In breve: Tranche 2 compliance software helps Designated Non-Financial Businesses and Professionals (DNFBPs) meet regulatory obligations. These Tranche 2 compliance rules are due to Australia’s Anti-Money Laundering (AML)/Counter-Terrorism Financing (CTF) regime. This guide is for Tranche 2 firms looking for a solution going above and beyond to meet their needs.
What Led to Tranche 2 AML/CTF Reforms?
As of 1 July 2026, Australia’s Tranche 2 extends to include more high-risk professions, aligning with global AML standards. These new reforms apply to lawyers, accountants, real estate agents, conveyancers and more.
Australian Transaction Reports and Analysis Centre (AUSTRAC) guidance states that reforms are intended to close gaps that criminals have previously exploited. Unfortunately, compliance requirements’ blind spots have cost Australia up to approximately $82.3 billion AUD ($57 billion USD) a year.
AUSTRAC acts as both Australia’s financial intelligence agency and AML/CTF regulator collecting data from reporting entities. They aim to identify and disrupt financial crime. Their Tranche 2 AML/CTF reforms mark a huge change for Australian firms. 90,000 entities are expected to be newly regulated. Regardless, AUSTRAC expects businesses providing these designated services to enroll and meet their new reporting and compliance obligations.
What is Tranche 2 Compliance Software?
Tranche 2 compliance software is technology that helps newly regulated Australian businesses and firms meet their AML/CTF obligations. This software must support a variety of different AML solutions for different regulated institutions. At the very minimum, to prevent financial crime risks, strong Tranche 2 compliance software must have:
- Identity Verification (IDV) and Know Your Customer (KYC)
- Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)
- Global sanctions and Politically Exposed Persons (PEP) screening
- Identifying Ultimate Beneficial Ownership (UBO)
- Anti-Money Laundering (AML) screening
- Conducting ongoing monitoring
- Case and risk management
- Suspicious activity workflows
- Maintaining thorough records and evidence
As a result, the best Tranche 2 AML compliance software must focus on helping firms move toward a more live compliance system. Having just a manual compliance workflow is a system of the past.

Compliance teams need help applying those AML/CTF policies when they bring on new customers, review business relationships, or assess high-risk clients. Most importantly, they need to report any suspicious matters when required.
Moreover, the strongest Tranche 2 compliance software solutions fit in well with practice management systems. Solutions must produce data that supports Suspicious Activity Reports (SARs) and threshold transaction reports. It is their job to make it easy for Responsabili delle segnalazioni di riciclaggio di denaro (MLRO) and other compliance team members look for evidence to make decisions with ease. It makes internal compliance reviews seamless.
Tranche 2 Compliance Software Capabilities
The right Tranche 2 AML Software needs to be indicative of a firm’s current risk profile. What may be considered risky for a real estate agency or law firm might not be the case for an accounting practice or tax advisory. Similarly, a conveyancer, trust, or company service provider may need to meet different compliance requirements. Their workflows are not meant to be identical. A strong platform should support:
Due Diligence della clientela (CDD)
CDD helps firms understand who the customer is. This solution also looks into what service is being provided by firms, what risks come up, and if Enhanced Due Diligence (EDD) is needed. The best AML software must support IDV, beneficial ownership checks, and various levels of AML screening based on risk.
Risk Management and Assessments
A strong risk-based approach should consider the customer, the service being provided, and the ownership structure behind the relationship. It must also provide data on transaction type, delivery channels, and business relationships.
Good Tranche 2 software makes risk review consistent and easily explainable. Through compliance platforms, teams can see which risks were identified, the risk rating assigned, and whether enforcement actions have followed.
Conduct Ongoing Monitoring for Customers
Manual compliance has a habit of breaking down. This is where ongoing monitoring is crucial. If a customer is high-risk after the onboarding process, firms must be informed. Whether it is due to sanctions changes, adverse media, or suspicious activity, if the risk changes, it should be known. Strong AML software supports re-screening, alerts, and review workflows. Also, for higher-risk clients, ongoing monitoring must happen more frequently and be better evidenced.
Reporting Group Obligations and Record Keeping
Finally, regulated entities have core guidance around comprehensive records. Reporting obligations include the filing of suspicious matter reports, especially if illicit activities arise, or certain physical currency transactions up to a threshold of $10,000 AUD or more show up on threshold transaction reports. Strong software keeps records of financial transactions and data around any escalation or reporting decisions.
In the same vein, record-keeping is just as important. Maintaining records that show which clients were checked, what information was verified, and what risk was found is necessary. Moreover, teams must know who approved each case, and whether ongoing reviews were completed.
