Who can be the Compliance Officer for my real estate agency?

Under the 2026 reforms, your Compliance Officer must be at a senior management level with the authority to allocate resources and make compliance decisions. For small agencies, the principal or director typically fills this role. The Compliance Officer's details must be notified to AUSTRAC by 29 July 2026, and any subsequent change must be notified within 14 days. For sole traders, naming yourself as Compliance Officer is perfectly acceptable.

How much does it cost to build an AML/CTF program for a real estate agency?

Costs vary significantly by approach. AML Simple's Program Generator is included in the AML Simple subscription from A$79/month — see pricing at /pricing. DIY with AUSTRAC's free Program Starter Kit costs nothing but several hours of your time plus outside help for harder sections. An AML consultant writing the program costs A$200–400/hour, or A$1,000–6,000+ for a small-agency program. Most small agencies use the tool for the initial build and optionally engage a consultant for review.

Your AML/CTF program: a complete guide for Australian real estate agencies — AML Simple

Q: How do I write an AML program for my real estate agency?

You have three options: (1) Use AML Simple's Program Generator — answer questions about your agency and receive a structured program document in under 30 minutes at /program/generate; (2) Use AUSTRAC's free Program Starter Kit — fill in all sections manually, which typically takes several hours and outside help for harder sections; (3) Hire an AML consultant at A$200–400/hour. Most small residential agencies can build a sound program with AML Simple's generator and then have a consultant review it if they want added assurance.

Q: How long should a real estate AML/CTF program be?

A well-constructed program for a small real estate agency (5–10 staff, primarily residential sales) typically runs 15–30 pages. It needs to be substantive enough to cover all required components with genuine detail, but not so long it becomes unworkable. AUSTRAC does not prescribe a minimum or maximum length — what matters is that the program is appropriate for your agency's size, risk profile, and complexity.

Q: When must my AML/CTF program be independently reviewed?

For most Tranche 2 real estate agencies, the first independent review must occur by a date staggered between 30 June 2029 and 31 December 2030, based on your AUSTRAC Account Number. After the first review, evaluations are required at least every 3 years, or more frequently if your risk profile changes significantly. The reviewer must be independent from the program — typically an external AML consultant, not the Compliance Officer.

Quick answer

Every Australian real estate agency that brokers property sales must have a documented AML/CTF program by 1 July 2026. The program must cover 12 components — from risk assessment and governance to CDD procedures, staff training, and independent review. For most small agencies, AML Simple's Program Generator produces a compliant, agency-specific program document in under 30 minutes at /program/generate. AUSTRAC requires a genuine program — not a perfect one.

Key facts

Deadline: All real estate agencies that broker property sales must have a compliant AML/CTF program in place by 1 July 2026 when AUSTRAC Tranche 2 obligations commence.
12 required components: Risk assessment, governance, Compliance Officer, employee due diligence, staff training, CDD procedures, sanctions/PEP screening, transaction monitoring, SMR/TTR procedures, record keeping, change management, and independent review.
No prescribed format: The 2026 reforms removed the old two-part structure. Your program can be organised however you choose — substance matters, not format. Source: AML/CTF Act 2006, s 81.
Compliance Officer deadline: Your Compliance Officer must be at senior management level and their details notified to AUSTRAC by 29 July 2026. Changes must be notified within 14 days.
Size doesn't require length: A well-constructed small-agency program runs 15–30 pages. A sole trader with straightforward operations does not need a 200-page document.
Records kept for 7 years: CDD records, training records, screening records, and SMR/TTR filings must all be retained for a minimum of 7 years.
Independent review: First independent evaluation due between 30 June 2029 and 31 December 2030 (staggered by AUSTRAC Account Number), then at least every 3 years.
Program Generator: AML Simple's Program Generator at /program/generate produces a structured program consistent with AUSTRAC's Program Starter Kit in under 30 minutes.

Every real estate agency in Australia that brokers property sales must have a documented AML/CTF compliance program in place before 1 July 2026. Your program is the foundation of everything else — it governs how your agency identifies money laundering risk, verifies clients, trains staff, and responds when something looks wrong.

