Skip to content Omitly is launching soon — join the waitlist →

AML/CTF Tranche 2 · plain-language explainer · current as at 1 July 2026

Tranche 2 is about to change how firms handle documents.

From 1 July 2026, Australia's AML/CTF obligations reach professional-service firms. Here's what that means in plain language — and where verifiable redaction helps you meet your record-handling obligations.

Where Omitly helps

Omitly supports the record-handling and destruction expectations Tranche 2 introduces. It removes sensitive content from a document for real, independently confirms the content is absent, and writes a tamper-evident, per-region audit report — on your machine, with nothing uploaded.

Omitly produces a tamper-evident certificate that the redacted content is not present in the output document and that the document has not been altered since. This is a technical artifact about a single output file. It is not proof that the information has been destroyed across your other records, drafts, email, or backups, and it is not a determination that you have met any specific legal obligation — that remains your responsibility and, where relevant, your lawyer's.

Nothing leaves your machine

Omitly makes no network calls while it redacts — turn off Wi-Fi and it still works. Cloud redaction puts privileged and KYC documents in a third party’s possession; with Omitly there is nothing to upload and nothing to waive.

A certificate you can hand over

Every redaction produces a tamper-evident certificate, signed on your machine, showing the sensitive content is absent from the output document and that the file has not been altered since. It records a per-region audit report and cryptographic digests of the exact input and output files. “We redacted it” becomes a signed artifact you can give a regulator, court or client.

Catch cosmetic redaction before you send

Omitly’s free leak-check reads a redacted PDF and flags content still recoverable underneath the black boxes — the failure that has exposed firms who only drew a box over the text. Redaction removes the underlying data, not just hides it.

Independently verifiable — offline, by anyone

Any recipient can independently verify a certificate — confirming the redacted content is absent and the file is intact and unaltered — for free and offline, using the published verifier and Omitly’s public key-endorsement chain. An external reviewer of your AML/CTF program can check a redaction certificate without trusting your word — or ours.

The facts, dated

Current as at 1 July 2026. Every statement below is sourced to the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth) or AUSTRAC guidance — see Sources. AUSTRAC guidance is updated over time; check the sources for the current position.

Obligations commence 1 July 2026

New AML/CTF obligations for captured Tranche 2 entities commence on 1 July 2026. Source: Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth) and AUSTRAC guidance.

Enrolment opened 31 March 2026

AUSTRAC enrolment for newly captured entities opened on 31 March 2026; newly captured firms must enrol by 29 July 2026. Source: AUSTRAC.

Capture is by activity, not job title

You are captured if you provide a 'designated service' with a geographical link to Australia, in the course of carrying on a business — not because of what your role is called. Source: the Amendment Act 2024 (Cth).

Legal professional privilege is preserved in certain circumstances

AUSTRAC states that nothing in the amended Act affects a person's right to refuse to give information or produce a document on the grounds of legal professional privilege (in effect from 1 July 2026). Where your obligations and privilege interact, that boundary is a question for your firm and its advisers. Source: AUSTRAC.

Questions

What is AML/CTF Tranche 2?

Tranche 2 extends Australia's Anti-Money Laundering and Counter-Terrorism Financing regime to 'designated services' provided by professional-service businesses — including many law firms, accountants and real-estate professionals. Obligations for captured entities commence 1 July 2026 (current as at 1 July 2026). It is defined by the activity you perform, not your job title.

Will my firm be compliant just by using Omitly?

No — and be wary of any tool that says it does. Omitly is software, not a compliance program. It supports the record-handling and destruction expectations Tranche 2 introduces by removing sensitive content from a document for real and producing tamper-evident, audited proof of what was removed. In short: tamper-evident proof that the redacted content is absent from this document — not a determination of legal compliance, and not a claim about your other copies or backups. Whether your firm meets its obligations is a determination for you and your advisers.

How does verifiable redaction help with record-handling obligations?

When you must share, retain or dispose of a document, Omitly removes the underlying data (not just covers it), independently checks the content is absent, and writes a signed, per-region audit report. That turns 'we redacted it' into evidence you can hand to a regulator, court or client — produced on your machine, with nothing uploaded.

Is this legal advice?

No. This page is general information, not legal advice, and does not determine whether any obligation applies to you. Cite the primary instrument and take your own advice.

This page is general information, not legal advice. It does not determine whether any obligation applies to you, and Omitly is a tool that helps you meet obligations, not a substitute for advice. Cite the primary instrument — the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth) — and AUSTRAC guidance, and take your own advice. Current as at 1 July 2026.