AUSTRAC Enrolment Deadline July 2026: A Step-by-Step Action Plan for Queensland Real Estate Agencies
You are already providing designated services. From 1 July 2026, that means you are a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), as amended by the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 — whether you have enrolled with AUSTRAC or not. The question is not whether these obligations apply to your Queensland agency. It is whether you are ready.
As AML/CTF reforms expand to include the property sector, real estate agencies that offer designated services must enrol with AUSTRAC by 29 July 2026. That is the final administrative deadline. But the more important date is 1 July 2026 — the day your full compliance obligations switch on. Enrolment is the gateway to everything else, and this guide walks you through the entire process, from creating your AUSTRAC Online account to signing off your AML/CTF program and nominating your compliance officer.
What the Legislation Actually Says — and Who It Captures
The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 extends Australia’s AML/CTF regime to a new cohort of “Tranche 2” entities — and real estate agents are among the first in scope. This is not incremental tinkering. It is the date a sweeping expansion of Australia’s anti-money laundering and counter-terrorism financing regime takes effect for tens of thousands of businesses that have, until now, sat outside the regulator’s direct line of sight. Estimates put the number of newly captured entities at around 100,000, roughly six times the size of the existing reporting population.
For Queensland agents, the scope question is straightforward. For real estate professionals, the designated services include any service in connection with the sale, purchase, or transfer of real property, regardless of the price or whether the agent is acting for the buyer or the seller. That covers residential sales, commercial transactions, buyers agency work, and project sales. Under the service category list, you select “Real estate services” — specifically the buying and selling of real property. Do not select property management or leasing as these are not designated services.
The entity that enrols is the licence holder — not individual agents. The licence holder or entity that provides the designated real estate service must enrol — not individual agents. If your agency is a company, the company enrols. If you’re a sole trader with a real estate licence, you enrol as an individual. Franchise groups: each franchisee enrols separately.
AUSTRAC’s money laundering national risk assessment found the real estate sector poses a high money laundering risk in Australia. This is the underlying policy rationale, and it is why AUSTRAC will not treat non-compliance lightly. AUSTRAC can apply for civil penalty orders from the Federal Court — up to 100,000 penalty units for the most serious contraventions. An entity (body corporate) might be ordered to pay a penalty of up to 100,000 penalty units (approximately $33 million). Those figures are not aspirational — in 2024, a civil penalty of $67 million was awarded against SkyCity Adelaide for AML/CTF non-compliance.
The Critical Dates — and Why 1 July Matters More Than 29 July
There are two dates Queensland agencies must hold firmly in mind, and confusing them is a common and costly mistake.
Key dates: 10 December 2024 — the Amendment Act receives Royal Assent. 31 March 2026 — enrolment with AUSTRAC opens for Tranche 2 entities. 1 July 2026 — new AML/CTF obligations commence. 29 July 2026 — final deadline to enrol with AUSTRAC.
The 29 July deadline is the last date by which you can complete enrolment without being in immediate breach of the Act. But the deadline is 29 July 2026 — but you should complete it before 1 July when your obligations formally begin. If you enrol on 29 July but have no AML/CTF program, no compliance officer appointed, and no customer due diligence procedures in place, you have been in breach of multiple obligations for a full month.
Missing enrolment before you start providing designated services is itself a contravention of the Act. For agencies that have been selling property continuously, that means you need to be enrolled before 1 July 2026. Enrolling early gives you more time to prepare, complete training and address any enrolment issues ahead of the 29 July deadline. It also opens up direct lines of communication with AUSTRAC and access to the reporting entity induction program.
The practical takeaway: complete your enrolment now. The portal has been open since 31 March 2026. There is no administrative advantage to waiting.
How to Enrol — A Step-by-Step Guide to the AUSTRAC Online Portal
Step 1: Create Your AUSTRAC Online Account
AUSTRAC enrolment is done online at online.austrac.gov.au. You must create a user account with AUSTRAC to enrol. After creating an account, log in and complete the enrol a new business form. Use your business email address — this becomes the primary contact point for all future AUSTRAC correspondence. If your agency already has an AUSTRAC Online account from previous interaction with the regulator, log in and check whether your enrolment details need to be updated under the new rules rather than starting from scratch.
You can save your progress and return to the form for up to 14 days. This means you do not need to have every piece of information assembled before you begin. Start the form, save your progress, gather what you need, and return.
Step 2: Select Your Entity Structure
Select the entity type that matches your agency — company, partnership, sole trader, or trust. This selection determines which additional fields appear in the form. A Pty Ltd agency will be required to provide director details; a trust will require trustee and beneficiary information. Get this right — selecting the wrong entity type creates delays and requires AUSTRAC to reprocess your submission.
