From 1 July 2026, the partner who signs off your trust account reconciliation is also the person on the hook if the firm’s AML systems cannot survive an AUSTRAC audit. That is the shift. Lawyers and conveyancers stop being people who simply facilitate a transaction and become, in AUSTRAC’s language, gatekeepers of the financial system. And like every other small firm, you are now being sold software to deal with it.
I should say up front that we make some of it. Homepedia builds HP-KYC, which covers law firms, so I am not a neutral reviewer. What I can give you is how I would compare these tools as someone who has actually had to. Homepedia is itself an enrolled reporting entity and I am its AML/CTF Compliance Officer. I run our own program, our own due diligence, our own records, on the same deadline you are on. Read everything below knowing that.
First, you are not captured for everything you do
This trips people up, so it is worth saying plainly. The regime does not regulate lawyers. It regulates designated services, which are a subset of what a firm does. Buying and selling real estate for a client, creating or administering a trust, buying or selling a business entity, handling client money in trust for certain purposes: those bring you in. Drafting a will or running a piece of litigation, on their own, generally do not.
Figure 1. The designated services that bring a law firm into Tranche 2.
So the software question is narrower than it first looks. You are not trying to make your whole practice compliant. You are trying to handle the matters that are designated services, and to know which ones those are. A firm that does both legal and conveyancing work may even need 2 risk assessments, one for each kind of service.
What “best” actually means here
Most of these products lead with features. I think that is the wrong place to start, because the law does not care about features. It cares about obligations.
Whether you run software or a careful spreadsheet, the duties are the same. You enrol with AUSTRAC. You appoint a compliance officer. You run a risk assessment and you write and maintain an AML/CTF program. You verify your client and screen for sanctions and politically exposed persons before you provide a designated service, with deeper checks where the risk is higher, and you keep monitoring while the matter runs. You report suspicious matters. You keep records for 7 years. You train your staff.
So the only question worth asking about any tool is how much of that list it actually carries, and how much it quietly leaves with you.
What I would actually be comparing
Obligation coverage first. A lot of what gets called AML software is an identity check with a nice interface. Verification is one obligation. If the tool does not also help you build the program, run the risk assessment, monitor the matter and produce reports you can file, you have bought a slice and you still own the rest.
How it sits with your practice management system. This is the part that is different for law firms. Most of the legal sector is converging on one verification engine, InfoTrack, surfaced inside the system you already use. If you run Leap or Smokeball or Wise Owl, the cleanest path is usually the AML workflow that lives inside it, because the worst version of compliance is the one that makes your team toggle between systems and rekey the same client 3 times.
Whether it handles both kinds of work. If your firm does conveyancing as well as legal work, you may need 2 risk assessments. A tool that only builds one will leave you half covered, and half covered is the kind of gap a review finds first.
How it handles a suspicious matter, given privilege. Lawyers carry duties of confidentiality and legal professional privilege that a bank does not, and your reporting workflow has to sit alongside those. No tool resolves that tension for you. It is a question to put to any vendor and, more importantly, to your own compliance officer, following the Law Society and AUSTRAC guidance. Treat any software that implies it has solved privilege for you with suspicion.
Price you can actually see, and who pays for the checks. The legal tools mostly price per client onboarding rather than a flat subscription, and several let the cost sit with the client. For a small firm doing a handful of designated service matters a month, that structure usually works in your favour, but read it before you sign.
The field, roughly
The legal sector looks different from real estate, because it has largely organised itself around one engine.
InfoTrack’s Compliance Centre, built with Grant Thornton and based on the AUSTRAC starter kits, is the tool most legal and conveyancing firms are landing on. It digitises the program, does the verification and screening, runs training and reporting, keeps an audit trail, and pre-populates from your practice management system. It also offers a Reliance agreement, which lets a law firm and a real estate agent share completed checks so the same client is not verified and charged twice in one transaction. The reason it dominates is integration: it shows up inside Leap, Smokeball and Wise Owl, so for a lot of firms the real choice is not which AML product to buy but whether to use the one already wired into their system.
Then there are the all in one tools from outside that route. easyAML, which I covered in the real estate piece, also serves lawyers and brings its own identity verification rather than relying on InfoTrack. It suits a firm that wants a single standalone platform and is not tied to a supported practice system.
The generic identity platforms, ComplyCube, Sardine and the like, verify and screen very well and do almost nothing else for an Australian law firm. You would only reach for one if you already have your program and just need an engine.
And the manual route is more viable here than in most sectors, because the profession has built scaffolding around it. The AUSTRAC Legal Profession Program Starter Kit plus the Law Society of NSW implementation guide for sole practitioners and small practices will, with a consultant or a diligent principal, get a genuinely small and low risk firm there without buying a platform.
