Building an AML/CTF Program for a Queensland Real Estate Agency: What the Law Requires
From 1 July 2026, every Queensland real estate agent brokering a property sale — whether a suburban house in Capalaba or a commercial building on the Gold Coast — becomes a reporting entity under federal law. If your agency does not have a documented, operational AML/CTF program in place by that date, you cannot lawfully provide those services.
This is not an aspiration or a best-practice guideline. If you are providing any designated services from 1 July 2026, you must comply with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (the Act) and the AML/CTF Rules from that date. For Queensland agencies that have operated without this framework for their entire careers, the shift is significant. Understanding exactly what the law requires — and what an adequate program actually contains — is where to start.
Why Real Estate Is Now in Scope
Australia’s AML/CTF regime has regulated banks, financial services providers, and the gambling sector since 2008. Real estate was always identified as a high-risk sector but remained outside the mandatory compliance net — until late 2024. The AML/CTF Amendment Bill 2024 passed by Parliament aims to strengthen the existing AML/CTF framework and meet international standards set by the Financial Action Task Force (FATF).
Criminals buy real estate as a way of laundering or concealing illicit funds because it allows for the movement of a large amount of funds in a single transaction. Laundering illicit funds through real estate not only allows criminals to conceal and enjoy the proceeds of their crimes, but also poses a risk that property prices may be artificially inflated, creating hardship for genuine buyers seeking affordable housing.
The reforms expand AML/CTF compliance to high-risk professions like lawyers, conveyancers, accountants, real estate professionals, and precious stone dealers — known collectively as the ‘Tranche 2’ reforms. For Queensland agents, this means the compliance obligations that banks have carried for nearly two decades are now arriving at your front door. The practical question is how to build a program that is genuinely compliant, not merely a document that sits in a drawer.
What Services Trigger the Obligation
Before building your program, confirm that your agency actually provides a designated service under the Act. Not every property-related activity is caught.
The services offered by the real estate industry that will be included as designated services under the AML/CTF Act include: engaging in activity that involves the transfer of a beneficial interest in land or other real property; managing client funds (other than sums paid as fees for professional services) or other assets; or engaging in or giving instructions on behalf of a customer to another person for any conveyancing to affect the grant, sale, purchase or other disposal of real estate.
In practical terms, activities that will generally be a designated service include brokering conducted by seller’s agents and buyer’s agents. Property managers who handle trust accounts may also be captured depending on the nature of the funds managed.
It is equally important to understand what is excluded. General or hypothetical advice (such as discussing the pros and cons of property ownership before a client decides to buy), simple referrals to third parties, or transactions involving short-term leases or court-ordered transfers are not designated services. Similarly, incidental sales of real estate by a business and private sales of residential property are not captured under these designated services.
One critical point for agents working both sides of a transaction: when a real estate agent acts for the seller and brokers the successful sale of a house, their customer is both the buyer and the seller — meaning the agent has AML/CTF obligations in relation to both parties. This is a significant operational implication that shapes how CDD is conducted and documented.
The Structure of a Compliant AML/CTF Program
You will need to have an AML/CTF program in place. This is not simply a policy document, but a framework that must be applied in day-to-day operations.
The legislation structures a program around two distinct parts. The program must have two parts: Part A — the processes and procedures your business will adopt in order to identify, mitigate and manage AML/CTF risks that your business may encounter; and Part B — procedures to identify customers and beneficial owners including politically exposed persons (PEPs) and verify their identities.
Your program must be documented and approved by a senior manager of your business. It must be kept up to date, including to reflect significant changes to your business and relevant ML/TF risk products released by AUSTRAC. It must also be independently evaluated at least once every three years.
Part A: Risk Assessment and Internal Controls
Your AML/CTF program starts with a risk assessment. You need to understand where and how your agency could be exploited for money laundering or terrorism financing.
