The hidden cost of Tranche 2 - what it actually asks of your people

Exploring the personnel obligations and hidden costs of Tranche 2 AML/CTF reforms for Australian professionals.

tranche 2 aml/ctf compliance personnel obligations
Justin Amos

By Justin Amos, Co-Founder & CEO, iDeed Pty Ltd

The views expressed in this article are those of the author and reflect our interpretation of AUSTRAC’s published guidance and the AML/CTF Act as at April 2026. This article is general in nature and does not constitute legal advice. If you have questions about how the reforms apply to your specific practice, get in touch at ideedworks.com.au.

Everyone’s talking about the compliance officer. Nobody’s talking about everything else.

Most of the Tranche 2 conversation has focused on what a compliant AML/CTF programme looks like on paper. The policy document, the risk assessment, the CDD procedures. That’s important. But there’s a parallel obligation that’s getting far less attention, and it lands directly on your people.

Under the reformed AML/CTF Act, every Reporting Entity has personnel obligations. Not just for the compliance officer, but for partners, senior managers, governing body members, and anyone in an AML/CTF role. And meeting those obligations takes time, attention, and internal coordination that most firms haven’t factored in yet.

What AUSTRAC actually requires of your people

The personnel obligations fall into two categories.

Identity Verification - The straightforward requirement

The first is straightforward - identity verification. Every person in an AML/CTF role needs to be verified, the same way you verify clients. Biometric check, liveness check, identity document. This is a process, not a judgment call, and it can be handled efficiently with the right tool.

Governance Due Diligence - The heavy lifting

The second category is where the real work sits - governance due diligence. AUSTRAC has published five forms that cover fitness and propriety, role assignment, conflict of interest, competency, and AUSTRAC notification. These forms record your firm’s own decisions about who holds AML/CTF roles and whether they are suitable. They cannot be outsourced. They are your firm’s obligation and your firm’s judgement call.

The five forms are:

  • AML/CTF Roles Form - records who holds each key AML/CTF role. Needs to be kept current whenever roles change. Required for all firms.
  • Assign Responsibilities Form - documents which specific AML/CTF obligations are assigned to each role, both fixed and flexible responsibilities. Required for all firms.
  • Personnel Due Diligence Form - fitness and propriety assessment, conflict of interest, competency. Covers governing body members, senior managers and other AML/CTF roles. Required for all firms.
  • Personnel Due Diligence for AML/CTF Compliance Officer Form - the AMLCO-specific form. Includes eligibility checks, fit and proper assessment, and the steps to notify AUSTRAC. Required for all firms.
  • PDD Compliance Officer and Governing Body Same Person Form - for sole traders or firms where one person holds both roles. Required where applicable.

The deadlines most firms don’t know about

The 29 July 2026 enrolment deadline is well known. What’s less understood is the chain of obligations that sits around the compliance officer appointment specifically.

Within 28 days of providing a designated service from 1 July 2026, you must have appointed an AMLCO. Within 14 days of that appointment, you must notify AUSTRAC via AUSTRAC Online. If your AMLCO changes at any point, you have 14 days to notify AUSTRAC of the new appointment. All PDD forms must be completed before the person starts in the role, not after.

These are tight, rolling deadlines. Miss one and you are already out of step with the regulator before you’ve started.

Now add the training obligation

Here is where the hidden cost really shows up.

AUSTRAC requires that relevant staff receive AML/CTF training appropriate to their role. In practice, that means someone in your firm needs to sit through AUSTRAC’s training materials and webinars, understand them, and then translate that into something the rest of your team can actually absorb and apply.

That’s not one task. It’s a project:

  1. Someone attends the training, at a minimum one person per firm
  2. That person distils what they’ve learned into an internal format
  3. Internal training is delivered to relevant staff
  4. Attendance and content is documented so you can evidence it if AUSTRAC asks
  5. The process repeats as the regime evolves and guidance is updated

All of this happens while your people are billing hours, managing client relationships, and running a practice. The compliance officer in most small to mid-size firms is a partner or senior manager who is already carrying a full workload. The training obligation doesn’t come with additional hours in the day.

The honest picture

AML/CTF compliance is not complicated in the way that tax law is complicated. It doesn’t require years of specialist training or deep technical knowledge. But it is detailed, process-heavy, and relentless in its documentation requirements.

The firms that treat it as something their fee earners should absorb and manage alongside their existing work will find it quietly eroding their capacity. The firms that treat it as an operational function, separate from the work their people are actually paid to do, will find it far more manageable.

Your compliance officer needs to own the programme and make decisions. Your partners and staff need to understand their obligations. But the execution, the identity verification, the CDD checks, the beneficial ownership research, the sanctions screening, the structured file-building, the record-keeping, none of that needs to be done by people whose time is worth far more doing what they were trained for.

The bottom line

Tranche 2 asks a lot of your people. AUSTRAC webinars, governance forms, internal training, rolling notifications, ongoing documentation. That’s real, and it’s on top of everything else your firm is already carrying.

None of it is your core skill. None of it is what your clients pay you for. And most of it doesn’t need to sit on your desk.

Ready to reclaim your team’s time? ARCaml handles the execution - identity verification, CDD checks, beneficial ownership research, sanctions screening, and structured compliance records - so your compliance officer can focus on oversight and decisions, not administration. Get in touch to learn more.

Justin Amos is Co-Founder and CEO of iDeed Pty Ltd, operators of ARCaml, an AML/CTF compliance platform built for Australian designated service providers. ideedworks.com.au

The views expressed in this article are those of the author and reflect our interpretation of AUSTRAC’s published guidance and the AML/CTF Act as at April 2026. This article is general in nature and does not constitute legal advice. If you have questions about how the reforms apply to your specific practice, get in touch at ideedworks.com.au.

Justin Amos

Justin Amos

Co-Founder & CEO, iDeed Pty Ltd

Justin is Co-Founder and CEO of iDeed, operators of ARCaml - an AML/CTF compliance platform built for Australian designated service providers.

Connect on LinkedIn
Back to all posts

Why Trust iDeedworks

Our expertise is built on deep regulatory knowledge and industry experience aligned with AUSTRAC standards

AUSTRAC Aligned

Australia's official AML/CTF regulator standards

Industry Experts

Verified compliance specialists with proven track record

Always Updated

Content current with 2026 regulations

Content sourced from and aligned with AUSTRAC guidance and regulatory requirements.