The AML compliance platform for small Australian businesses.

What Senly AML is

Senly AML is a software platform that helps Australian businesses newly regulated under AUSTRAC's Tranche 2 reforms meet their anti-money-laundering and counter-terrorism-financing (AML/CTF) obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), as amended by the AML/CTF Amendment Act 2024. These obligations commence on 1 July 2026. The product is built and operated by Uinspo Pty Ltd (ABN 47 664 833 872), a Victorian company based in Melbourne. Senly AML is the first product in the Senly product family.

Who must comply

From 1 July 2026, every Australian business that provides one or more designated services under sections 5 to 6 of the AML/CTF Act becomes a reporting entity. Tranche 2 brings newly regulated entities under four tables in section 6:

• Table 5: Real estate services. Item 1: brokering the sale, purchase or transfer of real estate (selling agents and buyer's agents, in Senly AML scope). Item 2: direct sale of real estate as part of a business that owns it (property developers selling house & land, off-the-plan apartments, and subdivisions). AUSTRAC's published Real Estate starter kit explicitly excludes Table 5 Item 2 (suitability criterion 8); Senly AML serves only kit-fits populations and refers Item 2 scope to AML/CTF consultants.
• Table 6: Professional services (section 6(5B)). Nine items covering conveyancers, legal practitioners, accountants, trust-and-company-service providers (TCSPs), nominee directors and shareholders, and providers of registered-office addresses. AUSTRAC publishes three distinct starter kits across this table: the Accounting kit (Items 2-9), the Legal Profession kit (Items 1-9 with the Legal Professional Privilege overlay), and the Conveyancing kit (Items 1-2 only, mutually exclusive with the Legal Profession kit per AUSTRAC suitability criterion 3). Senly AML supports all three as-is.
• Table 2: Precious metals, stones & products (section 6(3)), Item 2. Dealers buying or selling precious metals (gold, silver, platinum group), precious stones (gem-quality including diamond, pearl, opal) or precious products (jewellery, watches, goldsmith / silversmith wares) where a transaction involves A$10,000 or more in physical currency, virtual assets or a combination. Card-only and bank-transfer-only transactions are not captured. AUSTRAC's published Jeweller starter kit was narrowed at the jewellery industry's request to cash payments from individual customers at low or medium ML/TF risk (Getting Started PDF p.3). Senly AML supports this streamlined tier as-is. Non-regulated jewellers (cash-free, VA-free) have no AML/CTF obligation per AUSTRAC's Regulation Options guidance. Full-tier scope (entity customers, virtual-asset payments, bullion dealing, regular high-risk customers) is referred to AML/CTF consultants.
• Table 1: Virtual asset services (items 29, 30, 46A, 50A, 50B, 50C). Exchange, safekeeping and transfer of virtual assets, with separate travel-rule obligations for items 29–31. Senly AML will cover VASPs in Phase 2.

Obligations apply regardless of business size. There is no small-business or sole-trader exemption. AUSTRAC's CEO has publicly stated that “too small to take responsibility” is not a defence.

Key dates

• 31 March 2026: AUSTRAC Online enrolment window opens.
• 1 July 2026: AML/CTF obligations commence. Your AML/CTF program must be approved and operational before you provide any designated service from this date.
• 29 July 2026: Outer limit for AUSTRAC enrolment if you provide a designated service on 1 July 2026. Otherwise enrolment is due within 28 days of your first designated service.
• 14 days: Notification window for compliance officer appointment changes.
• 30 September 2027: First annual compliance report due. AUSTRAC has moved annual compliance reporting to financial years; the first report covers 1 July 2026 to 30 June 2027 and must be submitted between 1 July and 30 September 2027.

What you'll need in place by 1 July 2026

AUSTRAC's official Summary of obligations page enumerates five grouped AML/CTF obligations for Tranche-2 reporting entities: Enrolment, AML/CTF Program (including personnel due diligence and training), Compliance Officer, Customer Due Diligence, and Reporting + Record Keeping. Senly AML surfaces these as eight discrete actions in the checklist for clarity; the underlying obligation structure remains the five AUSTRAC defines.