AUSTRAC does not require a perfect program. It requires a genuine one — a program that reflects how your agency actually operates, is understood by your staff, and can be defended if AUSTRAC asks about it.

This guide covers what your program must contain, what the 2026 reforms changed, and how to get one built without hiring an outside consultant for every step.

Build your program in under 30 minutes

If your agency needs a compliant program document before the July deadline, AML Simple's Program Generator is the fastest route — around 30 minutes from first question to finished document.

The generator asks you the right questions about your agency — your services, your team, your customer types, the geographic markets you serve — and produces a program document consistent with AUSTRAC's Program Starter Kit structure. You walk away with a program you understand and can explain, not a generic template you downloaded without reading.

In-app path (fastest):

Sign up to AML Simple — around 2 minutes. Enter your ABN and your agency profile is pre-filled from the ABR.
AUSTRAC Enrolment — around 5 minutes from the app using the pre-filled enrolment guide.
Run the Program Generator at /program/generate — around 20 minutes. Your program is ready for senior management review and sign-off.

DIY longhand: Download AUSTRAC's free Program Starter Kit, work through each section manually, interpret requirements yourself, and fill in all 12 components — typically 3–6 hours for a principal without a compliance background, plus additional time for the risk assessment and beneficial ownership sections.

Not sure where your compliance gaps are? Start with the /check readiness quiz — it takes 5 minutes and shows you exactly what's outstanding.

Ready to build? View AML Simple plans and pricing — free to begin.

For the full picture of what goes into the program, read on.

What the 2026 reforms changed

Before the 2026 AML/CTF reforms, the Act prescribed a specific two-part structure for compliance programs (Part A covering employee conduct; Part B covering the full compliance framework). The 2026 reforms removed this requirement.

Your program can now be organised however you choose. What matters is substance, not structure: every required component must be present, and the program must be appropriate for your business's size, risk profile, and complexity.

This is genuinely good news for small agencies. A 5-person residential sales agency does not need a document that runs to 200 pages. A clear, plain-English program of 15–30 pages that covers all required components and actually reflects how you operate is exactly what AUSTRAC is looking for.

Source: AML/CTF Act 2006, s 81; AUSTRAC program reform guidance

The 12 components every program must cover

1. ML/TF/PF risk assessment

Your risk assessment is the foundation of your entire program. It documents the money laundering, terrorism financing, and proliferation financing risks specific to your business — assessed across four categories: customers, services, delivery channels, and geographic locations.

Every other component of your program flows from your risk assessment. Your CDD approach, your screening intensity, your training focus — all of these should be calibrated to what your risk assessment says about your agency's exposure.

AUSTRAC expects to see your analysis and reasoning, not just a conclusion. A risk assessment that says "risks are medium" without explaining why is not adequate.

For the full step-by-step process, read How to complete your ML/TF risk assessment.

Source: AML/CTF Act 2006, s 165; AUSTRAC risk assessment guidance

2. Governance

Your program must describe how senior management and the governing body oversee AML/CTF compliance. This covers who is responsible for AML/CTF at the board or partnership level, how often compliance performance is reviewed (quarterly is a reasonable minimum for most small agencies), and how decisions about the program are made and documented.

For a sole trader or small principal-led agency, this is often straightforward: "The principal reviews AML/CTF compliance monthly and is responsible for approving all program updates." That is genuine governance — provided it actually happens and there is a record of it.

What governance cannot be is silence or delegation to a junior staff member without senior authority. AUSTRAC expects compliance to be owned at the top.

3. Compliance Officer

Your program must name a Compliance Officer — the person with day-to-day responsibility for implementing and managing the program. Under the 2026 reforms, your Compliance Officer must be at a senior management level, with the authority to allocate resources and make compliance decisions.

Important deadline: Your Compliance Officer's details must be notified to AUSTRAC by 29 July 2026. Any subsequent change must be notified within 14 days.

For small agencies where the principal IS the Compliance Officer, this is fine — name yourself. What matters is that the role is documented in the program and the person named has the authority the role requires.

