AML/CTF Reform: What Real Estate Agencies, Sellers, and Buyers Need to Know

Overview 

Australia’s property sector is on the brink of a historic regulatory shift. From 1 July 2026, real estate professionals providing designated services are classified as reporting entities under Australia's expanded Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) reforms. This is one of the most significant regulatory changes the property industry has faced, moving it from a voluntary reporting culture to a strictly regulated regime with enforceable legal obligations and serious penalties for non-compliance.  

Whether you are running an agency, listing a home, or securing a property, here is exactly how the landscape will change and what is required to stay compliant. 

What Real Estate Agencies Need to Know

Key Deadlines 

Three dates matter above all others: 

• 31 March 2026 — The AUSTRAC Enrolment Portal opens. Begin your enrolment immediately. 
• 1 July 2026 — All AML/CTF obligations take strict legal effect. Full compliance is required from this date. 
• 29 July 2026 — The hard final deadline for completing AUSTRAC enrolment. No extensions are available. 

Who does this Affect?

Any business with a geographical link to Australia providing the following services must enrol with AUSTRAC: acting as a buyer's agent, acting as a real estate agent for the buying or selling of property, or providing property development services. Standard leasing and property management activities are excluded.

The 8 Core Obligations

Every enrolled practice must implement and continuously maintain eight compliance pillars from 1 July 2026.

1. AUSTRAC Enrolment — Register your business and all designated services by 29 July 2026 at the latest.

2. Compliance Officer — Appoint a management-level AML/CTF Compliance Officer within 28 days of commencing designated services. This person is your primary AUSTRAC liaison and is subject to fit-and-proper requirements.

3. AML/CTF Program — Maintain a written policy document. Part A covers how you identify and manage ML/TF risks. Part B covers customer identity verification procedures.

4. Business-Wide Risk Assessments — Document the specific ML/TF risks your practice faces, taking into account client types, property locations, transaction values, and delivery methods.

5. Customer Due Diligence — Verify every client's identity before providing any designated service. Identify beneficial owners for corporate and trust clients. Screen all clients for PEP status and sanctions exposure.

6. Ongoing Customer Monitoring — Continuously review active client relationships to ensure transactions remain consistent with the client's known risk profile and source of funds.

7. Mandatory Reporting — Lodge Suspicious Matter Reports (SMRs) for suspected criminal links and Threshold Transaction Reports (TTRs) for physical cash transactions of $10,000 or more. Failure to report is a criminal offence.

8. Record Keeping — Retain all risk assessments, KYC verifications, transaction records, PDD decisions, and reports for a minimum of seven years.

High-Risk Client Profiles

The following client types require enhanced due diligence and closer scrutiny throughout any transaction: overseas or interstate buyers with no verifiable Australian financial presence; high-net-worth individuals transacting through complex corporate, trust, or nominee structures; clients involved in high-value commercial or off-market transactions with unusual urgency; cash-heavy transactions; Politically Exposed Persons and their associates; and clients involved in rapid or unexplained property cycling.

What KYC Actually Requires

Standard identity collection under REIQ or state-based contracts does not meet AUSTRAC's verification standard. A compliant KYC process must include verification of the client's full name, date of birth, and address using reliable independent documents; beneficial ownership identification for corporate or trust clients; PEP and sanctions screening before and throughout the relationship; ongoing monitoring of the client relationship; and retention of all verification records for seven years. Digital IDV platforms can automate much of this and should be integrated into your CRM before July 2026.

Mandatory Reporting

SMRs must be lodged as soon as practicable — within 24 hours for terrorism-related matters and within three business days for all other suspicions. Common triggers include clients reluctant to provide ID, unexplained sources of funds, third-party payments with no commercial explanation, and pressure to bypass verification steps.

TTRs must be lodged for physical cash transactions of $10,000 or more, within 10 business days. Deliberately structuring payments into sub-$10,000 amounts to avoid this obligation — known as structuring — is itself a criminal offence.

