When Do You Need to Notify AUSTRAC of Your Compliance Officer?

Newly regulated businesses and virtual asset service providers (VASPs) brought into the AML/CTF regime under Tranche 2 must notify AUSTRAC of their appointed AML/CTF compliance officer by the later of 29 July 2026 or 14 days after enrolment. This is a separate, dated obligation from enrolment itself. Enrolling with AUSTRAC gets your business into the system; notifying your compliance officer tells AUSTRAC who is accountable once you’re in it.

If your business only enrolled in the past few weeks, don’t assume you’ve already met this requirement. Enrolment forms ask you to nominate a primary contact, but locking in a formal compliance officer against your AUSTRAC profile is a distinct step, and it’s the one with the hard date attached.

For real estate agents, lawyers, accountants, and other newly regulated businesses, this is the first AUSTRAC deadline that lands after the 1 July 2026 commencement of Tranche 2. It’s a useful marker for where your business actually stands: if you can’t currently name the person AUSTRAC would call, you have work to do before the end of the month.

Who Can Be Your AML/CTF Compliance Officer

Your compliance officer must be employed or engaged by your business at management level, and if you provide designated services through a permanent establishment in Australia, they must be an Australian resident. Beyond that formal requirement, AUSTRAC expects you to assess whether the person is ‘fit and proper’ before you appoint them: do they have the competence, judgement, and access within the business to actually perform the role, and do they have a track record of honesty and integrity?

Fit-and-proper doesn’t mean the person needs to already be an AML/CTF expert. The compliance officer is not required to hold formal AML/CTF qualifications, but should have the authority, capability and resources to perform the role effectively. What matters is seniority and authority: the person needs enough standing in the business to see transactions, question decisions, and get budget approved for compliance work, not just a title with no real reach.

For a two-partner accounting firm, that might be one of the partners. For a larger real estate group, it might be an operations manager who reports directly to the principal. The size of the business changes who’s realistic for the role; it doesn’t change the requirement to appoint someone and be able to justify why they qualify. Keep a record of how you assessed the person, including any checks you ran, in case AUSTRAC asks later.

What the Compliance Officer Role Involves Day to Day

The AML/CTF compliance officer oversees your business’s day-to-day compliance with its obligations and acts as the primary point of contact between your business and AUSTRAC. In practice, that means monitoring whether staff are actually following your AML/CTF program, not just whether the program exists on paper, and being the person AUSTRAC’s team reaches out to if they have questions or concerns.

Senior management has to approve your AML/CTF program before it takes effect, and your governing body – your board or equivalent – has to oversee the program and take reasonable steps to confirm ongoing compliance. The compliance officer sits underneath that structure: they run the program, report on it, and flag problems upward, but the accountability for the program itself sits with senior management and the board.

Your AML/CTF program has to be tailored to your business’s nature, size, and complexity, so the day-to-day workload for a compliance officer varies enormously by business. A five-person conveyancing practice might spend a few hours a month on it: reviewing new client screenings, checking a handful of transaction records, and updating a risk register. A larger firm with multiple offices and higher transaction volumes needs someone who can dedicate real, ongoing time to the role. What doesn’t scale down is the notification deadline itself. AUSTRAC expects every newly regulated business, regardless of size, to have named someone by 29 July.

In many newly regulated businesses, customer due diligence activities – such as identity verification, PEP and sanctions screening, KYB checks, and maintaining customer records – form a significant part of the compliance officer’s operational workload. The role also includes overseeing the AML/CTF program, staff training, reporting obligations, governance, and ongoing monitoring. AUSTRAC can ask to see that record later, so the compliance officer also needs a system for storing it, not just a memory of having done the check.

Screening tools like NameScan’s PEP, sanctions, and adverse media checks, along with KYB and ID verification, reduce how much manual work a compliance officer has to do to stay on top of ongoing due diligence. That matters most for small teams, where the compliance officer is usually doing this alongside their regular job rather than as a dedicated function, and pay-as-you-go pricing keeps the cost proportional to actual transaction volume rather than locking a small business into an enterprise-sized contract.

What Happens If You Miss the 29 July Deadline

Missing the notification deadline means AUSTRAC has not been formally notified of your appointed compliance officer, even if one has already been appointed internally. While this does not necessarily mean your business has failed to appoint a compliance officer, it does mean you have not met the notification requirement. From 1 July 2026, AUSTRAC has indicated it will take a more enforcement-focused approach to entities that fail to meet their obligations, particularly where there is wilful non-compliance or serious AML/CTF risks. Ensuring your compliance officer is appointed and notified on time helps demonstrate that your business is meeting its regulatory obligations.

The most immediate practical risk is that your business has no registered point of contact if AUSTRAC does reach out, which can complicate any interaction with the regulator from that point forward. Beyond the immediate compliance failure, it signals that your broader AML/CTF program – the thing this role is supposed to run – may not be properly established either. If you haven’t appointed and notified a compliance officer yet, treat it as the most time-sensitive item on your Tranche 2 checklist, ahead of tasks that don’t carry a fixed date.

Frequently Asked Questions (FAQ)

When do I need to notify AUSTRAC of my compliance officer?

Newly regulated businesses and VASPs must notify AUSTRAC by 29 July 2026, or within 14 days of enrolling with AUSTRAC if you enrol after that date.

Does my compliance officer need formal AML/CTF qualifications?

No. AUSTRAC’s guidance is explicit that a compliance officer doesn’t need to already be an AML/CTF expert. They do need enough seniority and authority in the business to perform the role effectively, and they need to pass a fit-and-proper assessment covering competence, judgement, and integrity.

Can the business owner be the compliance officer?

Yes, for a small business this is common and often the most practical option, provided the owner meets the management-level and fit-and-proper requirements and, where relevant, the Australian residency requirement. AUSTRAC expects the role to be tailored to the size and complexity of the business.

What’s the difference between enrolling with AUSTRAC and notifying a compliance officer?

Enrolment registers your business in AUSTRAC’s system and is a separate step from naming your compliance officer. Notifying your compliance officer is a specific follow-on obligation with its own deadline, and completing enrolment alone does not satisfy it.