AML compliance for Australian accounting firms

No — only the activities that meet the definition of a 'designated service' under the AML/CTF Act. For most accounting firms, ordinary tax return preparation, BAS lodgement, audit, and pure advisory work sit outside scope, while company and trust formation, acting as registered office, nominee director or trustee services, business sale facilitation, and any handling of client money are in scope. The practical implication is that almost every firm has a mix: a sole tax practitioner with no corporate work may have a very narrow program, while a full-service firm with a corporate secretarial division has obligations across multiple service lines. Providers begin engagements with a scoping exercise mapping each service line to the designated-service list, so the program is right-sized rather than blanket.

CA ANZ, CPA Australia, and the IPA have all signalled they will issue templates and guidance, and these are a useful starting point — but a template is a document, not a program. AUSTRAC expects your AML/CTF program to reflect your firm's actual risk profile (client mix, jurisdictions, services, channels) and to be operationalised through tooling for CDD, screening, monitoring, and reporting. Most firms need the template, plus a configured platform that codifies the workflow, plus an independent review cycle. Treating a template as the finished article is the most common cause of a 'documented but unimplemented' program — exactly what AUSTRAC flags in compliance assessments.

SMSF establishment (forming the fund, the corporate trustee, and the trust deed) is a designated service, as is acting as a corporate trustee director or service-providing for ongoing SMSF administration that involves handling member contributions or pension payments. Existing SMSF clients onboarded before 1 July 2026 are not grandfathered for designated services performed after that date — at minimum, current CDD on members, trustees, and beneficial owners must be in place before the next in-scope service is provided. Most firms phase this: capture missing CDD at the next contact point (annual review, pension commencement, contribution change) rather than a single mass refresh.

AUSTRAC obligations sit alongside Tax Practitioners Board (TPB) registration and your professional body's by-laws — they do not replace them. A serious AML/CTF contravention is reportable to your professional body and can independently put your TPB registration at risk under the 'fit and proper' tests. Conversely, TPB or professional-body sanctions do not satisfy AUSTRAC. Treat AML/CTF as a third compliance regime that must be evidenced separately, with its own program document, training records, and independent review.

AUSTRAC requires periodic independent review of your AML/CTF program — typically every 2–3 years for SME firms, more frequently for higher-risk practices. The review tests whether the program (a) addresses your actual ML/TF risks, (b) is operating as documented, and (c) is producing the required CDD, monitoring, and reporting outputs. It must be independent of the people who run the program day-to-day — usually an external reviewer for sole practices and small firms, or a sufficiently separated internal function for larger firms. Several CompareAML providers offer the independent review as a packaged service, separate from program implementation, which preserves independence.