AML/CTF Reform for Real Estate: What Queensland Agents Must Do Before 1 July 2026
You have been selling and leasing Queensland property for years — and until now, the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 simply did not apply to you. That changes on 1 July 2026. From that date, if your agency brokers the sale, purchase, or transfer of real estate, you are a reporting entity under Australian federal law, with the same category of obligations that banks and financial institutions have carried for two decades.
On 29 November 2024, Parliament passed the Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2024 (Cth), which amends the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) — making the most transformational changes to that Act since it commenced in 2006. With an estimated 80,000 to 90,000 new reporting entities entering the AML/CTF regime as a result, the demand for training, technology, and specialist expertise is expected to continue to increase. Queensland agencies are a significant cohort within that number, and the compliance window is tight.
This is not a future problem. If you have not yet begun, you are already behind. Here is exactly what you need to do.
Why Real Estate Is Now in Scope for AML/CTF Obligations
Real estate transactions have been established as a common method of laundering money both internationally and domestically, with illicit funds frequently laundered or invested in the sector. These new AML/CTF changes are aimed at ensuring that Australia’s AML/CTF regime is strengthened and meets international standards, as set by the Financial Action Task Force (FATF).
Failure to implement these reforms could have led to Australia being placed on the FATF “grey list,” subjecting the country to increased scrutiny and potential reputational damage — with research indicating grey-listing could result in a GDP decline of up to 7.6% and a reduction in foreign direct investment by 3%. The government moved to close that risk, and real estate is explicitly identified as a priority sector.
From 1 July 2026, anti-money laundering and counter-terrorism financing (AML/CTF) obligations apply to certain services typically provided by the following businesses, known as tranche 2 entities: real estate professionals — such as real estate agents, buyer’s agents and property developers. Real estate agents, lawyers, accountants, conveyancers and dealers in precious stones and metals will all become reporting entities, required to verify customer identities, monitor financial crime risks and report suspicious activity to AUSTRAC.
Critically, the obligation is not limited to sellers’ agents. When a real estate agent acts for the seller and brokers the successful sale of a house, their customer is both the buyer and the seller — meaning they will have AML/CTF obligations in relation to both parties. Buyer’s agents are equally captured. One of the new designated services is brokering, planning, or executing the sale, purchase, or transfer of real estate — and AUSTRAC states that this will include preparing contracts, conducting title searches or holding funds in trust, even if the transaction does not ultimately proceed.
Notably, standard leasing and property management activities are excluded from the designated services. However, if your agency touches transactions — even off-the-plan sales, house-and-land packages, or conjunctional arrangements — you are captured.
The Six Core Obligations You Must Meet by 1 July 2026
1. Enrol with AUSTRAC
If you provide a designated service with a geographical link to Australia, you must enrol. Enrolment opens 31 March 2026 for newly regulated industries and cannot be done earlier. If you provide any of the new designated services that commence on 1 July 2026, you must create an AUSTRAC Online account, log in and complete the enrol a new business form by 29 July 2026.
Do not treat 29 July as a comfortable buffer. Your AML/CTF obligations commence on 1 July 2026 regardless. Providing a designated service after that date without enrolment is itself a contravention of the Act. Failure to enrol is a civil penalty violation under the AML/CTF Act (Section 51B). The practical advice is straightforward: enrol as early as possible so that your other obligations can be operationalised before the commencement date.
Once enrolled, you must notify AUSTRAC of your nominated AML/CTF Compliance Officer. Under the transitional rules, if you are a newly regulated business, you must notify AUSTRAC of your compliance officer within a specified period — for example, if you enrolled on 29 July 2026, you would have until 12 August 2026 to notify AUSTRAC of your AML/CTF compliance officer. After this transitional period ends, the standard 14-day notification rule applies.
2. Appoint an AML/CTF Compliance Officer
The AML/CTF compliance officer must be at management level and will be required to ensure compliance with the provider’s AML/CTF obligations. For sole traders and SMEs, this will likely be the owner or principal of the business or someone in senior management.
Your AML/CTF governance structure must clearly identify three roles: a governing body with primary responsibility for governance and executive decisions; a senior manager who approves AML/CTF programs and compliance decisions; and an AML/CTF compliance officer who manages day-to-day compliance and ensures policies and procedures are implemented. In smaller businesses, one person may conduct multiple governance responsibilities.