Step 3: Enter Your Business Details
Provide your ABN, legal business name, trading name (if different), and principal address. AUSTRAC will verify your ABN against the Australian Business Register. If your ABN registration is not current or accurate, resolve that through the ABR before you begin enrolment. Discrepancies between your ABN registration and your enrolment form will cause processing delays you cannot afford this close to the deadline.
Step 4: Identify Your Designated Services
The AUSTRAC enrolment form will seek confirmation of how your business is linked to Australia. You must identify which designated services you provide. For real estate, this includes sales, purchases or transfers of real estate — brokered or non-brokered. Select “Property and Real Estate Services” as your service category. If your agency also operates as a buyers agency or assists developers with project sales, those services should be captured in the same enrolment. Remember: property management and leasing are not designated services and should not be selected.
Step 5: Provide Ownership and Control Information
List all directors (if a company) or partners (if a partnership). AUSTRAC requires names and contact details. This is part of AUSTRAC’s own due diligence on reporting entities. For entities with complex ownership structures — including those involving trusts as shareholders — be prepared to provide information on beneficial owners. For trusts, this includes trustees, appointors, and significant beneficiaries. If your agency earns revenue through a corporate group structure, you will also be asked about group earnings, as this determines your AUSTRAC annual industry levy.
Step 6: Nominate Your AML/CTF Compliance Officer
This is the person responsible for your agency’s AML compliance. For small agencies, this is typically the principal or director. You can update this person later if needed. The nomination during enrolment is a starting point, but there are specific notification obligations attached to the appointment — covered in detail in the next section.
Step 7: Review, Declare, and Submit
Review every field before submitting. You will receive a confirmation email and an AUSTRAC reporting entity number. Keep this — you will need it for your compliance records. File the confirmation email and your reporting entity number in your compliance folder immediately. This number will appear on your AML/CTF program documentation and in any future AUSTRAC correspondence.
Designating Your AML/CTF Compliance Officer
The compliance officer role is not a formality. The AML/CTF compliance officer is responsible for communicating with AUSTRAC on your business’s behalf. They must also oversee and coordinate your day-to-day compliance with your obligations.
It is now an explicit requirement to appoint a fit and proper AML/CTF compliance officer responsible for implementing the AML/CTF program. “Fit and proper” under the Act requires you to assess the person’s integrity, professional competence, and ability to perform the role. For Queensland agents, this assessment has a practical shortcut: AUSTRAC is working with industry bodies to determine whether it can recognise existing fit and proper person checks and will develop guidance on this issue in late 2026. The holder of a Queensland real estate licence has already passed a fit and proper assessment under the Property Occupations Act 2014 (Qld) — monitor AUSTRAC’s guidance on whether that assessment carries cross-regulatory recognition.
Who Can Hold the Role
Your AML/CTF compliance officer must meet eligibility requirements, including being employed or engaged by your business at management level, and a resident of Australia if you provide designated services at or through a permanent establishment in Australia. Whether a person is at management level will depend on the nature of the business. For a smaller business this may be the business owner, a director or a person responsible for managing broader risks or operations. In a small Queensland agency with two or three agents, the licensed principal will almost always be the appropriate person to hold this role.
Your AML/CTF compliance officer does not need to be an employee. However, if you engage an external compliance officer they must have the authority, resources and expertise to perform the role. For agencies engaging external AML consultants, confirm in writing that the external officer has the authority to act and communicate on your behalf with AUSTRAC — this is a regulatory requirement, not a commercial nicety.
Notification Obligations
You must appoint an AML/CTF compliance officer within 28 days of providing designated services. You must also notify AUSTRAC within 14 days of the appointment using the enrolment form on AUSTRAC Online. Transitional rules provide some flexibility for newly regulated agencies. If you are a newly regulated business, you must notify AUSTRAC by the later of a prescribed date calculated from your enrolment. For example, if you enrolled with AUSTRAC on 29 July 2026, you would have until 12 August 2026 to notify AUSTRAC of your AML/CTF compliance officer.
Your AML/CTF compliance officer must report to your governing body at least once every 12 months. For sole traders, “governing body” effectively means the principal — document these internal reviews and keep the records. For companies, this means a formal annual report to the board or directors’ meeting, minuted and filed.
Building Your AML/CTF Program
Enrolment is just the first step. By 1 July 2026 you also need a completed risk assessment, a written AML/CTF program, and trained staff. The program is the centrepiece of your compliance obligations and must be completed before your obligations commence.
