Many small businesses will join the AML/CTF regime once Australia implements Tranche 2. This can feel overwhelming for SMEs that have never dealt with compliance requirements before. This guide breaks the process into five practical steps that help newly regulated businesses understand what to do first and how to prepare without unnecessary complexity.

Understanding What It Means to Be Newly Regulated Under Tranche 2

Tranche 2 will extend AML/CTF obligations to several industries that have not previously been covered. While the exact legislative wording is still progressing, AUSTRAC has already outlined the broad activities expected to fall within the scope.

For SMEs, the transition often begins with a simple realisation: some of the work they already perform will now attract AML/CTF obligations. These obligations are designed to protect businesses from being misused for illegal activity and to align Australia with international standards.

Many small firms worry that the process is too complex. In practice, the early steps focus on understanding your risks, building simple controls and completing basic customer checks.

Step 1: Understand Which Parts of Your Business Are Caught

Not all services offered by a newly regulated business will fall under Tranche 2. What matters is whether certain activities involve handling funds, managing transactions, facilitating ownership transfers or dealing in high-value goods.

Some examples include:

Completing property transactions
Managing trust accounts
Assisting clients with company or trust formation
Acting on behalf of clients during financial arrangements
Selling precious metals or stones above certain thresholds

Separating regulated activities from your general business services helps you build a program that suits your operations. It also avoids unnecessary work and keeps your compliance steps proportionate.

Step 2: Complete an Initial AML/CTF Risk Assessment

The risk assessment is the foundation of your AML/CTF program. It explains the types of customers, transactions and services that may expose your business to financial crime risks.

Most SMEs start by reviewing:

Who their customers are
How money moves through their services
What transactions create opportunities for misuse
How staff interact with clients
Which services are most likely to attract criminal activity

A risk assessment is not a technical document. It is a practical explanation of how your business operates and where risks could arise. Small businesses can complete this step with simple templates and clear descriptions of their day-to-day work.

Step 3: Put a Basic AML/CTF Program in Place

Once you understand your risks, you can develop a straightforward AML/CTF program. This is a documented plan that outlines how your business will identify customers, monitor activity and keep records.

For SMEs, a practical AML program often includes:

Internal procedures for verifying customers
Clear rules for identifying suspicious activity
A method for reporting concerns to AUSTRAC
How staff will be trained
How and when the business will review its controls

The program does not need to be lengthy. What matters is that it reflects the real work your business performs and includes steps staff can follow consistently.

Step 4: Start Verifying and Screening Customers

Customer Due Diligence (CDD) becomes a core requirement for many Tranche 2 businesses. New reporting entities will need to confirm customer identities, understand beneficial ownership and perform screening where relevant.

This step is often easier than SMEs expect. Many businesses use digital tools to streamline checks and keep records. Pay-as-you-go services allow businesses to conduct CDD and screening without long-term contracts or large upfront costs.

Screening helps identify risks linked to politically exposed persons, sanctions exposure and unusual customer behaviour. These checks support the overall AML program and help businesses avoid reputational and regulatory issues.

Step 5: Establish a Clear Record-Keeping and Reporting Process

New reporting entities will need to maintain records of:

Customer verification
Screening outcomes
Suspicious matter reports
Risk assessments
Internal procedures

These records allow AUSTRAC to understand how the business has managed its obligations. They also help SMEs demonstrate that they have taken reasonable steps to comply.

Reporting obligations, such as Suspicious Matter Reports, may feel unfamiliar at first. However, most businesses file these only when behaviour appears unusual or inconsistent with what they know about the customer. Early preparation helps build confidence in managing these responsibilities.

Preparing Early Reduces Pressure Later

Tranche 2 represents a significant shift for many small businesses, particularly those without compliance experience. Starting early helps reduce pressure once the reforms take effect. Understanding which parts of your business are affected, documenting your risks and using simple tools to manage checks will make the transition far easier.

SMEs that prepare ahead of time find that their programs grow naturally as their understanding of AML requirements improves.

How NameScan Supports Newly Regulated Tranche 2 Businesses

NameScan provides screening tools that help SMEs verify customers and identify risks linked to sanctions, politically exposed persons and adverse media. These tools suit businesses seeking clear and accessible options without complicated onboarding.

Our pay-as-you-go approach allows newly regulated entities to begin screening customers immediately, which supports early preparation for Tranche 2 requirements.

FAQs

Do all my services fall under Tranche 2?
Not necessarily. Only specific activities will trigger obligations. The rest of your business may remain outside the scope.

How long does it take to become AML-ready?
For most SMEs, the initial setup can be completed in stages. Starting early reduces time pressure.

Will I need specialist consultants?
Some businesses choose consultants, but many SMEs use simple templates and screening tools to manage their obligations.

Can my program be updated as my business learns more?
Yes. AML programs are expected to evolve as businesses refine their understanding of risk.

What if I am unsure whether a customer or transaction is high risk?
In these cases, clear internal procedures help staff escalate and record concerns.

Stay Informed

NameScan will continue providing guidance to support newly regulated businesses as Australia moves towards implementing Tranche 2. Early action helps SMEs build confidence and meet their obligations smoothly.

Disclaimer: The information on this website is general in nature and is not legal advice. Tranche 2 reforms are still progressing through the legislative process, which means requirements may change. Before making any decisions or taking action based on this content, you should check its accuracy, completeness and currency, and consider whether it is relevant to your circumstances. You may wish to refer to AUSTRAC’s official resources or seek independent professional advice.

Newly Regulated Under Tranche 2? First Five Steps to Get AML-Ready