What external parties do we need to engage for AML/CTF readiness?

Several operational readiness tasks may depend on someone outside your business. They can't always be rushed or delegated away entirely:

• External lawyer - to update your employment contracts, position descriptions, Privacy Policy, Privacy Collection Notice, and Appointment to Act / Engagement Letter. Allow 3-6 weeks for legal review.
• AUSTRAC - registration with AUSTRAC Online must be completed directly by you (not by easyAML or any compliance platform) before your obligations commence. Allow time to create the account, identify your designated services correctly, and complete the process.
• PMS / IT vendor - for any changes to your practice management system: adding AML fields, recording KYC/KYB cost disbursements, updating matter opening checklists, setting trigger points for CDD.
• Accountant - to update your billing system if you're passing KYC/KYB costs on to clients, and to set up your chart of accounts to track verification and compliance costs separately.
• Insurance broker - to notify your PI insurer of the material operational change and confirm policy response. Many policies require notification, and silence can affect future claims. Your broker should also be checking whether your sum insured remains appropriate.

As Tranche 2 firms across Australia work through these dependencies simultaneously, vendor and adviser timelines stretch through mid-2026. Starting early is the only way to avoid the bottleneck.

Full detail and timing guidance in our Operational Readiness Checklist, Part 1, Section 2.

Related articles

• Glossary: Key Terms & Definitions
• What Does AML Compliance Cost My Business?
• What additional AML readiness considerations apply to medium and large firms?
• What operational tasks does my business need to do beyond setting up easyAML?
• Who in my business needs to make decisions before we can start preparing for AML/CTF?