Anti-Money Laundering and Counter-Terrorism Financing Compliance: Information for Clients

What is changing?

From 1 July 2026, new federal laws will require professional services firms, including Hamilton Locke to comply with Australia’s Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Act.

These laws require firms to take proactive steps to ensure they are not facilitating money laundering, terrorism financing and proliferation financing through their operations.

What does this mean for our clients?

This means Hamilton Locke will be required to conduct identity verification and due diligence checks on clients before providing certain services.

From 1 July 2026, we will be required to:

Verify client identity and beneficial ownership
Assess money laundering and terrorism financing (ML/TF) risk and apply enhanced checks where required
Monitor client activity for suspicious matters
Maintain secure records and report certain matters to AUSTRAC

What is the process?

We’ve partnered with leading compliance platform, FirstAML, through which the checks will be conducted. You’ll be asked to provide specific information through a secure weblink.

The verification process will involve:

Request for your details – We will request identity information and any required documents through the FirstAML platform. Emails will come from FirstAML from noreply@hamiltonlocke.com.au on our behalf.
Verification – We will check identity and ownership details securely through approved systems.
Clarification – If further documents or explanations are needed, we’ll let you know as soon as possible.
Assessment – We review the matter, assess risk and finalise the required Know Your Client / Client Due Diligence checks.
Completion – Once checks are complete, we can proceed with your engagement without delay.

What documents will I need?

Depending on your circumstances and the scope of your engagement with us, we may request:

A form of photo ID (e.g. passport or driver’s licence)
Proof of address (e.g. utility bill or bank statement)
Company, trust or SMSF documentation (if relevant)
Details about ownership or control of complex entities
Depending on the context of an engagement, source of funds and source of wealth information

If you’re representing a company, trust or other structure, we’re also required to identify and verify the individuals who ultimately own or control it.

How long will the process take?

Turnaround times will depend on a range of factors, with the main one being your structure and the complexity of your matter.

Standard verification (1 to 3 business days)

For individuals, verification is usually quick once we have all the required documents.

For companies, trusts or SMSFs, we generally need a bit more information and may need to verify the identity of more than one person, which can extend the processing time.

Complex or higher-risk matters (3 to 5 business days)

In some matters, we need to take extra steps – for example where there are complex structures, higher-risk transactions or we need to verify the source of funds. This may require additional information and can extend the timeframe.

The key factor in ensuring a smooth and timely process is providing the requested information promptly. If documents are missing or need clarification, we’ll contact you to let you know what’s needed.

Privacy and data security

We take privacy and data security seriously. Any information you provide is handled in accordance with:

Australian privacy laws
Our professional confidentiality obligations
AML/CTF regulatory requirements
Our Privacy Policy and the Privacy Policy of FirstAML.

Please only submit your documentation through the secure link provided to you, and not by email.

About FirstAML

FirstAML’s software ‘Source’ is a secure, cloud-based platform that enables our compliance team to verify your identity, conduct the required checks, assess risk, and maintain ongoing monitoring of our client relationships. This process involves collecting and processing Personal Information, including sensitive data, to perform verification checks.

All compliance-related correspondence, requests, and records are securely stored within FirstAML. FirstAML uses and engages with other platforms and sub-processors to gather information and complete its checks. A list of these third parties is located here.

FirstAML privacy and data security

FirstAML is ISO 27001:2022 certified and complies with privacy legislation across the United Kingdom, New Zealand, Australia, and European countries (GDPR).

More detailed information can be round in FirstAML’s Privacy Notice, Security Statement and Trust and Security Centre.

Frequently Asked Questions

Understanding the requirements

Is this a legal requirement?

Yes. From 1 July 2026, professional service providers, including law firms, must comply with Australia’s AML/CTF laws.

Why am I being asked to provide this information?

The Federal Government has passed laws requiring certain businesses, including those providing legal services, to take proactive steps to ensure they are not facilitating money laundering, terrorism financing and proliferation financing through their operations.

As a result, HPX businesses, including Hamilton Locke and Source, will be required to conduct identity verification and due diligence checks on clients before providing certain services.

Do all law firms do this?

Yes. From 1 July 2026, all Australian law firms who are providing certain services will be required to conduct these checks.

Do I need to provide this information before work begins?

Yes. We are legally prohibited from providing certain services until your AML checks are complete.

What happens if I don’t agree to the checks?

Under Australia’s anti-money laundering laws, we’re required to complete relevant checks before we can start, or continue, working with you on certain services. If we’re unable to collect the necessary information, we may not be able to proceed with your matter or maintain our business relationship. These requirements apply to all clients and help ensure we’re meeting our legal obligations.

What if I'm located overseas?

The process is the same, but additional checks may be required depending on the jurisdiction. Our system supports remote verification.

What is "Source of Funds" or "Source of Wealth" and why do you need it?

In some transactions, we’re required to confirm where the money is coming from (Source of Funds). This helps reduce the risk of money laundering. Source of Wealth refers to the origin of an individual’s or entity’s assets, whether it be monetary assets, property or gifts and loans, they are all considered to be a Source of Wealth that we must verify.

What if I'm acting for a company, trust or self-managed super fund (SMSF)?

We may request documents that show who ultimately own or controls the structure. In some circumstances we may be required to identify and verify trust beneficiaries. This is part of our legal obligation to understand the people behind complex entities.

What if I'm a third party acting on behalf of a client?

We may request an authority to act and will need to verify your identity.

Previous checks and re-verification

I’ve worked with you before – do I need to do this?

These rules apply to all clients, even if we’ve worked together in the past. From 1 July 2026, we’re legally required to verify identity and conduct due diligence checks for all new and existing clients.

What if I’ve previously provided some or all of this information to another service provider or law firm?

We understand that many of our clients may also have service providers requesting the same information due to these new regulatory requirements. By law, each organisation needs to independently demonstrate that their clients have satisfied the AML/CTF requirements.

I have already completed a Verification of Identity (VOI) check. Isn't that the same as KYC?

VOI is one small part of KYC. AML/CTF legislation requires a full understanding of who our client is, how they’re using our services, and whether there are any financial crime risks, especially in complex structures.

I'm already a client of another HPX Group business. Do I need to provide this information again?

If you’ve recently completed AML onboarding with another HPX Group business, we may be able to use that information to streamline your onboarding, provided the verification was completed within the last two years and there have been no material changes to your circumstances.

Will I have to provide this information more than once?

You will only be required to undertake a new or further check where there is a substantial change to your structure, ownership, operations or risk profile, and periodically every 1 to 3 years.

Document issues and troubleshooting

My documents have expired – will you still accept them?

We generally require current, valid documents. If the documents we have requested have recently expired, please still upload them and we will contact you if needed to discuss your situation.

What happens if my documents are rejected?

We’ll contact you immediately to explain what’s needed and provide clear guidance on how to resolve the issue.

I am having trouble uploading my documents

In the first instance, please contact your usual HPX Group representative who will be able to assist you. Alternatively, you can access technical support and resources through the FirstAML Client Hub.

If you are having any other issues, please contact your usual HPX Group representative in the first instance who will be able to assist you.

Contact us

If you have any questions about this process or the new AML/CTF obligations, please don’t hesitate to speak with your usual Hamilton Locke contact.

AUSTRAC Resources

Anti-Money Laundering and Counter-Terrorism Financing Act 2006 is located here.

Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 is located here.