Preparing for Australia’s new AML/CTF regime: lessons from the UK

From 1 July 2026, Australian law firms will become subject to formal Anti Money Laundering and Counter Terrorism Financing (AML/CTF) obligations for the first time. 

For many firms, this will represent a meaningful shift in regulatory expectations, operational processes and risk exposure.

Law firms in England and Wales have been operating under similar obligations for decades, offering valuable insights into how such regimes work in practice and where firms can encounter difficulties. As Australian firms begin preparing for the introduction of AML regulation, lessons from more mature jurisdictions can help shape a proportionate, structured and defensible approach from the outset.

To explore what Australian law firms should be focusing on now, Howden spoke with Colette Best, Director of Anti Money Laundering at Kingsley Napley LLP. Drawing on her experience leading AML supervision at the UK’s Solicitors Regulation Authority (SRA), and advising law firms on compliance and regulatory investigations, Colette shares practical perspectives on enforcement expectations, resourcing models, common pitfalls and how firms can position themselves for the transition ahead.

About Colette Best

Colette Best is Director of Anti Money Laundering at London law firm Kingsley Napley LLP. She specialises in advising regulated professionals and entities on AML compliance and financial crime risk, including undertaking AML audits for law firms and supporting firms responding to regulatory investigations.

Prior to joining Kingsley Napley in 2024, Colette was a senior director at the Solicitors Regulation Authority. Having joined the SRA’s policy team in 2015, she became the regulator’s first Director of AML in 2019, where she established the SRA’s AML supervision function. She was interviewed by the Financial Action Task Force (FATF) on behalf of the legal profession during its 2018 inspection of the UK.

Colette’s AML experience dates back to 2006, when she led the implementation of the Third Money Laundering Directive in the property services sector and authored the AML guidance for estate agents under the 2007 regulations. Her experience now spans estate agency, property, financial services, investments and the legal sector. She is a former Chair of the Legal Sector Affinity Group (LSAG) and a former Chair of the AML Supervisors Forum, the government’s principal forum for AML supervisors.

The new AML landscape: similarities between Australia and the UK

Australian law firms will soon be subject to AML/CTF obligations. Are we expecting the Australian and UK regimes to be broadly similar?

Yes. Global standards are ultimately set by the FATF, which should, in theory, ensure a unified, cross-border approach to preventing money laundering. In practice there are some differences in the implementation of FATF’s recommendations, but the regime that Australia is implementing is very similar to the UK’s regime. 

We would also expect a more phased approach to enforcement of breaches for a new regime compared with a mature one. The SRA has taken an approach of encouraging firms into compliance initially, followed by greater enforcement action, often around themes. For example, the SRA published guidance on firm-wide risk assessments, then focused enforcement in this area, followed by client/matter risk assessments and most recently source of funds and source of wealth checks.

Key lessons from a mature AML regime

What lessons from England and Wales might be most relevant for Australian law firms?

Lawyers in the UK have been subject to the money laundering regulations for nearly 25 years, although the regulations were strengthened considerably in 2017 which brought significant changes. I also worked with the estate agency sector when they first came into AML regulation in 2007. I think there are a number of points from these experiences which can make the journey to AML regulation smoother. 

First, take it seriously and plan to spend significant time getting to grips with the regime, particularly in the early days. Second, firms should actively engage with guidance issued by their supervisor, as this is intended both to support compliance and to signal enforcement priorities. Finally, good record keeping now will save firms significant pain down the road. Many compliance issues emerge several years later, meaning firms will be relying on records you are keeping now to defend any regulatory allegations in the future.

Three practical priorities for Australian law firms

What should Australian law firms focus on first as they enter the new regime?

The first priority is understanding your risk. You can save significant effort if you understand which of your clients and matters pose the highest risk of money laundering and focus your resources accordingly. Helpfully, AUSTRAC has published risk insights and indicators of suspicious activity for legal professionals which is a good starting point.

Secondly, put in place clearly documented AML policies, procedures and controls. These guide staff on expected standards and processes, and they also serve an important purpose in demonstrating to your supervisor that you have controls in place and that you take your obligations seriously. 

Thirdly, get your onboarding of clients right. This is your chance to do thorough due diligence, understand your client and their source of funds and wealth before they sign an engagement letter with you and before you begin receiving privileged information. 

Resourcing and governance: what does “good” look like?

How have UK law firms resourced AML compliance and what is considered best practice?

Although this will not be welcome news to firms, you will need to devote resources to complying with AML requirements. When thinking about what resources you need, a good starting point is whether you want to have fee-earners be in charge of customer due diligence and risk assessments, whether you have a centralised team to do this, or some combination of the two. Large firms tend to have a more centralised model, whereas smaller firms tend to have fee-earners be responsible for their own AML admin. You will also need to think about whether you wish to use a software system to make the onboarding of clients easier.

