You Were Already Compliant. Here's What AML/CTF Tranche 2 Changes for Your AFSL Business | AML/CTF AFSL Australia 2026
There's a comfortable assumption running through a lot of AFS licensee offices: "We're a Tranche 1 entity. We've been doing AML for years. Tranche 2 is someone else's problem."
That assumption is wrong. The reforms didn't just add new sectors — they rewrote the obligations for existing reporting entities too, and those changes commenced for existing entities on 31 March 2026 (with Tranche 2 entities following on 1 July 2026). Being compliant under the old framework does not make you compliant under the new one.
What actually changed for existing licensees
Three shifts matter most for AFSL firms:
1. A standalone ML/TF Risk Assessment (replacing the old Part A risk logic). The reforms put an overarching, codified risk-assessment obligation at the centre of your program. Under section 26C of the AML/CTF Act, you must identify and assess the money laundering, terrorism financing and proliferation financing risks you may reasonably face across your designated services, customers, channels and jurisdictions — and you must keep it up to date before providing a designated service (s 26E). This is a materially higher bar than the old program structure.
2. AML/CTF Policies (replacing the old Part B). Your AML/CTF policies (section 26F) are the procedures and controls that flow from the risk assessment. The reforms move away from the prescriptive Part A / Part B split toward a risk-assessment-led, two-document framework. Importantly, under the amended Act, non-compliance with your AML/CTF policies is itself a civil penalty matter — so the policies are not a formality.
3. Expanded designated services and the new "reporting group". The catalogue of designated services was broadened, so re-run the "what do we actually do?" exercise against the reformed tables (financial services sit in s 6(2), Table 1). The old designated business group concept is also replaced by a simpler reporting group model that can include related non-reporting entities.
The trap of "we'll just update the old document"
Most firms try to retrofit their existing program. It rarely works cleanly, because the structure, the emphasis and the risk-assessment-first logic have changed — and proliferation financing, governance and the policies-as-enforceable-obligations all need genuine attention. You end up with a document that satisfies neither the old nor the new framework, which is precisely the kind of gap a review or a regulator finds.
Generate compliant documents from your own data
Veriqua's Program Documents module includes an AI generator that produces a compliant ML/TF Risk Assessment and AML/CTF Policies document from your firm's actual data. Rather than wrestling a legacy Part A/Part B into the new shape, you build the risk-assessment-led framework the reforms require — populated from your business's real services, customers and risk profile, structured the way the reformed regime expects.
That gets an AFSL firm from "we think our old program still counts" to a current, defensible set of program documents — without starting from a blank page. See the document generator in two minutes, no login: demo.veriqua.com.au/start.
Frequently Asked Questions
Did the 2026 AML/CTF reforms affect existing AFS licensees, or only Tranche 2 newcomers?↓
What replaced Part A and Part B under the reformed AML/CTF Act?↓
What is proliferation financing and why must AFS licensees now assess it?↓
What is the 'reporting group' and how does it differ from the old designated business group?↓
Related articles
Stop Managing Two Compliance Registers: AFSL + AML
How to integrate ASIC and AUSTRAC obligations into one register rather than running two parallel programs.
The AML/CTF Independent Evaluation Every AFSL Firm Must Plan For
What changed from the old independent review, when it's due and what 'independent' actually means.
TCSP AML/CTF Reporting Entity Scope Australia 2026
Related reading — how company formation and trust services are captured separately from core professional services.
See how Veriqua handles this
Veriqua is an Australian compliance operating system for AFSL holders and AUSTRAC reporting entities — automating AML/CTF programs, customer due diligence, transaction monitoring, SMR lodgement and board reporting.
Disclaimer: This article is general information only and is current as at June 2026. It reflects our understanding of the AML/CTF reforms and AUSTRAC guidance as at that date, all of which may change. It is not legal, financial or compliance advice and must not be relied on as such. Whether your AML/CTF program satisfies the reformed obligations depends on your specific circumstances. Obtain advice from a qualified professional and refer to current AUSTRAC and ASIC guidance before acting.