AML compliance for Australian law firms

Yes. Acting in the buying or selling of real estate is explicitly listed as a designated service in the AML/CTF Act amendments, regardless of whether your firm is a single-conveyancer practice or a national firm with a conveyancing division. The size of your trust account, the number of settlements per month, and whether you also do litigation or family law are irrelevant — once you act on a property transaction you are a reporting entity for that work, with full enrolment, CDD, program, and SMR obligations. Conveyancing-only practices typically have a narrower program (one or two designated services rather than five) but the underlying obligations are identical.

No. Legal professional privilege (LPP) and AML/CTF obligations operate in parallel — privilege protects the substance of legal advice and confidential client communications, but it does not exempt the firm from enrolling, identifying clients and beneficial owners, keeping CDD records, or reporting suspicious matters where the underlying conduct is in scope. The Act and AUSTRAC's guidance carve out genuinely privileged material from production, but that is a much narrower exception than 'we are lawyers, so we do not have to comply'. Providers built for the legal sector help you operate the overlap correctly: capturing CDD without recording privileged advice, scoping SMR content to non-privileged factual indicators, and documenting your privilege-handling protocol so a future AUSTRAC review can see your reasoning.

Across recent CompareAML matchings, sole practitioners and small firms typically stand up a basic program in 2–4 weeks, mid-tier firms in 4–6 weeks, and national or multi-jurisdiction firms in 6–10 weeks. The biggest single time variable is trust account complexity: firms with multiple controlled-money accounts, mixed practice areas, and historical client books need longer to scope CDD remediation. Starting after early May 2026 is high risk because most reputable providers stop accepting new onboardings 4–6 weeks before 1 July 2026 to protect implementation quality.

Existing clients receiving a designated service after 1 July 2026 must be brought up to current CDD standards — you cannot rely on the file note from a 2017 engagement. Most providers offer a remediation workflow that prioritises live matters first (anything settling or transacting after 1 July), then a tiered refresh of dormant or repeat clients. Trust structures, overseas clients, and PEPs sit at the top of the priority list; long-standing local individuals at the bottom. Plan for a 3–6 month remediation runway in parallel with new-client onboarding.

AUSTRAC requires a named AML Compliance Officer (AMLCO) at management level with the authority and resources to run the program. In a sole practice this is the principal by default. In small firms it is usually the managing partner or a senior partner with a compliance bent. Larger firms appoint a dedicated risk and compliance manager or a partner with a portfolio. The AMLCO does not personally perform every CDD check, but is accountable for the program, sign-off on SMRs, training, and the independent review cycle. Outsourced fractional AMLCO services are available through several CompareAML providers if no internal candidate fits.