Obsidia — AML/CTF Tranche 2 Compliance

What Tranche 2 means

For the first time, your firm is a reporting entity. The obligations are real and the clock is running.

Tranche 2 of Australia's AML/CTF Act captures professional services firms — law firms, accountants, real estate agents, and other designated service providers — who have never previously been subject to these obligations.

Your firm now needs a documented AML/CTF program, customer due diligence processes for every new client, a mechanism to identify and report suspicious matters to AUSTRAC, mandatory staff training with records to prove it, and seven years of compliance documentation.

The penalties for non-compliance are significant — and AUSTRAC has made clear it intends to enforce.

Who is captured

⚖️ Law firms

🧾 Accounting firms

🏠 Real estate agents

💎 Dealers in precious metals & stones

🤝 Trust and company service providers

The six obligations

Every obligation covered. Every step guided. Every decision documented.

Obsidia's AML/CTF workflow packs walk your team through every requirement — with AI assistance at each step and a full audit trail behind every decision.

Obligation 1

AML/CTF Program

Firms must implement and maintain a documented AML/CTF program tailored to their risk profile — covering governance, risk assessment, controls, and review processes.

Structured workflow packs guide your team through every element of your program — from risk assessment through to board approval and annual review cycles.

Obligation 2

Customer Due Diligence

Know Your Customer requirements apply before and during the client relationship — with enhanced due diligence for higher-risk clients and ongoing monitoring throughout.

Document search and indexed client records make CDD faster, consistent, and fully auditable. Enhanced CDD workflows flag higher-risk profiles automatically.

Obligation 3

Suspicious Matter Reporting

Firms must identify suspicious matters, assess them against reporting thresholds, and submit accurate reports to AUSTRAC within required timeframes.

AI-assisted review of flagged matters against your policies and reporting obligations — structured assessment every time, with documentation to show your reasoning.

Obligation 4

Staff Training

All relevant staff must be trained on AML/CTF obligations — and the training must be documented, current, and updated as requirements evolve.

Guided training workflows ensure every staff member understands their obligations. Training records are automatically maintained — always audit-ready.

Obligation 5

Record Keeping

Detailed records of transactions, CDD decisions, and compliance activities must be maintained for seven years and producible on request.

Full audit trail on every query and interaction — every compliance decision logged, timestamped, and searchable. Always audit-ready, no manual effort required.

Obligation 6

Ongoing Risk Assessment

Regular risk assessments must be conducted and documented as the business and regulatory landscape evolves — typically at least annually.

Structured risk assessment workflow packs for regular review cycles — consistent methodology, fully documented, and defensible to a regulator.

AML/CTF Compliance Pack

Every stage of your compliance lifecycle — covered.

Obsidia ships with thirteen purpose-built AML/CTF workflow packs. Structured inputs, AI assistance between steps, human sign-off throughout.

13 workflow packs included in the AML/CTF Compliance Pack

AML/CTF Program

Draft and review your AML/CTF program tailored to your firm's risk profile, governance structure, and designated services.

ML/TF Risk Assessment

Assess your firm's money laundering and terrorism financing risks across client types, services, geographies, and delivery channels.

AUSTRAC Annual Compliance Report

Prepare your annual compliance report — structured, complete, and ready for AUSTRAC submission.

Customer Due Diligence (CDD)

Complete customer due diligence for new clients — standard and enhanced — with documented outcomes at every step.

SMR Drafting Assistance

Draft Suspicious Matter Reports for AUSTRAC — accurate, structured, and submitted within required timeframes.

Sanctions Screening & PEP Monitoring

Screen customers against sanctions lists and politically exposed person registers — consistent process, documented outcome.

Transaction Monitoring Review

Analyse transactions for suspicious patterns — AI-assisted review against your risk indicators, with severity rating and escalation path.

Threshold Transaction Report (TTR)

Prepare Threshold Transaction Reports — structured capture of reportable transactions for AUSTRAC lodgement.

Staff Training and Competency

Generate training materials and competency assessments for staff AML/CTF obligations — completion records automatically maintained.

Regulatory Change Impact Assessment

Assess the impact of regulatory changes on your AML/CTF program — structured review, documented remediation actions.

Independent Evaluation Preparation

Prepare for independent AML/CTF evaluations — compile evidence, identify gaps, document your compliance posture.

Privacy Act Compliance for AML/CTF Data

Generate a Privacy Impact Assessment for your AML/CTF data handling — maps personal information flows, identifies privacy risks, and documents controls so AUSTRAC obligations don't conflict with Privacy Act requirements.

Periodic Client Re-verification

Conduct periodic AML/KYC re-verification on existing clients — refresh CDD records, screen against current sanctions and PEP lists, and document the outcome for audit.

AML/CTF prompt pack

Ready-to-use prompts for the work your compliance team actually does.

Workflow packs run end-to-end processes. The AML/CTF prompt pack is the lighter-weight companion — battle-tested prompts your team can fire into any chat for fast, accurate results without having to learn prompt engineering.

›

"Draft an SMR for AUSTRAC based on these transaction notes — include the suspicion grounds and reference our reporting policy."

›

"Generate a CDD checklist for a high-risk corporate client with offshore beneficial owners, aligned to our risk-based approach."

›

"Produce a Tranche 2 staff training summary for our quarterly session — cover key obligations, red flags, and reporting paths."

›

"Screen this client list against current sanctions and PEP databases — flag matches with the source list and confidence level."

The promise

Compliance that holds up — not just ticks boxes.

Obsidia is a production-grade platform with a team behind it. Every engagement includes ongoing support as the regulatory landscape evolves — so your program stays current without you having to rebuild it from scratch.

Your data never leaves your environment. Every compliance decision is logged, timestamped, and auditable. Nothing trains external models.

That's not a feature — it's the foundation.

← Back to Obsidia

🔒

Data never leaves your environment

No external model training. No data retention.

🇦🇺

Hosted in Australia

Australian Privacy Act compliant. Sydney infrastructure.

📋

Full audit trail

Every compliance decision logged and timestamped.

🛡️

Enterprise-grade edge security

WAF, DDoS mitigation, bot protection, rate limiting.

The compliance burden on professional services firms just got significantly heavier.

For the first time, your firm is a reporting entity. The obligations are real and the clock is running.

Every obligation covered. Every step guided. Every decision documented.

Every stage of your compliance lifecycle — covered.

Ready-to-use prompts for the work your compliance team actually does.