Personnel Due Diligence

Every employee or contractor performing AML/CTF functions must be screened before commencing duties and monitored on an ongoing basis. Screening must cover two areas: skills and knowledge (verified through interviews, assessments, and qualifications review) and integrity (police and bankruptcy checks, adverse media and sanctions screening, reference checks, and self-disclosure declarations).

Existing staff cannot be grandfathered in — all current employees in AML/CTF roles must be reviewed against the new standards. The Compliance Officer is subject to additional fit-and-proper requirements beyond standard PDD.

Staff must self-report material changes in personal circumstances, and certain events — such as a promotion, a change in role, or a new high-risk service — require immediate reassessment. Where adverse findings arise, the firm must respond proportionately: increased monitoring for low-level concerns, mandatory training for skill gaps, formal disciplinary action for policy breaches, and immediate removal from all AML/CTF functions for serious integrity risks.

Record Keeping

Six categories of record must be maintained for a minimum of seven years: customer identity records, risk assessment records, transaction records, copies of all AUSTRAC reports, Personnel Due Diligence records, and AML/CTF program and training records.

What Sellers Need to Know

For vendors, the regulatory focus is on ensuring that illicit actors cannot use the sale of legitimate assets to launder dirty money. Sellers should expect a more rigorous and structured process than they have encountered before, with identity and financial transparency requirements now embedded into the transaction itself.

Identity Verification

Vendors must undergo formal digital identity verification, and the verified identity must precisely match the name registered on the Certificate of Title. Any discrepancy — including a maiden name, a name change, or a historical administrative error — must be reconciled. Agents and conveyancers are jointly responsible for ensuring this alignment is confirmed before the transaction proceeds.

Disclosing Corporate Control

Where the vendor is a corporate entity or trust, the individuals behind that structure must be fully identified and disclosed. Regulators require clear and documented visibility over who will ultimately benefit from the proceeds of the sale — not simply who appears on the contract. Beneficial ownership must be traced to the natural person or persons who exercise ultimate control or hold a significant ownership interest.

Destination of Settlement Funds

Sellers should expect strict protocols governing where final settlement funds are directed. A request to transfer proceeds to an unrelated third-party account, an overseas jurisdiction, or a newly established company with no obvious commercial connection to the seller may trigger an internal compliance review and report.

What Buyers Need to Know

For purchasers, the property transaction will be a materially more rigorous process under the new regime. The regulatory focus shifts toward verifying ultimate identity and scrutinising the origin of the capital being deployed.

Identity Verification

Providing a driver's licence at an open home will no longer be sufficient for the purposes of drafting a contract. Buyers will be required to undergo formal, independent identity verification — a structured process that includes cross-referencing global PEP databases, sanctions lists, and adverse media sources. This applies to all purchasers, regardless of the nature or value of the transaction.

Disclosing Complex Ownership Structures

Buyers purchasing under a trust, self-managed superannuation fund (SMSF), or company structure cannot remain anonymous. The law will require agents to identify the beneficial owners of any such entity — defined as any individual who owns 25% or more of the entity, or who holds ultimate decision-making control over it. The days of purchasing property through an opaque corporate structure without disclosing the controlling individual are over.

Source of Funds and Risk-Based Reviews

Not all buyers will be subject to the same level of scrutiny. Standard owner-occupiers purchasing with a domestic mortgage from an established lender represent a low-risk profile and will experience a relatively straightforward verification process. However, the following buyer profiles are considered high-risk under the framework and will be subject to enhanced due diligence and detailed examination of the source of funds:

• Overseas or interstate buyers with no local address history or verifiable Australian financial presence
• High-net-worth individuals transacting through complex corporate, trust, or nominee structures
• Buyers involved in high-value commercial or off-market transactions, particularly those with unusual urgency or third-party funders
• Buyers seeking to transact using significant volumes of cash
• Politically Exposed Persons or their close associates and family members
• Buyers engaged in rapid or unexplained property cycling — purchasing and selling the same property in short succession without clear commercial rationale

Where a buyer falls into one or more of these categories, agents are obligated to conduct a deeper level of due diligence, including verification of the source of funds, before the transaction can proceed.