AML Onboarding & VOI

Compliant client onboarding and identity verification

AML/CTF Compliance Centre

Complimentary, all-inclusive AML/CTF solution

Searches and Certificates

Order all your searches and certificates in one place

Property Interface

A dynamic, matter specific environment

Family Law Interface

Manage family law matters with one solution

Wills & Estates Interface

Simplify estate administration and planning

Contract Review tool

Review contracts faster with AI-assisted precision

Settlement Services

Electronically lodge registry documents and settlements

Financial Disclosure

Securely collate client financial documentation

Process Serving

Serve documents fast with tracking

Practice Management Integration

Streamline administrative tasks and optimise workflows

Integration Support Guides

Access our support guides for comprehensive self-help assistance

InfoTrack Connect

Allows suppliers to connect their products and services with the InfoTrack Ecosystem

Next Gen Integration

Learn how software and integrations can transform the way you work

News and Insights

Find out the latest industry updates

AML/CTF Training

Take on compliance with confidence

Events and Webinars

Take your professional development to the next level

Cyber Security Awareness Training

Build your cyber resilience

Property Market Update

Discover leading edge property insights

InfoTrack on Claude Cowork

Access InfoTrack directly inside Claude Cowork

playbook playbook white logo
Monthly digest covering the latest news for legal and conveyancing industries.

About Us

Learn more about who we are and what we do

Our Team

Find out who drives InfoTrack's innovation and strategy

Join Us

Be a part of our award-winning culture

Media

Featured media releases and mentions

Contact

Get in touch with a member of our team

Awards

Showcasing our people, solutions and service

Discover our award-winning technical innovations.

This is what $22 billion laundered through the Australian economy looks like up close

Yesterday, for the first time, four of Australia’s Tranche 2 professions shared a single forum. Lawyers, conveyancers, accountants and real estate agents, along with AUSTRAC CEO Brendan Thomas and peak industry bodies, sat in the same room and had the conversation that has never happened before: not within a single sector, not at arm’s length through guidance documents, but openly, together, with the hard questions on the table.

InfoTrack hosted the Industry Collective Speaks in partnership with Australian Conveyancer, Securexchange and triSearch, and the discussion covered everything from suspicious matter reporting and legal professional privilege to off-boarding clients, technology misconceptions, and what AUSTRAC actually notices when it reviews a firm. With obligations commencing in the coming weeks, the session was both timely and clarifying.

Here are the most important things practitioners in legal and conveyancing should take away.

One conveyancer. One phone call. One organised crime network.

Before the panel got into the mechanics of compliance, Brendan Thomas opened with an anecdote that framed everything that followed. A conveyancing firm, preparing for the regime before it had even commenced, had been studying AUSTRAC’s red flag indicators. In doing so, they identified a client who was giving them pause.

The law had not yet started, so they could not file a suspicious matter report. Instead, they contacted AUSTRAC directly and disclosed the information through a general public disclosure, with AUSTRAC noting it did not carry the same legal protections as a formal SMR.

The client, Brendan Thomas said, appeared to be entirely ordinary. “The most innocent-looking member of the public that you could ever see.” It turned out that person was the Australian fulcrum for multiple international organised crime groups funnelling tens of millions of dollars into the Australian real estate market.

“We had no idea that person was there,” Brendan Thomas said, “and we had no idea that that money was coming into the economy.”

The case is still under investigation. But the point Brendan Thomas was making was precise: that was one conveyancer, with one piece of information, before the regime had even started. The regime is not regulation for regulation’s sake. The money is already moving through the transactions these professions handle every day.

Enrolment is not optional, even if you sell one property a year

AUSTRAC’s enrolment figures are tracking well, with more than 22,000 businesses enrolled as of the day before the forum, including more than 4000 lawyers and 1,200 conveyancers. But a consistent theme from panel members was the number of practitioners who still believe they fall outside scope because their volume is low.

Brendan Thomas was direct: if you provide a designated service, even once, you need to have enrolled within 28 days of commencing that service. Volume does not determine scope. The nature of the service does.

