From 1 July 2026, real estate agents, buyer's agents, and property developers that provide a designated service are reporting entities under Australia's AML/CTF Act. Non-compliance is not a theoretical risk. AUSTRAC is an active regulator with a demonstrated track record of applying its enforcement powers - including civil penalty proceedings that have resulted in penalties measured in the hundreds of millions of dollars against some of Australia's best-resourced institutions.
This article explains what the penalty framework actually looks like, what AUSTRAC's enforcement tools are, what the track record of enforcement in other sectors shows, and what AUSTRAC has said about its approach to newly regulated Tranche 2 entities. It is not intended to create alarm for agencies genuinely working toward compliance. It is intended to give you an accurate picture of what is at stake - because the compliance case for real estate agencies is much stronger when it is grounded in reality rather than abstraction.
Civil penalties for serious AML/CTF non-compliance can reach up to 100,000 penalty units for a body corporate and 20,000 penalty units for an individual. At the current penalty unit value, those figures represent substantial financial exposure. Criminal penalties - including imprisonment - apply to specific offences. And AUSTRAC has the tools to impose consequences well short of court proceedings that are nonetheless operationally and reputationally significant.
The Penalty Framework: What the Act Actually Provides
The AML/CTF Act contains a tiered penalty framework covering civil penalties, criminal offences, and a range of administrative enforcement tools. These operate independently and can be applied together.
Civil Penalties
Up to 100,000 penalty unitsFor a body corporate - assessed per contravention for serious or systemic failures. For an individual, up to 20,000 penalty units. At the current penalty unit value, these represent significant maximum exposure. Applied by the Federal Court on application by AUSTRAC.
Criminal Offences
Imprisonment + finesSpecific criminal offences exist under the Act - each with its own statutory elements. The tipping-off offence applies where a disclosure would or could reasonably be expected to prejudice an investigation; it carries a maximum of 2 years' imprisonment or 120 penalty units, or both, and is assessed on an objective basis. Other criminal offences include structuring transactions to avoid reporting obligations and providing false or misleading information to AUSTRAC. Unlike civil penalties, criminal prosecution requires the relevant mental element for the specific offence - which varies by offence.
Infringement Notices
Fixed penalty amountsFor less serious contraventions, AUSTRAC can issue an infringement notice without court proceedings. These notices can be made public. While the amounts are lower than civil penalties, infringement notices are often an early indicator of increasing regulatory scrutiny.
Other Enforcement Tools
Multiple mechanismsRemedial directions (formal instructions to fix specific failures), enforceable undertakings (binding commitments to take corrective action, which can be made public), external audit appointments, and - for remittance and virtual asset service providers - registration suspension or cancellation.
Civil penalties under the AML/CTF Act are expressed in penalty units rather than fixed dollar amounts. The value of a penalty unit is set under the Crimes Act 1914 (Cth) and adjusted periodically. AUSTRAC's published penalty unit table shows a value of $330 per unit for contraventions on or after 7 November 2024. At that rate, the maximum civil penalty for a body corporate (100,000 penalty units) equates to $33,000,000, and the maximum for an individual (20,000 penalty units) equates to $6,600,000. These are statutory ceilings - the Federal Court has discretion to order a lower amount based on the facts of each case. You should verify the current penalty unit value at the time of any relevant conduct.
What AUSTRAC's Enforcement Track Record Actually Shows
AUSTRAC's enforcement action is not theoretical. Since 2017 it has conducted a series of major civil penalty proceedings against large regulated entities - all from the financial services and gambling sectors that have been regulated for years. These cases tell you something important about what AUSTRAC actually pursues and why.
CBA admitted to 53,750 contraventions of the Act. Failures included 53,506 late threshold transaction reports for cash deposits through its Intelligent Deposit Machines, inadequate ML/TF risk assessments for those machines, transaction monitoring failures across 778,370 accounts over three years, and suspicious matter reporting failures. The penalty of $700 million - then the largest civil penalty in Australian corporate history - was ordered by the Federal Court in June 2018.