The risk assessment is not a generic exercise. Your AML/CTF program must reflect the size, nature and complexity of your business, and the risks it faces. A boutique buyers’ agency in Brisbane primarily serving owner-occupiers presents a materially different risk profile from an agency running a high-volume off-the-plan sales operation with regular overseas buyers. The written risk assessment must reflect that difference honestly.
Your written policies must cover how your agency will reduce ML/TF risks. This includes your internal controls, your escalation procedures, how compliance information flows to those responsible for oversight, and how suspicious matters are handled without alerting the subject. Your AML/CTF policies must stop staff or contractors from warning customers that a suspicious matter report might be, or has been, lodged. That prohibition — known as the tipping-off rule — carries serious consequences if breached, and every staff member who deals with clients must understand it.
Part A also addresses your governance structure. Your AML/CTF governance structure must clearly identify three roles: the governing body, which has primary responsibility for governance and executive decisions and oversees compliance at the highest level; senior manager or managers, who approve AML/CTF programs and compliance decisions; and the AML/CTF compliance officer, who manages day-to-day AML/CTF compliance and ensures policies and procedures are implemented.
These roles are usually held by different people, but in smaller businesses, one person may hold multiple governance responsibilities. For most Queensland small-to-medium agencies, the principal will carry both the senior manager and governing body roles. The AML/CTF compliance officer (AMLCO) role can be held by the principal, a senior property manager, or a qualified operations manager — but the AMLCO must be fit and proper, meaning they have the right skills, integrity, and no disqualifying history such as bankruptcy, serious convictions, or regulatory bans. For agencies, this is usually a principal, director, or senior manager with trust account expertise.
The AMLCO carries ongoing reporting obligations. Your AMLCO must provide at least annual reports to the governing body on whether policies are being followed, whether risks are being managed effectively, and whether the agency is complying with the law.
Part B: Customer Due Diligence
Part B governs how you identify and verify the people you deal with. This is where the day-to-day operational impact will be felt most acutely.
Initial CDD requires verifying a client before acting. For example, a client engages your agency to purchase a property — you must collect and verify their identification. If the buyer pays cash or uses funds from a foreign account, you must also check the source of those funds.
The AML/CTF regime is risk-based, which means not all transactions are treated the same way. The level of due diligence required will depend on the risk level identified — which means you will need to make judgement calls and ensure staff understand when additional checks are required.
Ongoing CDD means that verification is not a one-time event. Ongoing CDD requires re-checking if circumstances change. For example, if a long-term landlord suddenly requests that rent be paid into an offshore account, you must re-verify ownership and confirm the source of funds.
Where a customer is identified as a politically exposed person (PEP), enhanced due diligence applies. A PEP is defined in the Act, but the AML/CTF Rules list the Australian roles that count, including judges, senior defence officers, heads of government departments, and party executives. Overseas PEPs present higher risk by nature, and your program must document how that risk is managed.
Timing matters significantly in real estate transactions. A selling agent starts providing a designated service to the buyer or transferee when it is reasonably expected that the transaction will proceed — typically when the buyer’s offer has been accepted and the contract to buy or transfer ownership of the real estate is signed.
For auctions, a specific carve-out exists. When real estate is sold at auction, it is possible for a buyer to only be known after the fall of the hammer. You can delay initial CDD where completing initial CDD would disrupt the ordinary course of business. Delayed CDD for property transactions must be completed within 15 calendar days or before settlement, whichever is earlier.
There is also a reliance arrangement pathway that has significant practical value. Real estate-specific rules allow you to verify IDs before settlement. You can rely on another reporting entity to complete verification within 15 days of contract exchange if there is a proper reliance arrangement in place. This means, in practice, that an agency can confirm a buyer’s identity and risk-rate them, then rely on the buyer’s lawyer to complete verification within 15 days under a written arrangement. Reliance arrangements must be documented formally — a verbal understanding does not satisfy the requirement.
