Having specialised in legal risk and compliance since the Australian AML/CTF Act was first enacted in 2006, I've helped countless businesses navigate regulatory shifts. The expansion of these laws to real estate in July 2026 is the most significant change in years.
For owners of small to medium-sized boutique agencies, the path to compliance can seem cluttered with jargon. I've cut through the complexity to create a straightforward, seven-step action plan. Follow this guide to build a robust compliance framework that protects your agency and its reputation.
Why Property is Now on AUSTRAC’s Radar: The Money Laundering Risk Real Estate
The core reason for these new obligations is straightforward: the Australian property market is, unfortunately, a prime vehicle for criminals to 'wash' ill-gotten gains. The sheer volume and high value of transactions make it ideal for disguising the source of funds—converting illegal proceeds into legitimate assets. As Mr Brendan Thomas, CEO of AUSTRAC, has highlighted: "We see time and again that property is used to layer and integrate funds, often unknowingly facilitated by professional advisers".
This is why, from 1 July 2026, real estate agents providing specific designated services become AUSTRAC reporting entities. This designation carries serious legal weight and transforms your agency into a crucial gatekeeper, responsible for the first line of defence against serious financial crime and terrorism financing.
Your 7-Step AML/CTF Compliance Plan
Step 1: Confirm Your Obligations – Are You "Captured"?
First, determine if your business provides a "designated service." You are likely covered by the new laws if you:
- Work as a buyer's agent or seller's agent (brokering the sale, purchase, or transfer of real estate).
- Are a property developer selling house and land packages, off-the-plan apartments, or land in new subdivisions directly to the public (without an independent agent).
Example: If you broker the sale of a house, both the vendor and the purchaser are your "customers" for AML/CTF purposes, even if you only formally represent one party.
Action: Review your business activities against the official definitions. If you answer "yes" to any of the above, you are a reporting entity and must proceed to Step 2.
Step 2: Enrol Your Business with AUSTRAC
Once confirmed, you must formally enrol with the regulator, AUSTRAC.
- When: Enrolment opens on 31 March 2026.
- Deadline: You must enrol within 28 days of commencing a designated service. For most real estate agencies, the final deadline is 29 July 2026.
You will need to provide details about your business structure, services, key personnel, and financial information.
Action: Diarise these dates. Gather your company details, ABN/ACN, and information on directors now to avoid a last-minute rush.
Step 3: Appoint Your AML/CTF Compliance Officer
You must appoint a dedicated AML/CTF Compliance Officer. This person will be the driving force behind your program and your main point of contact with AUSTRAC.
This officer should be a senior staff member with the authority and independence to enforce compliance. They must be an Australian resident.
Action: Identify a suitable, senior individual within your business. If you lack internal expertise, you can outsource this role to a specialised firm.
Step 4: Develop Your AML/CTF Program and Risk Assessment
This is the core of your compliance framework. Your AML/CTF Program is not a generic document; it must be tailored to your agency's specific risks.
This involves two key tasks:
- Conduct an ML/TF Risk Assessment: Identify and document the specific money laundering and terrorism financing risks your business faces. Consider your clients, the types of properties you sell, their locations, and the complexity of your transactions.
- Document Your Program: Create a formal program that outlines the processes you will use to identify, mitigate, and manage these risks. It must include your procedures for customer due diligence, staff training, and reporting.
Action: Don't just download a template. Your program must reflect your actual business. Start drafting this well in advance of the July 2026 deadline.
Step 5: Implement Customer Due Diligence (CDD) Processes
Customer due diligence will become a daily part of your workflow. You must be able to:
- Identify and Verify: Collect and verify identities of your clients and any beneficial owners (the real people behind trust or company structures).
- Assess Risk: Determine if a client is low, medium, or high risk. Triggers for higher risk include a client being a Politically Exposed Person (PEP), from a high-risk country, or using a nominee.
- Conduct Enhanced Due Diligence (EDD): For higher-risk clients, you must dig deeper into their source of funds and wealth.
- Monitor Ongoingly: Keep an eye on the business relationship to ensure transactions are consistent with what you know about the client.
Case Scenario: A buyer wants to purchase a property using a company trust structure and the funds are coming from an unrelated third-party company overseas. This triggers multiple red flags: an unusual involvement of third parties, a potentially hidden beneficial owner, and payments from an unknown source. Your CDD process would require you to pause and conduct EDD to uncover the true owner and the legitimate origin of the money.
Action: Integrate these checks into your client onboarding and transaction processes. Invest in reliable electronic verification tools.
Step 6: Train Your Entire Team
Your program is only as strong as your people. All relevant staff, including agents and administration personnel, must be trained on:
- Your AML/CTF obligations.
- How to spot red flags in property transactions.
- Your internal procedures for CDD and reporting.
- The consequences of non-compliance.
Action: Schedule comprehensive training sessions before July 2026 and keep detailed records of attendance.
Step 7: Establish Reporting and Record-Keeping Systems
Finally, set up the systems for your ongoing duties:
- Reporting: You must file a Suspicious Matter Report (SMR) with AUSTRAC if you suspect illicit activity. For cash transactions of A$10,000 or more, you must submit a Threshold Transaction Report (TTR).
- Record-Keeping: By law, you must keep all records related to your compliance program—including client ID checks, staff training, and transaction details—for 7 years.
Action: Ensure you have secure digital storage solutions in place to manage these records efficiently.
Your Compliance Journey Starts Here
This seven-step plan provides a clear roadmap. The deadline of 1 July 2026 may seem distant, but building a compliant framework takes time and expertise. Starting now protects you from costly penalties and reputational damage.
At Click Legal, we make this process simple. We provide the expert guidance and hands-on support to ensure your boutique agency meets its obligations seamlessly.