AML & KYC Obligations for Trust and Company Service Providers Under Tranche 2

Introduction

(Director-Focused, Scope-Explicit) Under Australia’s Tranche 2 AML/CTF reforms, Trust and Company Service Providers (TCSPs) are among the entities most clearly within scope of new compliance obligations. For many directors, the uncertainty is not whether obligations apply — but how far existing processes already meet regulatory expectations, and what additional structure Tranche 2 introduces. This guide explains how KYC and AML obligations apply to TCSPs, what changes in practice, and how firms can assess readiness without over-complicating service delivery. Why TCSPs Are Explicitly in Scope Unlike some other professional services, TCSP activities often fall directly within designated services under Tranche 2.

These may include: Forming companies, trusts, or other legal arrangements Acting as a director, trustee, or nominee shareholder Providing registered office or business address services Managing client funds or assets in certain circumstances Because these services can involve complex ownership structures and cross-border exposure, regulators view TCSPs as inherently higher-risk than many advisory-only professions. Understanding this context is essential. What KYC Means for TCSPs in Practice Know Your Customer (KYC) requirements for TCSPs go beyond basic identification. Firms are expected to take reasonable steps to establish: The identity of individual clients The ownership and control structure of entities The identity of beneficial owners The purpose and intended nature of the business relationship Where structures are layered or international, additional scrutiny may be required under a risk-based approach.

KYC must be explicit, documented, and applied consistently across engagements. Beneficial Ownership and Complex Structures TCSPs frequently deal with: Multi-layered ownership Foreign entities Nominee arrangements Trust structures with discretionary beneficiaries Under Tranche 2, firms are not expected to achieve perfect transparency — but they must be able to demonstrate that reasonable steps were taken to understand who ultimately owns or controls the arrangement. The depth of inquiry should align with the assessed risk of the service provided. The Role of AML Risk Assessments KYC obligations for TCSPs operate within a broader compliance framework.

Firms must complete a firm-wide AML risk assessment, evaluating: The services offered Client types Geographic exposure Delivery channels Use of intermediaries This assessment determines when enhanced due diligence is required and provides the foundation for defensible judgement. Without a documented risk assessment, KYC processes lack context. Ongoing Monitoring and Record-Keeping For TCSPs, compliance does not end at onboarding. Tranche 2 expectations include: Ongoing monitoring of client relationships Updating KYC information when circumstances change Maintaining records sufficient to demonstrate compliance The objective is not constant surveillance — but reasonable awareness of changes that may alter risk.

Common Pitfalls for TCSPs TCSPs most often encounter compliance issues where they: Rely on historic onboarding practices without formal documentation Apply identical checks regardless of service risk Fail to document why beneficial ownership inquiries were considered sufficient Separate risk assessment from actual service delivery practices Regulatory scrutiny focuses on whether controls are proportionate and defensible. What the Regulator Is Looking For AUSTRAC expects TCSPs to demonstrate: Clear identification of designated services A documented AML risk assessment Consistent KYC procedures Evidence that policies are applied in practice Because TCSP activities frequently involve legal structures, regulators expect higher awareness — not necessarily heavier systems.Tranche 2 Readiness Assessment If you are unsure whether your firm is in scope, a short readiness assessment can help. Request a 15-Minute Readiness Assessment.