FLYONIT logo
Anti-Money Laundering & Counter-Terrorism Financing — Data Security Pack

Protect Anti-Money Laundering andCounter-Terrorism Financing records.

Australia's new rules are live. One monthly pack helps you secure client and transaction records, keep them for seven years, back them up, and produce evidence when asked — without the jargon.

New rules. New reporting entities. Is that you?

From 1 July 2026, Anti-Money Laundering and Counter-Terrorism Financing obligations extend to these professions.

Real estate agents
Lawyers & conveyancers
Accountants
Precious metals & stones dealers
Trust & company service providers
AUSTRAC guidance

What the new obligations ask of your practice

AUSTRAC’s reforms update Anti-Money Laundering and Counter-Terrorism Financing duties for reporting entities. Here is the business-friendly summary — and where an IT security partner fits.

Official detail lives with AUSTRAC. Read Changes to AML/CTF obligations: what you need to do.

Enrol and keep details current

Enrol with AUSTRAC and keep business details up to date.

Manage money-laundering risk

Run a program that fits how your practice works with clients.

Know your customers

Complete due diligence before designated services — and keep it current.

Report when required

Submit suspicious matter and other required reports on time.

Keep records for seven years

Retain customer and transaction records, ready to produce on request.

Where FLYONIT fits

IT security for the systems behind compliance

We don't replace your compliance advisor — we secure, retain and evidence the records your program depends on.

Secure client evidence

Access controls and monitoring so only the right people see sensitive files.

Retain for seven years

Backup and recovery so records survive mistakes, ransomware or staff changes.

Produce evidence fast

Clear logs and reporting packs for audits, reviews and governance.

What's at stake

Your records are now part of how you stay in business

Under the new Anti-Money Laundering and Counter-Terrorism Financing rules, client and transaction records must be protected, retained and producible. Gaps create risk.

Client records become a liability

If identity and transaction data is poorly protected, it can be used for financial crime — and that puts your practice in the spotlight.

Penalties are real

Failing to keep and protect required records can attract civil penalties and regulatory attention.

No records, no defence

If you cannot produce the evidence when asked, you cannot show you met your obligations.

Incidents do not pause duties

Ransomware, accidental deletion or staff turnover do not pause your duty to keep records safe and available.

Exposure snapshot

Where practices usually feel the pressure

Typical weak spots we see before the pack is in place — scored as relative exposure, not a regulatory scorecard.

72%
Access control
85%
Retention
68%
Backup
90%
Evidence

Client trust & compliance

Sensitive files deserve the same care as the advice you give

Identity checks, transaction notes and supporting documents are commercial assets and compliance evidence. This pack treats them that way — protected, retained and recoverable.

What's included

Twelve protections. One monthly service.

Everything the new rules expect of your data — configured, monitored and evidenced for you. Features and outcomes, not a product catalogue.

Lock down access

Who can see what

Strong sign-in and multi-factor checks
Role-based access to sensitive client files
Device and endpoint protection
Safer sharing of confidential documents

Protect every record

Keep data safe & intact

Stop sensitive data leaving by mistake
Protect high-risk client documents
Retention controls for the full seven years
Clear logs of who accessed or changed files

Back up & prove it

Recover & evidence

Independent backup of critical cloud data
Monitoring and recovery testing
Recovery from ransomware or accidental deletion
Evidence packs ready for audits and reviews

Access control

Only the right people see sensitive client files.

Evidence ready

Produce what regulators ask for without a scramble.

Always on watch

Unusual activity is flagged before it becomes a breach.

Record keeping

Seven years, always producible

Customer checks, transaction notes and supporting files stay protected, backed up and ready to produce — for the full retention period.

Year 1

Records created & secured

Year 3

Still searchable & intact

Year 5

Audit-ready on request

Year 7

Full retention met

Readiness goals

What “good” looks like

Clear targets we aim for once the pack is live in your practice.

100%

Critical data backed up

100%

Retention controls on

Seven-year window

How it works

Straightforward path from review to day-to-day protection

01

We review your exposure

A short walkthrough of how client and transaction records are stored, shared and retained today.

02

We lock in the pack

Access controls, record protection, backup and monitoring are configured around your practice — without disrupting day-to-day work.

03

You stay audit-ready

Ongoing watch, tested recovery, and evidence when you need to show how records are protected.

Talk to us

Liking what you see so far?

Tell us about your practice — a FLYONIT specialist will call you back within one business day. No obligation.

We only use your details to contact you about your enquiry.

FAQ

Questions practices ask us

Straight answers on the new Anti-Money Laundering and Counter-Terrorism Financing rules, your records, and the pack.

If you are a real estate agent, lawyer, conveyancer, accountant, dealer in precious metals or stones, or a trust and company service provider, the answer is very likely yes. Australia's Tranche 2 reforms extended these obligations to those professions from 1 July 2026. That includes customer due diligence records, transaction records, and keeping them secure and producible for seven years.

Two things. First, regulators expect you to protect the client information you collect — stolen identity data is used for financial crime, so weak security is itself a risk. Second, your records are your proof of compliance: if they are lost, encrypted by ransomware, or quietly changed, you cannot show you met your obligations. AUSTRAC’s guidance on what you need to do is a good place to start; FLYONIT helps with the IT systems and record protection behind that work.

No. Enrolment, your written Anti-Money Laundering and Counter-Terrorism Financing program, customer due diligence design and suspicious-matter judgement sit with your practice and your compliance advisors. FLYONIT secures access, protects and backs up records, monitors for unusual activity on your systems, and helps you produce evidence that those controls are working.

Not in the way most practices assume. Cloud platforms protect their infrastructure, but accidental deletion, insider mistakes, sync errors and ransomware are still your responsibility. This pack adds independent backup of mail, files and collaboration data — monitored and restore-tested so recovery works when you need it.

No. Most practices already pay for tools that can do a large part of this work — they just aren't configured or monitored end-to-end. We set up what you have properly, fill the gaps in monitoring and backup, and hand you clear evidence reports. It is priced as a fixed monthly service scaled to your size.

Most practices are protected within two to three weeks — access controls first, then record protection, then backup and monitoring. There is no planned downtime, and your team keeps working normally throughout.

The rules are live — get ahead of them

Secure it. Retain it. Prove it.

A 30-minute review shows where your Anti-Money Laundering and Counter-Terrorism Financing records stand — and what the pack fixes in the first fortnight.