For conveyancers, this is already familiar territory. For sole practitioners and small firms in the legal sector, the message is the same. Enrolment is the baseline, not a formality that larger firms deal with.

One of the most consistent questions InfoTrack receives from legal practitioners is whether a particular service falls within scope at all, and family law is a particularly common area of uncertainty. Property settlements, trust structures, and the transfer of assets that arise in family law matters can carry AML obligations depending on the nature of the service being provided. If you are unsure whether a specific service you offer is designated under the Act, InfoTrack has built a designated services checker tool drawn directly from AUSTRAC’s own guidance. It is a straightforward way to work through the question before committing to a position, and to document that you considered it.

Not filing suspicious matter reports draws more attention than filing them

This was one of the more counterintuitive clarifications of the morning, and practitioners should read it carefully.

AUSTRAC monitors suspicious matter reporting rates across every regulated sector and every individual business. Brendan Thomas confirmed that businesses operating in areas where money laundering is known to occur yet consistently rating every client as low risk and filing no suspicious matter reports, attract scrutiny.

“If you are not putting in those reports, we notice that,” he said.

Businesses that file suspicious matter reports are not drawing negative attention to themselves. The report itself is a report of suspicion, not a report of crime, and it carries legal protections that mean the subject of that report cannot obtain a copy, including through legal proceedings.

For practitioners who have been anxious about identifying themselves as the source of a report, especially in small towns and regional communities where everyone knows each other, the message is clear: you are protected. A single suspicious matter report is not the basis on which AUSTRAC acts. It becomes one piece in a much larger intelligence puzzle, combined with data from other sources to build a picture of criminal activity over time. The concern about personal safety and business reputation is real and was acknowledged openly by the panel, but in more than 20 years of the existing regime, those protections have never been breached.

You do not have to stop the transaction to file an SMR

This point generated significant discussion and deserves direct attention.

There is a widespread assumption among practitioners that once a suspicious matter report obligation arises, the transaction must be paused or terminated. AUSTRAC’s position, confirmed by Brendan Thomas, is that this is not the case. You can continue through to settlement and file a suspicious matter report. Banks do this routinely.

The reason this matters is twofold. First, stopping a transaction abruptly can itself constitute tipping off, because the client may infer from the pause that something is being reported. Second, and perhaps more practically, most of the matters that generate a suspicion will ultimately involve ordinary Australians with no connection to financial crime. The suspicious matter report is a contribution to a larger picture AUSTRAC is building, not necessarily the final word on a transaction.

As Brendan Thomas put it: “A suspicious matter report is just that, it is a suspicion. It is not proof of a crime.” What practitioners need to do is escalate internally, to their compliance officer or, in a small practice, to themselves in their role as the nominated officer, make the assessment, and file if the suspicion cannot be allayed. The transaction should proceed.

Your AML program is not a document. It is a practice.

Richard Story, Partner in Risk Consulting at Grant Thornton, identified the single biggest gap he has observed across the market: the difference between organisations that have printed the starter kit and placed it on a shelf, and those that have embedded AML obligations into how they actually operate.

A program that exists only on paper will not withstand review. AUSTRAC’s approach when it visits a business is not to look for a document but to ask what the business is doing when something looks unusual. Have staff been trained? What questions are being asked? How are escalations handled? What does management know about the suspicious matter reports being filed, and is that data being used to refine how the business works?

That is the shift. Not a new compliance regime sitting alongside everything else, but a genuine professional instinct, folded into practice.

The right technology makes this manageable

One of the most persistent concerns raised by practitioners across all four sectors is the sheer weight of what implementation feels like. The good news is that the technology available today is significantly more capable than what existed when Tranche 1 entities first had to navigate these obligations twenty years ago.

 

The misconception worth correcting is not that technology helps, it is that any platform can make your obligations disappear entirely. What the right platform can do is carry most of the operational load. InfoTrack’s Compliance Centre, for example, goes well beyond identity verification. It is built to support the customer due diligence workflow end to end, including watch list screening, risk rating, and the documentation practitioners need to demonstrate their program is being applied consistently. Richard Story noted that for the vast majority of customers, that kind of integrated approach covers approximately 90 per cent of the work from the moment a new client is onboarded.

