Go Beyond Compliance

Australian-made and hosted infrastructure that turns AML/CTF regulatory burden into your competitive advantage

My-Databoss-Tranche-2-AML-Whitepaper-thmb-3

Go Beyond Compliance

Australian-made and hosted infrastructure that turns AML/CTF regulatory burden into your competitive advantage

My-Databoss-Tranche-2-AML-Whitepaper-thmb-3

Meet the moment

For decades, AML/CTF obligations fell on banks. Professional services operated outside that system – until now. From 1 July 2026, lawyers, accountants, real estate professionals and other high-value dealers will be subject to the same laws. The obligations are significant, and the systems most firms rely on today won't cut it.

Purpose-built for Tranche 2 and beyond, My Databoss helps professional firms of all sizes with infrastructure that makes compliance practical, auditable and defensible.

meet-the-challenge-1
My-Databoss-Tranche-2-AML-Whitepaper-thmb2

Whitepaper: Tranche 2 AML/CTF Reform in Australia 

What lawyers, accountants and real estate professionals must know – and how to prepare

You-are-the-new-gatekeeper-2

You are the new gatekeepers

Tranche 2 is the most significant expansion of financial crime regulation in a generation. With criminals using professional services to move, structure and legitimise money, regulators are bringing up to 100,000 Australian firms into the system as gatekeepers.

Overcome-the-burden-of-proof-2

Overcome the burden of proof

The challenge for most leaders isn't intent, it's infrastructure. Current systems are fragmented across spreadsheets, emails and third-party platforms, and won't withstand regulatory scrutiny. From a regulator's perspective, what you cannot prove may be non-compliant.

Know-who-what-and-how

Know who, what and how​

Firms become accountable for who they act for, how money flows through their services, and for proving that risks have been managed. These are legally enforceable obligations with civil, criminal and reputational consequences.

Step-up-and-take-the-lead​-3

Step up and take the lead​

Getting compliance right isn't just about avoiding penalties. Firms that build proper infrastructure now can strengthen client trust, improve efficiency and innovate with confidence. Tranche 2 is an opportunity to modernise and build a lasting competitive advantage.

The cost of getting it wrong

In Australia, non-compliance penalties can reach $22 million per breach, plus daily penalties of around $18K. AUSTRAC and FATF expect group-wide consistency and accountability. Recent enforcement actions – including CBA ($700M) and Westpac ($1.3B) – demonstrate the regulator's posture.

Non-compliance type

Financial Impact
Late or inaccurate reporting $50K–$200K per breach
System weakness or ongoing failure $1M–$30M+ potential penalties
Severe or systemic non-compliance Business-threatening enforcement

Figures based on current penalty-unit values.

 

graph_icon-1In 2023–24, the cost of organised crime to Australia grew to $82.3 billion, a sharp $13.6 billion increase from $68.7 billion the previous year.*

 

Old way
Manual processes and fragmented tools

  • Policy documents in a folder
  • Identity stored in emails
  • Risk in someone’s head
  • Ad hoc monitoring
  • Manual spreadsheet reports
  • Training by word of mouth 

New way
Integrated, end-to-end AML/CTF workflows

  • Live compliance system
  • Verified identity records
  • Documented, scored risk ratings
  • Ongoing alerts and reviews
  • Logged, timestamped reports
  • Recorded, trackable training 
Greta-Menzies-CEO

Greta Menzies

CEO

Greta is an AI and data governance expert with nearly two decades of experience delivering enterprise-scale transformation across finance, government and universities. With a strong track record in machine learning adoption and data strategy, she has led complex programs for major banks, retailers and institutions. At My Databoss, Greta has assembled a high-calibre team to execute on a bold vision: redefining secure data management for the AI era, with a platform built for scale, compliance, and global impact.

James-Murphy-COO

James Murphy

COO

James is a seasoned executive and operations leader with over two decades of experience across financial services, technology and data platforms. As a founding executive and CFO of a high-growth fintech that successfully scaled and exited to an ASX-listed company, he brings deep expertise in SaaS operations, cybersecurity, risk management and compliance. James plays a pivotal role at My Databoss, ensuring the business is built on strong operational foundations and ready to scale with integrity and confidence.

Kelly-Ryan-CGO

Kelly Ryan

CGO

Kelly RyanCGOKelly is a seasoned executive with over 20 years of experience leading major national organisations across the sports, entertainment and real estate sectors. Known for her strategic vision and commercial acumen, she has driven the growth and transformation of high-profile brands through innovation and modernisation. At My Databoss, Kelly leads market expansion and strategic partnerships, ensuring the business continues to deliver game-changing solutions that empower organisations globally.

quote-icon

We needed consistent compliance processes for every office and agent across the network, with one system that works the same way. My Databoss gives us that, as well as full confidence that we’ll be protected and audit-ready when Tranche 2 takes effect.”

Daniel O’Brien
Daniel O’Brien
Chief Executive Officer, X Commercial
quote-icon

My Databoss has transformed how we handle client identity verification and compliance. It gives us confidence that obligations are being applied consistently, without disrupting how we work.”

Rolf Howard
Rolf Howard
CEO & Commercial Litigation Lawyer, Owen Hodge Lawyers
quote-icon

My Databoss is a powerful solution that simplifies compliance across AML/CTF, privacy and cybersecurity – making life safer and easier for both professionals and clients.”

