AML CTF Tranche 2: The Buyer's Agent Compliance Guide

From 1 July 2026, every buyer’s agent in Australia must comply with anti-money laundering laws or face fines of up to $33 million per breach. Here is what to do, in what order, and by when.

A late arrival to a long-standing regime

Australia was among the last FATF-member nations to bring real estate professionals under anti-money laundering regulation, in company with Haiti and Madagascar. That changed in December 2024, when the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 received Royal Assent and extended AUSTRAC oversight to buyer’s agents, selling agents, property developers, lawyers, accountants, and dealers in precious metals.

Enforcement begins on 1 July 2026, enrolment opened on 31 March, and any buyer’s agent who has not started preparing is already behind the schedule a well-run business should be keeping.

Why real estate, and why now

The Australian Federal Police reported that real estate accounted for 65 percent of total assets confiscated through money laundering operations in 2023. Property has been the preferred vehicle for cleaning illicit funds because the sector operated without AML oversight, while banks, casinos, and remittance providers have been reporting to AUSTRAC since 2006. Anyone could buy a house through an agent with no identity verification, no beneficial ownership checks, and no suspicious activity reporting, and that gap is now closing. The reforms bring Australia into line with the United Kingdom, regulated since 2007, Canada, regulated since 2008, and New Zealand, regulated since 2019.

What counts as a designated service

AUSTRAC defines a broker as a person who acts as an intermediary or agent for another person for consideration. If you find, identify, negotiate, or help purchase property on behalf of a buyer, you are providing a designated service, and your obligations begin the moment the buyer’s agency agreement is signed. Not when a property is identified, not at contract exchange, but the moment you agree to act.

A narrow set of activities sits outside the scope, including property management, rent collection, residential tenancy, leases of fewer than thirty years, and general market advice given before a client decides to buy. Once you start looking for specific properties, you are squarely within the regime. There is no transaction value threshold either, so a buyer’s agent helping someone purchase a $370,000 apartment in Brisbane carries the same obligations as one brokering a $35 million mansion in Mosman.

The seven obligations

Every buyer’s agency must meet seven core requirements from 1 July 2026.

1. Enrol with AUSTRAC. Register the business with details of structure, services, key personnel, and contact information. The deadline is 29 July 2026, twenty-eight days after commencement, and operating without enrolment is a criminal offence.
2. Build an AML CTF program. Document policies covering the money laundering and terrorism financing risk assessment, customer due diligence procedures, suspicious matter reporting processes, employee screening and training, and independent review mechanisms. AUSTRAC publishes a free Real Estate Program Starter Kit for agencies of fifteen staff or fewer that only broker property transactions, and it is worth using.
3. Conduct customer due diligence. Before providing services, verify the client’s identity, determine whether they are acting on behalf of another person, identify beneficial owners (critical for companies, trusts, and SMSFs), screen for Politically Exposed Persons, and check the DFAT sanctions list. For the counterparty, which is the seller, delayed CDD provisions allow verification within fifteen days of contract exchange or before settlement, whichever comes first.
4. Report suspicious matters. If you suspect a client is not who they claim to be, or you hold information relevant to criminal activity, lodge a Suspicious Matter Report with AUSTRAC. The tipping-off prohibition makes it a criminal offence, punishable by up to two years imprisonment, to tell the client a report has been made.
5. Report threshold transactions. Any transaction involving physical currency of $10,000 or more must be reported within ten business days, a requirement that will rarely trigger in property yet remains on the books.
6. Maintain records for seven years. Retain CDD documentation, transaction records, reports, program materials, training logs, and risk assessments.
7. Submit annual compliance reports to AUSTRAC and arrange independent evaluation of the program.

Buyer’s agents face specific complexity

Investor-focused buyer’s agencies deal with a disproportionate share of complex entity structures, which matters because CDD requirements scale with entity complexity. Company purchases require identification of every beneficial owner holding twenty-five percent or more. Trust purchases, including family trusts, unit trusts, and discretionary trusts, require verification of all trustees, beneficiaries or classes of beneficiaries, settlors, and any appointor or guardian. SMSF purchases require verification of all members and trustees along with the fund’s registration. Foreign buyers and buyers with international connections trigger enhanced due diligence, including source of funds and source of wealth inquiries.

