AML/CTF Independent Evaluation: What Real Estate Agencies Need to Know

What Is an Independent Evaluation - and How Is It Different from an Internal Review?

An internal review is something your agency does itself. You look at your own AML/CTF program, check whether staff are following procedures, and identify areas for improvement. Internal reviews are valuable, and AUSTRAC expects you to conduct them regularly - but they are not a substitute for the independent evaluation required under the AML/CTF Rules 2025.

An independent evaluation is fundamentally different. It must be conducted by a person who is independent of the business - someone who did not design, implement, or manage the program being assessed. The purpose is to provide an objective, external assessment of whether your AML/CTF program is adequate, effective, and compliant with the law. It tests whether the program actually works in practice, not just whether it exists on paper.

Think of it this way: an internal review is like checking your own homework. An independent evaluation is like having an external examiner grade it. Both are useful, but only one satisfies the legal requirement under section 26F(4)(f) of the Act and Rules section 5-10.

What an Independent Evaluation Must Cover

The AML/CTF Rules 2025 specify that an independent evaluation must assess three distinct elements of your compliance program. An evaluation that addresses only one or two of these elements does not satisfy the requirement.

The three-element structure is deliberate. A program can look good on paper (design) but fail in practice (operations). A program can be well-implemented but based on an outdated or incomplete risk assessment. The independent evaluation is designed to catch all three failure modes.

Who Can - and Cannot - Conduct the Evaluation

The independence requirement is structural, not just procedural. The person conducting the evaluation must be genuinely independent of the program they are assessing. AUSTRAC is clear about what independence means in practice.

Evaluator Suitability Factors

Independence alone is not sufficient. The evaluator must also be suitably qualified and experienced to conduct the assessment. AUSTRAC does not prescribe specific qualifications, but expects agencies to consider several factors when selecting an evaluator.

When Your First Independent Evaluation Is Due

The first independent evaluation deadline for newly regulated real estate agencies does not fall on a single date. AUSTRAC has implemented a staggered timeline, tied to your AUSTRAC account number, to prevent a bottleneck of agencies all seeking evaluators at the same time.

Why Waiting Until the Deadline Is the Wrong Strategy

Many agencies will look at a 2029 deadline and assume they have years to worry about the independent evaluation. That assumption is understandable but strategically wrong for several reasons.

What Evaluators Actually Look at in a Real Estate Agency

Understanding what an evaluator examines helps you prepare effectively. While the specific scope will vary based on your agency's size and risk profile, evaluators typically assess seven key areas.

1. ML/TF risk assessment - Is it current? Does it cover all relevant risk categories - customer types, property types, geographic exposure, transaction methods, and delivery channels? Has it been updated to reflect changes in your business or the regulatory environment?
2. AML/CTF program design - Is the program designed to manage the risks identified in the risk assessment? Are the policies, procedures, and controls proportionate to the level of risk? Does the program address all required elements under the Rules?
3. Customer due diligence - Are CDD procedures being applied correctly and consistently? Are identification documents being verified appropriately? Is enhanced due diligence being applied to higher-risk customers? Is ongoing due diligence being conducted throughout the business relationship?
4. Suspicious matter reporting - Does the agency have effective processes for identifying and reporting suspicious matters? Are staff aware of their reporting obligations? Is there a clear escalation pathway? Are reports being submitted to AUSTRAC within the required timeframes?
5. Record-keeping - Are transaction records, CDD records, and program documents being retained for the required periods? Are records accessible and organised in a way that supports regulatory inspection?
6. Staff training - Is training adequate, role-appropriate, and documented? Has initial training been delivered to all relevant personnel? Is ongoing training being provided at appropriate intervals? Is there a training register?
7. Program maintenance and updates - Has the program been updated in response to changes in risk, law, business operations, or AUSTRAC guidance? Is there a documented process for reviewing and updating the program? Are changes communicated to staff?

What Happens When an Evaluation Finds Problems

It is important to understand that adverse findings are a normal and expected outcome of an independent evaluation. The purpose of the evaluation is to identify areas where your program can be improved - not to produce a clean bill of health. An evaluation that finds no issues at all should raise questions about its thoroughness, not inspire confidence.

When an evaluation identifies deficiencies, the typical process involves five steps.

1. Written report. The evaluator documents their findings and recommendations in a structured written report. This report should clearly identify each deficiency, explain why it matters, and recommend specific remedial actions.
2. Management review. Your agency's management - typically the principal and AML/CTF Compliance Officer - reviews the findings and determines the appropriate response to each recommendation.
3. Remediation plan. You develop a remediation plan that sets out what changes will be made, who is responsible for each change, and the timeframe for completion. The plan should prioritise high-risk deficiencies.
4. Implementation. You implement the required changes - updating policies, retraining staff, improving procedures, or addressing whatever gaps the evaluation identified.
5. Documentation. You retain the evaluation report, remediation plan, and records of all remedial actions taken. These documents must be available for AUSTRAC inspection and will form part of the evidence base for your next independent evaluation.

How to Prepare Your Agency for an Independent Evaluation

Preparation does not mean gaming the evaluation. It means making sure your program is in the best possible shape before the evaluator arrives, so the evaluation can focus on genuine improvement rather than basic housekeeping issues.

• Update your risk assessment. Ensure it reflects your current business operations, customer base, property portfolio, and geographic exposure. If anything has changed since it was last reviewed, update it now.
• Review your AML/CTF program document. Check that it aligns with your current risk assessment and covers all required elements under the AML/CTF Rules 2025. Remove outdated references and update any procedures that have changed.
• Audit your CDD records. Spot-check a sample of recent transactions to verify that customer identification and verification has been conducted correctly and documented consistently.
• Check your training register. Confirm that all relevant staff have completed their required training, that completion dates are recorded, and that refresher training is scheduled where due.
• Review your suspicious matter reporting process. Ensure the escalation pathway is clear, documented, and understood by all customer-facing staff. Check that any SMRs submitted to AUSTRAC have been filed within the required timeframes.
• Organise your record-keeping. Make sure transaction records, CDD documents, and program files are accessible, organised, and retained for the required periods. An evaluator who cannot locate records will note it as a deficiency.
• Document your program updates. If you have made changes to your program since it was established, document what changed, when, and why. Evaluators look for evidence that your program is a living document, not a static file.
• Brief your staff. Make sure key personnel understand what the evaluation involves, what the evaluator may ask them, and that cooperation is expected. Staff interviews are a standard part of operational testing.
• Prepare a summary of your compliance activities. A brief chronology of key compliance actions - enrolment date, program completion, training sessions delivered, risk assessment reviews, any SMRs filed - gives the evaluator a useful starting point and demonstrates an organised approach.

The Independent Evaluation and GateCrown's Role

GateCrown helps real estate agencies build and maintain AML/CTF programs that are designed to withstand scrutiny - including independent evaluation. Our programs are structured around the three elements that evaluators assess: risk assessment, program design, and operational implementation.

When it comes to the independent evaluation itself, the question of GateCrown's role depends on the independence requirement. If GateCrown built your program, we cannot conduct the independent evaluation of that same program - because we would fail the independence test. In that scenario, we can help you prepare for the evaluation, coordinate the engagement of a suitably independent evaluator, and support the remediation process after the evaluation is complete.

Where GateCrown has not been involved in building or maintaining a particular agency's program, and the independence requirements are satisfied, GateCrown can support the evaluation process directly. The appropriate arrangement depends on the specific circumstances, and we will always be transparent about whether we meet the independence threshold for your agency.