AML/CTF Readiness to Tranche 2 Compliance Operations
However, many firms are treating Tranche 2 compliance as a one-time project. To them, it is as simple as obtaining a template, appointing an officer, and enrolling with AUSTRAC to meet the 1 July 2026 deadline. This results in missing a bigger operational risk.
Tranche 2 compliance obligations will become a part of day-to-day operations for these newly regulated firms. They will become part of customer onboarding and client servicing. Every single new matter, property transaction, and high-value transaction will now require a consistent process.
Which Tranche 2 Compliance Software Is Right?
Often, the right question is not “which tool helps us get ready?” but rather “which tool helps us run a defensible AML/CTF program after 1 July 2026?” This is how Tranche 2 compliance software solutions can differentiate themselves. The best platforms help firms identify, verify, and assess customers throughout the full business relationship. By linking various AML prevention solutions into a single, controlled workflow, teams can build the strongest operating model to protect against risk.
Identity Verification and Tranche 2 Compliance Software
Today, identity verification is necessary as firms need to verify clients before providing them with specific designated services. This involves potentially verifying individuals, directors, and beneficial owners. Other verifications include those of trustees, buyers, sellers, or representatives.
However, identity verification is the first layer. A client can easily pass a document verification check and still have money laundering or terrorism financing risks assigned to them. This is found through adverse media, sanctions exposure, and complex ownership.

The best AML compliance software will link identity verification with other AML solutions and features such as case management, reporting support, and audit trails. A one-off identity check cannot replace a live and ongoing compliance program.
The Tranche 2 Compliance Software Maturity Model
To compare Tranche 2 compliance software, teams need to know what level of compliance maturity they have. Though some compliance tools help prepare documents, others help to verify customers. The best platforms help firms operate compliance over time.

A good Tranche 2 maturity model can help buyers and potential customers understand the level of readiness each platform can support. This can prevent any further complications with AML/CTF obligations under the new reforms. You can learn more here: Come le aziende australiane possono creare una soluzione KYC per la seconda fase
Level 1: Template Readiness
Oftentimes, firms in this category have the paperwork foundation. That means that they may have some semblance of an AML/CTF policy or draft version of a compliance program. This could look like a risk assessment template, straightforward staff guidance, and somewhere to store records.
However, it does not mean that the firm can actually verify clients, screen them, or risk-rate them. Moreover, they cannot escalate concerns, monitor them, or prove at all that each step actually happened. This is where teams do not necessarily have the working process and are not operationally compliant.
Level 2: Onboarding Readiness
Some firms need to check clients at the point they come in. The businesses can collect client information, verify ID documents, and check names against sanctions or PEP lists. This is a basic customer due diligence process that typically happens during any onboarding procedure.
Here the focus is still the start of the business/client relationship. It does not fully cover what happens if a client becomes higher risk later. For example, if ownership changes, suspicious matters arise, or if the firm needs to evidence a full decision trail, this could change their risk scoring. Though teams can onboard clients compliantly, they do not have a full ongoing compliance process.
Level 3: Operational Readiness
Here, firms can run compliance as part of day-to-day operations. Their systems go beyond verifying clients by assigning risk scores, triggering EDD for higher-risk clients, and escalating a case to compliance officers where needed. Additionally, they are able to manage any client approvals, add notes or evidence, and demonstrate exactly why a decision was made.
Compliance processes are easily defensible at this stage. They can answer all of the important questions around why client approval happened, what risks we identified, who conducted the review, and most importantly, what evidence supports the decisions. There are risk-based compliance decisions being made, not just complete checks.
Level 4: Ongoing Compliance Readiness
The final stage is seeing if firms can keep compliance live well after the onboarding process. Here, businesses can monitor risk changes, re-screen customers, and update existing records. They are also able to review existing clients, get alerts for any changes in sanctions/PEP/adverse media status, and evidence that ongoing reviews are and have happened.
This is the strongest level of Tranche 2 compliance maturity as AML/CTF compliance is not a one-time check. For example, a system can alert the compliance team, trigger reviews, update the risk rating, and store the new review outcome. Firms are monitoring and managing compliance over a period of time.
Choosing from Tranche 2 Anti-Money Laundering Software
Newly regulated firms should choose Tranche 2 compliance software based on their risk profile, designated services, and compliance maturity level. From real estate agents to legal services and from tax agents to virtual asset service providers, the obligations vary according to sector-specific guidance from current reporting entities.
Firstly, start by mapping out what your designated service entails. For example, a law firm manages client funds or a real estate agent handles property transactions. Varying closeness to risk determines what tools or solutions would work best.