This is not a nominal appointment. It is crucial that company directors and officers adequately familiarise themselves with these reforms and ensure company procedures and policies are compliant — as civil penalties under the AML/CTF Act can be imposed against an individual as well as their company. The compliance officer carries personal accountability.
3. Build Your AML/CTF Program
An AML/CTF program protects your business from criminal exploitation through money laundering, terrorism financing and proliferation financing — and helps you fulfil your obligations while contributing to a safer Australian financial system.
The program has two parts. Part A is the risk-based framework: how the firm identifies and assesses the money laundering and terrorism financing risks of its customer base, how those risks are managed, how the firm trains its staff, how it monitors transactions, and how it reviews the program over time. Part B is the customer identification procedure: how the firm verifies the identity of new customers before providing designated services, and how it handles ongoing customer due diligence over the life of the relationship.
You will need to consider whether your business requires a standard AML/CTF program (if it is an individual operating provider) or a joint program (if it is a member of a designated business group). For Queensland franchise networks and multi-office groups, this distinction matters. AUSTRAC has switched from an opt-in reporting group model to an opt-out model — entities within a corporate group or control structure now automatically form a reporting group unless a reporting entity explicitly declines membership in writing.
AUSTRAC has published program starter kits specifically for small businesses entering the regime for the first time. Use them as a foundation, but tailor them to your agency’s actual risk profile. A generic template that does not reflect your client base, transaction types, and geographic footprint will not pass scrutiny. The AML/CTF program must be independently reviewed at regular intervals — industry practice is annual or biennial review for higher-risk firms.
4. Implement Customer Due Diligence
Customer due diligence (CDD) is the day-to-day engine of your compliance program. The AML/CTF regime is risk-based, which means not all transactions are treated the same way. The level of due diligence required depends on the risk level identified — meaning agents will need to make judgement calls and ensure staff understand when additional checks are required.
Verify the identity of every customer before providing a designated service. Three tiers apply: simplified CDD for lower-risk scenarios, standard CDD for most transactions, and enhanced CDD for higher-risk customers such as trusts, foreign persons, and politically exposed persons (PEPs).
Standard identity collection under REIQ or state-based contracts does not meet AUSTRAC’s verification standard. A compliant CDD process must include verification of the client’s full name, date of birth, and address using reliable independent documents; beneficial ownership identification for corporate or trust clients; PEP and sanctions screening before and throughout the relationship; ongoing monitoring of the client relationship; and retention of all verification records for seven years.
Beneficial ownership is a particular focus for property transactions. A beneficial owner is an individual who ultimately owns or controls an entity such as a company, trust or partnership — with “owns” meaning owning 25% or more of the entity, either directly (such as through shareholdings) or indirectly (such as through another company’s ownership or through a bank or broker). When a company or discretionary trust appears as the buyer or seller, you must look through the structure and identify the actual human being in control.
For PEPs, the obligations are significantly elevated. For high-risk PEPs, including foreign PEPs, who are customers or beneficial owners of a customer, you must use the same customer identification and verification procedures you use for individuals, as well as your enhanced CDD program. This includes getting senior management approval before starting or continuing a business relationship with the customer, and taking reasonable measures to establish the source of the customer’s and each beneficial owner’s wealth and funds.
For newly regulated reporting entities under the Amendment Act, pre-commencement customers will be those in a business relationship with the reporting entity when the new CDD obligations commence on 1 July 2026. A customer who enters into a business relationship with a reporting entity on, or after, 1 July 2026 will not be a pre-commencement customer and will need to have full initial CDD obligations applied to them. This means you need your CDD process operational from day one for all new clients.
5. Set Up Transaction Monitoring
You will also be expected to monitor transactions throughout their lifecycle. This includes identifying changes in ownership structures, unusual payment patterns, or situations where new information raises questions about the original risk assessment.
Transaction monitoring in real estate is not the same as it is in banking. You are not watching daily movement of funds across accounts. You are watching for red flags across the course of a transaction: the source of a deposit changing unexpectedly, a new party emerging late in a deal with no prior involvement, instructions to redirect funds, or a buyer who appears materially unable to support the purchase price based on everything you know about them.