Resourcing varies widely between firms, and the structure of compliance teams has been something that has evolved over time in the UK. In the main though, UK firms split compliance functions into three lines of defence:

• First line: operational staff carrying out customer due diligence, ongoing monitoring and record keeping.
• Second line: risk management staff maintaining policies, communicating policies and training staff.
• Third line: internal audit functions reviewing whether policies are being used in practice. 

You will also need a nominated person to receive internal suspicious transaction reports and make reports to AUSTRAC where necessary. In addition, it is best practice for the nominated person to have a deputy, so that there is someone available to receive reports when the primary nominated officer is unavailable. 

Common pitfalls and enforcement themes

Have you seen firms in England and Wales fail to meet AML obligations, and are there common themes?

I’ve seen a lot of instances of firms getting into trouble, and these issues generally fall into three categories: systems/controls failures; customer due diligence (CDD) failures; and documentation failures.

Systems and controls failures often arise when a firm hasn’t devoted sufficient time to getting compliance processes in place. These issues are frequently identified through proactive supervision and typically involve incomplete AML policies or inadequate firm-wide risk assessments. 

CDD failures can occur as a result of systems and controls failures, or more frequently because an individual hasn’t followed the firm’s processes. Typical issues include failing to obtain source of funds and source of wealth information or neglecting ongoing monitoring. 

Finally, I have seen firms that have substantively done the right things but have not retained sufficient evidence. Often this manifests in failure to have documented client/matter risk assessments, or to document their CDD enquiries.

Leadership, culture and training

What recommendations would you make to law firm management?

A culture of compliance is so important in getting this right. That means that law firm management has a key role to play in setting the tone, demonstrating that they take this seriously and making sure the AML programme is appropriately resourced. 

Another part of this, which isn’t mentioned as often, is ensuring that fee earners aren’t under such pressure to meet billing targets that they’re incentivised to bypass AML checks. Problems often arise in environments where client service and fee-generation are prioritised at the expense of compliance.

What training is most effective?

During my time at the SRA, there was a strong correlation between firms with good training and firms with good compliance with the money laundering regulations. This wasn’t necessarily causation, but it did appear that investment in AML training was money well spent. 

I think training works best when it’s varied and bite-sized. Many firms will be looking to invest in e-learning modules, which are good for giving a large number of people background information. But I find training works best when it can be made relevant to the firm and to people’s actual roles. That might be someone talking through a risk they’ve come across, a red flag they’ve noticed, or a recent enforcement case. What the property team needs from training is very different from the tax team, and the same is true for accounts and onboarding teams, who will often require more specialised training

Firms often focus on e learning for their training, but a much broader range of activities also counts as training, even if it’s harder to keep records of. Informal types of training can be just as effective, if not more so than e-learning modules, including discussions of case studies, updates at team meetings, reminders on the intranet or bite-size reminders included in regular email updates.

Regulatory focus areas

Has the UK regulator focused on specific areas of non compliance?

The SRA has taken a staged approach to ensuring compliance. Typically that meant they undertook a thematic review into a particular area, followed by published guidance and then targeted enforcement effort in those areas. Areas of focus for the SRA have included firm-wide risk assessments; client and matter risk assessments; training; and source of funds and wealth checks. At the moment we are seeing a stricter approach to source of funds and source of wealth checks, with the SRA taking a lot of enforcement action in this area. Their next thematic review is around policies and controls, so I would expect a focus on risk-based ongoing monitoring and file reviews in the future.

Looking ahead: managing regulatory risk with confidence

In conclusion, preparing for a new AML regime is challenging, but firms that start early and take a structured, risk based approach will be far better placed to comply when the requirements come into force. Investing time now in understanding your risks, putting robust systems and controls in place, and embedding a culture of compliance across the firm will pay off in the long run. There is a wide range of guidance and support available, and firms should make use of external resources or engage with peer firms to sense check their approach and ensure they are broadly aligned with emerging best practice.

Howden works closely with law firms to help them understand the evolving risk landscape created by AML reform, including how regulatory exposure interacts with insurance, governance and broader risk management frameworks. As firms prepare for this new regime, informed advice and early planning will be key to navigating the transition smoothly.

Please reach out if you’d like to discuss how AML regulatory risk interacts with insurance and broader risk management for your firm.

About our Legal Services Practices Group

Law firms are a core professional segment for Howden in Australia, supported by a single, integrated Legal Services Practice Group working seamlessly across Australia and London. Widely acknowledged as one of the largest and most experienced groups of law firm specialists, our senior team averages more than 25 years’ experience. We advise law firms across Professional Indemnity, Management Liability, Cyber, Crime, General Insurance and Employee Benefits, with deep expertise in claims management and insurer engagement across multiple market cycles.