AML/CTF · AFSL

You Were Already Compliant. Here's What AML/CTF Tranche 2 Changes for Your AFSL Business | AML/CTF AFSL Australia 2026

Published 15 June 2026Last reviewed June 20265 min readBy Paul Wise

There's a comfortable assumption running through a lot of AFS licensee offices: "We're a Tranche 1 entity. We've been doing AML for years. Tranche 2 is someone else's problem."

That assumption is wrong. The reforms didn't just add new sectors — they rewrote the obligations for existing reporting entities too, and those changes commenced for existing entities on 31 March 2026 (with Tranche 2 entities following on 1 July 2026). Being compliant under the old framework does not make you compliant under the new one.

What actually changed for existing licensees

Three shifts matter most for AFSL firms:

1. A standalone ML/TF Risk Assessment (replacing the old Part A risk logic). The reforms put an overarching, codified risk-assessment obligation at the centre of your program. Under section 26C of the AML/CTF Act, you must identify and assess the money laundering, terrorism financing and proliferation financing risks you may reasonably face across your designated services, customers, channels and jurisdictions — and you must keep it up to date before providing a designated service (s 26E). This is a materially higher bar than the old program structure.

2. AML/CTF Policies (replacing the old Part B). Your AML/CTF policies (section 26F) are the procedures and controls that flow from the risk assessment. The reforms move away from the prescriptive Part A / Part B split toward a risk-assessment-led, two-document framework. Importantly, under the amended Act, non-compliance with your AML/CTF policies is itself a civil penalty matter — so the policies are not a formality.

3. Expanded designated services and the new "reporting group". The catalogue of designated services was broadened, so re-run the "what do we actually do?" exercise against the reformed tables (financial services sit in s 6(2), Table 1). The old designated business group concept is also replaced by a simpler reporting group model that can include related non-reporting entities.

The trap of "we'll just update the old document"

Most firms try to retrofit their existing program. It rarely works cleanly, because the structure, the emphasis and the risk-assessment-first logic have changed — and proliferation financing, governance and the policies-as-enforceable-obligations all need genuine attention. You end up with a document that satisfies neither the old nor the new framework, which is precisely the kind of gap a review or a regulator finds.

Under the reformed Act, non-compliance with your AML/CTF policies is a civil penalty matter in its own right. Treating policies as a formality — or leaving legacy Part A/Part B documents in place — creates direct enforcement exposure.

Generate compliant documents from your own data

Veriqua's Program Documents module includes an AI generator that produces a compliant ML/TF Risk Assessment and AML/CTF Policies document from your firm's actual data. Rather than wrestling a legacy Part A/Part B into the new shape, you build the risk-assessment-led framework the reforms require — populated from your business's real services, customers and risk profile, structured the way the reformed regime expects.

That gets an AFSL firm from "we think our old program still counts" to a current, defensible set of program documents — without starting from a blank page. See the document generator in two minutes, no login: demo.veriqua.com.au/start.

Frequently Asked Questions

Did the 2026 AML/CTF reforms affect existing AFS licensees, or only Tranche 2 newcomers?
Both. The reforms rewrote the obligations for all reporting entities, including existing AFS licensees. The new ML/TF risk assessment (s 26C), AML/CTF policies (s 26F) and program structure replaced the old Part A / Part B framework. For existing entities, these changes commenced 31 March 2026 — not 1 July 2026, which is the Tranche 2 commencement date.
What replaced Part A and Part B under the reformed AML/CTF Act?
Part A (risk assessment) and Part B (procedures and controls) were replaced by two distinct but linked documents: a standalone ML/TF Risk Assessment (section 26C) that must be kept up to date before providing a designated service, and AML/CTF Policies (section 26F) that set out procedures and controls flowing from that risk assessment. Critically, non-compliance with your AML/CTF policies is now a civil penalty matter.
What is proliferation financing and why must AFS licensees now assess it?
Proliferation financing is the financing of the development or acquisition of weapons capable of mass destruction (nuclear, chemical, biological, radiological). Section 26C of the reformed AML/CTF Act expressly requires reporting entities to assess proliferation financing risk alongside money laundering and terrorism financing risk. This is new — existing AFS licensees whose programs only addressed ML and TF risk need to add a proliferation financing assessment.
What is the 'reporting group' and how does it differ from the old designated business group?
The reporting group is the reformed equivalent of the designated business group. It allows a group of related entities to manage AML/CTF compliance collectively through a 'lead entity' arrangement, but the new model is simpler and can include related entities that are not themselves reporting entities. If your firm operated under a designated business group, you should review whether your arrangements need to be restructured under the new reporting group rules.

See how Veriqua handles this

Veriqua is an Australian compliance operating system for AFSL holders and AUSTRAC reporting entities — automating AML/CTF programs, customer due diligence, transaction monitoring, SMR lodgement and board reporting.

Disclaimer: This article is general information only and is current as at June 2026. It reflects our understanding of the AML/CTF reforms and AUSTRAC guidance as at that date, all of which may change. It is not legal, financial or compliance advice and must not be relied on as such. Whether your AML/CTF program satisfies the reformed obligations depends on your specific circumstances. Obtain advice from a qualified professional and refer to current AUSTRAC and ASIC guidance before acting.