HP-KYC, ours, sits across both sides of a property deal, the agent and the lawyer, because both are now reporting entities on the same transaction. I will come back to where it fits and where it does not.
Here is how I would line them up.
Product | Verification and screening | Practice management integration | Obligation coverage | Pricing (June 2026) | Best fit |
InfoTrack Compliance Centre (legal sector built, with Grant Thornton) | VOI, KYC questionnaire, PEP, sanctions, adverse media. EDD and source of funds. | Yes. Surfaces inside Leap, Smokeball, Wise Owl. Pre-populates from your system. | Program, risk assessment, training, reporting, audit trail. Reliance agreement to share checks with the agent. | Platform complimentary. Pay per client onboarding or search. No lock in. | Most legal and conveyancing firms, especially if already on a supported practice system. |
Your practice management system (Leap, Smokeball, Wise Owl) | Via the integrated engine, currently InfoTrack. | Native. AML lives in the system you already use. | Whatever the integrated engine covers, inside your workflow. | Your system subscription plus per check cost. | Firms that want AML without a second system to learn. |
easyAML (real estate built, also serves lawyers) | Biometric, Scantek. PEP and sanctions. Beneficial owner checks. | Standalone. Integrations listed on its site. | Program builder, risk assessment, ongoing monitoring, reports, training. | Public pricing calculator. Free until 1 July 2026. | Firms wanting an all in one outside the InfoTrack route. |
Generic identity platforms (ComplyCube, Sardine and similar) | Strong, often best in class. | Generally none for Australian legal. | Verification and screening only. Program and reporting stay with you. | Usage based. Varies. | Firms that already have a program and only need an engine. |
Consultant plus AUSTRAC Legal Profession Program Starter Kit | Manual or third party. | None. | Consultant writes the program. Law Society NSW guide supports it. You run it. | One off or hourly consulting. | Very small, low risk sole practices. |
HP-KYC (Homepedia) | Identity, screening, beneficial owner checks. | Check current integrations. | Full obligation set, emphasis on the audit trail. Built for agent plus lawyer matters. | Contact for current plans. | Firms wanting the whole obligation handled with a regulator ready record across both sides of a property deal. |
Drawn from each vendor’s own website as at June 2026. Vendors change their offerings often, so check the current site before you decide.
How I would actually choose
Start with your own shape, not the feature list.
Figure 2. Matching the tool to the shape of your firm.
If you are already on Leap, Smokeball or Wise Owl, look first at the AML workflow inside it. The integration removes the double handling that kills small firm compliance, and you will not be learning a second system in the run up to July.
If you are a sole practitioner doing a small number of low risk matters, you may not need a platform at all. The starter kit and the Law Society guide, run properly, can be enough, and honestly that is the right answer for some firms.
If you do legal and conveyancing work, weight the two risk assessments. Make a vendor show you both, not a single template with the word property added.
And if you take overseas clients or money, push hardest on the high risk path. That is where enhanced due diligence and source of funds and source of wealth actually bite, and it is the part a thin tool waves through. Test it in the demo with a foreign client and a company you have to look behind.
I keep meeting firms who think that because the AML tab now lives inside Leap or Smokeball, compliance is handled. It is not. The integration is genuinely good and it removes a lot of double handling. But the risk assessment is still yours to approve, the call on a suspicious client is still yours to make, and the privilege questions are still yours to think through. A principal told me his firm had switched AML on in their practice system and asked if that was it. The tooling was on. The program behind it was 3 blank fields. |
The mistake I see most is firms buying software before they have worked out which of their matters are even captured. They onboard everyone, including clients on matters that were never designated services, and they still miss the trust and company work that clearly is. The software cannot do that mapping for you. It is the one part that needs a lawyer who understands both the practice and the Act, sitting down for an afternoon, before any tool gets switched on. |
Where HP-KYC fits, and where it does not
Since I have put our own product in the list, let me be straight about it.
HP-KYC is built for the reality that one property transaction now touches an agent and a lawyer, and both are reporting entities with their own obligations on the same client. We built it to handle that whole picture with an audit trail strong enough to survive a review, which matters most to firms that sit across both sides or that want the record to be defensible without apology. If that is you, I think we are a strong choice, and I would say so even if I did not work here.
Where we are not the answer: if you are already deep in Leap or Smokeball and happy with the InfoTrack workflow inside it, switching to us for the sake of it makes little sense. If you only need a cheap identity check and your program is sorted, a generic tool will be cheaper. And if you are a one person practice doing 2 low risk matters a year, the starter kit and a careful afternoon will do. Buying a platform to feel safe is not the same as needing one.
