AML Compliance for Real Estate Agents: What Tranche 2 Means and How to Prepare
In 92 days, real estate AML compliance automation becomes non-negotiable for every agency in Australia. On 1 July 2026, the Anti-Money Laundering and Counter-Terrorism Financing Act extends to real estate agents, buyer’s agents, property developers, and conveyancers — and the penalties for non-compliance are severe. Up to $2.2 million per breach for a body corporate. Up to 10 years imprisonment for individuals. Strict liability, meaning ignorance is not a defence.
This isn’t a distant regulatory change you can worry about next quarter. AUSTRAC enrolment opened yesterday — 31 March 2026. The clock is running.
This guide covers what Tranche 2 actually requires, what it means for your day-to-day operations, and how to build systems that make compliance manageable. No legal jargon where plain English will do. No fearmongering — just the practical reality of what’s coming and what to do about it.
What You’ll Find in This Guide
- What Is AML/CTF Tranche 2? (The Plain English Version)
- Who’s Covered — and Who’s Not
- The 8 Core Obligations Explained
- Key Dates: Your Compliance Timeline
- The Admin Reality: What This Means Day-to-Day
- Where Systematic Workflows Fit
- Practical Workflow Example: Vendor Onboarding with AML/CTF
- A Note on Technology: CRM Integration and Screening Tools
- The Penalty Section: Why This Can’t Be Ignored
- What to Do This Week
- The Bottom Line
What Is AML/CTF Tranche 2? (The Plain English Version)
Australia’s Anti-Money Laundering and Counter-Terrorism Financing Act 2006 has always covered banks, financial advisers, casinos, and remittance dealers — the “Tranche 1” industries. For nearly two decades, real estate was carved out. That carve-out is over.
Tranche 2 extends the same AML/CTF obligations to “gatekeeper” professions — industries that handle large transactions and could, knowingly or unknowingly, be used to launder money. Real estate is the biggest of these.
The reason is straightforward. Australia’s property market handles hundreds of billions of dollars in transactions each year. Without AML controls, it’s a gap in the system — and one that international bodies have been pointing at for a long time. Australia was one of the few members of the Financial Action Task Force (FATF) that hadn’t extended AML rules to real estate. That gap closed when the legislation passed in late 2024 after over a decade of consultation.
In practice, Tranche 2 means that if your agency facilitates the buying or selling of property, you now have legal obligations to:
- Verify who your clients are (customer due diligence)
- Assess the money laundering and terrorism financing risks in your business
- Report suspicious activity to AUSTRAC
- Keep records for a minimum of 7 years
- Train your team on AML/CTF procedures
If those obligations sound similar to what banks already do — they are. The core framework is the same. The implementation details are adapted for real estate, but the expectations are serious.
Who’s Covered — and Who’s Not
This is where clarity matters. The legislation is specific about which roles fall under Tranche 2 and which don’t.
| Covered by Tranche 2 | NOT Covered |
|---|---|
| Real estate agents (sales) | Property managers (rental only) |
| Buyer’s agents | Valuers and appraisers |
| Property developers | Support staff not involved in transactions |
| Conveyancers | |
| Legal practitioners acting in real estate transactions |
The key distinction: if your role involves facilitating the transfer of ownership of real property, you’re covered. If you’re only managing rental properties, you’re not — at least not under this tranche.
For agencies that do both sales and property management, only the sales side triggers Tranche 2 obligations. But here’s the practical reality: if your team handles both, your systems and training need to be agency-wide. You can’t have half your office trained on AML procedures and half not — especially when staff move between roles. If your property management side is already stretched, our property management automation guide covers ways to free up capacity before Tranche 2 hits.
The 8 Core Obligations Explained
AUSTRAC has set out eight core obligations for Tranche 2 reporting entities. Here’s what each one means in practical terms for a real estate agency.
1. Enrol with AUSTRAC
Every reporting entity must register with AUSTRAC — think of it as getting your ABN, but for AML compliance. Complete the enrolment through AUSTRAC’s online portal. Enrolment opened 31 March 2026 and must be completed by 29 July 2026. Expect 30-60 minutes to gather business information and complete the form.
2. Appoint an AML/CTF Compliance Officer
Your agency must designate a senior person as Compliance Officer — responsible for overseeing the program, acting as AUSTRAC’s point of contact, and ensuring the agency meets its obligations. For an agency of 5-20 people, the principal is the logical choice. This doesn’t mean hiring someone new — but it does mean someone specific is accountable, and they need to understand the obligations well enough to oversee them. The appointment must be documented.
3. Conduct an ML/TF Risk Assessment
What it means: You must identify and assess the money laundering and terrorism financing (ML/TF) risks specific to your business. This isn’t a tick-box exercise — it needs to be genuine and tailored to how your agency actually operates.
AUSTRAC requires you to assess risk across 5 dimensions:
- Customer types — Who are your typical clients? Do you deal with domestic buyers only, or international purchasers? Trusts? Companies? Self-managed super funds?
- Services — What services do you provide? Residential sales? Commercial? Development projects? Off-the-plan?
- Geography — Where do you operate? Are your clients local, interstate, or international? Do you deal with jurisdictions that carry higher ML/TF risk?
- Delivery channels — How do you interact with clients? Face-to-face only, or also remotely? Online transactions?
