2026: A year of AML transformation for Australia and New Zealand

The key date is 31 March 2026, when reforms begin under the amended AML/CTF Act. The details are in the Act and Rules published in August 2025, with extensive guidance now available from AUSTRAC. 

The updated Act shifts from tick-box compliance to a risk-based, outcomes-focused approach. This means carrying out comprehensive risk assessments of money laundering, terrorism financing and proliferation financing risks, then implementing proportionate mitigation measures. 

In practice, you need to revise your AML/CTF programme to a risk-based model and update systems and controls in line with AUSTRAC’s new rules. Impact varies by business, so careful review of the guidance is essential. 

AUSTRAC expects evidence of meaningful progress by 31 March, not perfection. However, they will not tolerate entities that made no attempt to implement required changes. If you haven’t started yet, time is running short. 

The headline change for 2026 brings new reporting entities into the regime: lawyers and legal professionals, accountants and auditors, real estate agents and conveyancers, and dealers in precious metals and stones. 

31 March 2026 – Enrolment opens for tranche 2 entities
1 July 2026 – Compliance obligations begin 

By 1 July, tranche 2 entities must enrol with AUSTRAC, establish a risk-based programme with systems and controls aligned to AUSTRAC rules, appoint a compliance officer, and train all staff. These mirror requirements for existing reporting entities, with the key difference being you’re building from scratch rather than modifying an existing programme. 

Sector-specific guidance is expected in early 2026, and advisors are available to help. AUSTRAC expects progress by 1 July rather than perfection, but evidence of that progress is essential. 

New Zealand’s implementation offers valuable lessons: 

Setting up an effective programme requires specialised knowledge and experience. Reach out to advisors with proven expertise. Even with expert guidance, don’t expect perfection from day one. Be prepared to evolve over time—possibly years. Many New Zealand companies took years to properly embed policies, processes and systems effectively without being overly onerous. 

AUSTRAC wants programmes built to suit your specific business, not templated solutions. For businesses with multiple offices or franchisees, central control at head office or franchisor level makes sense, retaining control and preventing reliance on outposts with less expertise. A breach by a small franchisee affects your brand across the entire operation. 

Remember, your programme isn’t set and forget—continuous monitoring and adjustment is essential. 

New Zealand faces significant changes, though without the hard dates that define Australia’s timeline. 

The big change is the move from three supervisors to a single supervisor—the Department of Internal Affairs, expected on 1 July 2026. The aim is to reduce duplication, streamline supervision, and enable more consistent, risk-based oversight. 

For reporting entities moving supervisor, take this opportunity to review your programme with fresh eyes—exactly what a new supervisor will be doing. 

When the single supervisor model is passed into law, it’s likely to be accompanied by a levy on reporting entities, though implementation is expected in 2027. Several other bills are currently before parliament, with multiple changes likely to pass at different times. This means reporting entities will need to make rolling programme changes as each change is introduced. 

These changes result from the FATF mutual evaluation and regime review outputs. Whilst many will reduce ongoing burden on AML teams, introducing change always creates extra work in the short term. 

Australia’s next mutual evaluation round begins late in 2026. This was a key driver for introducing tranche 2—without it, Australia risked failing the evaluation and being grey-listed. 

Australia is among the earlier countries assessed in the fifth round. Recent reports from the first fifth-round countries—Malaysia and Belgium—are now available on the FATF website. 

The fifth round focuses much more on effectiveness. The emphasis has shifted from whether regulations exist to whether the regime actually works. There’s stronger focus on risk-based supervision, signalled in AUSTRAC’s communications over the past year. 

This filters down to reporting entities, who need to demonstrate programmes are effective, not just compliant. The tranche 2 changes take effect in July, only months before the mutual evaluation, but FATF will expect that reporting entities have implemented changes and are showing effectiveness. 

Every reporting entity is a small component in the big machine, but every component needs to play its part for the machine to work well. 

2026 brings substantial change to financial crime prevention frameworks in both countries: 

• Start now. For Australian entities, time is running out to demonstrate meaningful progress by critical dates. 

• Build for your business. Templated solutions won’t satisfy regulators. Understand your specific risks and tailor your approach. 

• Learn from others. New Zealand’s tranche 2 journey shows the time and effort required to embed effective programmes. 

• Prepare for evolution. Both countries are signalling ongoing regulatory development. Build adaptable programmes and maintain awareness. 

• Focus on effectiveness. FATF’s fifth-round emphasis on outcomes means demonstrating your programme actually works, not just that it exists. 

These changes represent a genuine opportunity to strengthen financial crime prevention capabilities whilst building more proportionate, risk-focused compliance frameworks.

This blog is based on the January 2026 episode of ThirdEye View, hosted by Jing Zhang, Business Development Manager, and Colin Dixon, CAMS-certified AML Solutions Specialist at ThirdEye. Colin has been with ThirdEye since its inception in 2012 and works closely with clients to help them maximise their platform capabilities.