1. Enrol with AUSTRAC by lodging an application via AUSTRAC Online. Required information includes legal name, ABN, ACN if a company, business structure, address, the designated services you provide, beneficial owners (anyone holding 25% or more directly or indirectly), and the proposed compliance officer's details.
2. Appoint an AML/CTF compliance officer at management level. Must be an Australian resident with authority to make compliance decisions, including stopping a transaction if a suspicion forms. AUSTRAC must be notified within 14 days of appointment or change.
3. Develop a written, risk-based AML/CTF program approved by a senior manager before providing any designated service from 1 July 2026. Two components under Part 1A of the AML/CTF Act 2006 (in force 31 March 2026): an ML/TF risk assessment under section 26C covering money laundering, terrorism financing and proliferation financing risks; and AML/CTF policies under section 26F that put the risk assessment into practice. The old Part A / Part B framing is retired. AUSTRAC publishes five starter kits at Tranche-2 launch: Real Estate, Accounting, Legal Profession, Conveyancing, and Jewellers; businesses that provide services across more than one kit compose a program covering all declared services. Senly AML supports all five kits as-is and refers populations outside a published kit (property developers, full-tier jewellers) to AML/CTF consultants.
4. Train all staff who handle designated services before 1 July 2026 and at least annually thereafter. Required topics: AML/CTF obligations, sector red flags, internal escalation, the tipping-off prohibition under section 123 of the AML/CTF Act, and use of internal systems. Maintain a training register with staff name, date, content, and evidence of completion.
5. Perform customer due diligence (CDD) on every customer before providing a designated service. The customer-relationship model varies by sector: in real-estate brokering, both the buyer and the seller are customers regardless of which side you act for; in Professional Services, your customer is the client you're engaged by under your retainer; in Precious Metals, your customer is the individual on the other side of the regulated transaction. CDD comprises identity establishment on reasonable grounds (section 28), risk assessment, PEP and sanctions screening, source-of-funds enquiry for medium and high risk customers, and ongoing monitoring. AUSTRAC requires reliable, independent documentation. A sighted document with a recorded attestation satisfies the Act; third-party verification vendors are optional accelerants, not gatekeepers of compliance. Risk-rated review cadence: high every 12 months, medium every 24 months, low every 36 months.
6. File reports to AUSTRAC. Suspicious matter reports (SMRs) within 24 hours of forming a suspicion that relates to terrorism financing, or 3 business days for all other suspicions (section 41). Threshold transaction reports (TTRs) for any single physical-cash transaction of A$10,000 or more within 10 business days (section 43). Cross-border movement (CBM) reports for physical currency or bearer negotiable instruments of A$10,000 or more, pre-departure for outbound and within 5 business days for inbound (section 46). Annual compliance report (ACR) to AUSTRAC Online for each financial year, lodged in the 3-month window after the reporting period closes. First Tranche-2 period 1 July 2026 to 30 June 2027, first ACR due 30 September 2027 (section 47 of the Act + section 9-9 of the Rules 2025).
7. Retain records for a minimum of 7 years (sections 107–115). Includes program versions, risk assessments, CDD records, transaction records, all AUSTRAC reports with reference numbers, training records, consent records, and independent evaluation reports. Per OAIC guidance and the requirement under APP 3 to collect only personal information that is reasonably necessary, do not store identity-document copies; store only the verification outcome and the verifier's attestation.
8. Ongoing rhythm: annual program review with re-approval by the senior manager, periodic effectiveness checks documented by the compliance officer, annual report to the governing body, and an independent evaluation at least every 3 years (first evaluations due 2029).

Penalties and enforcement

AUSTRAC has civil penalty powers under section 175 of the AML/CTF Act up to 100,000 penalty units per breach for body corporates and 20,000 penalty units for individuals, currently A$33 million and A$6.6 million respectively at the A$330 penalty-unit value, with the next indexation due 1 July 2026. Tipping off is a criminal offence under section 123 with a maximum penalty of 2 years' imprisonment, 120 penalty units, or both. Structuring transactions to avoid the A$10,000 threshold is a separate criminal offence under section 142. AUSTRAC has signalled an educative posture in year one for entities making genuine efforts to comply, but has taken real action: in November 2024 it issued infringement notices of A$3,756 (sole trader) to A$18,780 (company) to 16 businesses that missed their 2023 annual compliance report, with Castra Licensee Pty Ltd and Princeton Securities (NSW) Pty Ltd sued in the Federal Court in December 2025; in September 2025 it issued Revolut Payments Australia with a A$187,800 infringement notice for late international funds transfer reports.

