Published by The Learning Team | June 2026
There’s been a lot of noise about the new AML/CTF laws coming into effect on 1 July 2026, and with that a lot of conflicting information circulating in the industry about what agents actually need to do.
We’ve spent time going back to the source: the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) itself. Not the summaries. Not the industry rumours. The actual legislation.
Here’s what it says — clearly, practically, and without the jargon.
First Up: Are You Actually Captured?
Yes. If you are a real estate agent, buyer’s agent, or property developer involved in the purchase or transfer of real estate in Australia, you are now a reporting entity under the Act.
For buyer’s agents specifically, your obligation begins the moment a buyer engagement agreement is signed. That’s your trigger. From that point, you have legal obligations that didn’t exist before 1 July 2026.
The Non-Negotiables — What the Act Requires
These aren’t suggestions. These are legislated requirements with civil penalties of up to $33 million for serious breaches.
1. Enrol with AUSTRAC
If you haven’t already, this needs to happen immediately. The deadline is 29 July 2026 and no extensions are available. Enrolment is done through AUSTRAC Online and takes less than 30 minutes.
2. Appoint an AML/CTF Compliance Officer
You need a designated person at management level who is responsible for your compliance program. For most small agencies, that’s the principal or licensee. You must notify AUSTRAC of who this person is.
3. Complete an ML/TF Risk Assessment
This is a written document — not a mental note, not a one-liner — that identifies the specific money laundering and terrorism financing risks your business faces. It needs to assess:
- Who your customers are (individuals, SMSFs, overseas buyers, companies, trusts)
- What service you’re providing (buyer’s agent, seller’s agent, developer)
- How you engage clients (face-to-face, remote, phone)
- Where you operate (domestic, regional, international)
This document must be kept current and reviewed at least every three years — or sooner if your business changes materially.
4. Develop a Written AML/CTF Program
Your program must have two parts:
Part A is your compliance policy — the governance framework. Who’s responsible, what the rules are, how you respond to suspicious activity, how you keep records.
Part B is your Customer Identification Procedures — the step-by-step operational guide your staff actually use when onboarding a client. This is where the rubber meets the road.
Both parts must be written documents. A verbal understanding between staff doesn’t count.
The Question Everyone Is Asking: How Much Information Do You Actually Need to Collect?
This is where the debate in the industry is happening, it’s worth addressing head-on, because there’s real confusion out there.
The short answer: it depends on the risk.
The Act uses a risk-based approach. There is no single universal checklist. The amount of information you need to collect is proportionate to the ML/TF risk of each client and transaction.
Here’s what that looks like in practice:
| Customer Type | Minimum Requirements |
|---|---|
| Australian resident individual, mortgage finance, standard transaction | Full name, DOB, residential address, ID verified against independent source, PEP/sanctions screen, source of funds |
| SMSF buyer | All of the above for every trustee + member identification + trust deed extract + beneficial ownership confirmation |
| Company or trust buyer | Entity details + all director/trustee identification + beneficial owner verification (anyone owning 25%+) |
| Any customer with large cash component | All standard requirements + documented source of funds + source of wealth (if high risk) |
| Politically Exposed Person (PEP) | All standard requirements + Enhanced Due Diligence + senior management approval before proceeding |
One thing is absolutely clear: self-declaration alone — a customer simply stating who they are — does not satisfy the verification requirement. You must verify identity using reliable and independent sources.
What About the Vendor? Do You Need to ID the Seller Too?
Yes — and this surprises a lot of agents.
Once a sales contract is signed, both the buyer and the vendor become your customers under the Act. That applies even when you’re a buyer’s agent acting only for the purchaser.
The practical relief is that:
- You can delay vendor CDD until the contract is signed (not required at the engagement stage)
- If the vendor is uncooperative, you are taken to have complied if you document every reasonable step you took to obtain the information
But “we couldn’t get it” without any documentation to back that up is not a defence. How you go about this needs to be part of your written program. You might do this through a shared solicitor or AML online program. Or you might do it manually.
Remote Clients and Phone Enquiries
If you engage clients remotely — by phone, video call, or email — you face higher identity risk because you can’t sight documents in person. This doesn’t mean you can’t work with remote clients. It means you need a process.
For remote clients, you should use a digital identity verification platform. Products like GreenID, Frankie One, and others can verify identity electronically to a standard that satisfies the Act. A scanned copy of a driver’s licence sent via email is not sufficient on its own.
Phone-only engagement without any visual contact is your highest-risk channel and should trigger additional steps — ideally a video call at minimum.
Suspicious Matter Reports — The 24-Hour and 3-Day Rules
If you have reasonable grounds to suspect that a client or transaction may be connected to money laundering, terrorism financing, or serious criminal conduct, you must lodge a Suspicious Matter Report (SMR) with AUSTRAC.
The timeframes are mandatory:
- Terrorism financing suspicion: within 24 hours
- All other suspicious matters: within 3 business days
The clock starts when suspicion is formed — not when the transaction completes, not when your CDD is finished.
Common red flags to watch for:
- Client reluctant to provide identity documents
- Unexplained cash component or inconsistency between stated income and purchase ability
- Request to put property in someone else’s name without clear reason
- Unusual urgency to complete without explanation
- Purchase price significantly above or below market value
The Tipping Off Rule — This One Catches People Out
Once you lodge an SMR, you are prohibited by law from telling anyone — including the client — that a report has been made. This is called tipping off, and it carries a maximum penalty of 2 years imprisonment.
If you suspect something and are considering an SMR, act normally with the client. Do not hint at your concerns. Do not ask leading questions that could alert them. Simply lodge the report and maintain your usual professional conduct.
Records — 7 Years, No Exceptions
Every CDD record you create must be retained for a minimum of 7 years. This includes:
- All identity documents and verification results
- Risk assessments
- SMR records (whether or not a report was lodged)
- Training records
- Your AML/CTF Program itself and all previous versions
AUSTRAC has the right to request these records at any time. “We didn’t keep them” is not an answer.
So Where Does This Leave Most Queensland Agents?
The majority of Queensland residential agents — working with local buyers, standard mortgage finance, and typical owner-occupier or investment transactions — are dealing with relatively low inherent risk. With the right systems in place, your residual risk is manageable and your compliance obligations are achievable.
The challenge isn’t complexity. It’s getting it done before you need it.
The agencies that will struggle are those that:
- Haven’t enrolled with AUSTRAC
- Don’t have written procedures their staff can actually follow
- Haven’t trained their team on what to look for and how to escalate
The Learning Team | RTO 46386 | Queensland
This article is for general educational purposes and reflects the AML/CTF Act 2006 (Cth) as at June 2026. It does not constitute legal advice. For specific compliance advice, consult a qualified legal practitioner or contact AUSTRAC directly at austrac.gov.au.