Suspicious activity indicators for accountants: a practical playbook for Tranche 2
A practical suspicious activity playbook for Australian accounting firms preparing for AML/CTF Tranche 2. Red flags by client, service, delivery channel and foreign jurisdiction, plus triage steps and documentation.
From 1 July 2026, AML/CTF obligations apply to accountants, but only when you provide <a href="/obligation-checker">designated services</a> (applies to most accounting firms). This matters because suspicious activity is not something you can bolt on later. It needs to be operational, meaning staff can spot it, escalate it, and document it consistently.
AUSTRAC's suspicious activity indicators for accountants are a strong baseline. They are also explicit that this guidance is an overview and is not exhaustive. Use it as a starting point, then tailor it to your firm's risks and services.
This article turns those indicators into a day to day playbook your team can actually follow.
What you will get from this article 1. A simple way to think about suspicious activity in an accounting firm 2. Red flags organised into four practical risk lenses 3. Mini examples that show what the red flags look like in real work 4. A triage process you can standardise 5. A documentation checklist that produces an audit ready evidence trail
The core idea: red flags are signals, not verdicts AUSTRAC is clear that a single indicator on its own may not suggest suspicious activity. When you are unsure, the right move is further monitoring and examination, including applying enhanced customer due diligence where appropriate.
So treat indicators as prompts to pause and verify, not as a reason to accuse a client.
The four risk lenses you should train staff to use AUSTRAC groups key money laundering risk and suspicious indicators for accountants into four areas: 1. Kinds of clients 2. Kinds of services 3. Delivery channel risk 4. Foreign jurisdiction risk
Most firms miss suspicious activity because they only look at the client, not the combination.
A normal client can become higher risk when paired with: - a structure creation service - remote onboarding - a high risk foreign connection
1. Kinds of clients: who you are dealing with AUSTRAC highlights higher risk client characteristics including high net worth individuals with complex arrangements, politically exposed persons, clients with limited face to face interaction, non residents from high risk jurisdictions, clients connected to higher risk industries, and clients where beneficial ownership is difficult to identify or the business purpose is unclear.
Behaviour red flags you can operationalise It can be a red flag if your client: 1. Avoids face to face meetings or is obstructive or secretive 2. Appears nervous or defensive when questioned 3. Does not seem to understand the sector they claim to operate in 4. Ends the relationship once you ask for more information 5. Appears to be following instructions of a third party 6. Is reluctant to prove their identity, provides vague KYC information, or tries to avoid KYC processes 7. Presents identity documents that appear altered or have inconsistent details 8. Uses an address or phone number used by multiple unrelated people 9. Has multiple bank accounts with no clear purpose 10. Is prepared to pay higher fees without clear reasons
Mini example: "I just need it done today" A new client pushes urgency, resists KYC, and asks you to proceed while they "sort the documents later". That is not a paperwork issue. It is a control failure waiting to happen. Your move is pause, complete KYC properly, and document the refusal if they disengage.
2. Kinds of services: what you are being asked to do This is the part most firms ignore. Criminals target professional services because the service itself can create distance from the underlying funds or make activity look legitimate.
High risk service patterns Red flags increase when you are asked to: 1. Perform complicated transfers on the client's behalf that may hide the true funding source 2. Form a business or act for a legal person or arrangement against your advice on appropriateness 3. Create a trust where it is unlikely to be appropriate or necessary 4. Support rapid changes to ownership or legal structure, including directors, shareholdings, or location 5. Work with shell or shelf companies to distance the client from funds
Mini example: "Set up three entities, trust, and nominee shareholders" If the client's stated purpose is vague and the structure is overly complex for the stated commercial need, treat it as a risk event. Your move is identify beneficial owners, verify them, and record the commercial rationale in plain English.
3. Delivery channel risk: how the relationship is conducted Delivery channel risk relates to how you onboard and provide services. Risks are higher when you act remotely or through intermediaries.
Delivery channel red flags It can be a red flag if the client: 1. Avoids direct contact or requests services with no face to face meetings 2. Asks for unreasonable anonymity 3. Engages you through a third party with no clear reason
Mini example: "A third party is doing all the talking" If you cannot speak directly to the customer or beneficial owner and the client appears to follow a third party's instructions, treat that as a control issue, not a convenience.
4. Foreign jurisdiction risk: where money, people, and structures connect Exposure to foreign jurisdictions creates ML/TF risks and can add complexity, hide beneficial ownership, increase tax evasion risk, and make investigations harder.
Foreign jurisdiction red flags you should train staff on It can be a red flag if the client: 1. Transfers money or virtual assets to or from a country they have no connection with 2. Uses multiple foreign bank accounts for no reason 3. Pays unusual consultancy fees to offshore businesses 4. Deposits or receives funds in several accounts, consolidates them, then transfers overseas 5. Uses complicated ownership structures with no legitimate or economic reason 6. Makes frequent overseas transfers inconsistent with their financial profile
Mini example: "Offshore consultancy fees with no substance" If a business with a local profile starts paying recurring offshore "consulting" fees without clear deliverables, treat that as a red flag. Your move is request supporting evidence, reassess risk, and document the rationale for continuing or exiting the engagement.
What to do when you see red flags: a triage process you can standardise When you are unsure, the right move is further monitoring and examination, including applying enhanced customer due diligence where appropriate.