For a detailed breakdown of the role's requirements, read Understanding the AML/CTF Compliance Officer role or Your first 30 days as an AML Compliance Officer.

4. Employee due diligence

Your program must describe your process for conducting background checks on staff who perform AML-relevant roles. This does not require elaborate vetting procedures — for most small agencies, it means:

Verifying identity before employment
Checking work history and references
For roles with direct access to compliance systems or client financial data, considering a National Police Check

The key requirement is that the program describes what you do and why that is appropriate for your agency's risk profile. A small agency with three staff has different needs from a 15-person operation with multiple agents handling settlements.

For more on this component, read Employee due diligence in AML compliance: what real estate agencies need to know.

Source: AML/CTF Act 2006, s 26F(4)(c)

5. Staff training

Your program must document your approach to AML/CTF training across five dimensions:

What training is provided (AML fundamentals, red-flag recognition, SMR procedure)
Who must receive training (all staff with AML-relevant duties)
When training happens (initial training before commencing duties; ongoing at intervals appropriate to your risk profile)
How completion is recorded (sign-off, certificate, or attendance register)
What happens if an employee's AML role changes

Training records must be retained for 7 years. Staff who have not received AML training should not perform AML-relevant duties.

For a full breakdown of training requirements and what counts as compliant training, read AML/CTF staff training requirements for real estate agencies.

Source: AML/CTF Act 2006, s 26F(4)(e)

6. Customer due diligence (CDD) procedures

CDD is one of the most detailed sections of any real estate AML program, because the rules are specific and the verification requirements differ significantly by customer type.

Your program must describe:

Standard CDD: What information you collect from individual buyers and sellers (full name, date of birth, address, government-issued photo ID), and how you verify it
Beneficial ownership: How you identify the real individuals behind companies, trusts, and other entities that are not natural persons
Enhanced CDD: The triggers that require deeper verification (higher-risk customers, PEP status, unusual transaction structures) and what enhanced verification looks like in practice
Simplified CDD: The limited circumstances where reduced verification is appropriate
Client risk rating: How you assess each customer's risk level (low/standard/high) and what drives the rating
Ongoing CDD: How and when you refresh client information, and your triggers for re-screening

Your CDD procedures need to be specific enough that any staff member reading them knows exactly what to do with a new buyer client on their first day. Vague procedures ("we verify identity as appropriate") are not adequate.

For the full guide to CDD in real estate, read Customer due diligence for real estate: a plain-English guide.

Source: AML/CTF Act 2006, s 34; AUSTRAC CDD guidance

7. Sanctions and PEP screening

Your program must describe how you screen clients against the DFAT Consolidated Sanctions List and how you identify and manage Politically Exposed Persons (PEPs).

This section covers:

When to screen: At client onboarding, and on an ongoing basis as the DFAT list updates (daily updates)
What tool you use for screening and how matches are assessed
PEP identification: How you ask the right questions to identify PEPs and their associates
How you handle a potential match: The escalation path — who assesses the match, what documentation is required, and when an SMR must be considered

For a full guide to the screening requirements, read Sanctions and PEP screening for real estate: a practical guide.

Source: DFAT Consolidated Sanctions List

8. Transaction monitoring

Your program must describe how you detect suspicious activity in transactions — the patterns and behaviours that would trigger further scrutiny or a Suspicious Matter Report.

For small real estate agencies, this does not require automated software. A documented process for reviewing transactions against a red-flag checklist — such as the one in the AUSTRAC risk indicators for real estate — and escalating concerns to the Compliance Officer is sufficient.

Your program should include your agency's specific red-flag indicators. Generic language lifted from a guide is less useful than indicators tailored to your customer types, your geographic market, and the transaction volumes you typically handle.

