AML/CTF Compliance for Small Real Estate Agencies: A Practical Guide

If your agency brokers the sale, purchase or transfer of real estate, 1 July 2026 is the date your business changes. From that day, you become a reporting entity under Australia's Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) laws - joining banks, casinos, and financial institutions in a regulatory framework designed to stop criminal money from flowing through the Australian economy.

You do not need a legal degree to comply. You do not need to hire a team of consultants. What you do need is a clear picture of exactly what is required, by when, and in what order - because every week between now and July 2026 that you do not act is a week you cannot get back.

This guide covers every obligation a small real estate agency must meet, grounded in AUSTRAC's own published guidance and the AML/CTF Rules 2025. It is written for the licensee-in-charge, the business owner, and anyone else who will be responsible for making compliance happen.

First: Does This Apply to Your Agency?

Not every real estate business in Australia is a reporting entity under Tranche 2. The obligation attaches to the service, not the industry. You are a reporting entity if you broker the sale, purchase or transfer of real estate on behalf of a buyer, seller, transferee or transferor in the course of carrying on a business. In plain terms: if you act as a real estate agent on either side of a property transaction, this applies to you.

Pure property management - leasing and managing rental properties - is not a designated service and does not trigger the obligation. However, if your agency does both property management and sales, the sales activity brings you in. It is the service, not the licence category, that determines whether you are regulated.

AUSTRAC has also published a specific starter kit for small real estate and buyer's agencies. The starter kit is designed for agencies that meet all of the following criteria. This is important - it determines whether you can use AUSTRAC's simplified pathway or need a more tailored program:

Your Five Core Obligations

Every real estate agency that brokers property sales has five core obligations under the Act from 1 July 2026. Everything else flows from these.

Building Your AML/CTF Program: What It Must Contain

Your AML/CTF program is not a policy document you file in a drawer. It is the operational backbone of your compliance - the document your staff use, AUSTRAC reviews, and you update when your business or the regulatory environment changes. Under the AML/CTF Rules 2025, it must include the following components.

1. Your ML/TF Risk Assessment

The risk assessment is the foundation of everything. It requires you to systematically identify and assess the money laundering and terrorism financing risks that your specific agency faces. This includes analysing: the customers you deal with (individuals, companies, trusts, foreign nationals), the transactions you facilitate (standard residential sales, off-the-plan, high-value commercial), the channels through which you operate (in-person, digital, referral networks), and the geographic footprint of your work (local, interstate, international buyers).

AUSTRAC's real estate starter kit includes a risk assessment framework you can customise. The key principle is that your assessment must be honest and specific to your business - not a generic tick-box exercise. A boutique agency in regional Victoria serving predominantly local first-home buyers has a different risk profile than an inner-city agency regularly handling offshore buyers and large cash-funded transactions.

2. Your AML/CTF Policies and Procedures

Your policies translate your risk assessment into day-to-day operations. They must cover: how you identify and verify customer identity (your KYC procedures for each customer type), how you handle higher-risk customers, what triggers a suspicious matter report and what the process is for filing one, how you collect and monitor information throughout the transaction, and how you train staff and keep their knowledge current.

3. Your Governance Framework

The AML/CTF Rules 2025 place explicit responsibility on senior management and governing bodies. You must appoint a fit and proper AML/CTF Compliance Officer - the person responsible for implementing the program day to day. For most small agencies, this will be the licensee-in-charge. You must notify AUSTRAC of this person's identity. AUSTRAC's general rule is notification within 14 days of appointment. AUSTRAC has also published a transitional-rules update stating that newly regulated Tranche 2 businesses have until 29 July 2026 to notify AUSTRAC of their AML/CTF compliance officer.

4. Personnel Due Diligence and Training

Before appointing any person to an AML/CTF-related role, you must conduct personnel due diligence (PDD) - background checks and integrity assessments to ensure your staff do not represent an internal ML/TF risk. All staff with customer-facing or compliance-related functions must be trained in their AML/CTF obligations, how to recognise red flag indicators, and what to do when they identify suspicious activity. Training records must be kept. Training must be ongoing - not a one-off event.

Customer Due Diligence in Practice: Who You Must Verify and How

KYC is the most operationally intensive part of AML/CTF compliance for a real estate agency. Every transaction involves at minimum two customers: the buyer and the seller. Both must be identified and verified. The process differs depending on who your customer is.

A critical timing point first: you must complete initial CDD for the party you are directly acting for - the seller if you are a seller's agent, the buyer if you are a buyer's agent - before you start providing the designated service. For the other party to the transaction, AUSTRAC permits delayed CDD: verification must be completed no later than 15 days after exchange of contracts or before settlement, whichever is earlier.

Real Estate Red Flags: What Suspicious Actually Looks Like

One of the hardest parts of AML/CTF compliance for real estate agents is recognising when something is genuinely suspicious. AUSTRAC has published a dedicated set of risk insights and red flag indicators specifically for the real estate sector. These are not abstract - they describe the actual patterns that financial criminals use when laundering money through property. Knowing them is not optional; acting on them is what makes your program real rather than performative.

AUSTRAC's 2024 National Risk Assessment found that domestic real estate poses a very high risk of money laundering in Australia. Property is attractive to criminals because it is high-value, tends to appreciate over time, and can generate income. It can also be used to layer funds through rapid resales, obscure ownership through complex structures, and move large sums in a single transaction.

