All posts
aml-programcompliancetranche-2

The AML/CTF independent review: what real estate agencies actually need to do

Your AML/CTF program must include an independent review — but most small agencies don't know what that means in practice. Here's what AUSTRAC requires, who can do the review, and the fastest way to meet the obligation.

By AML Simple Team

Most real estate agencies preparing for the 1 July 2026 deadline focus on the obvious parts of their AML/CTF program — customer due diligence, AUSTRAC enrolment, staff training. The independent review requirement tends to come as a surprise later.

It shouldn't. Under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), a documented independent review is a mandatory part of your AML/CTF program. AUSTRAC can ask to see evidence that it happened.

Here's the fastest way to understand and meet this obligation — and the educational detail for those who want to go deeper.

The fast path

If you're using AML Simple, the independent review requirement is already built into your program document.

  1. Sign up — takes around 2 minutes. Enter your ABN and AML Simple pulls your registered details from the ABR automatically.
  2. AML/CTF Program Generator (/program/generate) — takes around 15 minutes. The wizard asks the right questions about your agency — services, staff size, client types, risk profile — and generates your AML/CTF program document, consistent with AUSTRAC's Program Starter Kit structure. The independent review section is included, with scheduling guidance and a record-keeping prompt.
  3. Review and schedule — your generated program will include a section on when your independent review is due and what it should cover. You decide who conducts it and when.

You still need to actually conduct the review — the tool builds the framework, you make the compliance decisions. But you won't miss the requirement or wonder what format it should take.

What is an independent review?

Under the AML/CTF Act, your AML/CTF program must include arrangements for the program to be reviewed by someone who is independent of its day-to-day implementation. The review should assess whether your program is appropriate and effective given the nature, size, and complexity of your business.

AUSTRAC's Program Starter Kit guidance describes the independent review as an assessment of:

  • Whether your program is adequate and up to date
  • Whether your controls are actually being applied in practice
  • Whether there are gaps in your risk assessment or procedures

This is not an AUSTRAC audit. It's an internal governance mechanism — something your agency arranges, not something AUSTRAC runs.

How often does it need to happen?

The AML/CTF Act does not prescribe a fixed frequency. AUSTRAC's guidance suggests the review should be conducted at regular intervals appropriate to your business, and after any significant change to your business, your services, or your risk environment.

For most small agencies (1–15 staff, single office, residential sales only), an annual review is the standard approach. Your program document should state the frequency you've chosen and the date of the last review.

Who can conduct the review?

The key requirement is independence — the reviewer must not be someone who was responsible for implementing or operating the program being reviewed.

For a small agency, that typically means:

  • An external AML compliance consultant
  • Another person within a franchise group (where the reviewer has no involvement in that branch's compliance operations)
  • A qualified internal auditor, if the agency has one

The review does not need to be conducted by a lawyer or registered compliance professional. It does need to be documented — who conducted it, what they assessed, and what findings or recommendations came out of it.

If you're the principal and also the compliance officer, you cannot review your own program. That's the most common gap AUSTRAC would look for in a small agency.

What does a review actually involve?

A practical independent review for a small residential real estate agency typically covers:

  1. Program document currency — is the written program up to date? Does it reflect your current services, staff, and client types?
  2. Risk assessment adequacy — does your risk assessment reflect your actual exposure? Has anything changed (new services, new high-risk client types, new transaction channels)?
  3. Controls in practice — are CDD checks actually being completed before transactions? Are staff training records current? Are sanctions screening records being kept?
  4. Record-keeping — are records being retained for the required 7 years and accessible if AUSTRAC requests them?
  5. Reporting obligations — are Suspicious Matter Reports and Threshold Transaction Reports being filed correctly and on time?

For a thorough overview of what your full program must include, the complete guide to your AML/CTF program covers each component in detail.

Do I need to do anything before July 2026?

Your AML/CTF program — including the provisions for independent review — must be in place by 1 July 2026. You don't necessarily need to have conducted the first review before that date, but your program must document when the first review will occur.

If your program states "annual review, first review due [date within 12 months of program adoption]" and you can demonstrate that the program is operating, that satisfies the requirement at commencement.

If you're still building your program, the what to include in your AML/CTF program post covers all the required components and how they fit together.

Record-keeping after the review

Once a review is conducted, keep the findings on file. AUSTRAC expects to see evidence of the review — not just a statement in your program that reviews will happen. That means retaining:

  • The reviewer's written findings or assessment
  • Your agency's response to any recommendations
  • The date of the next scheduled review

AML Simple stores all compliance records automatically, with a 7-year retention period. Review records can be uploaded and linked to your program document in the platform.

Summary

The independent review is a mandatory part of your AML/CTF program — not optional, and not something to schedule "once things settle down." For most small agencies, an annual external review is the practical approach.

The fastest path: build your program with AML Simple's Program Generator. The independent review requirement is structured into the program document from the start, so you know what you're committing to before you adopt the program.

This content is general information only and does not constitute legal or AML/CTF advice. Regulatory requirements may change. For advice specific to your agency's situation, consult a qualified AML compliance professional.

Back to all posts

We use cookies for advertising measurement. See our Privacy Policy.