Tranche 2 AML CTF Readiness Toolkit for Accounting Firms
Free Tranche 2 AML CTF toolkit for accounting firms. Roadmap, readiness checklist, partner briefing, and a practical build sequence aligned to AUSTRAC dates.
Last updated: 31 December 2025
From 1 July 2026, AML CTF obligations apply to certain newly regulated designated services, including services commonly provided by accounting firms. AUSTRAC states enrolment for tranche 2 industries opens 31 March 2026 and businesses must be enrolled by 29 July 2026.
This guide gives you a practical way to start now, minimise rework, and build an evidence trail that holds up later.
---
Who this is for - Partners and practice managers who want a clear plan and key decisions - Compliance owners who need templates, registers, and evidence structure - Busy firms who want to avoid guessing and avoid last minute scrambling
---
Related guides - Program, controls and evidence mapping - SMR reporting playbook
---
Table of contents
1. Key dates and what is changing 2. What AUSTRAC expects you to have in place 3. The build sequence that reduces rework 4. Example: one readiness checklist row done properly 5. Common pitfalls that waste months 6. Resources and downloads 7. How Nelvo can run this for you 8. FAQ 9. Sources
---
Key dates and what is changing
| Date | What happens | |------|--------------| | 31 March 2026 | AUSTRAC states enrolment opens for tranche 2 industries | | 1 July 2026 | AUSTRAC states obligations commence for newly regulated designated services | | 29 July 2026 | AUSTRAC states newly regulated businesses must be enrolled by this date |
Practical takeaway: treat 1 July 2026 as go live. Your program and workflows must be operating, not just drafted.
---
What AUSTRAC expects you to have in place
AUSTRAC guidance for newly regulated businesses lists readiness outcomes that translate into a plain operating model: - An AML CTF program that fits your business - An AML CTF compliance officer - Staff training on the program, internal processes, and ML TF risks - Operational readiness to engage with clients and report suspicious matters
The point is not documentation. The point is a working system plus evidence.
---
The build sequence that reduces rework
Most firms waste time by writing policy first. Start with scope, then risk, then workflow, then policy.
Step 1: Confirm scope by service line Create a service inventory by service line, customer type, and delivery channel. Then confirm which designated services are in scope.
Step 2: Build the risk assessment to drive the program Risk assessment must connect to controls. Controls must connect to evidence.
Step 3: Implement the minimum viable operating model You need four components to run AML CTF day to day: - Onboarding and CDD steps - Escalation pathway for suspicious matters - Record keeping and registers - Ownership plus review cadence
Step 4: Write the program last Once the above is defined, your program becomes a faithful description of how the firm actually operates.
---
Example: one readiness checklist row done properly
| Field | Example | |-------|---------| | Workstream | Enrolment | | Task | Prepare AUSTRAC enrolment details and submit enrolment | | Owner | Practice manager | | Target date | 29 July 2026 | | Status | In progress | | Evidence location | SharePoint, Compliance, AUSTRAC, Enrolment Pack | | Notes | Confirm reporting entity, confirm user access, store submission receipt |
That is measurable, owned, time bound, and evidencable.
---
Common pitfalls that waste months - Starting with a program document before you have a workflow. The program ends up disconnected from how work actually happens. - Generic risk assessment that never changes controls or monitoring. Risk assessment should drive your settings, not sit on a shelf. - Evidence scattered in inboxes with no register location discipline. If you cannot retrieve it, you cannot prove it.
---
Resources and downloads
Start here - Readiness roadmap (PDF) - Readiness checklist workbook (Excel) - Partner briefing (PDF)
Build pack - Risk assessment workbook (Excel) - AML CTF program template (Word) - Controls and evidence map (Excel) - AML CTF registers workbook (Excel)
CDD and onboarding - CDD decision trees (PDF) - CDD templates (Word)
Reporting and record keeping - SMR escalation playbook (PDF) - Manager SMR submission checklist (PDF) - Internal suspicion referral form (Word) - Record keeping checklist (PDF)
---
How Nelvo can run this for you
If you want this off your plate, the managed approach is simple:
1. Scope and service mapping workshop, with a written scope decision record 2. Risk assessment facilitation using the workbook, with approval pack 3. Controls and evidence map completed with owners and cadence 4. Registers stood up, evidence repository structure set, naming rules enforced 5. Program drafted after workflows exist, then partner approval 6. Training pack and rollout, then ongoing monthly monitoring cadence
Outcome: you stop guessing, and you can prove what you did.
---
FAQ
Do we need to enrol now? AUSTRAC states tranche 2 industries do not need to enrol yet. Enrolment opens 31 March 2026 and businesses must be enrolled by 29 July 2026.
What must be ready by 1 July 2026? A working AML CTF program, a compliance officer, staff training, and readiness to report suspicious matters.
What makes a readiness approach credible? A clear chain from obligation to control to owner to evidence, plus a risk assessment that drives the settings.
---
Sources - AUSTRAC enrol or register - AUSTRAC preparing for the changes if you are newly regulated - AUSTRAC summary of obligations reform - AML CTF reform overview
---
Important note
This guide is general information only. It is not legal advice. Tailor to your firm and obtain advice where needed.