AUSTRAC Has Done Much of the Hard Work For You. Now It's Your Turn.

If you've been watching the AML/CTF reform timeline with a mixture of awareness and a bit of low-grade dread, January brought some genuinely useful news.

AUSTRAC released its sector-specific compliance starter kits. These are practical, step-by-step guides designed to help small businesses in newly regulated professions build an AML/CTF program without starting from a blank page. There are kits for legal practices, accountants, real estate professionals, and conveyancers. Each was developed in consultation with the relevant industry bodies and tailored to the sector’s actual risk profile and day-to-day workflows. It’s possibly the first time a regulator anywhere in the world has provided this level of hands-on, practical compliance support to newly regulated businesses. These guides are worth taking seriously.

What's actually in the kits

Each starter kit gives you the building blocks of a compliant AML/CTF program: a risk assessment framework calibrated to your sector's common exposures, policy templates outlining your obligations and when they apply, process guidance explaining what you need to do day to day, and forms to record your activity and demonstrate compliance.

They're designed to be customised and operationalised, not downloaded and filed. Note, however, a starter kit is a starting point. You'll need to adapt the risk assessment to reflect your specific practice: the clients you take on, the services you provide, and the jurisdictions you work across.

What the regulator expects

There's a reassuring message embedded in how AUSTRAC has framed all of this. They're not expecting perfection on 1 July. They're expecting demonstrable effort. Specifically, effort that is proportionate, repeatable and defensible.

That three-word phrase is worth holding onto. Proportionate means your controls should match your actual risk level (not a one-size-fits-all template). Repeatable means your team should be applying the same process consistently, not improvising each time a matter arises. Defensible means…if AUSTRAC asks you to explain a decision, you should be able to show your reasoning and your documentation.

Importantly, the 31 March 2026 deadline is when enrolment with AUSTRAC opens, not when your full program needs to be operational. Full obligations, including customer due diligence (CDD) and suspicious matter reporting (SMR), apply from 1 July. But that window will close faster than you realise, particularly if you're building your program from scratch.

The gap most professionals won't notice until it's too late

In our view, the starter kits are really well constructed, and for a small practice with a relatively simple client base, they'll get you a long way. But there's a consistent gap between having a documented AML program and actually running one.

Compliance isn't a document you produce once. It's an ongoing obligation: staff training, customer due diligence on new matters, ongoing monitoring of existing relationships, escalation when something looks unusual, and timely reporting when it does. For a busy professional practice, the operational burden of running all of that manually and maintaining the audit trail to prove you did, adds up quickly.

That's the problem Assure GRC for Tranche 2 is built to solve.

Where Assure GRC T2 fits

Assure is not a document generator. It's a compliance operating system for Tranche 2 professionals - purpose-built for the sectors AUSTRAC has just handed starter kits to.

It walks your practice through your AML/CTF obligations step by step, supports your customer due diligence processes, prompts your team when action is required, and maintains a clean, auditable record of every decision and every interaction. It's designed for professionals who are excellent at their actual work and don't want AML compliance to become a second job.

AUSTRAC has handed you the roadmap; Assure ensures you can follow it consistently across every matter, without dropping the ball when things get busy.

Learn more about Assure GRC T2 →