What Senly AML does

Senly AML adopts AUSTRAC's published starter kit for your sector (Real Estate, Accounting, Legal Profession, Conveyancing or Jeweller streamlined tier) and operates it. Senly AML serves kit-fits populations only; scope outside a published kit (property developers, full-tier jewellers) is referred to AML/CTF consultants. The ML/TF risk assessment (section 26C) and AML/CTF policies (section 26F) come from the kit verbatim, composed across all the designated services you declare. Every customisation you make is captured with provenance, so when AUSTRAC publishes a new kit version we can diff it against your program and surface the changes for one-click adoption. Customer due diligence is captured through a three-mode verification toggle: in-person sight, video sight (Zoom, Microsoft Teams, Google Meet, FaceTime, or certified copy received), or an optional vendor API check arriving in Phase 1.5. The DFAT consolidated sanctions list is bundled inside the platform and searchable with an audit-logged attestation; UN and OFAC sanctions plus global PEP and adverse-media databases ride on top of the same flow through the optional vendor API. A deterministic risk-scoring engine with transparent, configurable weights scores every customer Low, Medium or High and triggers periodic review on a risk-based cadence. SMR and TTR wizards include statutory deadline timers and a tipping-off lockdown that engages the moment SMR drafting begins. Records are stored encrypted at rest in Australia with a hash-chain tamper-evident audit log for the 7-year retention period. Annual compliance report data is captured throughout the year ready for the Phase 1.5 export wizard.

What Senly AML does not do

Senly AML does not submit anything directly to AUSTRAC on your behalf. AUSTRAC requires the reporting entity to lodge enrolment, SMRs, TTRs, CBM reports, and the annual compliance report directly via AUSTRAC Online; no third-party API exists. For enrolment, Senly AML provides a one-page prep checklist of everything to gather before opening AUSTRAC Online: legal name, ABN, ACN, structure, declared services, beneficial owners, compliance officer details. We store the data in your business profile so it's entered once. For each subsequent report (SMR, TTR, ACR), Senly AML generates the content and runs the deadline timer; you copy the content into AUSTRAC Online and Senly AML logs the receipt number. Senly AML does not replace legal advice; for complex compliance situations engage a qualified Australian AML/CTF specialist.

Data residency, privacy and identity-document handling

Personal information collected through Senly AML is held in Australia (Supabase Sydney region and AWS S3 ap-southeast-2) and encrypted at rest. The platform is built to align with the Privacy Act 1988 (Cth), the Australian Privacy Principles (including the requirement under APP 3 to collect only personal information that is reasonably necessary, and APP 11 security of personal information), and OAIC guidance. Senly AML never stores copies of identity documents. We keep only the structured verification outcome, the verifier's attestation, and the metadata required for audit (document type, document number, expiry, issuing authority, sighting method, date, verifier identity). The same principle applies to certified copies and video-call sightings: metadata only, never scans or screenshots.

Pricing and access

Senly AML is A$49 per month on the monthly plan or A$41 per month on annual (A$492 billed once per year) with a 14-day free trial that starts on first login. Every Phase-1 feature is bundled in both plans (unlimited customers, unlimited CDD records, unlimited reports) including the DFAT consolidated sanctions list with daily refresh, all program and risk-assessment generation, all compliance-report drafting (SMR, TTR, CBM, ACR), and a 7-year encrypted Australian vault. No self-serve sign-up: every customer is manually onboarded by the founder via a 20-minute call, which matches the incumbent AML-platform pattern and keeps activation high. Optional vendor API checks (DVS, biometric, full sanctions / PEP / adverse-media databases) arrive in Phase 1.5 with per-check pricing on top of the base subscription.

Authoritative sources

• AUSTRAC homepage: https://www.austrac.gov.au
• AUSTRAC enrolment (Reform): https://www.austrac.gov.au/amlctf-reform/reforms-guidance/before-you-start/find-out-when-enrol-and-register-reform/enrol-us-reform
• AUSTRAC real-estate designated services: https://www.austrac.gov.au/amlctf-reform/reforms-guidance/before-you-start/new-industries-and-services-be-regulated-reform/real-estate-services-reform
• AUSTRAC professional designated services: https://www.austrac.gov.au/new-austrac/designated-services-newly-regulated-entities/professional-designated-services
• AUSTRAC precious metals, stones and products designated services: https://www.austrac.gov.au/new-austrac/designated-services-newly-regulated-entities/precious-metals-stones-and-products-designated-services
• AUSTRAC virtual asset designated services: https://www.austrac.gov.au/new-austrac/designated-services-newly-regulated-entities/virtual-asset-designated-services
• AML/CTF Act 2006 (Cth): https://www.legislation.gov.au/Series/C2006A00169
• AML/CTF Amendment Act 2024: https://www.legislation.gov.au/C2024A00109
• DFAT consolidated sanctions list: https://www.dfat.gov.au/international-relations/security/sanctions/consolidated-list

About Uinspo Pty Ltd

Senly AML is built and operated by Uinspo Pty Ltd, an Australian proprietary limited company (ABN 47 664 833 872). Contact: mithun@senly.ai for general enquiries, privacy@senly.ai for privacy matters, security@senly.ai for responsible vulnerability disclosure.