Monday 2nd February 2026
When ‘low-risk’ isn’t no-risk: the AML/CTF lessons professional advisers can’t ignore
With AML/CTF regulation expanding in 2026, Catherine Evans dismantles the dangerous myths that low-risk clients and good intentions are enough to keep professional advisers compliant.
“I don’t really need to worry about AML/CTF – my clients are low-risk.”
This is a sentence I’m hearing more and more as the new AML/CTF regulation approaches, due to commence on 31 March 2026 (with lawyers and accountants being fully regulated from 1 July 2026). I hear it from colleagues in the legal profession, from accountants and from wealth advisers who are confident they know their clients and trust their business models.
The difficulty is that this statement actually contains two persistent myths – and both are incredibly important.
Myth one: all of your clients are low-risk
The first assumption is that because clients are long-standing, reputable or familiar, they must therefore present a low money-laundering risk.
But this belief doesn’t align with reality.
Australia’s National Risk Assessment has identified lawyers and accountants as being high-risk for money-laundering exploitation, precisely because of the role professional advisers play in transactions, structures and financial flows. Familiarity, reputation and trust are not recognised AML controls – indeed, these very attributes are often exploited by money launderers to reduce scrutiny and mask illicit conduct.
In practice, very few firms have client bases that are uniformly low-risk. Risk changes over time, across services and depending on the nature of a transaction. Knowing your clients well is definitely valuable, but it does not remove the need to assess risk objectively and document that assessment.
Myth two: low risk means lower obligations
The second myth is more dangerous. Even if your overall money-laundering risk is low, that does not change your legal obligation to comply with the AML/CTF legislation in full. The legislative obligations are extensive, and apply regardless of where your business sits on the risk spectrum.
Risk does not determine whether you comply. It only shapes how you comply with certain elements of the framework.
For example, your risk assessment may influence the level of customer due diligence you apply to different clients. But it does not remove the requirement to have a documented risk assessment, policies and procedures, training, monitoring, record-keeping and governance arrangements in place.
This distinction is often misunderstood, and it is where many otherwise well-run firms find themselves exposed.
A regulation built on evidence, not assumptions
Regulators are not expecting advisers to eliminate risk. They are expecting firms to be able to demonstrate that they understand their risks and have proportionate controls operating in practice.
If issues arise, the question will not be whether clients seemed low-risk: it will be whether you can produce evidence of how risk was assessed, how decisions were made and how obligations were met.
As AML/CTF obligations expand under the Tranche 2 reforms, this evidentiary expectation will only increase. Professional services firms will be operating in a broader ecosystem where AML maturity is scrutinised not just by regulators, but by counterparties, institutions and partners.
The firms that will navigate this change most effectively are not those trying to minimise the issue, but those taking the time now to understand what the new regulations require and how it applies to their operating model.
This does not mean over-engineering compliance or drowning teams in red tape. It means clarity about obligations, proportionate controls and systems that are workable in the real world.
If there is one message advisers, accountants and lawyers should take from this, it is a simple one: low risk does not mean no obligations.
AML/CTF compliance is not about distrusting clients. It is about being prepared to evidence your decisions and your governance in an environment where expectations are rising.
As March 2026 approaches, now is the time to move beyond assumptions and ensure your business understands – and can demonstrate – how it will meet the full AML/CTF regulation.
Because when the questions come, confidence will come not from knowing your clients well, but from being able to show your workings.
Catherine Evans is Founder and Head of Legal at Adelaide-based law firm Kit Legal. She has a passion for helping financial services businesses understand and manage their regulatory obligations and risks.