AUSTRAC applied for civil penalty orders against Westpac in November 2019 for alleged serious and systemic non-compliance. The proceedings included allegations relating to 23 million failures to report international funds transfer instructions and failures in correspondent banking due diligence that, in some cases, were linked to transactions associated with child exploitation. The agreed penalty of $1.3 billion - still the largest civil penalty in Australian corporate history - was filed jointly with AUSTRAC in September 2020.
AUSTRAC applied for civil penalty orders against Crown Melbourne and Crown Perth in March 2022, following investigations that revealed serious and systemic AML/CTF program failures including inadequate risk assessments of high-risk customers. The Federal Court ordered Crown to pay $450 million in July 2023, following joint submissions proposing that amount.
AUSTRAC applied for civil penalty orders against SkyCity Adelaide in December 2022 for alleged serious and systemic non-compliance. The Federal Court ordered SkyCity to pay $67 million in June 2024, following joint submissions by AUSTRAC and SkyCity proposing that amount.
Every case in AUSTRAC's civil penalty record involves serious, systemic, and sustained non-compliance - not a single isolated failure. The pattern is: failures that were not detected, not fixed, and that persisted over years while criminals exploited them. AUSTRAC does not go to the Federal Court over a single missed report or a minor gap in documentation. What it does go to court over is the failure to build, maintain, and genuinely operate a compliance program - which is precisely what the obligation requires real estate agents to do from 1 July 2026.
The Full Spectrum of AUSTRAC's Enforcement Tools
Major civil penalties are the highest-profile enforcement mechanism, but they are not the only one. AUSTRAC has a graduated toolkit that allows it to respond to non-compliance at different severity levels. Understanding the full spectrum matters because several of these tools can have significant operational and reputational consequences well short of court proceedings.
- Civil penalty proceedings (Federal Court). Applied to the Federal Court; the Court determines whether a contravention occurred and the penalty. Reserved for serious and/or systemic non-compliance. All major enforcement actions have been resolved through agreed penalties filed jointly with AUSTRAC. AUSTRAC publishes civil penalty proceedings on its website.
- Criminal prosecution. Specific criminal offences under the Act each have their own statutory elements. The tipping-off offence - disclosure that would or could reasonably be expected to prejudice an investigation - carries a maximum of 2 years' imprisonment or 120 penalty units, or both, assessed on an objective basis. Other criminal offences include structuring and providing false information to AUSTRAC. Criminal prosecution is less common than civil penalty proceedings but is available and has been used.
- Enforceable undertakings. Legally binding commitments to AUSTRAC to take specific corrective actions. Can be made public. Breach of an undertaking can trigger Federal Court enforcement proceedings. Enforceable undertakings signal to the market that a business has had serious compliance failings requiring external oversight.
- Written notices - including appointment of an external auditor. AUSTRAC can issue written notices to reporting entities - a category distinct from the four core enforcement tools. One such notice can require a reporting entity to appoint an external auditor to review its ML/TF risk management or AML/CTF compliance. This is disruptive, costly, and - when made public - reputationally significant. AUSTRAC can also issue notices requiring information or documents about compliance.
- Remedial directions. Formal written instructions to take specific actions to comply with the Act. Failure to comply with a remedial direction is a separate contravention.
- Infringement notices. Fixed penalty notices for less serious contraventions. Can be issued without court proceedings. Made public on AUSTRAC's website. Often the beginning of a compliance conversation that can escalate if issues are not addressed.
- Compliance reports. AUSTRAC can require a reporting entity to provide a compliance report - an assessment of the entity's compliance with specified obligations. Failure to provide a report is itself a contravention: in December 2025, AUSTRAC applied for civil penalty orders against two entities specifically for failing to lodge their compliance reports for the 2023 calendar year.
