How to avoid Frankenstein AML stacks in the legal setting

Australia's legal profession is about to enter new territory. Tranche 2 reforms will soon bring law firms into the regulated fold. But, once again, Australia is the lucky country. Introducing the reforms now presents a rare opportunity.

Unlike law practices in other countries that scrambled after legislation hit, law practices in Australia can learn from global examples and design AML tech stacks that are fit-for-purpose from day one.

The worst mistake seen in overseas legal practices? Using a piecemeal approach.

Many overseas firms layered biometric tools on top of practice management systems (PMSes), plugged screening tools into document stores and patched together workflows in SharePoint or spreadsheets. The result was, what we refer to as, a “Frankenstack”: bloated, brittle and impossible to scale - especially once complex clients or foreign entities come into play.

Most firms didn’t plan to build a Frankenstein stack - they just added what was missing at the time.

Now's a window of opportunity to do it right from the outset.

Avoiding legacy mistakes

If your current tech setup includes a PMS, a conflict check tool and a document store, you’re halfway to operational efficiency, but AML is a separate layer. Without a structured workflow and supporting technology for identifying beneficial owners, verifying identity and escalating red flags, practices often end up relying on disconnected or manual steps that fall apart under scrutiny.

And while checking an individual client’s ID is straightforward, that approach doesn't hold when onboarding a discretionary trust, a family office with multiple stakeholders, or a foreign shareholder. These are the moments where patchwork AML tech stacks tend to unravel.

It’s not the passport check that causes problems. It’s the offshore shareholder, the family trust, or the client-of-the-client scenario.

The pre-regulation patchwork

Here’s a real example of an AML Frankenstack approach from a law practice in the UK:For this practice it was manageable - until it isn’t.

Think in workflows, not just tools

It’s easy to focus on the front-end experience: collecting a passport, ticking a box. But without structured, back-end workflows, things break quickly. Who reviews red flags? Who triages screening failures? What happens when a scanned trust deed arrives in someone’s inbox? And importantly, what happens when legislation changes?

While the front-end dazzles, the back-end infrastructure crumbles. Good compliance isn’t just about a smooth intake form. It’s about what happens next.

A robust AML process doesn’t rely on individual judgment at each step. It’s a coordinated flow; from data collection to decision-making, with clear handoffs, audit trails and accountability. Great AML stacks enable these workflows, not dictate or break them.

Avoiding the custom-build trap

Some firms try to build their own AML workflows - either by hiring developers to hard-code logic into their PMS or even a bespoke AML system. Or, more often, they'll use no-code tools to cobble something together with forms, fields and spreadsheets. Both sound flexible. But in practice, they introduce hidden complexity, technical debt and ongoing maintenance challenges.

The smarter alternative is a configurable AML layer - designed to slot into your client intake and matter opening flow. Instead of rebuilding the process every time a new client type, structure or jurisdiction comes along, you simply update rules and adapt workflows to suit.

Conclusion

Australian law firms are fortunate in that they have a window of opportunity to learn from others to build AML infrastructure designed for the way legal matters unfold. Done right from the start, Australian law firms can avoid the allure of bolt-on fixes and have an audit-ready compliance layer that doesn't introduce operational or technical debt for years to come.