’s position, confirmed by Brendan Thomas, is that this is not the case. You can continue through to settlement and file a suspicious matter report. Banks do this routinely.
The reason this matters is twofold. First, stopping a transaction abruptly can itself constitute tipping off, because the client may infer from the pause that something is being reported. Second, and perhaps more practically, most of the matters that generate a suspicion will ultimately involve ordinary Australians with no connection to financial crime. The suspicious matter report is a contribution to a larger picture AUSTRAC is building, not necessarily the final word on a transaction.
As Brendan Thomas put it: “A suspicious matter report is just that, it is a suspicion. It is not proof of a crime.” What practitioners need to do is escalate internally, to their compliance officer or, in a small practice, to themselves in their role as the nominated officer, make the assessment, and file if the suspicion cannot be allayed. The transaction should proceed.
Richard Story, Partner in Risk Consulting at Grant Thornton, identified the single biggest gap he has observed across the market: the difference between organisations that have printed the starter kit and placed it on a shelf, and those that have embedded AML obligations into how they actually operate.
A program that exists only on paper will not withstand review. AUSTRAC’s approach when it visits a business is not to look for a document but to ask what the business is doing when something looks unusual. Have staff been trained? What questions are being asked? How are escalations handled? What does management know about the suspicious matter reports being filed, and is that data being used to refine how the business works?
That is the shift. Not a new compliance regime sitting alongside everything else, but a genuine professional instinct, folded into practice.
One of the most persistent concerns raised by practitioners across all four sectors is the sheer weight of what implementation feels like. The good news is that the technology available today is significantly more capable than what existed when Tranche 1 entities first had to navigate these obligations twenty years ago.
The misconception worth correcting is not that technology helps, it is that any platform can make your obligations disappear entirely. What the right platform can do is carry most of the operational load. InfoTrack’s Compliance Centre, for example, goes well beyond identity verification. It is built to support the customer due diligence workflow end to end, including watch list screening, risk rating, and the documentation practitioners need to demonstrate their program is being applied consistently. Richard Story noted that for the vast majority of customers, that kind of integrated approach covers approximately 90 per cent of the work from the moment a new client is onboarded.
What remains with the practitioner is judgment. The decision to escalate a concern or file a suspicious matter report, and as Brendan Thomas confirmed, that is where legal liability sits. But that is a very different proposition to doing everything from scratch. The technology handles the process. The practitioner handles the exceptions, in line with their AML policy.
For firms that have been putting off implementation because it feels overwhelming, that is the reframe: you are not building a compliance department. You are adding a layer of structured thinking to work you are largely already doing, supported by tools designed to make that as straightforward as possible.
A practical clarification that has generated significant questions across the sector: the obligation to conduct customer due diligence applies from commencement, but does not retrospectively require practitioners to re-verify every existing client on day one.
The trigger for re-verification is a material change in circumstances, a significant shift in the nature of the services being provided, a new suspicion arising, or, for ongoing clients, the passage of time according to their policy. AUSTRAC’s guidance in the starter kits specifies low risk clients at every three years, medium risk at every two, and high risk annually as a minimum.
The important caveat, raised explicitly during the Q&A, is that if a suspicion arises about an existing client after 1 July, that triggers the relevant obligations regardless of when the original VOI was conducted.
Every reporting entity must commission an independent evaluation of its AML/CTF program within three years of commencement. This is not an audit in the accounting sense. It is an independent assessment of whether the program is appropriately designed and properly implemented.
Richard Story raised a practical consideration worth noting: if the majority of new reporting entities wait until the end of their three-year window, there will be significant demand for evaluators and limited supply of people with genuine AML expertise. Practitioners who move earlier may find it easier to secure experienced evaluators and will benefit from feedback while there is still time to refine their program before it matters most.
AUSTRAC does not maintain a recommended list of evaluators. Due diligence on the evaluator, including their experience and the quality of their previous work, is the practitioner’s responsibility.
Brendan Thomas distilled the immediate obligations into four things: enrol with AUSTRAC, appoint a nominated compliance officer (this can be the principal of a small firm), have an AML/CTF program in place, and begin training staff on red flag indicators.
The compliance posture AUSTRAC is looking for at commencement is not perfection. It is best effort and genuine engagement. Bobbie Wan’s closing advice for legal practitioners framed it well: “Do not let perfection get in the way of progress.” Document your decisions. Show your workings. Demonstrate that you engaged with the guidance, formed a view, and acted on it.
That is what a good-faith compliance posture looks like. It is also, as the panel reflected, what good professional practice has always looked like.
Practitioners can access the following support before and after 1 July:
InfoTrack hosted the Industry Collective Speaks on 18 June 2026 in partnership with Australian Conveyancer, Securexchange and triSearch.