9. SMR and TTR procedures

Your program must clearly describe:

How you identify activity that may warrant a Suspicious Matter Report (SMR)
Your internal escalation process: Who assesses the concern and who makes the filing decision
The filing deadlines you must meet: 24 hours for terrorism financing; 3 business days for other suspicious activity
The tipping-off prohibition: Disclosing the existence of an SMR to the subject (or anyone who might tell them) is a criminal offence. Your program must state this and your staff must understand it
Threshold Transaction Reports: Your process for reporting cash transactions of A$10,000 or more, including the 10-business-day filing deadline

For a detailed guide to SMR obligations, read What is a Suspicious Matter Report and when must you lodge one?

10. Record keeping

Your program must describe:

What records you keep (program documents, CDD records, screening records, training records, transaction monitoring records, SMR/TTR filings)
How long you keep them (minimum 7 years from the date the obligation to retain arises)
Where records are stored and how they are secured
How records can be retrieved on request

Electronic records are acceptable under the Act — they do not need to be paper-based. What matters is that records are accurate, complete, and retrievable.

AML Simple automatically retains all records generated through the platform for the required 7-year period.

Source: AML/CTF Act 2006, ss 107–112; read Record keeping requirements under the AML/CTF Act

11. Change management

Your program must be a living document. It must describe how your agency reviews and updates the program when:

Regulations change (a new AUSTRAC guidance note is issued, or the Act is amended)
Your business changes (new services, new customer types, new staff, new locations)
A compliance incident occurs (an SMR was filed, a screening match was identified, a staff member reported a concern)

The change management section must specify who triggers reviews, who approves changes, and how updated versions are dated and retained.

12. Independent review

Your program must be independently evaluated at regular intervals. For most Tranche 2 real estate agencies, this means:

Frequency: At least every 3 years (or more frequently if your risk profile changes significantly)
First evaluation deadline: Staggered between 30 June 2029 and 31 December 2030, based on your AUSTRAC Account Number
Who can conduct it: A person who is independent from the program — typically an external AML consultant or compliance specialist, not the Compliance Officer who manages the program day-to-day

The independent review evaluates whether your program is adequate for your risks and whether it is being implemented as documented.

What a good program looks like for a small agency

A well-constructed AML/CTF program for a small real estate agency (5–10 staff, one designated service, primarily residential sales) typically:

Runs to 15–30 pages — enough to be substantive, not so long it becomes unworkable
Is written in plain English that your staff can read and follow without a compliance background
Is specific to your agency — your customer types, your geographic market, your delivery channels, your transaction volumes. Not a generic template.
Has a documented risk assessment with reasoning, not just conclusions
Names a Compliance Officer with enough authority to act
Includes a training record system (even a simple spreadsheet)
Has been reviewed and signed off by senior management, with the date recorded
Is version-controlled — you know which version is current and can produce prior versions if asked

What it does not need to be:

Perfect (AUSTRAC understands small agencies are new to this)
Written by a lawyer (the Act does not require legal authorship)
A replica of an enterprise compliance framework

Program Generator: the fastest compliant path

AML Simple's Program Generator is the tool purpose-built to solve this problem for small agencies. It is part of the core AML Simple platform — the same place you run CDD checks, screen clients, and keep your compliance records.

Here is how it works:

Answer agency-specific questions — your designated services, your team structure, your customer types (individuals, companies, trusts), your geographic market, your typical transaction volumes. The generator uses your answers to calibrate the program to your actual risk profile.
Review the output — the generator produces a structured program document consistent with AUSTRAC's Program Starter Kit. Every required component is covered, with your agency's specifics filled in.
Senior management review and sign-off — the principal or director reviews the draft, makes any adjustments, and signs off. This step is yours — the program must be understood and owned by the people responsible for it.
Your program is live — version-controlled in AML Simple, with the sign-off date recorded. Updating it when circumstances change takes minutes, not hours.

The output is not a generic template. A 3-person residential sales agency in regional Queensland gets a different program document than a 12-person commercial and residential agency in inner-city Sydney. The generator asks the questions that drive those differences.

Build your program at /program/generate — included in all AML Simple plans.

Not sure which plan fits your agency? Compare plans and pricing at /pricing — or run the free /check readiness quiz first to see where you stand.