Enrolment: The First Mandatory Step
Before your program can operate, your agency must be enrolled with AUSTRAC. From 31 March 2026, real estate agencies that provide designated services such as handling property sales or managing trust accounts must enrol with AUSTRAC as reporting entities. Enrolment is a legal requirement under Australia’s expanded AML/CTF regime and agencies cannot provide these services without it.
The enrolment process confirms your agency’s structure, ownership, and the services you provide, giving AUSTRAC visibility over who controls client money and how risks are managed. Queensland agencies with multiple offices, trust accounts, or cross-border dealings should commence this process early given the complexity involved.
Reporting Obligations
Building the program is one obligation. Operating it generates ongoing reporting requirements that run throughout the life of every transaction.
For agencies, the three most common reports will be: Suspicious Matter Reports (SMRs) — when something about a customer or transaction does not feel right; and Threshold Transaction Reports (TTRs) — whenever someone pays $10,000 or more in cash or cash equivalents, even if nothing looks suspicious. Agencies are also required to submit an annual AML/CTF compliance report to AUSTRAC.
You must submit a TTR whenever your agency receives cash or equivalent of AUD $10,000 or more in a single transaction — even if the transaction seems entirely legitimate. This is not a discretionary call. The obligation is triggered by the threshold amount, not by the agent’s suspicion.
Where there are reasonable grounds to suspect that a transaction may involve criminal activity or terrorism financing, a report must be made to AUSTRAC. This obligation applies even if the transaction is not completed. An agent who identifies a red flag and then watches a deal fall over still has a reporting obligation if the suspicion arose.
Your AML/CTF policies must ensure reports to AUSTRAC are accurate, complete, and untampered with. Maintaining a clear internal trail from the initial suspicion through to the lodged report is both a compliance requirement and the practical protection for your agency if AUSTRAC ever reviews your records.
Record-Keeping Requirements
Agencies must keep secure and detailed records of client identification, transactions, and due diligence activities for a minimum of seven years. This covers not just completed transactions but due diligence conducted on transactions that did not proceed — including instances where a matter was abandoned because of a suspicious circumstance.
You will also be expected to monitor transactions throughout their lifecycle. This includes identifying changes in ownership structures, unusual payment patterns, or situations where new information raises questions about the original risk assessment. For agencies managing off-the-plan contracts or staged-payment arrangements, this ongoing monitoring obligation continues well past the initial CDD event.
Staff Training Is a Legal Requirement
A well-drafted AML/CTF program that no one in the agency has read or understands fails the legal test. Preparing your personnel is critical to help you meet your AML/CTF obligations. Personnel due diligence and training ensure the people performing AML/CTF functions in your business have the right skills, knowledge and integrity to meet your obligations and manage risk.
You must conduct personnel due diligence — assessing the skills, knowledge, expertise and integrity of personnel you employ or engage to conduct AML/CTF functions — and provide AML/CTF training so that personnel understand your obligations and know how to follow your policies, procedures and systems, enabling them to identify, manage and mitigate ML/TF risks.
Training is not a one-off induction exercise. It must be refreshed when legislation changes, when AUSTRAC releases new risk indicators, or when your own risk assessment is updated. The frequency and content of training must be documented in your program and evidenced by records you retain.
Franchise Networks and Reporting Groups
For agencies operating within a franchise network — a significant proportion of Queensland’s residential real estate market — there is an important structural option available.
One of the key changes is the introduction of reporting groups — a framework that allows multiple agencies to share a single AML/CTF program under the direction of a nominated lead entity. For the real estate sector, reporting groups are designed to streamline compliance by reducing duplication, centralising expertise, and creating consistency across connected offices or franchise networks.
Two types of reporting groups are relevant to Queensland franchisees. A business group applies to agencies already linked by ownership or control — for example, a franchisor with multiple company-owned offices. An election group applies to independent agencies that are not owned by the franchisor but trade under its brand — for example, franchisee offices agreeing to follow the franchisor’s AML/CTF program, with the franchisor as the lead entity.
