From 1 July 2026, every buyer’s agent in Australia must comply with anti-money laundering laws or face fines up to $33 million per breach. Here is what you need to do, in what order, and by when.
Australia was one of the last FATF-member nations to bring real estate professionals under anti-money laundering regulation. Haiti and Madagascar were the others. That changed in December 2024 when the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 received Royal Assent. The law extends AUSTRAC oversight to buyer’s agents, selling agents, property developers, lawyers, accountants, and dealers in precious metals.
The enforcement date is 1 July 2026. Enrolment opened on 31 March.
If you are a buyer’s agent and you have not started preparing, you are already behind schedule.
Why real estate, and why now
The Australian Federal Police reported that real estate accounted for 65% of total assets confiscated through money laundering operations in 2023. Property has been the preferred vehicle for cleaning illicit funds precisely because the sector operated without AML oversight. While banks, casinos, and remittance providers have reported to AUSTRAC since 2006, anyone could buy a house through an agent with no identity verification, no beneficial ownership checks, and no suspicious activity reporting.
The reforms close that gap. They bring Australia in line with the UK (regulated since 2007), Canada (2008), and New Zealand (2019).
What counts as a designated service
AUSTRAC defines a “broker” as a person who acts as an intermediary or agent for another person for consideration. If you find, identify, negotiate, or help purchase property on behalf of a buyer, you are providing a designated service.
The trigger point for buyer’s agents is the moment the buyer’s agency agreement is signed. Not when a property is identified. Not at contract exchange. The moment you agree to act for a client, your AML/CTF obligations begin.
A few activities sit outside the scope: property management, rent collection, residential tenancy, leases under 30 years, and general market advice given before a client decides to buy. But once you start looking for specific properties, you are in.
There is no transaction value threshold. A buyer’s agent helping someone purchase a $370,000 apartment in Brisbane has the same obligations as one brokering a $35 million mansion in Mosman.
The seven obligations
Every buyer’s agency must meet seven core requirements from 1 July 2026.
Enrol with AUSTRAC. You must register your business, providing details of your structure, services, key personnel, and contact information. The deadline is 29 July 2026 (28 days after commencement). Operating without enrolment is a criminal offence.
Build an AML/CTF program. This is a documented set of policies covering your money laundering and terrorism financing risk assessment, customer due diligence procedures, suspicious matter reporting processes, employee screening and training, and independent review mechanisms. AUSTRAC has published a free Real Estate Program Starter Kit for agencies with 15 or fewer staff that only broker property transactions. Use it.
Conduct customer due diligence. Before you provide services to a client, you must verify their identity, determine whether they act on behalf of another person, identify beneficial owners (critical for companies, trusts, and SMSFs), screen for Politically Exposed Persons, and check the DFAT sanctions list. For the counterparty (the seller), you can use delayed CDD provisions and complete verification within 15 days of contract exchange or before settlement, whichever comes first.
Report suspicious matters. If you suspect a client is not who they claim to be, or you hold information relevant to criminal activity, you must lodge a Suspicious Matter Report with AUSTRAC. The tipping-off prohibition makes it a criminal offence (up to 2 years imprisonment) to tell the client a report has been made.
Report threshold transactions. Any transaction involving physical currency of $10,000 or more must be reported within 10 business days. Uncommon in property, but the obligation stands.
Maintain records for seven years. CDD documentation, transaction records, reports, program materials, training logs, and risk assessments.
Submit annual compliance reports to AUSTRAC and arrange independent evaluation of your program.
Buyer’s agents face specific complexity
Investor-focused buyer’s agencies like The Investors Agency deal with a disproportionate share of complex entity structures. This matters because CDD requirements scale with entity complexity.
For company purchases, you must identify every beneficial owner holding 25% or more. For trust purchases (family trusts, unit trusts, discretionary trusts), you need to verify all trustees, beneficiaries or classes of beneficiaries, settlors, and any appointor or guardian. For SMSF purchases, you verify all members and trustees plus the fund’s registration. Foreign buyers or buyers with international connections trigger enhanced due diligence, including source of funds and source of wealth inquiries.
A practical mechanism exists to avoid duplication. CDD arrangements allow you to rely on due diligence conducted by another reporting entity (such as the seller’s agent or a conveyancer), provided the arrangement is formally approved by your governing body. This saves time but does not remove your responsibility.
