The long-anticipated Tranche 2 reforms to Australia’s Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) regime are finally taking shape. For SMEs operating in the superannuation industry, the changes represent both a challenge and an opportunity. The new obligations, aimed at bringing professional service providers—including lawyers, accountants, and trust and company service providers—within the scope of the AML/CTF Act, are expected to enhance financial system integrity. But for small to medium-sized enterprises (SMEs), particularly those offering niche or technology-enabled superannuation services, the road to compliance will require careful planning.

If you’re an SME business owner in the superannuation space, here’s a breakdown of what your priorities should be:

1. Understand Your Likely Obligations

Although the final legislation is still pending, draft proposals indicate that certain superannuation-related activities may be caught under the Designated Non-Financial Businesses and Professions (DNFBP) category. These may include:

• Establishing or managing superannuation funds for clients.
• Acting as a trustee or service provider for SMSFs (Self-Managed Super Funds).
• Offering advice or administration services related to wealth management vehicles.

Priority Action:
Stay updated on Treasury consultations and AUSTRAC releases. If your business handles fund structures, transactions, or customer onboarding, it’s likely you’ll be impacted.

2. Conduct a Gap Analysis Now

Conduct a comprehensive review of your current risk and compliance posture. Many superannuation SMEs already implement some level of Know Your Customer (KYC) due diligence, especially if integrated with fintech or regtech providers. However, Tranche 2 will likely introduce:

• Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) requirements
• Ongoing monitoring of transactions
• Suspicious matter reporting to AUSTRAC
• Record keeping obligations

Priority Action:
Compare your existing processes against AUSTRAC’s requirements for reporting entities. Engage a compliance consultant or use AUSTRAC’s SME compliance guide to evaluate gaps.

3. Build or Adapt Your AML/CTF Program

Under the AML/CTF Act, reporting entities must have a tailored AML/CTF Program. This includes:

• Part A: Risk assessment, governance, employee due diligence, and training.
• Part B: Customer identification procedures (KYC/CDD).

As a superannuation SME, you’ll need a risk-based program aligned to the specific threats in your operating model. The complexity of your fund structures, customer base, and digital onboarding will all influence your approach.

Priority Action:
Start developing your AML/CTF Program in draft now. Engage your leadership team in workshops to map high-risk areas and define escalation points.

4. Engage Your Stakeholders

Your compliance success depends on buy-in—from your staff, investors, technology partners, and clients. Internally, your teams need to understand what’s changing and why. Externally, you'll need to ensure that your vendors (especially if using white-labeled platforms or outsourced administration) are compliant too.

Priority Action:

• Run a stakeholder impact analysis.
• Initiate conversations with key suppliers and legal advisors.
• Begin training frontline and operational staff.

5. Technology and Automation for Compliance

As a lean business, manual compliance will not scale. With Tranche 2, you’ll likely need systems that can:

• Verify customer identity at onboarding
• Monitor transactional behaviour
• Trigger alerts and manage suspicious activity reports
• Maintain secure recordkeeping for AUSTRAC audit

Priority Action:
Explore regtech vendors that offer AML/KYC capabilities suited for SMEs in the wealth and super sectors. Look for integration-friendly platforms that support API-based workflows and modular compliance features.

6. Budget and Resource Planning

AML/CTF compliance comes at a cost—but non-compliance costs more. Penalties, reputational damage, and legal risks can derail growth. Tranche 2 is not expected to exempt smaller players, so it's important to factor compliance into your FY26 budget.

Priority Action:

• Create a Tranche 2 compliance budget.
• Consider appointing a Compliance Officer or allocating this function within your leadership team.
• Include allowances for legal review, technology upgrades, and staff training.

7. Prepare for Reporting and Governance

Once you’re a reporting entity, you’ll be subject to AUSTRAC reporting obligations, including:

• Suspicious Matter Reports (SMRs)
• Threshold Transaction Reports (TTRs)
• Annual Compliance Reports

You’ll also be required to maintain an audit trail of your AML/CTF activities.

Priority Action:
Develop a compliance calendar and reporting templates in advance. Assign roles and responsibilities internally to ensure readiness from day one.

Final Thought: Act Early, Avoid the Scramble

Tranche 2 represents a critical shift for Australia’s regulatory landscape. While compliance may feel daunting—especially for SMEs—it’s also a chance to strengthen your business's credibility, reduce fraud exposure, and stay ahead of the curve.

By acting early, engaging your teams, and investing in the right tools, you can turn Tranche 2 into a competitive advantage. The clock is ticking, but proactive preparation will help you thrive under the new regime.

‍