top of page

AML & KYC Obligations for Trust and Company Service Providers Under Tranche 2

  • Feb 11
  • 3 min read

Updated: Feb 19

Introduction (Director-Focused, Scope-Explicit)

Under Australia’s Tranche 2 AML/CTF reforms, Trust and Company Service Providers (TCSPs) are among the entities most clearly within scope of new compliance obligations.

For many directors, the uncertainty is not whether obligations apply — but how far existing processes already meet regulatory expectations, and what additional structure Tranche 2 introduces.

This guide explains how KYC and AML obligations apply to TCSPs, what changes in practice, and how firms can assess readiness without over-complicating service delivery.


Why TCSPs Are Explicitly in Scope

Unlike some other professional services, TCSP activities often fall directly within designated services under Tranche 2.

These may include:

  • Forming companies, trusts, or other legal arrangements

  • Acting as a director, trustee, or nominee shareholder

  • Providing registered office or business address services

  • Managing client funds or assets in certain circumstances

Because these services can involve complex ownership structures and cross-border exposure, regulators view TCSPs as inherently higher-risk than many advisory-only professions.

Understanding this context is essential.


What KYC Means for TCSPs in Practice

Know Your Customer (KYC) requirements for TCSPs go beyond basic identification.

Firms are expected to take reasonable steps to establish:

  • The identity of individual clients

  • The ownership and control structure of entities

  • The identity of beneficial owners

  • The purpose and intended nature of the business relationship

Where structures are layered or international, additional scrutiny may be required under a risk-based approach.

KYC must be explicit, documented, and applied consistently across engagements.


Beneficial Ownership and Complex Structures

TCSPs frequently deal with:

  • Multi-layered ownership

  • Foreign entities

  • Nominee arrangements

  • Trust structures with discretionary beneficiaries

Under Tranche 2, firms are not expected to achieve perfect transparency — but they must be able to demonstrate that reasonable steps were taken to understand who ultimately owns or controls the arrangement.

The depth of inquiry should align with the assessed risk of the service provided.


The Role of AML Risk Assessments

KYC obligations for TCSPs operate within a broader compliance framework.

Firms must complete a firm-wide AML risk assessment, evaluating:

  • The services offered

  • Client types

  • Geographic exposure

  • Delivery channels

  • Use of intermediaries

This assessment determines when enhanced due diligence is required and provides the foundation for defensible judgement.

Without a documented risk assessment, KYC processes lack context.


Ongoing Monitoring and Record-Keeping

For TCSPs, compliance does not end at onboarding.

Tranche 2 expectations include:

  • Ongoing monitoring of client relationships

  • Updating KYC information when circumstances change

  • Maintaining records sufficient to demonstrate compliance

The objective is not constant surveillance — but reasonable awareness of changes that may alter risk.


Common Pitfalls for TCSPs

TCSPs most often encounter compliance issues where they:

  • Rely on historic onboarding practices without formal documentation

  • Apply identical checks regardless of service risk

  • Fail to document why beneficial ownership inquiries were considered sufficient

  • Separate risk assessment from actual service delivery practices

Regulatory scrutiny focuses on whether controls are proportionate and defensible.


What the Regulator Is Looking For

AUSTRAC expects TCSPs to demonstrate:

  • Clear identification of designated services

  • A documented AML risk assessment

  • Consistent KYC procedures

  • Evidence that policies are applied in practice

Because TCSP activities frequently involve legal structures, regulators expect higher awareness — not necessarily heavier systems.


Tranche 2 Readiness Assessment (15 mins)

If you are unsure whether your current onboarding, beneficial ownership checks, and risk assessment framework meet Tranche 2 expectations, a short readiness assessment can help clarify:

  • Which designated services trigger obligations

  • Whether your current KYC depth is proportionate

  • Where documentation may need strengthening

No obligation. No demos. No sales discussion.



Comments

bottom of page