AML/CTF compliance built for accounting firms
Tranche 2 brought accounting firms under the AML/CTF Act on 1 July 2026 — the obligations apply now. Most of them sit at the engagement level: one client with three designated services means three separate compliance trails. duely builds each one for you.
What makes Tranche 2 hard
- 01
Multiple designated services per client
One client can have multiple designated services across different engagements. Each triggers its own obligations, and tracking at the client level misses critical detail.
- 02
Trusts and complex structures
Trusts and layered entities create beneficial owner and controller complexity that manual processes frequently miss or fail to document properly.
- 03
Proving scoping decisions
The real work is often proving scoping decisions and rationale later. Without a structured record, firms risk gaps when regulators or auditors ask why a service was deemed in or out of scope.
- 04
Spreadsheets don't preserve evidence
Spreadsheets do not preserve approvals or evidence consistently across engagements. Decisions, rationale, and sign-offs get lost or overwritten.
Where duely fits
Four parts of an engagement where the work has to be defensible later.
- 01
Engagement-based records
Keep designated service scoping and due diligence tied to the engagement, not buried in a generic client folder. See the workflow
- Create separate engagements for each designated service
- Link multiple engagements to the same client without conflating obligations
- Track each engagement's compliance lifecycle independently
- Full audit trail per engagement, not just per client
- 02
Structure profile and UBO context
Map companies, trusts, partnerships, and controllers with a clearer ownership record.
- Map companies, trusts, and partnerships with their interrelationships
- Identify beneficial owners using 25% ownership threshold tracking
- Record controllers, trustees, and appointors for trust structures
- Document the reasoning behind every identification decision
- 03
Risk and ECDD discipline
Move from loose notes to documented triggers, rationale, and source-of-funds / source-of-wealth handling where required. See risk assessment
- Multi-factor risk scoring framework tailored to accounting engagements
- Automatic ECDD triggers when high-risk indicators are detected
- Structured source of funds and source of wealth documentation
- Senior management approval routing for high-risk engagements
- 04
Evidence packs for partner review
Generate a cleaner export for approval, audit preparation, or future internal review. See evidence packs
- Versioned evidence packs with SHA-256 integrity hashing
- Configurable redaction rules to control sensitive information in exports
- Complete decision trail: decision, rationale, timestamp, and approver
- Export-ready snapshots that can be produced in minutes, not days
New trust client engagement
Follow a realistic engagement through the full duely workflow.
Client onboarding and scoping
A new client approaches your firm to manage their family trust's annual tax obligations and prepare financial statements. Your team creates a new engagement in duely and uses the scoping wizard to determine which services are designated services under Tranche 2. The wizard identifies that both the tax return preparation and financial statement services are in-scope, so two separate engagements are created, each with its own compliance obligations.
Entity structure and beneficial owner mapping
The family trust has a corporate trustee (a proprietary company) and four individual beneficiaries across two classes. Your team maps the entity structure in duely, recording the trust, the corporate trustee, and each beneficiary. The system guides the team through beneficial owner identification, flagging the individual who controls the corporate trustee as a beneficial owner and documenting the reasoning for each identification decision.
Identity verification
duely determines the appropriate verification path based on the initial risk indicators. For the individual beneficial owners, safe harbour verification is available. The system guides your team through the AUSTRAC-described procedure. For the corporate trustee, a non-safe harbour path is used with ABN verification, ASIC extract, and director identification. All verification results and source documents are captured against the engagement.
Risk assessment and ECDD check
The guided risk assessment wizard evaluates the engagement across multiple risk factors. The trust structure and one beneficiary's overseas residency flag the engagement as requiring closer attention. The risk rating is recorded with full rationale. In this case, the overall rating does not trigger ECDD, but the system documents the factors considered and the reasoning for the final rating, providing a clear record if the assessment is ever questioned.
Evidence pack and ongoing monitoring
With scoping, verification, and risk assessment complete, duely generates a versioned evidence pack for each engagement. The packs include every decision, document, verification result, and risk assessment, hashed for integrity and ready for review. As the engagement continues, any changes (new beneficiaries, updated risk factors, annual reviews) are captured as new evidence pack versions with a full change trail.
See it in action
A 30-minute walkthrough of the full engagement lifecycle (scoping, verification, ECDD, and evidence pack) on your own client examples.