 

What remains with the practitioner is judgment. The decision to escalate a concern or file a suspicious matter report, and as Brendan Thomas confirmed, that is where legal liability sits. But that is a very different proposition to doing everything from scratch. The technology handles the process. The practitioner handles the exceptions, in line with their AML policy.

 

For firms that have been putting off implementation because it feels overwhelming, that is the reframe: you are not building a compliance department. You are adding a layer of structured thinking to work you are largely already doing, supported by tools designed to make that as straightforward as possible.

Existing clients do not need to be re-verified from 1 July

A practical clarification that has generated significant questions across the sector: the obligation to conduct customer due diligence applies from commencement, but does not retrospectively require practitioners to re-verify every existing client on day one.

The trigger for re-verification is a material change in circumstances, a significant shift in the nature of the services being provided, a new suspicion arising, or, for ongoing clients, the passage of time according to their policy. AUSTRAC’s guidance in the starter kits specifies low risk clients at every three years, medium risk at every two, and high risk annually as a minimum.

The important caveat, raised explicitly during the Q&A, is that if a suspicion arises about an existing client after 1 July, that triggers the relevant obligations regardless of when the original VOI was conducted.

Independent evaluation is required within three years, but earlier is worth considering

Every reporting entity must commission an independent evaluation of its AML/CTF program within three years of commencement. This is not an audit in the accounting sense. It is an independent assessment of whether the program is appropriately designed and properly implemented.

Richard Story raised a practical consideration worth noting: if the majority of new reporting entities wait until the end of their three-year window, there will be significant demand for evaluators and limited supply of people with genuine AML expertise. Practitioners who move earlier may find it easier to secure experienced evaluators and will benefit from feedback while there is still time to refine their program before it matters most.

AUSTRAC does not maintain a recommended list of evaluators. Due diligence on the evaluator, including their experience and the quality of their previous work, is the practitioner’s responsibility.

What 1 July actually requires of you

Brendan Thomas distilled the immediate obligations into four things: enrol with AUSTRAC, appoint a nominated compliance officer (this can be the principal of a small firm), have an AML/CTF program in place, and begin training staff on red flag indicators.

The compliance posture AUSTRAC is looking for at commencement is not perfection. It is best effort and genuine engagement. Bobbie Wan’s closing advice for legal practitioners framed it well: “Do not let perfection get in the way of progress.” Document your decisions. Show your workings. Demonstrate that you engaged with the guidance, formed a view, and acted on it.

That is what a good-faith compliance posture looks like. It is also, as the panel reflected, what good professional practice has always looked like.

Resources

Practitioners can access the following support before and after 1 July:

 

  • The AUSTRAC website includes starter kits designed for small businesses across each sector, guidance on designated services, and red flag indicator resources. The AUSTRAC contact centre is available for specific queries.
  • If you are uncertain whether a specific service you provide is a designated service under the Act, InfoTrack’s designated services checker tool is built directly from AUSTRAC’s published guidance and allows you to work through the question quickly and document your reasoning.
  • The Law Society of NSW has published AML implementation guidance for solicitors, including suggested retainer wording and a privacy policy template, available through the Law Society’s AML Hub.
  • The Real Estate Institute of NSW and the Australian Institute of Conveyancers NSW Division both maintain member helplines with trained staff available to address sector-specific questions.
  • InfoTrack’s AML Compliance Centre is built specifically for lawyers and conveyancers navigating these obligations. It brings together identity verification, watch list screening, risk rating, and the documentation your program requires into a single workflow, so the operational side of compliance is handled, and your focus stays on the judgment calls that are yours to make. Explore the InfoTrack AML Compliance Centre.

 

InfoTrack hosted the Industry Collective Speaks on 18 June 2026 in partnership with Australian Conveyancer, Securexchange and triSearch.