What Triggers Enforcement Action - and What Doesn't
AUSTRAC publishes guidance on its regulatory expectations and approach. For newly regulated Tranche 2 entities, AUSTRAC has signalled that its approach during the implementation period will be pragmatic and proportionate - with a primary goal of supporting businesses to understand and embed their obligations. But AUSTRAC is also explicit that there are conditions under which it will not be pragmatic: where businesses are ignoring their obligations, or where ML/TF risks are not being managed.
| Situation | AUSTRAC's likely approach | Risk level |
|---|---|---|
| Business enrolled, program built, genuinely working to comply - some implementation gaps remain | AUSTRAC's guidance for newly regulated entities focuses enforcement on wilful non-compliance and wilful blindness to ML/TF risk. Entities exercising genuine effort to implement obligations are in a materially different position to those ignoring them entirely. | Lower |
| Business not enrolled at all after 29 July 2026 | Failing to enrol is a direct contravention of the Act. AUSTRAC can take enforcement action for failure to enrol. This is not a grey area. | High |
| No AML/CTF program in place after 1 July 2026 | The program must be documented and approved by a senior manager before providing any designated service. Operating without one is a direct contravention. AUSTRAC's stated position is that genuine non-management of ML/TF risks is a serious regulatory concern. | High |
| Program exists but is not genuinely implemented - box-ticking only | AUSTRAC's guidance to existing entities makes clear that having a program on paper while ignoring obligations in practice is still non-compliance. Risk-based and outcomes-focused - a documented program that does not manage actual ML/TF risks is not sufficient. | High |
| Suspicious matter report knowingly not filed when required | Failure to submit a required SMR is a direct contravention. AUSTRAC's enforcement history includes penalties attributed specifically to SMR failures. CBA's $700M penalty included failures in suspicious matter reporting. | High |
| Tipping-off - disclosing an SMR or investigation to a subject | Criminal offence. Objective test - intent is not required. The question is whether disclosure would or could reasonably be expected to prejudice an investigation. | High |
| Isolated process failure promptly identified and corrected | AUSTRAC's enforcement history is focused on systemic and sustained failures, not one-off errors that are identified and fixed. Good-faith remediation and engagement with AUSTRAC are recognised in penalty calculations. | Lower |
The Non-Financial Consequences
Civil penalties get the headlines. But for most real estate agencies, the non-financial consequences of AML/CTF enforcement action would be equally - if not more - damaging.
Public enforcement history
AUSTRAC publishes all enforcement actions on its website: civil penalty proceedings, infringement notices, and enforceable undertakings. For a real estate agency operating in a local market on reputation, a published enforcement action is a serious reputational event. AUSTRAC's intent in publishing is explicit - to promote transparency and to give the entire regulated population information about enforcement consequences.
Licence implications
Real estate agents in Australia are licensed under state and territory legislation. Serious non-compliance with a Commonwealth regulatory regime - particularly one involving criminal convictions or court-ordered penalties - may have implications for the fitness and propriety requirements that underpin a real estate licence. The interaction between AUSTRAC enforcement and state licensing bodies is a practical risk that agencies should be aware of.
Operational disruption
An external audit appointment, a remedial direction, or an enforceable undertaking does not just impose a cost - it imposes a process. An entity subject to one of these mechanisms must devote management time, staff resources, and often external legal and compliance support to demonstrating compliance. For a small or medium-sized agency, this can be significantly disruptive to operations.
Personal liability for principals and compliance officers
Individual penalties under the AML/CTF Act can apply to natural persons - not just the agency entity. The AML/CTF Compliance Officer has explicit personal responsibility for overseeing the implementation of the AML/CTF program. Senior managers and principals who direct or are reckless about compliance failures face personal exposure under both the civil and criminal penalty frameworks.
AUSTRAC's Stated Approach to New Tranche 2 Entities
AUSTRAC has published specific guidance on what it expects of newly regulated Tranche 2 entities and how it will approach enforcement for this cohort. The key requirements AUSTRAC sets out for newly regulated entities are: having an AML/CTF program documented and approved before providing any designated service from 1 July 2026; enrolling with AUSTRAC by 29 July 2026; appointing an AML/CTF Compliance Officer; training staff; and being ready to submit suspicious matter reports when required.