The trade-off is real. Reporting groups affect day-to-day practice, not just governance: the lead entity designs and maintains the AML/CTF program for all members, verification and training requirements must be standardised, and failures in one office expose the group.
Franchisees should not assume their franchisor is automatically building a compliant program on their behalf. Confirm in writing that a reporting group arrangement has been established, understand what obligations remain at the individual office level, and satisfy yourself that the lead entity’s program meets the standard. AUSTRAC must be notified of membership changes. If your office joins or exits a reporting group, that movement must be formally recorded.
The Consequences of Non-Compliance
Some Queensland agents may be tempted to treat this as another compliance exercise that can be addressed after 1 July 2026 if AUSTRAC’s attention appears to be directed elsewhere. That would be a serious misjudgement.
If you do not meet your obligations under AML/CTF law, AUSTRAC can take steps to enforce compliance and apply significant penalties — up to $6,600,000 for individuals and $33,000,000 for a body corporate. These are not theoretical ceilings. In 2024, a penalty of $67 million was awarded against SkyCity Adelaide for non-compliance with AML/CTF obligations. Civil penalties can be imposed against individuals — not just the company — meaning a principal or AMLCO can be personally liable.
Other enforcement action can include enforceable undertakings, infringement notices, and remedial directions. Even where no transaction involves actual money laundering, the failure to have a compliant program, maintain adequate records, or lodge required reports is itself an offence under the Act.
The AUSTRAC Starter Kit: Who It Is For
AUSTRAC has published a real estate program starter kit specifically designed to assist smaller agencies in customising a compliant AML/CTF program. The real estate program starter kit helps small real estate and buyer’s agencies customise, use and maintain an AML/CTF program. From 1 July 2026, real estate and buyer’s agents must have an AML/CTF program in place before they broker the purchase, sale or transfer of real estate.
The starter kit is not a universal solution. It was designed for businesses that only provide one designated service — brokering the purchase, sale or transfer of real estate — have 15 or fewer personnel including administrative staff, most commonly deal with individual Australian resident customers, do not regularly deal with high-risk customers, and do not broker overseas property.
Large businesses are highly likely to face different and more complex ML/TF risks than those addressed by the starter kit, and will generally require stronger or additional controls. Your AML/CTF program must reflect the size, nature and complexity of your business and the risks it faces.
If your agency handles overseas buyers regularly, operates across multiple offices, manages trust accounts for investors, or works frequently with corporate entities, the starter kit is a starting point at best. A tailored program built around your actual risk profile is the correct approach.
What This Means for Queensland Agents
The deadline is fixed. From 1 July 2026, real estate and buyer’s agents must have an AML/CTF program in place before they broker the purchase, sale or transfer of real estate. Queensland agents who have not yet begun should prioritise five actions immediately.
First, confirm whether your services are designated services under the Act — the AUSTRAC online tool at austrac.gov.au allows you to check this directly. Second, determine your enrolment pathway: individual agency, or part of a reporting group. Enrolment opens 31 March 2026 and cannot be completed earlier. Third, appoint your AMLCO now — the person needs time to understand the role, not just to be named. Fourth, complete your risk assessment before you draft your policies; the policies must flow from the assessment, not the other way around. Fifth, build your staff training program and document it.
For franchise principals, confirm in writing with your franchisor whether a compliant reporting group program is being built centrally. Do not assume. The obligation is ultimately yours, and AUSTRAC will assess your agency individually if the group arrangement does not meet the standard.
The AML/CTF program requirements represent a material change to how Queensland real estate agencies operate. Agents who engage with this early — building programs that actually reflect their risk environment, training their staff properly, and embedding CDD into their transaction process — will find the compliance burden manageable. Those who treat it as a box-ticking exercise are accepting significant personal and corporate risk.