If a client refuses to provide required identification, you cannot legally act for them. The refusal itself may trigger a suspicious matter reporting obligation.
Red flags buyer’s agents should watch for
AUSTRAC has published specific indicators of suspicious activity for the real estate sector. For buyer’s agents, the most relevant include clients purchasing property inconsistent with their stated income, funds arriving from multiple unrelated accounts or offshore entities, clients with no clear legitimate reason for the transaction, large deposit overpayments with requests to refund to a different party, unexplained third parties involved in the purchase, clients who appear to act under instruction from a controlling third party, and sight-unseen purchases with no inspection or due diligence by the buyer.
None of these are proof of wrongdoing. All of them warrant closer attention and potential reporting.
The penalty framework is not theoretical
Civil penalties reach 100,000 penalty units ($33 million) per breach for companies and 20,000 penalty units ($6.6 million) for individuals. Each failure constitutes a separate breach. Onboarding 50 clients without proper identity verification could represent 50 separate penalty events.
Criminal penalties include up to 2 years imprisonment for tipping off, up to 5 years for providing false information to AUSTRAC, and up to 25 years for conducting transactions involving proceeds of crime. Failure to enrol attracts daily fines of up to $19,800 for businesses.
For context, AUSTRAC fined Westpac $1.3 billion in 2020, Commonwealth Bank $700 million in 2018, and Crown Melbourne/Perth $450 million in 2023. Real estate agencies will not face penalties of this magnitude. But the per-breach structure means even a small agency faces serious financial exposure for systemic non-compliance.
AUSTRAC has stated it expects Tranche 2 entities to be compliant from day one. There is no general grace period.
One additional note: even small businesses normally exempt from the Privacy Act 1988 (under $3 million annual turnover) must comply with it for all personal information collected for AML/CTF purposes.
How industry bodies are responding
The Real Estate Institute of Australia (REIA) has been the most active voice, partnering with RegTech provider First AML, producing compliance fact sheets, and making government submissions that achieved practical wins including delayed buyer CDD provisions and expanded reliance arrangements. REIA President Leanne Pilkington acknowledged the scale of the problem: real estate has been a blind spot for money laundering regulation in Australia for two decades.
REIV (Victoria) has built a comprehensive support framework including an AML/CTF Summit with AUSTRAC representatives scheduled for 24 April 2026. REINSW (NSW) launched a “Master AUSTRAC Compliance” training program and its proprietary REI Vault compliance platform, live since 31 March.
REBAA, the primary national body for buyer’s agents, has no visible AML/CTF guidance, submissions, or member communications as of April 2026. This is a significant gap. Buyer’s agents are relying on REIA, state REIs, and AUSTRAC directly for guidance.
What it costs
Year 1 total costs for a small-to-medium buyer’s agency (using a hybrid approach of software plus professional review) run approximately $5,000 to $15,000. That covers RegTech software ($60 to $500 per month), initial compliance program development, consultant review, staff training, and time investment.
Purpose-built platforms for Australian real estate include First AML (REIA/REIV partner), easyAML (free tier available), AMLTranche ($59 to $499/month), AML Assured (handles SMSFs, companies, and trusts), and APLYiD (flat fee per listing). Most offer API integration with existing CRM and property management systems.
For an agency like The Investors Agency with 16 staff, the investment sits at the higher end of that range but remains modest relative to the penalty exposure.
The compliance checklist: 12 steps from now to 1 July
Step 1: Appoint your AML/CTF Compliance Officer (now)
This can be the principal or business owner in a small agency. The compliance officer is your single point of accountability for the entire program. They must be notified to AUSTRAC by 29 July 2026. Appoint them now so they lead the build.
Step 2: Complete your ML/TF risk assessment (now)
Assess your business for money laundering and terrorism financing risk. Consider your client types (investors, first-home buyers, foreign buyers, SMSFs), transaction types (residential, commercial, off-market), geographic exposure (domestic, international), delivery channels (in-person, remote), and product complexity. AUSTRAC’s Real Estate Program Starter Kit includes a risk assessment template.
