The cost of cobbled compliance: Why accountants should avoid an AML "Frankenstack"

Tranche 2 will soon bring AML regulation to accounting firms. Many firms overseas tried to patch compliance into their existing systems with ID tools, spreadsheets and email chains. It worked for a while, then broke under pressure.

Australian firms have a rare opportunity to get it right from the start: choose a structured, scalable AML tech stack that supports complex clients, changing rules and real operational workflows.

Accountants aren’t yet regulated for AML in Australia but as of 1 July 2026 that will change. Tranche 2 reforms will extend AML obligations to the profession and firms that act now will be ready to go on day one, rather than scrambling.

The good news? You don’t have to make the same mistakes others did. Overseas firms, when faced with similar changes, bolted AML requirements onto existing systems: spreadsheets for risk ratings, email for document collections, ad hoc EIV tools for ID checks. 

The result was, what we refer to as, a “Frankenstack”: bloated, brittle and impossible to scale - especially once complex clients or foreign entities come into play.

Most firms didn’t plan to build a Frankenstein stack – they just added what was missing at the time.

That’s what you now have the chance to avoid.

Avoiding legacy mistakes

Most accounting firms already have a solid tech base; client portals, workflow software, maybe even automated onboarding forms. But AML sits outside that stack. Without a defined workflow and supporting tools for identifying beneficial owners, verifying identity and escalating red flags, firms end up relying on a mix of email trails, spreadsheets and manual checks that don’t scale and wouldn’t stand up to scrutiny.

It’s one thing to verify the ID of a long-standing individual client. But that approach falls short when you’re onboarding a family trust, a private group with cross-border ownership or a corporate structure involving multiple directors and shareholders.

These are the moments when patchwork AML processes, built reactively over time, start to show their cracks and where firms start falling back on email threads, double-handling documents, and unclear responsibilities.

The accounting Frankenstack

We’ve seen mature firms in the UK and New Zealand using:

• Basic EIV tools for identity checks
• Email for collecting trust deeds
• Excel files for scoring risk
• Company registers queried manually
• PEP screening results copied into Word docs 

It’s manageable - until audits hit, the volume increases, the complexity escalates... or the legislation changes.

Workflows, not workarounds

A strong AML program depends on what happens after the client uploads their documents. The initial collection is the easy part - especially if you’ve already invested in digital forms. The real challenge is what follows: verifying that information, assessing risk, handling exceptions and documenting decisions in a way that’s auditable.

While the front-end dazzles, often the back-end infrastructure crumbles.

That’s where many firms come unstuck. Without a holistic tech stack, staff are left reading trust deeds manually, chasing down missing information, or unsure how to escalate a red flag. It’s not that the firm isn’t trying to be compliant - it’s that the technology can't support the workflow needed to manage complexity. And with Tranche 2 on the horizon, those gaps will matter more than ever.

Avoiding the custom-build trap

Some firms take a DIY approach to AML - embedding point solutions into existing workflows. Sometimes it’s developer-led; more often, it’s someone in the firm configuring forms, fields and spreadsheets to meet differing needs across a firm.

On the surface, it feels flexible and familiar. But over time, these setups become hard to maintain, difficult to scale and reliant on internal knowledge that doesn’t always get documented. What starts as a quick fix turns into a long-term risk.

Purpose-built platforms take a different approach. They provide the infrastructure for secure document handling, record keeping, screening and decision tracking. You still control the rules - but you're not reinventing your AML tools every time something changes. 

Point solutions and spreadsheets may give you low initial cost and a sense of familiarity. But purpose-built AML platforms give you a solid foundation to grow from.

Conclusion

Australian accounting firms have a window that many others didn’t. With Tranche 2 still on the horizon, there’s an opportunity to learn from how other countries got it wrong. By choosing an AML infrastructure that reflects the way accounting engagements actually work, firms can avoid the temptation of bolt-on fixes and ad hoc workarounds. Done properly from the outset, it’s possible to create a compliance layer that’s scalable, auditable and doesn’t introduce operational or technical debt as your firm grows of the rules change.