A practical mechanism exists to avoid duplication. CDD arrangements allow reliance on due diligence conducted by another reporting entity, such as the seller’s agent or the conveyancer, provided the arrangement is formally approved by your governing body. That reliance saves time without removing responsibility. Where a client refuses to provide required identification, you cannot legally act, and the refusal itself may trigger a suspicious matter reporting obligation.

Red flags worth watching

AUSTRAC has published specific indicators of suspicious activity for the real estate sector, and the most relevant for buyer’s agents include clients purchasing property inconsistent with stated income, funds arriving from multiple unrelated accounts or offshore entities, clients with no clear legitimate reason for the transaction, large deposit overpayments with requests to refund to a different party, unexplained third parties involved in the purchase, clients who appear to act under the instruction of a controlling third party, and sight-unseen purchases with no inspection or due diligence by the buyer. None of these amount to proof of wrongdoing, yet every one warrants closer attention and, where appropriate, a report.

The penalty framework is not theoretical

Civil penalties reach 100,000 penalty units ($33 million) per breach for companies and 20,000 penalty units ($6.6 million) for individuals, with each failure constituting a separate breach. Onboarding fifty clients without proper identity verification could therefore represent fifty separate penalty events. Criminal penalties include up to two years imprisonment for tipping off, up to five years for providing false information to AUSTRAC, and up to twenty-five years for conducting transactions involving proceeds of crime. Failure to enrol attracts daily fines of up to $19,800 for businesses.

The historical benchmarks provide context. AUSTRAC fined Westpac $1.3 billion in 2020, the Commonwealth Bank $700 million in 2018, and Crown Melbourne and Perth $450 million in 2023. Real estate agencies will not face penalties of that magnitude, yet the per-breach structure means even a small agency carries serious financial exposure for systemic non-compliance. AUSTRAC has stated that it expects Tranche 2 entities to be compliant from day one, without any general grace period.

One additional note worth flagging: small businesses normally exempt from the Privacy Act 1988, with turnover under $3 million, must comply with it in full for any personal information collected for AML CTF purposes.

How industry bodies are responding

The Real Estate Institute of Australia has been the most active voice, partnering with the RegTech provider First AML, producing compliance fact sheets, and making government submissions that achieved practical wins, including delayed buyer CDD provisions and expanded reliance arrangements. REIA President Leanne Pilkington has acknowledged the scale of the gap the industry is now closing, describing real estate as a blind spot for money laundering regulation in Australia for two decades.

REIV in Victoria has built a comprehensive support framework, including an AML CTF Summit with AUSTRAC representatives scheduled for 24 April 2026, and REINSW in New South Wales has launched a Master AUSTRAC Compliance training program alongside its proprietary REI Vault compliance platform, live since 31 March.

REBAA, the primary national body for buyer’s agents, has no visible AML CTF guidance, submissions, or member communications as of April 2026, which is a significant gap. Buyer’s agents are relying on REIA, state REIs, and AUSTRAC directly for guidance.

What it costs

Year-one total costs for a small or medium buyer’s agency using a hybrid approach of software plus professional review run approximately $5,000 to $15,000. That figure covers RegTech software at $60 to $500 per month, initial compliance program development, consultant review, staff training, and internal time investment.

Purpose-built platforms for Australian real estate include First AML (REIA and REIV partner), easyAML (with a free tier), AMLTranche ($59 to $499 per month), AML Assured (which handles SMSFs, companies, and trusts), and APLYiD (with a flat fee per listing). Most offer API integration with existing CRM and property management systems. For an agency with around sixteen staff, the investment sits at the higher end of the range and remains modest relative to the penalty exposure.

The compliance checklist: twelve steps from now to 1 July

Step 1: Appoint your AML CTF Compliance Officer (now). In a small agency this will often be the principal, and the compliance officer is the single point of accountability for the program. They must be notified to AUSTRAC by 29 July 2026, so appoint them now and let them lead the build.

Step 2: Complete your money laundering and terrorism financing risk assessment (now). Assess the business against client types (investors, first-home buyers, foreign buyers, SMSFs), transaction types (residential, commercial, off-market), geographic exposure, delivery channels, and product complexity. The AUSTRAC Starter Kit includes a risk assessment template worth using as a foundation.