Step 3: Select and implement RegTech software (by mid-May)
Choose a platform that handles electronic identity verification, sanctions and PEP screening, beneficial ownership checks for companies/trusts/SMSFs, risk scoring, record keeping, and audit trails. Test it with sample client profiles before going live. Allow 4 to 6 weeks for selection, procurement, and integration.
Step 4: Rewrite your client onboarding process (by late May)
Map your current client journey from first contact to signed buyer’s agency agreement. Insert CDD steps before or at the point of agreement signing. Build separate workflows for individuals, companies, trusts, and SMSFs. Create a client-facing explanation of why you now require identity verification (position it as investor protection, not bureaucracy).
Step 5: Update your buyer’s agency agreement (by late May)
Add AML/CTF consent clauses allowing you to collect, verify, and retain identification documents. Include a termination provision for clients who refuse to comply with identification requirements. Have your lawyer review the updated agreement.
Step 6: Draft your AML/CTF program document (by early June)
This is the formal, written program that AUSTRAC can request at any time. It must cover your risk assessment, CDD procedures (initial, ongoing, and enhanced), suspicious matter identification and reporting procedures, record-keeping protocols, employee due diligence and training, and independent review schedule. Use the AUSTRAC Starter Kit as your foundation and adapt it to your business.
Step 7: Train all staff (by mid-June)
Every team member who interacts with clients or handles transaction information needs training. Cover AML/CTF obligations, your internal CDD procedures, red flags and suspicious matter indicators, the tipping-off prohibition (and what it means in practice), and reporting procedures. Budget 2 to 4 hours per person. Document attendance and content. Schedule annual refresher training.
Step 8: Build your record-keeping system (by mid-June)
Establish where and how you will store CDD records, transaction records, suspicious matter reports, training logs, and program documentation for the required seven years. Your RegTech platform handles most of this, but ensure it integrates with your existing CRM and file management.
Step 9: Establish your suspicious matter reporting process (by mid-June)
Create an internal escalation pathway: frontline staff identify red flags, escalate to the compliance officer, the compliance officer assesses and lodges reports with AUSTRAC where required. Document the process. Make it clear that the tipping-off prohibition prevents anyone from telling the client a report has been made.
Step 10: Enrol with AUSTRAC (by 29 July 2026, but do it in June)
Complete your enrolment through AUSTRAC’s online portal. Provide your business details, services, compliance officer information, and contact details. Do not wait until the deadline. Enrol as soon as your program is ready.
Step 11: Transition existing clients (from 1 July)
For clients you were already working with before 1 July, specific transitional CDD arrangements apply. You must complete CDD on existing clients, but the timing is more flexible than for new clients. Plan to work through your existing client book systematically in the first 3 to 6 months after commencement.
Step 12: Schedule your first independent review (within 12 months)
Your AML/CTF program must be independently reviewed. For Tranche 2 entities, the initial review deadline is staggered by AUSTRAC account number. Plan for it within 12 months of commencement and budget accordingly.
Compliance as competitive advantage
When these obligations take effect, non-compliant agencies cannot legally operate. Compliance becomes a market entry requirement, not a differentiator. But the quality of compliance varies, and that is where the advantage sits.
Agencies that invest in proper technology and training will offer a materially smoother client experience. Fast digital onboarding versus clunky manual processes. Clear communication about why verification protects the investor. Seamless integration with mortgage brokers, conveyancers, and selling agents who already operate under their own compliance frameworks.
For selling agents evaluating competing offers, knowing that a buyer’s agent only represents verified, legitimate buyers reduces the risk of a sale collapsing. For referral partners, alignment with a compliant agency streamlines the entire transaction chain.
Practical steps to market your compliance: add an AML/CTF compliance page to your website, display your AUSTRAC registration badge, frame identity verification in client communications as investment protection, brief referral partners on your new processes, and position early compliance as evidence of professional standards.
The agencies that build this infrastructure now will hold a genuine edge in a market where trust and verification become the baseline for professional practice.
Shiju Thomas is a marketing leader with experience scaling buyer’s agency, B2B SaaS, and PropTech businesses across Australia. He built the marketing function at Cohen Handler (Australia’s largest buyer’s agency at the time) and established the Buyer’s agent category by scaling revenue and growth at Cohen Handler, and has held CMO and Head of Marketing roles at ezyCollect, canibuild etc.
Z10 Consulting 
Leave a comment