Pick the tool that carries the most of your obligations for what you can afford. If that is us, good. If it is not, the worst outcome here is not choosing the wrong vendor. It is choosing nothing and discovering in July that you meant to is not a defence.
Figure 3. What software can carry, and what stays with the firm.
Whatever you buy, hold on to this. Software supports your obligations. It does not own them. You appoint the compliance officer, approve the risk assessment, decide which matters are designated services, make the call on a suspicious client and stand behind the program. A verification widget with no program behind it is not compliance. It just looks like it.
The regulatory detail
What the law requires
The obligations come from the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), as amended by the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth), with detail in the AML/CTF Rules 2025 (Cth), Federal Register reference F2025L01026. Legal practitioners are captured when they provide designated services with a geographical link to Australia, in the course of carrying on a business. The obligations commence on 1 July 2026.
Core duties for a captured firm: enrol with AUSTRAC within 28 days of first providing a designated service (Act, Part 3A, s51B to s51G); appoint an AML/CTF compliance officer at management level; run a risk assessment and maintain an AML/CTF program (Part 2); conduct initial customer due diligence before providing a designated service (s28), with enhanced due diligence where required (s32 and Rules 6-20) and ongoing due diligence through the matter (s30); submit suspicious matter reports; and keep records for 7 years (Part 10). Legal professional privilege interacts with the reporting obligations, and firms should work through that with their compliance officer and the Law Society and AUSTRAC guidance rather than assume a tool has settled it.
Key dates
Enrolment opened on 31 March 2026. Obligations commence on 1 July 2026. A firm must enrol within 28 days of first providing a designated service, which for a firm providing services from commencement falls on 29 July 2026. Tranche 2 entities do not get the transitional arrangement that applies to existing Tranche 1 entities. They enter the reformed framework directly.
Figure 4. The Tranche 2 dates that apply to law firms.
Penalties for not enrolling
Failure to enrol when required is a civil penalty. The daily penalty for continued non-enrolment is 60 penalty units per day for a body corporate and 12 penalty units per day for an individual. A penalty unit is currently $330, a value set under the Crimes Act 1914 (Cth), s4AA, and scheduled for reindexation on 1 July 2026. The dollar figure will rise while the unit count stays the same, so treat the unit counts as the fixed fact.
Frequently asked questions
Do small law firms actually need AML/CTF software?
No. Software is not legally required. A sole practitioner or small firm can meet the Tranche 2 obligations using the AUSTRAC Legal Profession Program Starter Kit, the Law Society guidance and careful records. Software reduces the effort and the error rate, and for firms doing regular designated service work it usually pays for itself, but it is a choice, not a requirement.
Is my firm even captured by Tranche 2?
Only for designated services, not for being a law firm. If you do conveyancing, create or administer trusts, buy or sell business entities, or handle client money in trust for certain purposes, those matters bring you in. Work like drafting a will or running litigation, on its own, generally does not. The first real task is mapping which of your matters are captured.
Should I just use the AML tool inside Leap or Smokeball?
For many firms, yes. Those systems surface InfoTrack’s Compliance Centre inside the workflow you already use, which removes a lot of double handling. Just remember that turning the tool on is not the same as being compliant. You still own the risk assessment, the suspicious matter decisions and the program behind it.
How much does it cost?
It varies. As at June 2026 the main legal sector platform is offered with no subscription fee, charging only for client onboarding or individual searches, while standalone tools may publish a calculator or quote after a demo. Cost generally scales with the number of checks, and several tools let the client pay for their own verification.
Does using software make my firm compliant?
No. Software supports your obligations but does not own them. You appoint the compliance officer, approve the risk assessment, decide which matters are designated services and make the call on suspicious matters. A tool with no program behind it is not compliance.
When do I need this in place?
The obligations commence on 1 July 2026. If you provide a designated service from that date you must enrol with AUSTRAC by 29 July 2026, within the 28 day window. Having your program, your compliance officer and your due diligence process working before 1 July is the practical target.
Sources
Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth): legislation.gov.au/C2006A00169
Anti-Money Laundering and Counter-Terrorism Financing Rules 2025 (Cth), F2025L01026: legislation.gov.au/F2025L01026
AUSTRAC, Future law compilation of the AML/CTF Act: austrac.gov.au future law compilation
AUSTRAC, Overview of customer due diligence reform: austrac.gov.au CDD reform
Law Society of NSW, AML/CTF Hub: lawsociety.com.au AML/CTF hub
Crimes Act 1914 (Cth), s4AA (penalty unit value and indexation).
Products referenced, as described on each vendor’s website at June 2026: InfoTrack Compliance Centre, easyAML, plus practice management integrations from Leap and Smokeball.