Then, map out the Tranche 2 compliance maturity level. Each level has a different level of need. A Level 1 may need policies, risk assessments, and staff training. On the other hand, Level 2 will need IDV and screening. If you end up moving towards Level 3 or 4, you need a much more intensive process including risk scoring, enhanced due diligence, and case management. Moreover, firms at that level will also need ongoing monitoring, reporting support, and audit-ready evidence.
It is also incredibly important to avoid any sort of disconnected compliance tools where possible. So, if ID documents sit in one system, and screening results or risk assessments sit in another, it becomes much harder to prove to regulators that the written AML/CTF program is actually working in practice.
The best Tranche 2 compliance software must make compliance easy to follow. By outlining who was checked, what information was verified, and what risk was identified, it builds a strong baseline of information for compliance officers and teams. Additionally, being able to track what decision was made, who approved it, and whether ongoing monitoring later changed the risk profile can be hugely impactful to the overall process.
Top 5 Tranche 2 Compliance Software Solutions for 2026
Choosing the right Tranche 2 compliance software is about choosing a platform that can help turn AML/CTF obligation into a working compliance process for newly regulated Australian firms. The providers listed below support many important parts of the compliance journey.

However, these Tranche 2 compliance software solutions are not made for the same level of compliance maturity. The comparison guide below assesses which one best fits your firm’s risk profile, designated services, and long-term Tranche 2 needs.
1. ComplyCube
ComplyCube is best known for full lifecycle AML/CTF compliance. This is the best option for newly regulated firms that wish to connect various solutions such as onboarding, customer screening, ongoing monitoring, and custom policy building all within one platform. Teams are able to tailor risk rules and workflows to their specific Tranche 2 obligations.
- Best for: Firms that wish to centralize Tranche 2 compliance instead of stitching together separate tools.
- Where it stands out: When teams need help verifying clients, assessing risk, and evidencing decisions over time.
- Tranche 2 Maturity Fit: Levels 1 to Level 4, helping those in template all the way through to ongoing compliance readiness.
- Key consideration: ComplyCube is best for firms that want broad and thorough compliance coverage. If a firm needs basic IDV, perhaps a narrower IDV provider may be better.
2. Sumsub
Sumsub is best known for their transaction monitoring and risk orchestration. This is relevant for firms that must monitor customer activity, link risk signals, and manage more complex fraud or compliance scenarios.
- Best for: Firms where transaction behavior is closely linked to the risk model.
- Where it stands out: When businesses need to connect verification with transaction monitoring. This is useful for firms handling high-volume activity, digital services, or complex customer behavior.
- Tranche 2 Maturity Fit: Level 3 to Level 4, helping those in operational compliance to ongoing compliance readiness.
- Key consideration: Newly regulated businesses should assess how Sumsub best ensures compliance and fits professional services workflows. Additionally, it is important to check AUSTRAC alignment in reporting expectations and local client-funds risks.
3. Trulioo
Trulioo is best known for global identity and business verification coverage through Know Your Business (KYB). It is a strong option for firms that work with international clients, foreign beneficial owners, or cross-border ownership structures.
- Best for: Firms that need help with verifying individuals or businesses across many jurisdictions and countries.
- Where it stands out: Trulioo’s main strength is overall reach. For Tranche 2 firms dealing with overseas clients, complex company structures, or foreign ownership, global verification depth can be valuable.
- Tranche 2 Maturity Fit: Level 2 to Level 3, helping those in onboarding to operational readiness.
- Key consideration: Though Trulioo is strongest as a global verification layer, firms may still need help with case management, ongoing monitoring, and AUSTRAC-aligned evidence workflows.
4. Jumio
Jumio is most well known for strong biometric identity verification and Electronic KYC (eKYC) onboarding. For most, this is a practical choice for firms who want to digitize client intake and reduce manual identity checks.
- Best for: Firms that need a strong digital onboarding experience.
- Where it stands out: Where the priority is verifying customers quickly and securely. It can help firms replace manual document collection with a more consistent digital intake process.
- Tranche 2 Maturity Fit: Level 2 to Level 3, helping those in onboarding move to operational readiness.
- Key consideration: It is true that Jumio can support onboarding well. However, Tranche 2 firms must assess if they need risk workflows, EDD, and ongoing monitoring as well.
5. Entrust (formerly Onfido)
Entrust IDV, formerly known as Onfido, is somewhere firms can turn to specifically for document verification and onboarding fraud detection. They provide a strong IDV layer for firms that need to verify real users and lower fraud at onboarding.
- Best for: Firms that require an IDV layer before building broader AML/CTF workflows.
- Where it stands out: Entrust is best as an onboarding verification tool. It helps firms that already have internal AML/CTF processes better verify identity documents, reduce fraud, and create a smooth client intake process.
