From 1 July 2026, more than 100,000 Australian small businesses will be required to comply with the Privacy Act for the first time. The change is driven by the expansion of Anti-Money Laundering and Counter-Terrorism Financing (AML-CTF) obligations, which now cover accountants, lawyers, conveyancers, real estate agents, and dealers in high-value goods like jewellers. Businesses in these sectors that previously enjoyed the small business exemption — available to organisations with turnover under $3 million — will lose that protection entirely.

For wealth management firms, this matters on two fronts. First, many smaller advisory practices and accounting firms that support your clients will suddenly be subject to the Australian Privacy Principles, breach notification rules, and OAIC oversight. If they’re not ready, your clients’ sensitive financial data sitting in their systems becomes a compliance liability. Second, the OAIC is already showing its teeth — its 2026 compliance sweep targeting 60 businesses signals that enforcement won’t be gentle for newcomers.

Practical steps: if your firm works with accountants, advisers, or legal practices that fall under the new AML-CTF reporting rules, ask them about their privacy readiness. Internally, review your own data-sharing agreements with third parties who may now face stricter obligations. Key requirements include having a compliant privacy policy, collection notices, breach notification processes, and staff training.

All IT Services works with financial services firms to audit data handling practices and ensure your technology stack supports Privacy Act compliance — worth a conversation before July.