Under the reformed Act, you no longer need to separate your program into Part A and Part B. You can organise your AML/CTF program in a way that meets your needs, provided it meets the requirements of the Act. This is a deliberate simplification for the Tranche 2 intake. What the program must contain is:
- A documented ML/TF risk assessment
- AML/CTF policies that address the identified risks
- Customer due diligence (CDD) procedures
- Suspicious matter reporting procedures
- Staff training requirements
- Record-keeping obligations
- Governance arrangements, including the compliance officer’s role
AUSTRAC has released its AML/CTF Program Starter Kits to help industry prepare for upcoming compliance obligations. These are available on austrac.gov.au and provide a structured starting point. For most small Queensland agencies, the starter kit combined with your risk assessment is a practical foundation — but it must be tailored to your actual business, not filed untouched.
The Risk Assessment: A Template Approach for Small Queensland Agencies
The risk assessment is not a bureaucratic exercise — it is the analytical foundation for everything your AML/CTF program requires you to do. You must conduct a risk assessment to identify and assess your business’s money laundering, terrorism financing and proliferation financing risks. You must tailor your risk assessment methodology to the nature, size and complexity of your business.
AUSTRAC has published an ML/TF risk assessment framework quick guide specifically for real estate professionals, available as a PDF from austrac.gov.au. Use this as your primary reference document.
Four Dimensions Every Queensland Agency Must Assess
1. Customer risk. You should consider a range of factors when assessing customer risk when working with: customers with cash-intensive businesses, because this presents an opportunity to mix illicit physical cash with legal earnings; people who buy or sell for others, which can hide the buyer’s identity; remote buyers who have not personally inspected the property; and politically exposed persons (PEPs), because of their exposure to fraud, bribery, corruption and links to high-risk jurisdictions. You must always treat foreign PEPs as high-risk customers.
2. Transaction risk. Cash and real estate is identified as a very high ML/TF risk combination. It is highly unusual to use cash transactions to purchase real estate. For typical Queensland suburban sales involving standard bank finance, the transaction risk is lower. For prestige properties, off-market sales, or transactions involving overseas purchasers paying from non-Australian accounts, the risk profile increases materially.
3. Delivery channel risk. AUSTRAC expects you to consider whether your business uses methods that allow for remote customer self-service — when a customer obtains services without help from a staff member — or any third-party agents to deliver products or services to your customers. These are common ML/TF risk factors that are relevant to a wide range of delivery channels. For Queensland agents conducting online listing and remote auctions, this is a real consideration.
4. Geographic and jurisdictional risk. Agencies operating in markets with significant international buyer activity — southeast Queensland coastal markets, inner Brisbane prestige, and new development precincts — carry elevated exposure to foreign PEPs and high-risk jurisdiction customers. Your risk assessment must reflect the actual buyer profile of your market.
What Your Written Assessment Must Produce
Once you have assessed these dimensions, your risk assessment must map each risk category to a likelihood and impact rating, and link those ratings to the controls in your AML/CTF program. The risk assessment must be documented and reviewed regularly. A generic template that does not reflect your actual business is non-compliant. AUSTRAC audits operational practice. A risk assessment that reads identically to every other agency in Queensland, regardless of market or client mix, is the document of an agency that did not engage with the process.
Customer Due Diligence: What Queensland Agents Must Do at the Transaction Level
You must verify every client’s identity before providing a designated service, not after. For real estate agencies, “before providing a designated service” means before you commence marketing a property for a vendor, or before you begin acting for a buyer — not at the point of contract.
The standard CDD obligation requires you to collect and verify the customer’s full legal name, date of birth, and residential address using reliable and independent documentation. For companies and trusts, you must identify and verify the beneficial owners — the natural persons who ultimately control the entity. It is important to understand that assigning customer risk ratings in CDD involves determining customer risk on a case-by-case basis, which is different to the business-level ML/TF risk assessment.
Where your risk assessment or the circumstances of a transaction rate a customer as higher risk, enhanced due diligence (EDD) applies. EDD includes source of wealth and source of funds checks. If a customer refuses to provide identity documents, or if verification fails, your program must define what happens next, including whether this triggers a Suspicious Matter Report (SMR). As a general rule, you should not proceed with the designated service if CDD cannot be completed.
CDD is not a one-time check. You must monitor ongoing client relationships and update customer information when risk profiles change. For real estate, this typically means re-verifying customers at each new transaction, not assuming a previous check is still valid.