- Tranche 2 Maturity Fit: Level 2, helping those in the onboarding readiness stage.
- Key consideration: Entrust will need to sit alongside additional tools. Firms may still need risk scoring, beneficial ownership checks, and ongoing monitoring.
Case Study: The Civil Penalties from The Federal Court of Australia
The Federal Court of Australia imposed civil penalties of $50,000 AUD ($34,000 USD) against Castra Licensee Pty Ltd. and $45,000 AUD ($31,050 USD) against Princeton Securities (NSW) Pty Ltd. Both businesses failed to pay AUSTRAC infringement notices due to alleged AML/CTF act breaches.
Failing to Conduct Annual Compliance Reporting
They failed to meet mandatory reporting obligations, specifically annual compliance reporting in 2023. This AUSTRAC case matters as Australia aligned more closely with global standards from the Gruppo di azione finanziaria (GAFI). Newly regulated Tranche 2 firms need systems that support governance from day one.
Risultati
Missed AML/CTF reporting obligations escalated into Federal Court penalties.
Compliance failures are not limited to large banks or money laundering schemes.
For Tranche 2 firms, compliance software must help keep track of reporting duties, maintain evidence, and keep ownership of AML/CTF obligations visible.
Supporting Maturity with Tranche 2 Compliance Software
For Tranche 2 firms, the best test of a platform’s compliance arrangements is to see if they can support a defensible AML/CTF operating model well after the deadline. It does not boil down to how fast a document check is. It is all about how everything works together to prevent financial crime and fraud under the new regulations.
However, for Tranche 2 firms, this solution distinction is important. A provider known for identity verification may be excellent for onboarding. However, firms that need to manage ongoing AML/CTF obligations must look for risk workflows, monitoring, and case management. They also need to look to reporting controls and audit-ready evidence.
Punti chiave
Tranche 2 compliance software must help firms operate an AML/CTF program.
Verifica dell'identità is only one part of a wider AML/CTF compliance process.
Platforms must support risk assessments, monitoring, reporting, and recordkeeping.
Many credible options support different levels of Tranche 2 compliance maturity.
The strongest fit for firms seeking ongoing compliance readiness and full lifecycle AML compliance software is ComplyCube.
Update AML Programs for Tranche 2 with ComplyCube
Though 1 July 2026 has passed, Tranche 2 obligations are only just beginning. Newly regulated entities, whether they handle client funds, money transfer services, or digital assets and more, must build a strong AML/CTF program. They must make it defensible, repeatable, and scalable to protect your firm, client identities, and Australia’s financial system.
In summary, ComplyCube helps these businesses automate various compliance solutions such as IDV, CDD, AML, and KYB. Their award-winning software solution also supports beneficial ownership checks, ongoing monitoring, and risk management. If your firm needs audit-ready compliance workflows for Tranche 2, ComplyCube can help you move from manual compliance to a live program. Get in touch with our team today.

Domande frequenti
How should Australian firms choose Tranche 2 compliance software?
Australian firms must choose Tranche 2 compliance software based on factors such as customer risk profile, offered designated services, and client types. New reporting entities must also consider compliance maturity levels. Then, they can determine which solutions they need to be compliant with ongoing enhancements from AUSTRAC.
Why is IDV not enough for Tranche 2 compliance?
IDV helps confirm who a client is. However, Tranche 2 compliance needs firms to assess overall financial crime risk over the whole business relationship. This requires firms to have CDD processes, beneficial ownership checks, and sanctions or PEP screening. It also requires them to have EDD protocols in place, conduct ongoing monitoring, report suspicious matters, and keep records.
Which businesses are most affected by Australia’s Tranche 2 reforms?
Australia’s Tranche 2 AML/CTF reforms impact businesses providing newly regulated services that will impact the financial system. These include real estate professionals, legal professionals, and accountancy. Other industry associations are trust services, company services and dealers in precious metals and stones.
What is the difference between onboarding readiness and ongoing compliance readiness?
Onboarding readiness is when firm can identify clients, gather information, verify documents, and screen names. Ongoing compliance readiness refers to firms that can monitor risk changes, re-screen customers, and update records. Additionally, they are looking manage escalation, file suspicious matter reports, and evidence reviews over a period of time.
Is ComplyCube suitable for Tranche 2 compliance?
Yes. ComplyCube is suitable for Tranche 2 compliance because it supports identity verification, CDD, and KYC. They also provide additional software solutions including KYB, AML screening and ongoing monitoring. Moreover, with risk workflows, case review, and audit-ready evidence, ComplyCube is a strong option for Australian firms that need full-lifecycle AML/CTF compliance software rather than a standalone IDV tool.