Building your program: tool vs DIY

With AML Simple: The Program Generator walks you through every required component, asks the questions that matter for your specific agency, and produces a structured document in around 30 minutes. The output is consistent with AUSTRAC's Program Starter Kit structure. Senior management reviews and signs off. Done.

DIY with the AUSTRAC Starter Kit: AUSTRAC provides a free Program Starter Kit designed for small reporting entities. It covers the same components but requires you to fill in every section manually, interpret the requirements yourself, and ensure you haven't missed anything. For an agency principal without a compliance background, this typically takes several hours and often requires outside help for the harder sections (risk assessment, beneficial ownership procedures).

With a consultant: A qualified AML consultant can write your program for you. Expect 5–15 hours of their time at A$200–400/hour for a well-constructed small-agency program — a meaningful cost before July 2026. Consultants are appropriate for complex agencies, those with unusual customer types, or those who want expert-drafted documentation.

Most small residential agencies with straightforward operations can build a sound program themselves using AML Simple's generator, then have a consultant review it if they want additional assurance.

Common program mistakes — and how to avoid them

1. Generic risk assessment The most common problem AUSTRAC reviewers flag: a risk assessment that could belong to any agency, with no specifics about your actual customers, market, or transaction types. Fix: In AML Simple, the risk assessment questions ask specifically about your customer types, your geographic market, and your settlement methods. Answer them honestly — the output reflects your agency.

2. No training records "We train our staff on AML" is not sufficient. AUSTRAC wants to see records — what training, who attended, when, and how completion was recorded. Fix: AML Simple tracks training completion. For external training, keep a simple attendance register.

3. Program not reviewed since draft Your program is dated January 2026. The regulations changed in April 2026. The program has not been updated. Fix: Set a standing review trigger: any AUSTRAC guidance update triggers a program review within 30 days.

4. CDD procedures too vague "We verify identity as required by law" is not a CDD procedure — it's a statement of intention. Your program must describe the actual steps. Fix: AML Simple's CDD workflows are built to the required standard. Your program should reference or replicate the verification steps the tool uses.

5. Beneficial ownership gap Many small-agency programs address individual buyers and sellers well but have no specific procedure for company purchasers or family trust buyers. Fix: Read What your program must say about beneficial ownership and ensure your program covers company and trust clients specifically.

Key dates for your AML program

Date	Requirement
1 July 2026	All AML/CTF obligations commence. Your program must be in place.
29 July 2026	Compliance Officer details must be notified to AUSTRAC
30 June 2029 – 31 December 2030	First independent program review (date varies by AUSTRAC Account Number)

FAQ

What is an AML/CTF program for real estate?

An AML/CTF program is a documented set of policies and procedures that a real estate agency must maintain to detect and prevent money laundering and terrorism financing. Under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, every agency that brokers property sales must have a written program in place by 1 July 2026. The program must cover risk assessment, governance, CDD, staff training, record keeping, and more — 12 components in total. AUSTRAC requires a genuine program that reflects how your agency operates, not a downloaded template left unchanged.

What must be in a real estate AML/CTF program?

A compliant AML/CTF program for real estate must cover 12 components: risk assessment, governance, Compliance Officer appointment, employee due diligence, staff training with records, CDD procedures (for individuals and entities), sanctions and PEP screening, transaction monitoring, SMR and TTR procedures, 7-year record keeping, change management, and independent review. The 2026 reforms removed the old two-part structure — your program can be organised however you choose, as long as all components are substantively covered. Source: AML/CTF Act 2006, s 81.

How do I write an AML program for my real estate agency?

You have three main options. Fastest: use AML Simple's Program Generator at /program/generate — answer questions about your agency and receive a structured program document in under 30 minutes. DIY: use AUSTRAC's free Program Starter Kit and fill in all sections manually (typically 3–6 hours for someone without a compliance background). Consultant: hire an AML consultant at A$200–400/hour. Most small residential agencies build the program with the generator and optionally have a consultant review it.