Agnieszka Szczepanik
Agnieszka Szczepanik
Founder & MD, LYRA Risk and Compliance
quote-icon

My Databoss allows us to operationalise AML/CTF requirements at scale. It gives head office oversight, clear escalation pathways and a single source of truth for identity, risk and records while keeping the process simple for agents.”

Brent May
Brent May
Chief Operating Officer (COO), DiJones
Raji_profile-1

You don’t have to figure this out alone

I'm here to help. Book a complimentary 15-minute AML risk profile assessment and I'll walk you through where your business stands today, what to prioritise and how to operationalise your obligations before 1 July 2026.

– Raji Lal, National Sales Executive

Call: 1300 512 387

FAQ_1-1

Frequently Asked Questions

Tranche 2 extends Australia's Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) laws beyond banks to professional services including legal, accounting and real estate.

Firms that provide designated services become reporting entities under the AML/CTF Act and must identify, assess and manage money-laundering and terrorism-financing risks in line with AUSTRAC requirements.

Designated services are specific activities listed in the AML/CTF Act that present a higher risk of money laundering or terrorism financing.

For professional services, this includes activities such as handling client funds, facilitating property transactions, creating or managing legal structures, or exercising authority over client assets. If a firm provides even one designated service, AML/CTF obligations apply to that scope.

Tranche 2 obligations commence from 1 July 2026. AUSTRAC enrolments are expected to open from 31 March 2026, and firms must enrol within 28 days of first providing a designated service once the regime is in effect. Monitor AUSTRAC guidance for final enrolment procedures and timelines.

Responsibility for AML/CTF compliance ultimately sits with the firm’s leadership. Firms must appoint an AML/CTF Compliance Officer with sufficient authority, independence and resources to oversee the AML/CTF Program and act as the primary contact with AUSTRAC. While tasks may be delegated, accountability cannot.

No. AUSTRAC expects AML/CTF programs to be operational and risk-based, not just documented. Policies must be supported by evidence showing how risks were identified, decisions were made, controls were applied and records were maintained. Activities that cannot be evidenced may be treated as non-compliant.

Not automatically. Tranche 2 introduces ongoing AML/CTF obligations, not just point-in-time checks. Firms do not need to re-onboard all existing clients from scratch. Existing clients may require identification and verification where a designated service is provided after commencement, or where a client's risk profile changes.

AUSTRAC expects a risk-based approach – prioritising higher-risk clients and services rather than re-verifying everyone at once.

A risk-based approach means tailoring controls to the level of money-laundering or terrorism-financing risk involved. Lower-risk clients and services may require simpler checks, while higher-risk relationships require enhanced due diligence, closer monitoring and stronger documentation. AUSTRAC expects firms to be able to explain and evidence how risk decisions were made.

If a firm provides even one designated service, it becomes a reporting entity for those activities and must comply with the AML/CTF regime for that scope. Tranche 2 applies based on what you do, not firm size or business model.

Yes. Tranche 2 applies based on whether a designated service is provided, not firm size, turnover or headcount. A sole practitioner providing a single designated service carries the same AML/CTF obligations for that activity as a large firm. Smaller firms are not exempt and are often considered higher risk if controls are informal or undocumented.

Many firms already operate under overlapping frameworks such as professional conduct rules, trust account regulations, privacy law and cybersecurity requirements. My Databoss is designed to support multiple regulatory obligations in parallel, aligning AML/CTF workflows with existing requirements so compliance is coordinated rather than duplicated. For example, conveyancers can align AML/CTF workflows with ARNECC obligations.

Many AML tools address isolated tasks such as identity verification or screening. Tranche 2 requires an end-to-end compliance system. My Databoss connects identity verification, consent, risk assessment, monitoring, training and audit records into a single system of record, helping firms demonstrate not just what they did, but when, why and how.

No. Technology cannot replace governance, leadership oversight or professional judgment. However, AUSTRAC expects firms to use systems that support consistent processes, reduce manual error and produce reliable evidence. My Databoss is designed to support and evidence compliance, not replace legal responsibility.

No. Tranche 2 represents a structural change to how professional firms manage risk, data and compliance. Firms that prepare early are better positioned to implement systems thoughtfully, train staff effectively and respond confidently to regulatory scrutiny.

Tranche 2 brings privacy and AML/CTF compliance together. Even where a firm is otherwise exempt under the Privacy Act, that exemption does not apply to AML/CTF activities. When handling personal information for AML/CTF purposes, firms must comply with applicable privacy requirements alongside their AML/CTF obligations.

This means sensitive identity and ownership information must be collected, used, stored and retained in a way that satisfies both frameworks – with appropriate security, access controls and auditability.

Under the AML/CTF Act, firms must generally retain records for at least seven years. Records must remain secure, accessible and auditable for the full retention period, even if staff change, systems are upgraded or clients disengage.

‘Tipping off’ occurs when a client is informed that a Suspicious Matter Report (SMR) has been, or may be, submitted to AUSTRAC. Tipping off is a criminal offence. Firms must have controls to ensure suspicions are escalated internally and reported appropriately without alerting the client or third parties.

* Australian Criminal Intelligence Commission, Serious and organised crime is affecting you – even if you don’t realise it, 2025