Suspicious Matter Reporting: Your Obligation Under Section 41
Agents will be required to lodge suspicious matter reports (SMRs) where they form a suspicion that a transaction may be connected to money laundering, terrorism financing, or other serious crime. The obligation under section 41 of the Act is triggered by suspicion — not proof. The threshold is reasonable grounds for suspicion, not certainty.
You are required to submit Suspicious Matter Reports (SMRs) within three business days of forming a suspicion, and threshold transaction reports where applicable. The Act protects you from liability when reporting in good faith, but failing to report carries significant penalties. For terrorism financing suspicions, the reporting window tightens to 24 hours.
Common red flags in Queensland real estate transactions include: customers who have a lifestyle or transactions inconsistent with what you know about their business and personal information; use large amounts of cash for the purchase and cannot explain its source; or have been subject to negative media reports connecting them to profit-generating criminal activity. Additional triggers include evasive source-of-funds answers, pressure to close quickly with cash-like payments, structuring across multiple accounts, purchases significantly above market value without reasonable explanation, or undisclosed third-party control.
One obligation that is absolute once you file an SMR: if you decide to stop providing designated services to a customer, you must not tell them you did this because of their suspicious activity or provide information that establishes you submitted an SMR. It is a criminal offence to share SMR details if it could reasonably prejudice an investigation. Brief every agent in your team on this point specifically. The tipping-off offence under section 123 of the Act carries significant criminal penalties.
Record-Keeping: The Seven-Year Rule
Transaction records, CDD documentation, and AML/CTF program materials must be retained for a minimum of seven years. This applies to identity documents collected, verification records, risk ratings assigned, SMRs lodged, screening results, and the AML/CTF program itself — including every version and revision.
You must retain records of customer identification, transactions, and your compliance programme for seven years. For Queensland agencies already maintaining client files under the Property Occupations Act 2014 (Qld) and REIQ trust accounting requirements, the AML/CTF record-keeping obligation adds a specific compliance layer — these records must be retrievable by AUSTRAC on demand and must demonstrate that your CDD procedures were actually followed, not just documented in a policy.
Store records in a system that allows efficient retrieval. AUSTRAC can conduct examinations and request records without notice. An agency that has a compliant program on paper but cannot produce the underlying client verification records is exposed.
Staff Training: An Ongoing Obligation, Not a One-Off
The AML/CTF Act requires that relevant employees receive AML/CTF training appropriate to their role. This is not satisfied by a principal completing a training module and filing the certificate. Every salesperson, property manager involved in sales processes, and administration staff member handling client identity documents must receive training proportionate to their duties.
Training must cover: the types of transactions and customer behaviours that might trigger an SMR; how to collect and handle CDD documentation; and what not to say to a client if the agency forms a suspicion. Document every training session — who attended, what was covered, when it was delivered. AUSTRAC has indicated it will take a risk-based, educative approach to compliance in the early transition period, but this does not mean obligations are optional. The expectation is that entities will have their AML/CTF programmes documented and their CDD procedures operational by the commencement date.
AUSTRAC’s e-learning modules at austrac.gov.au are freely available and sector-specific. Use them as baseline training, then supplement with office-based scenarios relevant to your market and client mix.
What This Means for Queensland Agents
The 29 July 2026 AUSTRAC enrolment deadline is not the endpoint — it is, at best, the last acceptable starting point. Your obligations under the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 commence on 1 July 2026, and every Queensland agency providing designated services must be enrolled, programmed, and operational from that date.
The practical priority sequence is clear. Enrol at online.austrac.gov.au now — the portal has been open since 31 March 2026 and the process takes roughly 15 to 20 minutes with the right information assembled. Once enrolled, appoint your AML/CTF compliance officer and notify AUSTRAC within the required timeframe. Complete your risk assessment using AUSTRAC’s real estate sector quick guide as a framework, tailoring it to your specific client mix, market, and transaction types. Build or adopt an AML/CTF program that reflects that risk assessment, train your team, and establish a CDD intake process that runs before — not after — you begin acting for a client.
Queensland agencies that treat this as a compliance event to be managed once and set aside are misreading the regime. Your AML/CTF program must be reviewed regularly, your risk assessment must be updated when your business changes, and your compliance officer must report to your governing body annually. This is an ongoing operational discipline. The agencies that build it properly from the outset — with systems, trained staff, and documented processes — will find it becomes part of normal practice. Those that paper over it will face the full weight of AUSTRAC’s enforcement powers, and the property sector’s high money laundering risk profile means that enforcement attention is not a remote possibility.
The REIQ’s AML/CTF resources at reiq.com and AUSTRAC’s reform hub at austrac.gov.au are the two authoritative sources for Queensland agents navigating this transition. Use both.