Your AML/CTF policies must help you identify suspicious activity by training your personnel to recognise suspicious activity and monitor for unusual transactions and customer behaviour. You must conduct timely reviews of material relevant to a suspicious matter, such as indicators of suspicious activity and alerts generated by your monitoring program, and decide whether there are reasonable grounds for suspicion as soon as practicable.
Specific indicators warranting enhanced scrutiny include use of shell companies or complex trust or corporate structures that have obfuscated beneficial ownership; customers who want to conduct unusually large cash transactions; high-net-worth individuals whose income sources are unclear, or with complex or opaque wealth structures; customers whose wealth or income comes from multiple jurisdictions; and inconsistencies between the information the customer provided and other information available to you related to their income or wealth.
6. Lodge Suspicious Matter Reports
If you form a suspicion that a customer or transaction involves money laundering, terrorism financing, or proceeds of crime, you must file a Suspicious Matter Report with AUSTRAC. This obligation is ongoing, not limited to completed transactions.
SMRs must be filed within 24 hours of the suspicion forming for terrorism financing matters, and within three business days for money laundering and other offences. Threshold Transaction Reports (TTRs) are filed for cash transactions of AUD 10,000 or more.
As a newly regulated business, you will need to use the new SMR form from 1 July 2026. Common triggers include clients reluctant to provide ID, unexplained sources of funds, third-party payments with no commercial explanation, and pressure to bypass verification steps.
There is also the tipping-off prohibition to be aware of. You must not disclose to a client that you have lodged, or are considering lodging, a suspicious matter report. Tipping off under section 123 is a criminal offence with a maximum penalty of imprisonment for two years or 120 penalty units, or both. Train your staff on this carefully — well-meaning transparency in this context is a serious legal exposure.
Record-Keeping Requirements
Records provide evidence of your due diligence, risk management practices and compliance with AML/CTF obligations. If you cannot produce them on request, AUSTRAC will treat non-documentation as non-compliance.
You must keep AML/CTF records for at least seven years. Customer due diligence records must be retained to the end of a seven-year period from the date the business relationship ends or the occasional transaction is completed, as per section 111 of the AML/CTF Act.
Six categories of records must be maintained for a minimum of seven years: customer identity records, risk assessment records, transaction records, copies of all AUSTRAC reports, personnel due diligence records, and AML/CTF program and training records.
You must have a policy about record-keeping, including which records are kept, how they are secured and who is responsible. Keep all transaction records related to a designated service, including customer-provided transaction records, and ensure your business can quickly access and translate its records into English if needed.
Staff Training and Personnel Due Diligence
Training is a mandatory component of your AML/CTF program — not optional professional development. Personnel due diligence and training ensure the people performing AML/CTF functions in your business have the right skills, knowledge and integrity to meet your obligations and manage risk. This includes conducting personnel due diligence to assess the skills, knowledge, expertise and integrity of personnel you employ, as well as providing AML/CTF training to make sure personnel understand your obligations and know how to follow your policies, procedures and systems — so they can identify, manage and mitigate money laundering and terrorism financing risks.
For a Queensland agency, this means every salesperson who takes a buyer enquiry, every property manager who handles trust money, and every receptionist who conducts initial client onboarding needs role-appropriate training. The AML/CTF Act requires that relevant employees receive AML/CTF training appropriate to their role.
Training records must be retained as part of your seven-year record-keeping obligations. Document who was trained, when, on what content, and the outcome. This is the evidence file that demonstrates your program was operational — not just written.
Privacy Act Obligations Flow On
There is a compliance overlap that catches many agencies off guard. Once a business becomes a reporting entity under the AML/CTF Act, it must also comply with the Privacy Act 1988 (Cth) in respect of all personal information collected for AML/CTF purposes — regardless of its annual turnover.
This is significant for Queensland boutique agencies and sole-principal operations. Normally, under the Privacy Act, small businesses with an annual turnover of $3 million or less are generally exempt from compliance obligations, unless they fall within specified categories. That small business exemption no longer applies to any personal information you collect as part of AML/CTF obligations. Your privacy policy, data handling procedures, and storage practices must be reviewed and updated before 1 July 2026.
The Penalties for Non-Compliance
Failure to comply with these obligations could result in significant civil penalty orders and other means of enforcement available to AUSTRAC. AUSTRAC can apply for civil penalty orders from the Federal Court — up to 100,000 penalty units for the most serious contraventions.
