Tranche 2 Key Dates and Deadlines: What Is Changing and When

9 min read · General information, not legal advice · Updated 2026-06-12

You have worked out that Tranche 2 lands on your desk — you are a real estate professional, a metals or stones dealer, or a lawyer, conveyancer, accountant or trust and company service provider who provides the kind of work the reforms cover. The question now is not whether it applies, but how long you have and what to do first. That is the decision this article is built around.

The single date that matters most is 1 July 2026, when the new obligations for tranche 2 entities are due to commence. Everything else is about working backwards from there: knowing which milestone needs to be done by which month so the deadline arrives as a formality rather than a panic. This is general information, not legal advice, and your exact obligations depend on the designated services you provide — but the timeline logic below holds regardless.

The one date you cannot miss: 1 July 2026

Tranche 2 refers to reforms under the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024, which extend Australia's existing AML/CTF regime to new sectors known as tranche 2 entities. The regulator is AUSTRAC (the Australian Transaction Reports and Analysis Centre), and enrolment and reporting are done through AUSTRAC Online.

For the purpose of planning, fix one number in your head: the new obligations for tranche 2 entities are due to commence on 1 July 2026. That is the date your AML/CTF program needs to be real, your compliance officer needs to be appointed, and your customer due diligence and reporting processes need to actually work — not the date you start thinking about them.

It helps to treat 1 July 2026 the way you would treat a tax or audit deadline: a hard line you back-plan from, with a sensible buffer in front of it. The businesses that struggle are almost always the ones that read "2026" as "plenty of time" and left the build until the final quarter.

Why a single date hides several deadlines

The trap with "the Tranche 2 deadline is 1 July 2026" is that it sounds like one task with one due date. In reality, becoming a compliant reporting entity is a sequence of dependent steps, and several of them have to be finished before the others can even start.

You cannot write a meaningful AML/CTF program until you have done your ML/TF risk assessment. You cannot finalise customer due diligence procedures until your program defines them. You cannot train staff on processes that do not exist yet. And you cannot test any of it under real conditions if it is all still in draft the week before commencement.

So the right mental model is not one deadline but a chain of internal milestones, each with its own self-imposed cut-off, all flowing toward 1 July 2026. Some of the fine detail is still being settled, so treat the precise mechanics as something to confirm as the AUSTRAC rules are finalised — but you can and should start the sequence now.

The reform timeline, in plain order

Here is how the reform sits in time, from the law itself through to your day-to-day obligations:

• The law is already in place. The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 has been enacted — this is settled, not a proposal.
• The detailed rules are being finalised. The supporting AUSTRAC rules and guidance flesh out exactly how obligations apply to each sector and designated service. Watch this space and check AUSTRAC directly for the current position.
• Now until 1 July 2026 is your preparation window. This is the runway to confirm scope, appoint your AMLCO, run your risk assessment, build your program, and set up CDD and reporting.
• 1 July 2026 — obligations commence. From this point, tranche 2 entities are expected to meet their AML/CTF obligations as reporting entities.
• After commencement — ongoing. Compliance is not a one-off. CDD, transaction monitoring, reporting, record-keeping and program review continue for as long as you provide designated services.

The headline takeaway: the only fixed calendar date you control your preparation around is 1 July 2026. Everything before it is your own schedule to set.

How to back-plan from 1 July 2026

The cleanest way to use the time is to place each milestone on the calendar working backwards from commencement, leaving a buffer so the final weeks are for testing and fixing, not building. Adjust the spacing to your own size and complexity, but keep the order:

