and the IT Changes Required
Part 2 of the 5 part series: Future-Proofing Your Conveyancing Practice
The Australian Government is preparing to bring conveyancers into the AML/CTF (Anti-Money Laundering and Counter-Terrorism Financing) regime for the first time. “Tranche 2” entities will be subject to new regulations from the 1st of July 2026. These reforms will ransform the way conveyancers manage client information.
While the legislation focuses on preventing money laundering, the practical reality is that most obligations fall heavily on IT systems, data security, and digital record management.
What AML/CTF Will Mean for Conveyancers
While the final wording is pending, the government has already outlined the core requirements.
Conveyancers will be expected to:
Conduct mandatory Client Due Diligence (CDD)
You will need to verify:
- Identity
- Source of funds (in some cases)
- Beneficial ownership
Retain CDD records securely for 7+ years
This is a major IT burden. Scans and emails won’t cut it. This will require not only secure storage, but also secure (and tested) backups.
Ensure data integrity and protection
AUSTRAC will expect reasonable cyber controls to prevent:
- ID theft
- Record tampering
- Fraudulent transactions
Demonstrate compliance during audits
This includes showing:
- Logs
- Procedures
- Access controls
- Secure storage
- Evidence of staff training
Where Conveyancers May be Underprepared
- Identity documents stored in email or shared drives: This violates the principles of secure storage under AML/CTF
- No consistent system for tracking CDD records: Many practices rely on ad-hoc emails or PDFs, which will not meed audit standards
- Backup systems not adequate for long-term compliance: AML/CTF requires records to be accessible, untampered with, and encrypted. This eliminates simple cloud-sync solutions.
- Limited logging of access to client data: Regulators will expect a clear audit trail
The IT Changes Conveyancers Need to Plan for Now
A secure, centralised CDD record system
With:
- Encrypted storage
- Access controls
- Activity logging
- File retention management
- MFA protection
Email hardening & secure communication channels
Attackers are specifically targeting identity documents and insecure email conversations.
Reliable, verifiable backups
Which need to be:
- Daily
- Automated
- Offsite
- Immutable (unable to be changed)
Staff training and written cybersecurity policies
AUSTRAC will expect documented procedures.
Note that there is also an opportunity to stand out from the crowd here, and offer white-labelled cybersecurity training (under your branding) to your clients. This has the potential to change the AML/CTF compliance obligations from a burden into a marketing opportunity.
Why This Protects Your Business
AML/CTF isn’t just regulatory overhead – it will dramatically reduce your exposure to:
- Identity theft
- Fraudulent bank details
- Intercepted settlement instructions
- Mismanagement of client ID documents
Most cyber insurance policies will likely soon require these controls as well.
Final Thoughts
The impending AML/CTF changes will require conveyancers to operate with higher standards of data security and record-keeping. The sooner your systems are modernised, the easier compliance will be.
We provide an AML/CTF Readiness Assessment specifically for NSW conveyancers to identify gaps and plan your compliance roadmap. Get in touch to find out more.
Stay safe out there, and watch out for the next post in this series – AI for Conveyancers: Practical, Safe Uses you can Implement Today
Comments are closed