Step 1: Write the fact pattern in plain English Capture: 1. What happened 2. Why it is unusual 3. What evidence you have and what is missing
Step 2: Re check the basics Re confirm: 1. KYC status and identity consistency 2. Beneficial ownership, especially where structures are complex 3. Whether the client appears to be following a third party's instructions
Step 3: Apply enhanced checks when the risk justifies it Enhanced checks usually mean: 1. Asking for additional information and evidence 2. Clarifying the purpose of the service and the economic rationale 3. Increasing approvals before proceeding
Step 4: Decide and document Your decision should be one of: 1. Proceed 2. Proceed with conditions 3. Pause pending evidence 4. Exit the relationship
Write down why.
Step 5: Escalate when there are reasonable grounds for suspicion If you suspect a person or transaction is linked to a crime, you must submit a suspicious matter report to AUSTRAC. You also need to be careful about tipping off, which is a criminal offence.
The minimum documentation checklist for your file 1. Risk lens selected: client, service, delivery channel, foreign jurisdiction 2. Red flag description, one paragraph 3. Evidence attached or referenced 4. KYC re check completed and outcome noted 5. Beneficial ownership reviewed where relevant 6. Enhanced checks applied, or a clear reason why not 7. Decision recorded: proceed, pause, exit, escalate 8. Approver recorded if escalation occurred 9. Follow up action logged if ongoing monitoring is required 10. If an SMR is considered or submitted, ensure confidentiality controls to avoid tipping off
How Nelvo helps Nelvo helps you standardise suspicious activity handling by: 1. Giving you a structured place to record red flags, evidence, and decision notes consistently 2. Linking observations back to the client record, KYC, beneficial ownership, and risk assessment 3. Keeping an audit ready trail so your process is repeatable and defensible
Additional reading If you want to go deeper, these official resources are worth bookmarking.
AUSTRAC 1. <a href="https://www.austrac.gov.au/business/how-comply-guidance-and-resources/guidance-resources/risk-insights-and-indicators-suspicious-activity-accountants" target="_blank" rel="nofollow noopener noreferrer">Risk insights and indicators of suspicious activity for accountants</a> 2. <a href="https://www.austrac.gov.au/amlctf-reform/risks-and-indicators-suspicious-activity" target="_blank" rel="nofollow noopener noreferrer">Risks and indicators of suspicious activity (Tranche 2 reform guidance)</a> 3. <a href="https://www.austrac.gov.au/business/core-guidance/reporting/suspicious-matter-reports-smrs" target="_blank" rel="nofollow noopener noreferrer">Suspicious matter reports (SMRs)</a> 4. <a href="https://www.austrac.gov.au/amlctf-reform/current-reporting-entities/tipping" target="_blank" rel="nofollow noopener noreferrer">Tipping off (reform guidance)</a> 5. <a href="https://www.austrac.gov.au/sites/default/files/2021-06/Quick%20guide%20-%20Tipping%20off.pdf" target="_blank" rel="nofollow noopener noreferrer">Quick guide PDF: Tipping off</a> 6. <a href="https://www.austrac.gov.au/amlctf-reform/reforms-guidance/before-you-start/new-industries-and-services-be-regulated-reform" target="_blank" rel="nofollow noopener noreferrer">New industries and services to be regulated (designated services)</a> 7. <a href="https://www.austrac.gov.au/amlctf-reform/reforms-guidance/before-you-start/new-industries-and-services-be-regulated-reform/professional-services-reform" target="_blank" rel="nofollow noopener noreferrer">Professional services reform guidance</a> 8. <a href="https://www.austrac.gov.au/amlctf-reform/reforms-guidance/before-you-start/summary-obligations-reform" target="_blank" rel="nofollow noopener noreferrer">Summary of obligations (reform guidance)</a>
DFAT (sanctions) 1. <a href="https://www.dfat.gov.au/international-relations/security/sanctions" target="_blank" rel="nofollow noopener noreferrer">Sanctions overview</a> 2. <a href="https://www.dfat.gov.au/international-relations/security/sanctions/consolidated-list" target="_blank" rel="nofollow noopener noreferrer">Consolidated List (targeted financial sanctions list)</a> 3. <a href="https://www.dfat.gov.au/international-relations/security/sanctions/guidance/sanctions-compliance-toolkit" target="_blank" rel="nofollow noopener noreferrer">Sanctions Compliance Toolkit</a>
ATO (tax crime and scam reporting) 1. <a href="https://www.ato.gov.au/tipoff" target="_blank" rel="nofollow noopener noreferrer">Make a tip off</a> 2. <a href="https://www.ato.gov.au/forms-and-instructions/tax-evasion-reporting-form" target="_blank" rel="nofollow noopener noreferrer">Tax evasion reporting form</a> 3. <a href="https://www.ato.gov.au/about-ato/tax-avoidance/the-fight-against-tax-crime/what-you-can-do/making-a-tip-off" target="_blank" rel="nofollow noopener noreferrer">Making a tip off (what details to include)</a> 4. <a href="https://www.ato.gov.au/about-ato/contact-us/report-fraud-tax-evasion-a-planning-scheme-or-unpaid-super" target="_blank" rel="nofollow noopener noreferrer">Report fraud, tax evasion, a planning scheme, or unpaid super</a> 5. <a href="https://www.ato.gov.au/about-ato/tax-avoidance/understanding-tax-schemes/report-schemes-and-promoters" target="_blank" rel="nofollow noopener noreferrer">Report schemes and promoters</a> 6. <a href="https://www.ato.gov.au/online-services/scams-cyber-safety-and-identity-protection/verify-or-report-a-scam" target="_blank" rel="nofollow noopener noreferrer">Verify or report a scam (ATO impersonation)</a>
Disclaimer This article is general information only and is not legal, financial, or compliance advice. It is not tailored to your circumstances. AUSTRAC guidance and AML/CTF obligations can change. You should obtain independent professional advice and consult AUSTRAC guidance before making compliance decisions.