• Step 1 — Confirm scope (do this first, immediately). Map the designated services you actually provide. If you are in scope for some work and not others, document where the line sits.
• Step 2 — Appoint your AML/CTF compliance officer (AMLCO). Name the person who owns this internally before any build work begins, so there is a single point of accountability.
• Step 3 — Run your ML/TF risk assessment. Assess risk across your customers, services, delivery channels and geographies. This must come before the program, because it drives it.
• Step 4 — Build your AML/CTF program. Document governance plus the policies, procedures, systems and controls that respond to the risks you found.
• Step 5 — Set up customer due diligence (CDD/KYC). Decide how you verify identity, handle higher-risk customers, and conduct ongoing CDD and transaction monitoring.
• Step 6 — Wire up reporting and record-keeping. Build your workflow for suspicious matter reports (SMRs) and threshold transaction reports (TTRs), and your system for keeping records for around seven years.
• Step 7 — Train your team and dry-run. Make sure staff recognise red flags and know the process, then test the whole thing end to end while you still have time to fix gaps.
• Step 8 — Enrol with AUSTRAC. Be ready to enrol through AUSTRAC Online in line with the commencement timeline.

A useful rule of thumb: aim to have the program and CDD built well before 1 July 2026, so the run-in is spent embedding and testing. A program that is still being drafted in the final weeks tends to read like one.

What you are actually building by the deadline

So the schedule has a concrete target, here is the set of obligations a tranche 2 reporting entity needs in place. These are well established for the sectors already in the regime, so they are a reliable guide to what must exist by commencement:

• Enrolment with AUSTRAC via AUSTRAC Online.
• An AML/CTF program — governance, a documented ML/TF risk assessment, and the policies, procedures, systems and controls that manage your risks.
• Customer due diligence (CDD/KYC), including ongoing CDD and transaction monitoring across the life of each relationship.
• Reporting — suspicious matter reports (SMRs) when you have reasonable grounds for suspicion, and threshold transaction reports (TTRs) for physical currency of AUD 10,000 or more.
• Record-keeping, generally for seven years.
• An appointed AML/CTF compliance officer (AMLCO) with the time and authority to do the role properly.

Not meeting these obligations can attract significant civil and criminal penalties, which is the practical reason to build genuine, working compliance rather than a last-minute paper exercise.

Common timing mistakes to avoid

When the deadline is more than a year out, the errors are almost always about scheduling rather than substance. Watch for these:

• Reading "2026" as "later". The risk assessment and program take real calendar time to build and embed. Starting late compresses the hardest work into the worst possible window.
• Building the program before the risk assessment. Doing them out of order means rewriting the program once you actually understand your risks. Sequence matters.
• Leaving zero buffer before 1 July 2026. If your plan finishes on the deadline, there is no time to test, find gaps and fix them. Plan to be done early.
• Treating enrolment as the whole job. Enrolling with AUSTRAC is one step, not the finish line — the program, CDD and reporting all still have to work.
• Forgetting that obligations are ongoing. The deadline gets you to the start line, not the end. CDD, monitoring, reporting and program review continue indefinitely.
• Waiting for every last rule before doing anything. Much of the groundwork — scope, AMLCO, risk assessment — can proceed now and be refined as the AUSTRAC rules are finalised.

How an audit-ready template kit saves time on the clock

The reason timing slips is rarely the calendar — it is how long the build itself takes from a blank page. The AML/CTF program structure, the risk assessment framework, CDD procedures, registers and reporting workflows follow a consistent shape across similar businesses, and recreating that format yourself is the slow part.

A well-structured, audit-ready template kit gives you a tested starting point: editable documents you tailor to your services and risk profile, rather than designing the framework from scratch. It will not make your decisions for you, and the end result still has to reflect your business and be confirmed against the finalised AUSTRAC rules. Used sensibly, though, it can take weeks off the build — which is exactly the slack you want sitting in front of 1 July 2026 rather than behind it.

A note on legal advice

This article is general information only and is not legal advice. Whether Tranche 2 applies to you, and exactly which obligations and timing apply, depends on the specific designated services you provide and on the rules as they are finalised. The only commencement date you should plan around is 1 July 2026; always confirm your own position with AUSTRAC (austrac.gov.au) or a qualified adviser before relying on any general guidance.