On enforcement, AUSTRAC's guidance for newly regulated entities signals that its focus will be on entities that wilfully ignore their enrolment obligations, or that are complicit in, or wilfully blind to, ML/TF risks in their business. Entities that are genuinely working to understand and implement their obligations - even if implementation is imperfect on day one - occupy a different position to those that have not enrolled, have no program, and are making no effort to comply.
But AUSTRAC is equally clear about the conditions where that pragmatic approach ends. From AUSTRAC's own guidance:
"If you fail to identify, mitigate and manage your ML/TF risks or fail to meet the above expectations, you risk regulatory action by AUSTRAC. This may include civil penalty proceedings and, for registered businesses, cancelled or suspended registration... If your systems and controls are not effective in managing ML/TF risks, or you are ignoring your obligations, you will continue to face regulatory action."
The distinction AUSTRAC draws is between entities that are genuinely working to implement their obligations - for whom it will be collaborative and supportive - and entities that are not trying at all, or that have programs in name only without genuine operation. The former group will be engaged with. The latter will face enforcement consequences.
For the real estate sector specifically, the implication is practical: the risk is not in having an imperfect program on day one. The risk is in not having a program at all, not enrolling, not training staff, and not actually applying CDD to sales transactions after 1 July 2026.
What the Risk Calculus Actually Looks Like for a Real Estate Agency
AUSTRAC's enforcement history is drawn entirely from financial institutions and large gambling operators - entities with thousands of employees, hundreds of millions of dollars in regulated transactions, and compliance infrastructure that a residential real estate agency cannot replicate. The penalty amounts are calibrated to those entities and their scale of non-compliance.
This context matters. The realistic enforcement risk for a real estate agency is not a $1.3 billion penalty. It is not even a $67 million penalty. The realistic risk for a small-to-medium agency is: infringement notices, enforceable undertakings, remedial directions, an AUSTRAC-appointed external audit, or - in cases of persistent and egregious non-compliance - a civil penalty proceeding. Each of these has real operational, financial, and reputational costs at the scale of a real estate agency.
The compliance cost for a real estate agency - building and maintaining a genuinely operational AML/CTF program - is a fraction of any of those enforcement costs. That is the risk calculus. Not "what is the maximum theoretical penalty" but "what does genuine compliance cost compared to what enforcement proceedings at any level would cost in time, money, management distraction, and reputational damage in a local market where your business runs on trust."
AUSTRAC's enforcement history shows it pursues serious and sustained non-compliance, not minor implementation gaps. The real risk for a real estate agency that ignores its obligations is not a billion-dollar penalty - it is a published infringement notice, an enforceable undertaking, an external audit, or a remedial direction that signals to the market and the relevant licensing authority that this agency had a serious compliance failure. For a business that runs on local reputation, that is the consequence that matters most.
Frequently Asked Questions
What are the maximum penalties for AML/CTF non-compliance?
Up to 100,000 penalty units for a body corporate and 20,000 for an individual. At the current rate of $330 per unit, that equates to $33 million and $6.6 million respectively.
Has AUSTRAC ever taken enforcement action?
Yes. AUSTRAC has pursued major civil penalty proceedings including CBA ($700M), Westpac ($1.3B), Crown Resorts ($450M), and SkyCity ($67M).
What is the tipping-off offence?
A criminal offence carrying up to 2 years imprisonment. It applies when disclosure would or could reasonably be expected to prejudice an investigation. It is assessed on an objective basis.
Will AUSTRAC pursue small real estate agencies?
AUSTRAC has signalled a pragmatic approach to newly regulated entities. Its focus will be on businesses that wilfully ignore obligations or are wilfully blind to ML/TF risks. Genuine compliance efforts are treated differently.
What non-financial consequences exist?
Published enforcement actions, licence implications with state regulators, operational disruption from external audits or remedial directions, and personal liability for principals and compliance officers.
Don't Start Your AUSTRAC Journey with an Enforcement Action.
GateCrown builds complete AML/CTF programs for Australian real estate agencies - designed to be genuinely operational before 1 July 2026, not filed away as documents. Risk assessments, CDD procedures, staff training, and AUSTRAC enrolment support, built for real estate agencies, not adapted from financial services templates.
Talk to a Compliance Specialist →