Reporting to AUSTRAC: SMRs and TTRs Explained

Reporting is where your AML/CTF program connects to AUSTRAC's intelligence function. Your reports are not just regulatory paperwork - they are part of a national effort to identify and disrupt financial crime. Understanding when and how to report is one of the most practically important things a real estate agent can do.

From 1 July 2026, you must also submit an annual AML/CTF compliance report to AUSTRAC each year, due by 31 March for the preceding calendar year. This report confirms that your program is in place, that staff have been trained, that records are being kept, and that your reporting obligations are being met.

Staff Training: What Your People Need to Know

A compliant AML/CTF program on paper is worthless if the person sitting across from a buyer at the front desk does not know what to look for or what to do. Staff training is an explicit requirement under the Act - not optional, not a one-off exercise, and not satisfied by emailing a policy document.

All personnel with AML/CTF-related functions - which for a real estate agency means every sales agent, every admin staff member handling transactions, and every person who interacts with customers - must be trained before 1 July 2026 and at regular intervals thereafter. Training must cover:

• What AML/CTF obligations are and why they apply to real estate agencies from 1 July 2026.
• How to identify and verify customer identity for each customer type your agency encounters - individuals, companies, and trusts.
• The red flag indicators from AUSTRAC's real estate sector guidance, and how to apply them in the context of your specific transaction types.
• The process for escalating concerns to the AML/CTF Compliance Officer (the licensee-in-charge in most small agencies).
• How suspicious matter reports work - including the tipping-off offence and why staff must never tell a customer that an SMR has been or may be filed.
• The obligations around cash transactions and threshold transaction reporting.
• Record-keeping responsibilities: what to collect, where to store it, and how long to keep it.

You must also conduct personnel due diligence on any person in an AML/CTF-related role - background and integrity checks before appointment, and ongoing assessments as required. AUSTRAC's guidance is that PDD must be proportionate to the role and the risk. For a small agency, this typically means appropriate reference checks and, where the role and risk warrant it, background checks such as police clearances for the compliance officer and key personnel, with documented procedures for any subsequent screening.

Record Keeping: The Seven-Year Rule

Every piece of information you collect, every verification you conduct, every report you file, and every training session you run must be documented and retained for a minimum of seven years from the date of the transaction or event. This is not discretionary.

Your records must include: customer identification documents collected as part of KYC, the verification steps you took and the sources used, transaction records for every property transaction where you provided a designated service, copies of any SMRs or TTRs filed with AUSTRAC, your AML/CTF program documentation (including all historical versions), and staff training logs.

The records must be in a format that allows you to reproduce them - digital or physical - and must be accessible promptly if AUSTRAC requests them. The practical implication for small agencies is that a simple, well-organised system matters more than a sophisticated one. A shared folder with clearly named subfolders by transaction and date, consistently maintained, will satisfy this requirement. What will not satisfy it is a collection of unorganised emails, unsigned forms, or documents that only the former office manager knows how to find.

Your Compliance Timeline: What to Do and When

The Four Mistakes Small Agencies Make Most Often

Based on how the AML/CTF regime has played out in other sectors and in comparable jurisdictions internationally, the compliance failures for newly regulated small businesses cluster around the same four patterns. Being aware of them is the cheapest form of risk management.

1. Using the starter kit as a filing exercise, not a compliance exercise. AUSTRAC is explicit: you cannot simply download the starter kit, fill in your business name, and consider the obligation met. The risk assessment must be genuinely completed and specific to your agency. An assessor reviewing your program will quickly identify whether it reflects your actual business or is a copy-and-paste exercise.

2. Treating KYC as a one-time check at onboarding. Your obligation is ongoing. If circumstances change mid-transaction - a new third party appears, the source of funds shifts, the buyer becomes uncooperative about documentation - you must re-assess the risk and potentially conduct enhanced CDD. Stopping at the initial identity check is not compliance.

3. Not knowing the tipping-off rule. This one can expose individual staff members to criminal liability, not just the business. If a staff member mentions to a buyer that the agency is looking into their transaction, or that they have filed an SMR, that disclosure is a criminal offence. Every person in your agency who handles customer interactions must understand this rule before 1 July 2026.

4. Leaving training to the last week. Real AML/CTF training - not just reading a policy document - takes time to deliver and for people to absorb. Agents who have been selling real estate for twenty years without these obligations need genuine preparation to start thinking about transactions through an AML/CTF lens. That shift in awareness does not happen in a two-hour session the week before July 1.

What Compliance Looks Like Day to Day

Once your program is built and your staff are trained, AML/CTF compliance for a small real estate agency running typical residential transactions is not dramatically different from your existing client intake process. The additional steps - identity verification, source of funds questions for higher-risk clients, CDD documentation - become part of the listing and sales workflow.

For the vast majority of your transactions - an Australian couple buying a suburban home, paid via a standard bank-approved mortgage - the AML/CTF checks will be straightforward: collect identity documents, verify them, document the process, and proceed. The additional time per transaction is measured in minutes, not hours.

The difference comes with higher-risk transactions: significant cash components, foreign national buyers, complex trust structures, or transactions where the red flag pattern starts accumulating. This is where your training, your escalation process, and your Compliance Officer's judgment matter. The goal of the entire framework is not to make every transaction harder - it is to ensure that when something genuinely suspicious appears, your agency is equipped to identify it, document it, and report it.

GateCrown works with small and mid-sized Australian real estate agencies to build complete, audit-ready AML/CTF programs - risk assessment, policies, CDD procedure guides, staff training, and AUSTRAC enrolment support. We do not use generic templates. Every program we build is specific to the agency it covers.