AML/CTF Rules 2025: AML/CTF programs for real estate sector

Disclaimer: The content on this website is general and is not legal advice. Before you make a decision or take a particular action based on the content on this website, you should check its accuracy, completeness, currency and relevance for your purposes. You may wish to seek independent professional advice.

Understanding AML/CTF Rules 2025 Part 5: AML/CTF programs, and what it means for the real estate sector

AML/CTF compliance is becoming mandatory for Australian real estate sector from July 2026. To build a compliant program, you’ll need to understand key terms like ML/TF risk, KYC, PEPs and source of funds. This guide explains the essential concepts and obligations so your firm can meet AUSTRAC’s requirements, strengthen governance and reduce risk.

Useful terms

• ML/TF risk: the risk your agency could be used for money laundering or terrorism financing.
• KYC information: the identity and verification checks you must collect on buyers, sellers, landlords, and tenants.
• Source of wealth (SoW) and source of funds (SoF): where a client’s money or wealth comes from.
• Politically exposed person (PEP): a high-profile public official, in Australia or overseas.
• Designated services: the regulated services under the Act, such as selling or buying real estate, or running trust accounts.
• Governing body: the individual or group in your business responsible for AML/CTF oversight.
• Independent evaluation report: a written review of your AML/CTF program by an external expert.

Risk assessments (Division 1)

Your AML/CTF program starts with a risk assessment. You need to understand where and how your agency could be exploited for ML/TF.

If an independent review finds problems with your risk assessment, you must fix them promptly – your governing body (internal oversight group) is responsible for ensuring this happens.

Policies for managing ML/TF risks (Division 2)

Your written policies must cover how your agency will reduce ML/TF risks. This includes:

1. Customer due diligence (CDD)

You need clear rules for:

• Initial CDD: verifying a client before acting.
  Example: A client engages your agency to purchase a property → collect and verify their ID. If the buyer pays cash or uses funds from a foreign account → also check the source of those funds.
• Ongoing CDD: re-checking if circumstances change.
  Example: A long-term landlord suddenly requests rent be paid into an offshore account → re-verify ownership and confirm the source of funds.

2. Targeted financial sanctions

Your policies must make sure that, when providing designated services, you:

• do not give money or assets to any individual or entity on a sanctions list
• do not use or handle assets that belong to or are controlled by any individual or entity on a sanctions list

3. Updating policies

If an independent review shows gaps, your policies must explain how you will update them.

4. Senior manager approval

Certain high-risk situations need senior manager (likely the Principal, Director, or CEO) approval before proceeding, such as:

• Acting for a foreign PEP.
  Special case example: A Brisbane agency helps market property in Fiji through its local franchise office. A client who is a Fijian cabinet minister (a PEP in Fiji) is using the Fiji office directly. In this case, the client is treated as a domestic PEP for that office, but senior manager approval is still required if the risk is high.
• Acting for a domestic or international PEP who poses a high ML/TF risk.
• Using “nested services”.
  Example: An agency holds client deposits in its trust account but needs to remit funds to an overseas vendor after settlement. Instead of transferring directly through an Australian bank, the agency uses a payment platform that relies on an international remittance provider, which in turn clears through a global bank. Because the transaction passes through multiple layers (agency → payment platform → remittance provider → global bank), this is a nested service arrangement and requires senior manager approval before the funds are released.
• Relying on another party’s KYC checks.

AML/CTF policies related to governance and compliance, management (Division 3)

Reporting to the governing body (i.e. your internal oversight individual or group)

Your policies must set out how AML/CTF information flows up to your governing body.

Reports from the AMLCO

Your AMLCO must provide at least annual reports on:

• Whether policies are being followed.
• Whether risks are being managed effectively.
• Whether the agency is complying with the law.

Personnel due diligence

Staff working on AML must be checked for skills, honesty, and integrity – both when hired and during their employment.

Training

Staff must receive tailored AML training.

• Example: An agent should understand why a buyer using multiple third-party accounts for deposits is a red flag
• Example: A director must understand when to escalate if a repeat buyer suddenly starts using funds from a high-risk jurisdiction, even if they’ve previously been a low-risk client.

Independent evaluations

Every AML/CTF program must be independently reviewed at least every three years. The evaluator will test whether your policies are adequate, whether your agency is following them and whether risks are being managed properly.

Quality of reports

Your AML/CTF policies must ensure reports to AUSTRAC are accurate, complete, and untampered with. This includes:

• Suspicious matter reports (SMRs)
• Threshold transaction reports (TTRs)
• International value transfer reports
• Your AML/CTF policies must give you time and processes to review information that could trigger a suspicious matter report (SMR).

Your AML/CTF policies must stop staff or contractors from warning customers that an SMR might be, or has been, lodged.

AML Compliance Officers (AMLCOs) (Division 4)

Your AMLCO must be fit and proper. This means they have the right skills, integrity, and no disqualifying history (e.g. bankruptcy, serious convictions, regulatory bans). For agencies, this is usually a Principal, Director, or senior manager with trust account expertise.

AML program documentation (Division 5)

Your AML/CTF program must be written down. including risk assessments and policies,  before you start offering designated services. Updates must be documented within 14 days.

Policies related to lead entities (in reporting groups) (Division 6)

If your agency is part of a reporting group (for example, a national franchise network), the lead entity must keep accurate and updated membership records.

Real estate transactions (Division 8)

For property sales or trust account transactions, you must ensure your AML/CTF policies explain how you will verify your customer’s identity before settlement.

Exception – reliance clause

In some cases, your agency can rely on another reporting entity (like another franchisor, or conveyancer) to complete customer verification. But it must be covered by a written agreement, done within 15 days of contract exchange (or settlement, whichever comes first), and your agency still carries ultimate responsibility.

What doesn’t apply (Division 7)

Rules for “transfers of value” (like banks processing payments) generally don’t apply to real estate agencies. The only time they might is if you step into financial services territory (e.g. moving money through fintech platforms). In that case, extra approval processes apply.

Why this matters for real estate

Property is a well-known channel for laundering illicit funds. Agencies will be on the front line. A strong AML/CTF program protects your business, keeps trust accounts compliant, and reassures regulators you’re not being used to clean dirty money.