Tranche 2 AML Reforms: What Australian Business Brokers Need to Know Before 2026

For over a decade, Australian business brokers have operated on the periphery of the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) regime. While banks and casinos shouldered the heavy lifting of compliance, “gatekeeper” professions (lawyers, accountants, and business brokers) remained largely exempt. With the introduction of the AML/CTF Amendment Bill 2024, that exemption is ending.

The “Tranche 2” reforms are designed to close regulatory gaps identified by the Financial Action Task Force (FATF). For business brokers, this is not merely a box-ticking exercise; it represents a fundamental shift in how you assess risk, manage client data, and structure your engagement terms.

From mid-2026, business brokers will be classified as “reporting entities.” This designation carries significant commercial and operational weight. It transforms the broker from a pure transaction facilitator into a frontline detector of financial crime.

The Scope: Are You Captured?

The legislation uses a “designated services” model. Business brokers are captured under Table 6 (Professional Services), which regulates those who assist in the planning or execution of a transaction to sell, buy or transfer a body corporate or legal arrangement. This is distinct from Table 5 (Real Estate Services), which captures real estate agents brokering property transactions. If your firm assists in the sale of a business entity, whether a café operated through a company or a complex corporate group, you are likely providing a Table 6 designated service.

Specifically, the Table 6 designated services relevant to business brokers include:

1. Assisting in the planning or execution of a transaction to sell, buy or transfer a body corporate or legal arrangement.
2. Receiving, holding, controlling or managing a person’s property to help in the planning or execution of a transaction.
3. Assisting in organising, planning or executing a transaction for equity or debt financing relating to a body corporate or legal arrangement.
4. Assisting in the creation or restructuring of a body corporate or legal arrangement.

Note that standalone valuation services or general advisory work that does not directly advance a transaction may fall outside the regime.

AUSTRAC guidance indicates that work must be “sufficiently linked to the outcome” and “directly advance” a relevant transaction to trigger obligations. Providing general advice or mere introductions without further involvement in executing the transaction is unlikely to constitute a designated service. However, most full-service brokerages that assist with transaction planning or execution will be captured. The New AML/CTF Rules will provide granular detail, but the intent of the legislation is clear: if you facilitate the movement of ownership, you must verify the actors involved.

Note for dual-service brokers: If your firm brokers both business sales and commercial property sales, you may have obligations under both Table 5 (Real Estate Services) and Table 6 (Professional Services). Each table has distinct customer identification requirements and triggers. Seek specific advice on your service mix.

Commercial Implications of “Know Your Customer” (KYC)

Under the current status quo, due diligence is often limited to ensuring the vendor owns the business and the purchaser has the capacity to pay. Under Tranche 2, this evolves into a statutory obligation to identify and verify the “beneficial owner.”

This is a business governance challenge. You will need to identify the ultimate natural person who owns or controls the customer. In complex corporate structures involving trusts or foreign entities, this can be time-consuming and invasive.

From a commercial perspective, this friction must be managed. Your engagement letters and preliminary agreements must explicitly state that the transaction cannot proceed until AML checks are satisfied. Failing to make this a condition precedent puts your firm at risk of holding a deal together while waiting for compliance clearance, potentially delaying settlements.

Furthermore, the government is tightening corporate transparency generally. The independent review of the Modernising Business Registers program announced recently highlights the complexities in verifying director identities. Brokers will effectively become a secondary verification layer for the economy.

The Data Liability Trap

To comply with AML laws, you must collect sensitive data: passports, trust deeds, corporate maps, and financial statements. You must then retain this data for seven years.

This creates a massive “honeypot” for cybercriminals. By accumulating high-value identity documents, business brokerages become attractive targets for data theft. This is where AML compliance collides with privacy law.

If your firm suffers a breach involving this AML data, the fallout is dual-pronged:

1. Regulatory Penalties: You face scrutiny from the Office of the Australian Information Commissioner (OAIC).
2. Client Liability: Clients may sue for negligence if their identity is stolen due to your poor cybersecurity governance.

We frequently provide legal advice for data breach scenarios where firms collected data they were required to hold but failed to secure. As a cybersecurity lawyer Melbourne businesses rely on, I advise that your AML compliance program must be paired with a robust Information Security policy. You cannot treat these as separate issues.

Suspicious Matter Reporting (SMR)

Perhaps the most contentious aspect of the new regime is the obligation to submit Suspicious Matter Reports (SMRs) to AUSTRAC. If you suspect a transaction involves proceeds of crime or tax evasion, you must report it.

Crucially, “tipping off” provisions make it a criminal offence to inform your client that you have reported them. This places the broker in a precarious commercial position. You may have to delay a transaction or withdraw services without providing the client a transparent reason.

This requires careful drafting of your Terms of Business. Your contracts must allow you to terminate the engagement immediately and without penalty if compliance obligations cannot be met, without requiring you to disclose the specific statutory trigger (which would constitute tipping off).

The Cost of Non-Compliance

The penalties for failing to comply are not trivial. We have seen big increases for breaches of consumer law on the cards recently, and the AML regime is equally punitive. Civil penalties for serious non-compliance can run into the millions for corporations.

However, the immediate risk for SMEs is the “enforcement undertaking.” If AUSTRAC audits your brokerage and finds your risk assessment lacking, they can enforce a remedial plan. This is costly, disruptive, and reputational damaging.

Strategic Steps for 2025

While the full commencement is slated for mid-2026, as noted in recent 2025 Legal Year in Review analyses, the preparation window is narrowing. The Govt closes loopholes in workplace laws and financial regulations rapidly; waiting for the final deadline is a poor strategy.

Business brokers should take the following pragmatic steps now:

1. Conduct a Gap Analysis

Review your current client onboarding process. Do you actually know who the beneficial owners are, or do you stop at the signatory? Identify the gap between your current data collection and the upcoming requirement.

2. Review Your Insurance

Speak to your broker about your Professional Indemnity and Cyber Insurance policies. Does your current policy cover regulatory investigations or fines related to AML breaches? Many standard policies exclude fines and penalties.

3. Update Your Tech Stack

Manual verification using photocopied licenses is inefficient and insecure. Investigate digital identity verification tools that integrate with the Document Verification Service (DVS). Automation reduces human error and improves AML compliance for Australian business brokers.

4. Appoint an AML Compliance Officer

You must designate a person responsible for your program. In smaller firms, this is often a Principal. This person must have the authority to veto transactions that do not meet risk tolerances.

The Timeline

According to New Laws, New Rules, New Opportunities in 2026, the reforms come into effect on 1 July 2026. Enrolment with AUSTRAC opens on 31 March 2026, and entities must complete enrolment by 29 July 2026. Entities should have their AML/CTF programs operational before providing any designated services from 1 July 2026.

This legislation reframes the role of the business broker. You are no longer just a deal-maker; you are a guardian of the financial system. While this adds friction, it also adds professionalism and barriers to entry for unscrupulous operators.

At SLK Lawyers, we assist commercial clients in navigating these regulatory shifts, ensuring that your contracts, privacy governance, and compliance frameworks protect your license to operate.

If you require assistance reviewing your engagement letters or establishing a governance framework ahead of the Tranche 2 commencement, please contact our office to arrange a consultation.

About Blaine HattieBlaine Hattie is a Principal in Commercial Transactions at Sutton Laurence King Lawyers. He advises businesses on transactions and finance with a special interest in technology, cybersecurity, digital media, defamation, and artificial intelligence.