AMLCompare
Already providing Tranche 2 services before 1 July 2026? You must enrol with AUSTRAC by 29 July 2026. New providers have 28 days from their first designated service. What the deadline actually means

The AUSTRAC compliance officer: who qualifies, and the second 29 July deadline nobody talks about

Most newly regulated businesses know about the 29 July 2026 enrolment deadline. Far fewer know there's a second, separate obligation carrying the same date: formally notifying AUSTRAC of your appointed AML/CTF compliance officer — due by the later of 29 July 2026 or 14 days after you enrol.

It's a distinct step. Enrolling gets your business into AUSTRAC's system; the compliance officer notification tells the regulator which human is accountable once you're in it. Plenty of firms that enrolled on time will miss this one purely because they assume the enrolment form covered it. It didn't.

The rule and the dates

Every reporting entity must appoint an AML/CTF compliance officer, and newly regulated Tranche 2 businesses must notify AUSTRAC of that appointment by the later of 29 July 2026 or 14 days after enrolment. So: enrolled in early July? Your notification window has likely already closed or is closing — check. Enrolling late, in August? Your clock is 14 days from whenever you actually enrol.

The trap inside the enrolment form: it asks you to nominate a primary contact. That is not the same as formally recording your compliance officer against your AUSTRAC profile. If you enrolled weeks ago and are now assuming this obligation is behind you, verify it rather than assume it — the notification is the step with the hard date attached, and it's the one that slips.

Who can actually hold the role

AUSTRAC's requirements are more practical than people fear:

  • Management level, with real authority. The compliance officer must be senior enough to actually make the business comply — to change a process, pause a transaction, escalate to the owner or board. A nominal appointment of a junior staffer creates risk rather than discharging it.
  • Fit and proper. The person needs to pass a fit-and-proper assessment covering competence, judgement and integrity. Residency requirements can also apply, so factor that in if your candidate is offshore.
  • No AML qualifications required. AUSTRAC is explicit that the officer doesn't need to arrive as an AML/CTF expert. They need the standing to do the job and the willingness to learn it — the expertise obligation is met through the training your program provides.

For a small business, the most common and entirely legitimate answer is: the owner holds the role. If you're a sole practitioner or a principal of a small firm and you meet the management-level and fit-and-proper bar, appointing yourself is often the practical option — AUSTRAC expects the role to be tailored to the size and complexity of the business, not to look like a bank's org chart.

What the role actually involves day to day

The title sounds ceremonial; the function isn't. Your compliance officer is the person who:

  • owns the ML/TF risk assessment and keeps the AML/CTF program current as the business changes;
  • is the escalation point when a customer or transaction feels wrong, and makes (or coordinates) the suspicious matter reporting call within its tight timeframes;
  • ensures customer due diligence is actually happening on every designated service, not just documented as policy;
  • keeps the evidence — training records, verification records, decisions and reasons — in a state you could produce if AUSTRAC asked;
  • reports to the governing body or owner so oversight is real rather than nominal.

If that list looks like a part-time job bolted onto a full-time one, that's because in a small firm it is. It's also the single best argument for keeping your compliance stack simple — whether that's AUSTRAC's free starter kit plus a per-check verification tool, or software that earns its subscription — because the officer's realistic capacity is a design constraint, not an afterthought.

If you've already missed the notification date

Same logic as late enrolment: the fix is action, not paralysis. Appoint the officer formally (minute it, even in a one-person business — a dated record of the appointment is evidence), complete the notification against your AUSTRAC profile, and move on to the obligations that protect you most: customer due diligence on live matters and your risk assessment and program.

If you haven't enrolled at all yet, the notification is step two of the sequence laid out in our late-enrolment guide — enrol first, then notify within 14 days. And as ever: general information, not legal advice.

Common questions

Can the business owner be the AML/CTF compliance officer?

Yes, and for small businesses it's common and often the most practical choice — provided the owner meets the management-level and fit-and-proper requirements (competence, judgement, integrity, and any applicable residency requirement). AUSTRAC expects the role to be proportionate to the size of the business.

Does my compliance officer need AML/CTF qualifications?

No. AUSTRAC's guidance is explicit that formal AML/CTF qualifications aren't required. What's required is genuine seniority and authority in the business, plus fitness and propriety. Competence gets built through your program's training obligation.

I nominated a contact when I enrolled — is that my compliance officer notification?

Treat it as no. The enrolment form's primary contact and the formal compliance officer notification are distinct, and the notification is the obligation with the deadline — the later of 29 July 2026 or 14 days after your enrolment. If you're not certain it was completed against your AUSTRAC profile, verify rather than assume.