Step 3: Select and implement RegTech software (by mid-May). Choose a platform that handles electronic identity verification, sanctions and PEP screening, beneficial ownership checks for companies, trusts, and SMSFs, risk scoring, record keeping, and audit trails. Test it against sample client profiles before going live, and allow four to six weeks for selection, procurement, and integration.

Step 4: Rewrite your client onboarding process (by late May). Map the current journey from first contact to signed agreement, insert CDD steps before or at the point of signing, build separate workflows for individuals, companies, trusts, and SMSFs, and create a client-facing explanation that positions identity verification as investor protection rather than bureaucracy.

Step 5: Update your buyer’s agency agreement (by late May). Add AML CTF consent clauses that cover collection, verification, and retention of identification documents, include a termination provision for clients who refuse to comply, and have a lawyer review the updated agreement.

Step 6: Draft your AML CTF program document (by early June). This is the formal document AUSTRAC can request at any time. It must cover the risk assessment, CDD procedures for initial, ongoing, and enhanced diligence, suspicious matter identification and reporting, record-keeping protocols, employee due diligence and training, and the independent review schedule. Use the AUSTRAC Starter Kit as your foundation.

Step 7: Train all staff (by mid-June). Every team member who interacts with clients or handles transaction information needs training that covers AML CTF obligations, your CDD procedures, red flags and suspicious matter indicators, the tipping-off prohibition in practice, and reporting procedures. Budget two to four hours per person, document attendance and content, and schedule annual refresher training.

Step 8: Build your record-keeping system (by mid-June). Establish how you will store CDD records, transaction records, suspicious matter reports, training logs, and program documentation for the seven-year retention period. Your RegTech platform will do most of the work, provided it integrates with your CRM and file management.

Step 9: Establish your suspicious matter reporting process (by mid-June). Build an internal escalation pathway so frontline staff identify red flags, escalate to the compliance officer, and have the compliance officer assess and lodge reports with AUSTRAC where required. Document the process and remind the team that the tipping-off prohibition prevents anyone from telling the client a report has been made.

Step 10: Enrol with AUSTRAC (by 29 July 2026, though earlier is better). Complete enrolment through the AUSTRAC online portal, providing business details, services, compliance officer information, and contacts. Enrol as soon as the program is ready rather than waiting until the deadline.

Step 11: Transition existing clients (from 1 July). Specific transitional CDD arrangements apply to clients you were already working with before 1 July, with more flexible timing than for new clients. Plan to work through the existing client book systematically across the first three to six months after commencement.

Step 12: Schedule your first independent review (within twelve months). Your program must be independently reviewed, with the initial deadline staggered by AUSTRAC account number. Plan for the review within twelve months of commencement and budget accordingly.

Compliance as competitive advantage

Once these obligations take effect, non-compliant agencies cannot legally operate, which makes compliance a market entry requirement rather than a differentiator. The advantage sits in the quality of how compliance is delivered. Agencies that invest in proper technology and training will offer a measurably smoother client experience, with fast digital onboarding instead of clunky manual processes, clear communication that positions verification as investor protection, and smooth integration with mortgage brokers, conveyancers, and selling agents who already operate under their own compliance frameworks.

For selling agents evaluating competing offers, knowing that a buyer’s agent only represents verified, legitimate buyers reduces the risk of a sale collapsing. For referral partners, alignment with a compliant agency streamlines the entire transaction chain. Practical steps that turn compliance into a marketable advantage include adding an AML CTF compliance page to the website, displaying the AUSTRAC registration badge, framing identity verification in client communications as investment protection, briefing referral partners on the new processes, and positioning early compliance as evidence of professional standards.

The agencies that build this infrastructure now will hold a genuine edge in a market where trust and verification have quietly become the baseline for professional practice.

---

About the author. Shiju Thomas is a marketing leader with experience scaling buyer’s agency, B2B SaaS, and PropTech businesses across Australia. He built the marketing function at Cohen Handler, at the time Australia’s largest buyer’s agency, helped establish the buyer’s agent category, and has held CMO and Head of Marketing roles at ezyCollect, canibuild, and others.

Need help turning these obligations into a working program? Z10 Consulting builds compliance-ready marketing, technology, and client-onboarding systems for buyer’s agencies. Book a consultation at sales@z10consulting.com.au.