Penalties are personal as well as corporate. Directors and compliance officers are exposed individually. Non-compliance with the AML/CTF Act can result in civil penalties, infringement notices, and — in serious cases — criminal prosecution. AUSTRAC has broad enforcement powers including enforceable undertakings and licence suspension.
Do not assume a soft regulatory start. AUSTRAC’s regulatory expectations are clear: for Tranche 2 entities, AUSTRAC expects enrolment, a functioning AML/CTF program, and operational compliance infrastructure in place before obligations commence. The regulator has been consistent in signalling that it expects genuine readiness, not post-commencement scrambling.
Month-by-Month Implementation Timeline for Queensland Agents
With the deadline now weeks away, the following sequence will carry you from nothing to compliant.
Now — Immediately: Confirm whether your agency provides designated services under the AML/CTF Act using AUSTRAC’s online eligibility checker at austrac.gov.au. If your business conducts any buying, selling, or transferring of real estate (including off-the-plan sales and house-and-land packages), you are captured. Standard residential and commercial property management is not a designated service, but the moment your agency brokers a transaction, it is.
Now: Nominate your AML/CTF Compliance Officer. In a sole-principal agency, this is you. In a multi-agent office, this must be someone at management level with genuine oversight of the compliance function — not a junior administrator. Begin the AUSTRAC enrolment process immediately via AUSTRAC Online.
Now (Overdue if Not Started): Conduct your ML/TF risk assessment. This is the document that drives everything else. It must identify the types of customers you typically deal with (individuals, companies, trusts, foreign nationals), the types of transactions you facilitate, the geographic risk profile of your deals, and any third-party or referral relationships. Your risk assessment is the foundation on which your entire program is built.
Now: Draft your AML/CTF program (Parts A and B). AUSTRAC’s starter kits are available at austrac.gov.au and are calibrated for smaller entities entering the regime for the first time. Adapt the template to your actual operations. Have it reviewed and formally approved by your principal or governing body before commencement.
Before 1 July 2026: Implement your customer due diligence process. Select a verification method — whether digital identity verification platforms, manual document-based verification, or a combination — and embed it into your client onboarding workflow. Test it on actual transactions before go-live. Digital identity verification platforms can automate much of this process and should be integrated into your CRM before July 2026.
Before 1 July 2026: Train all relevant staff. Run a formal training session covering: what the AML/CTF Act now requires; how to identify and escalate suspicious activity; how to conduct CDD correctly; and the tipping-off prohibition. Record attendance. Retain records.
From 1 July 2026: Apply full CDD to every new client from commencement date. Log all screening results, verification outcomes, and risk assessments. Have your SMR process documented so that any staff member who identifies suspicious activity knows exactly how to escalate it, who makes the decision, and how to lodge.
Quarterly from 1 July 2026: Review your AML/CTF program against actual experience. Are your risk indicators proving accurate? Have you encountered transaction patterns that are not covered by your current policies? Update accordingly and document the review.
What This Means for Queensland Agents
The AML/CTF reform for real estate is the most significant compliance change the Queensland property industry has faced in a generation. It is not a box-ticking exercise. The obligations are substantive, the penalties are real, and AUSTRAC has been clear about its expectations.
The practical reality is that most Queensland agencies — particularly boutique offices, suburban sole-principal practices, and regional agencies — will need to build their compliance infrastructure from scratch. That is entirely achievable in the time available, but only if work begins immediately. The six core obligations (enrolment, compliance officer, AML/CTF program, CDD, transaction monitoring, and SMR reporting) each require active preparation, not passive awareness.
AUSTRAC has indicated it will take a risk-based, educative approach to compliance in the early transition period — but this does not mean obligations are optional. The expectation is that entities will have their AML/CTF programs documented and their CDD procedures operational by the commencement date.
Queensland agents who invest in proper implementation now will not only meet their legal obligations — they will be better positioned to handle the increasing proportion of offshore buyers, corporate purchasers, and complex trust arrangements that characterise the state’s top-end market. Robust client verification is, ultimately, good practice regardless of regulatory compulsion.
Access AUSTRAC’s real estate guidance directly at austrac.gov.au. If the specific obligations of your agency’s structure are unclear, seek qualified legal advice before 1 July 2026.
This article provides factual and practical information about AML/CTF obligations for Queensland real estate agents. It does not constitute legal or financial advice. Agents should consult a qualified legal practitioner for advice specific to their business.