AML/CTF
“AUSTRAC Will Go After the Big Firms First” Is a Costly Myth: AML/CTF Compliance Risks for Small Accounting FirmsÂ
Â
It is the most common reason small accounting firms give for delaying their AML/CTF implementation.Â
"AUSTRAC will go after the big firms first. We are a small practice. We are not on anyone's radar."Â
It is understandable. It feels logical. And it is wrong in ways that matter enormously.Â
Here is the reality that every small and medium accounting firm principal in Australia now needs to confront.Â
What AUSTRAC has actually saidÂ
AUSTRAC has been publicly explicit about its expectations for newly regulated entities. The regulator does not expect perfection on day one. What it does expect is genuine, proactive effort to understand and manage money laundering and terrorism financing risk.
That expectation, genuine, proactive effort, applies to every reporting entity.
Not just the large national firms. Not just the firms with specialist compliance teams and dedicated legal resources. Every reporting entity that provides designated services, regardless of size, revenue, number of partners, or geographic location.
A sole practitioner providing trust establishment services is a reporting entity.
A two-partner regional firm providing outsourced CFO work is a reporting entity.
A suburban practice with forty designated service clients and no dedicated compliance function is a reporting entity.
Size is not a shield. It is not a defence. It is not even a mitigating factor if the firm has made no genuine effort to implement its obligations.Â
The regulatory enforcement realityÂ
It is true that regulators in any sector tend to prioritise their enforcement resources strategically. Larger entities often receive earlier and more intensive scrutiny simply because the systemic risk they represent is greater.Â
But that observation misses several critical points for small accounting firms.
First, AUSTRAC's approach to newly regulated entities is not primarily enforcement-focused in the early period. It is supervision and education-focused. That means AUSTRAC is actively engaging with firms, including small firms, to assess their compliance posture. A small firm that has made no effort to implement its obligations is not invisible. It is non-compliant.
Second, the AML/CTF regime is not only enforced by AUSTRAC. Professional indemnity insurers, the Tax Practitioners Board, and the courts all operate in the same space. A client dispute, a professional indemnity claim, or a referral complaint that surfaces a firm's AML/CTF compliance position can expose gaps that AUSTRAC was not specifically looking for.
Third, the obligation does not scale with firm size. The required standard is the same whether the firm has two partners or two hundred. A small firm that cannot demonstrate genuine compliance effort is in the same legal position as a large firm with the same failure, the size of the firm is not a variable in the statutory obligation.
The greatest risk may not be AUSTRACÂ
Here is the part most small firm principals have not considered.
The greatest compliance risk for a small accounting firm in the AML/CTF space may not be a direct AUSTRAC investigation at all.
It may be a client who disputes a decision the firm made, or did not make, in relation to a transaction.
It may be a professional indemnity claim arising from an engagement where the firm's failure to apply AML/CTF controls contributed to a loss.
It may be a referral to the Tax Practitioners Board from a client who was disengaged, with the complaint touching on the firm's processes and the adequacy of its compliance systems.
In any of those scenarios, the question that will be asked is not "did AUSTRAC investigate this firm?" The question will be "can this firm demonstrate that it was operating a genuine AML/CTF compliance program?"
No program. No evidence. No defence. Â
Â
The professional reputation dimensionÂ
There is another dimension to this that goes beyond regulatory risk.
The accounting profession is built on trust. Clients trust their accountants with sensitive financial information, significant transactions, and consequential decisions. That trust is the foundation of every client relationship and every referral network.
A firm that is publicly associated with an AML/CTF compliance failure, whether through a regulatory action, a professional indemnity claim, or a client dispute, suffers reputational damage that is difficult to recover from in a profession where reputation is everything.
The firms that implement their AML/CTF obligations properly are not just managing regulatory risk. They are protecting the professional reputation that their client relationships depend on.
The "we are too small" assumption in practice
Consider what the "we are too small" assumption looks like in practice.
A small firm decides not to invest in AML/CTF training and implementation because it believes AUSTRAC will focus on larger practices. It continues operating as it always has: no formal CDD workflow, no beneficial ownership verification, no monitoring system, no updated engagement letters, no training evidence.
Eighteen months after 1 July 2026, one of the firm's clients is involved in a dispute with a business partner. In the course of that dispute, it emerges that the firm facilitated a restructure for that client without conducting any AML/CTF controls. The firm had no idea the client's business partner had a history of financial fraud.
The firm's engagement letter does not give it the right to access or disclose information. Its file contains no CDD records, no risk rating, and no beneficial ownership documentation. Its staff have received no formal AML/CTF training.
At that point, the question of whether AUSTRAC was watching becomes largely irrelevant.
The obligation is the same. The consequence is the same.
Every accounting firm providing designated services is a reporting entity under the AML/CTF regime.
Every reporting entity has the same obligations: a written program, a compliance officer, customer due diligence, ongoing monitoring, staff training, record keeping, and suspicious matter reporting.
Every reporting entity that fails to meet those obligations faces the same legal exposure, regardless of size.
The "we are too small" assumption is not a risk management strategy. It is a rationalisation for inaction. And in a regulated environment with hard deadlines and real consequences, inaction is its own form of risk.
What small firms should do instead
The good news for small accounting firms is that meeting these obligations does not require a large compliance team or a dedicated legal department.
It requires a structured, practical, implementation-ready approach: a clear framework, operational tools, trained staff, and documented evidence.
That is achievable for firms of any size. But it requires the decision to act, and it requires that decision to be made now.
The obligations are already in force, and every day without a program is a day of exposure. The firms that act now will be operationally compliant. The firms that wait will be explaining why they did not.Â
Best Practice Group delivers a turnkey AML/CTF Tranche 2 Training and Certification Program designed specifically for public accounting firms. It includes a complete compliance playbook, two live implementation sessions, 16 operational templates, mandatory compliance assessments, and two certificates per participant issued by Best Practice Group.Â
Your AML/CTF obligations are live now. If your firm still needs to get operational, the time to enrol is now.
👉 Register for the AML/CTF Tranche 2 Training Program
👉 Get the Free AML Playbook
Or contact us directly:
đź“§Â team@bestpracticegroup.com.au
📞 1300 274 636
This article is general guidance only and does not constitute legal advice. Firms should confirm their specific obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and seek independent legal advice where required.
"Are You Reporting Me to AUSTRAC?" What Your Compliance Officer Must Say (And What They Must Never, Ever Say)
Coming Soon