AML/CTF program components real estate Australia

The required components for an Australian real estate AML/CTF program are: (1) ML/TF/PF risk assessment, (2) governance and board oversight, (3) Compliance Officer at senior management level, (4) employee due diligence, (5) staff training with completion records, (6) CDD procedures for individual and entity clients, (7) sanctions and PEP screening, (8) transaction monitoring and red-flag indicators, (9) SMR and TTR procedures including tipping-off prohibition, (10) 7-year record retention, (11) change management process, and (12) independent review at least every 3 years. Source: AML/CTF Act 2006, s 81.

Do I need an AML program before 1 July 2026?

Yes. All real estate agencies that broker property sales must have a compliant AML/CTF program in place by 1 July 2026, when AUSTRAC Tranche 2 obligations commence. AUSTRAC has stated it will take a risk-based enforcement approach with new entrants — agencies making genuine compliance efforts are treated differently from those with no program at all. Waiting until after the deadline exposes your agency to civil penalties and puts you behind on CDD, training, and enrolment obligations that also kick in on 1 July.

How long should a real estate AML/CTF program be?

A well-constructed program for a small real estate agency typically runs 15–30 pages. It must be substantive enough to cover all 12 required components with genuine agency-specific detail, but length alone does not indicate quality. AUSTRAC has no minimum or maximum page requirement. What matters is that the program reflects how your agency actually operates and is appropriate for your size, risk profile, and complexity. A 5-person residential sales agency's program will — and should — look different from a 15-person multi-service operation.

Does a sole trader real estate agent need an AML/CTF program?

Yes. A sole trader who brokers property sales is a reporting entity under the AML/CTF Act 2006 and must have a compliant program in place by 1 July 2026. The program can reflect the simplicity of the operation. The sole trader typically serves as their own Compliance Officer — explicitly permitted under the Act. A sole trader program built in AML Simple's Program Generator takes under 30 minutes and produces a document appropriate for the operation's scale and risk profile.

Who can be the Compliance Officer for a real estate agency?

Under the 2026 reforms, the Compliance Officer must be at a senior management level — someone with authority to allocate resources and make compliance decisions. For small agencies, the principal or director typically fills this role. Sole traders name themselves. The Compliance Officer does not need to be a qualified lawyer or AML specialist, but they must understand the program and be reachable for AUSTRAC. Their details must be notified to AUSTRAC by 29 July 2026, and any change notified within 14 days.

When must my AML/CTF program be independently reviewed?

The first independent review is due between 30 June 2029 and 31 December 2030, staggered based on your AUSTRAC Account Number. After that, reviews must occur at least every 3 years, or more frequently if your risk profile changes significantly (new services, new customer segments, regulatory changes). The reviewer must be independent from the program — typically an external AML consultant, not the Compliance Officer who manages the program day-to-day. Source: AML/CTF Act 2006, s 81.

What happens if my real estate agency doesn't have an AML program by 1 July 2026?

Operating without a compliant AML/CTF program after 1 July 2026 is a civil penalty provision under the AML/CTF Act 2006. Penalties can reach thousands of penalty units per contravention (penalty units re-index on 1 July 2026). AUSTRAC has indicated a supportive but firm enforcement stance — agencies making genuine compliance efforts are treated differently from those with no program at all. The risk of operating without any program significantly outweighs the time and cost of building one before the deadline.

Can I use a template for my AML/CTF program?

Yes, but it must be adapted to your agency. AUSTRAC's free Program Starter Kit provides a template structure. The risk with unmodified templates is that AUSTRAC expects a program that reflects how your agency actually operates — not a document you downloaded and filed unchanged. AML Simple's Program Generator produces a program document pre-filled with your agency's specific details, customer types, and risk profile, addressing the adaptation gap that makes generic templates risky.

How much does it cost to build an AML/CTF program?

Costs depend on the approach. AML Simple's Program Generator is included in all AML Simple subscriptions — view pricing at /pricing. AUSTRAC's Program Starter Kit is free but requires several hours of your time and outside help for harder sections. An AML consultant writing the program costs A$200–400/hour, or A$1,000–6,000+ for a small-agency program. Most small residential agencies use the tool for the initial build and optionally engage a consultant for review. See a full cost breakdown at what AML compliance actually costs a small real estate agency.