AML/CTF Rules 2025: Reporting groups for law firms

Disclaimer: The content on this website is general and is not legal advice. Before you make a decision or take a particular action based on the content on this website, you should check its accuracy, completeness, currency and relevance for your purposes. You may wish to seek independent professional advice.

Understanding AML/CTF Rules 2025 Part 2: Reporting groups, and what it means for the law sector

From July 2026, Australian law firms will face AML/CTF obligations for the first time, including a new concept called reporting groups.

A reporting group allows multiple firms to operate under one AML/CTF Program, led by a nominated entity. The idea is to reduce duplication, centralise compliance expertise and make it easier for connected or allied firms to meet their obligations.

Reporting groups for law firms

Law firms must decide whether to manage compliance independently or collectively, and carefully select a lead entity with the authority and capacity to oversee the program.

Reporting groups streamline processes like customer due diligence, staff training, and regulatory reporting, but also concentrate accountability, meaning non-compliance in one firm can affect the entire group. Early planning and clear governance are essential to balance efficiency with regulatory responsibility.

For law firms, this raises immediate questions:

• Should compliance be managed independently, or combined across offices or networks?
• Who should act as the lead entity, and what authority would they need?
• How would liability and governance work in practice?

Reporting groups can provide efficiency and consistency, but also create new layers of accountability and risk.

What is a reporting group?

A reporting group is a set of firms that agree to follow one AML/CTF Program under a lead entity. There are two models:

• Business group: Firms already linked by ownership or control (e.g. an incorporated practice with subsidiaries).
• Election group: Independent firms choosing to partner for compliance (e.g. mid-tier firms in a national alliance).

The lead entity must be nominated in writing, not be controlled by another AML-regulated entity, have authority to set AML/CTF policy for the group, and be incorporated or resident in Australia.

Why it matters for law firms

Reporting groups are relevant for law firms because of:

• National practices: State-based partnerships may want centralised compliance but will need to reconcile different intake and governance processes.
• Partnership dynamics: Federated firms that share a brand but not a balance sheet may find agreeing on one AML program exposes tensions around autonomy.
• Multi-discipline practices: Firms with separate property, corporate, and private client entities must decide whether risk can be managed consistently.
• International ties: For firms aligned to a UK LLP or global Swiss verein, the Australian arm must still meet Australian rules, even if global frameworks differ.
• Client privilege: Shared programs must respect privilege and confidentiality across jurisdictions.

Practical examples

• Incorporated practice with subsidiaries: A mid-sized firm with separate corporate, family and property divisions form a business-based reporting group with the parent company as lead setting one AML/CTF Program across all divisions.
• National partnership: Five state-based partnerships under a shared brand agree to form an election-based group. One office is nominated as lead, creating consistency across the network.
• Alliance of boutiques: Independent specialist firms in a referral network consider an election group, but must test whether one Program can serve diverse risk profiles.

Operational reality

Reporting groups affect day-to-day practice, not just governance:

• The lead entity designs and maintains the AML/CTF Program for all members.
• Verification, staff due dilgence, and training requirements must be standardised.
• Failures in one office expose the group.
• Customer due diligence (CDD) timeframes apply group-wide:
  • Property transactions: Up to 15 calendar days or settlement, whichever is earlier.
  • Other matters: Up to 20 business days.
• Joining and leaving follow strict rules.
• Reliance requires a written agreement.
• AUSTRAC must be notified of membership changes.

Governance and liability considerations

Joining a reporting group means a firm no longer sets AML/CTF obligations in isolation. The lead entity’s Program applies across all members, creating efficiencies but also shared risks.

Lead responsibility: The lead entity’s AML/CTF Program applies to all members. This reduces duplication but removes flexibility for firms. Authority, liability and dispute processes must be clear.

Shared liability: AUSTRAC can sanction a non-compliant office, but the lead remains accountable for the Program as a whole.

Oversight: The Program must include regular reporting to the lead’s governing body and cover every member.

Staff checks and training: Group-wide standards apply to all offices. Offices cannot set lighter requirements independently.

Independent evaluation: At least every three years, the group Program must be reviewed independently, with findings reported to the lead’s governing body.

Reporting obligations: The Program must ensure accurate suspicious matter, threshold transaction and international funds transfer reporting, with safeguards against tipping-off.

Joining and leaving

• Joining: New members require the lead’s consent. If one entity in a business group joins, all related entities are automatically included.
• Leaving: If one member of a business group exits, the entire group exits. If the lead withdraws, all members must be notified and a new lead appointed within 28 days.

For law firms, this means mergers, acquisitions, and partnership splits can trigger automatic compliance consequences.

Practical guidance for law firms

Step 1: Map your structure
Identify all related entities and networks that could fall within a reporting group.

Step 2: Assess suitability
Weigh whether a group Program would reduce duplication or whether independence would preserve control and limit exposure.

Step 3: Identify a lead entity
Ensure it meets eligibility rules and has the operational capability, ideally a dedicated AML team.

Step 4: Update governance frameworks
Partnership or alliance agreements should spell out the lead’s authority, liability allocation and exit processes.

Step 5: Standardise workflows
Align client intake, verification and recordkeeping. Confirm systems can handle CDD deadlines and reliance requirements.

Step 6: Train staff
Training should cover AML fundamentals, reporting group rules, CDD deadlines and reliance protocols

Immediate next steps

• Begin partner discussions on whether to operate independently or within a reporting group.
• Nominate a compliance leader to coordinate planning.
• Engage with alliance partners about their approach to the new rules.
• Prepare plain-English staff communications on reporting groups, CDD timing and reliance.
• Seek legal advice to ensure governance and liability arrangements are sound.
• Review technology platforms to confirm they can support a shared AML/CTF Program.

Conclusion

Reporting groups are a central feature of the AML/CTF Rules 2025. For law firms, they offer opportunities to reduce duplication and share resources, but they also concentrate accountability and extend liability across every member.