- Transaction patterns — What’s normal for your business? Cash transactions? Large deposits? Multiple properties?
What you need to do: Document your risk assessment. Be honest about where the risks sit. A rural agency selling $400K homes to local families has a different risk profile than a CBD agency handling $10M+ transactions for international buyers through corporate structures.
4. Develop and Maintain an AML/CTF Program
What it means: Based on your risk assessment, you need a written AML/CTF program. This is your playbook — it sets out your policies and procedures for meeting each of your obligations.
What you need to do: Create a written program that covers:
- Your CDD procedures (how you verify client identity)
- Your transaction monitoring approach
- How you handle suspicious matters
- Record-keeping procedures
- Staff training requirements
- How and when the program is reviewed
Practical note: The program must be risk-based — meaning it should be proportionate to the risks you identified in your assessment. A small agency in regional Australia doesn’t need the same program as a large commercial firm in Sydney’s CBD. But every agency needs something documented and current.
5. Customer Due Diligence (CDD)
What it means: Before providing a designated service (facilitating a property transaction), you must verify the identity of your client. This is the obligation that will most directly affect your daily workflows.
CDD operates in three tiers:
| Tier | When to Apply | What’s Required |
|---|---|---|
| Simplified CDD | Low-risk situations (e.g., long-standing client, well-known in community, low-value transaction) | Basic identity verification — name, address, date of birth. Can use simplified methods. |
| Standard CDD | Most transactions — this is your default | Full identity verification using reliable, independent documents. For individuals: government-issued photo ID + secondary document. For companies: company extract + beneficial ownership identification. |
| Enhanced CDD | Higher-risk situations (e.g., international buyer, complex ownership structure, politically exposed person, unusual transaction pattern) | Everything in standard CDD, plus additional verification. Source of funds enquiry. Senior management sign-off. Ongoing monitoring. |
What this looks like in practice: When a vendor signs an agency agreement, you’ll need to verify their identity before the transaction proceeds. When a buyer makes an offer, the selling agent needs to ensure CDD has been completed. This applies to every transaction, every time.
For most residential sales to Australian individuals, standard CDD will apply. You’ll need to sight and record government-issued photo identification and verify it against a secondary source.
6. Suspicious Matter Reporting (SMR)
What it means: If you form a suspicion — or have reasonable grounds to suspect — that a transaction or client is linked to money laundering or terrorism financing, you must report it to AUSTRAC. This is not optional.
Timeframes are strict:
- Terrorism-related: Report within 24 hours
- All other suspicious matters: Report within 3 business days
What triggers a report: This could be anything from a client who is evasive about their identity, to a transaction that doesn’t match the client’s known profile, to a buyer who wants to pay an unusually large cash deposit, to instructions from third parties without clear connection to the transaction.
Critical point: You don’t need to prove that money laundering is occurring. You only need to have a suspicion on reasonable grounds. And you must not tip off the client — telling someone they’ve been reported (or are about to be) is a criminal offence.
7. Record Keeping
What it means: You must keep records of all CDD documents, transaction records, SMR records, training records, risk assessments, and AML/CTF program versions for a minimum of 7 years.
Practical note: Most agencies already keep transaction files for several years. The difference is the scope — CDD documentation, training logs, and compliance records must now be retained alongside your usual transaction files. Seven years is a firm minimum, not a suggestion.
8. Staff Training
Every person who provides a designated service or is involved in compliance must receive AML/CTF training — role-specific, documented, and refreshed annually. Deliver initial training before 1 July 2026. Document who was trained, when, and on what. Update training when your program changes.
Generic online compliance modules won’t cut it. Training must cover your specific procedures and include real-world examples relevant to real estate. If your agents can’t recognise the red flags specific to property transactions, the training hasn’t worked.
Key Dates: Your Compliance Timeline
| Date | What Happens |
|---|---|
| Late 2024 | Legislation passed after a decade of consultation |
| 31 March 2026 | AUSTRAC enrolment portal opens |
| 1 July 2026 | All obligations commence — you must be compliant |
| 29 July 2026 | Deadline to complete AUSTRAC enrolment |
The gap between obligations commencing (1 July) and the enrolment deadline (29 July) is worth noting — you have a short grace period to complete the enrolment form, but you must be operationally compliant from day one. Don’t confuse the enrolment deadline with the compliance deadline. They’re different.
The Admin Reality: What This Means Day-to-Day
Let’s move past the regulatory language and talk about what Tranche 2 actually looks like inside an agency on a Tuesday afternoon.
Before every listing
When a vendor signs an agency agreement, you’ll need to:
- Collect and verify their identity documents (photo ID + secondary verification)
- Assess the appropriate CDD tier (simplified, standard, or enhanced)
- Record the verification in your compliance system
- If the vendor is a company or trust, identify beneficial owners
- If anything triggers a higher risk assessment, escalate to enhanced CDD
For a straightforward residential vendor — an Australian individual selling their home — this adds 15-20 minutes to the listing process. For complex ownership structures, international sellers, or transactions involving trusts, it could take significantly longer.
Beyond the listing appointment
Throughout every transaction, you’ll need to monitor for suspicious indicators — evasive clients, unexplained changes to settlement arrangements, third-party instructions without clear connection. Alongside that, the ongoing compliance machinery: maintaining CDD records for 7 years, tracking training, reviewing your risk assessment annually, and filing suspicious matter reports within strict timeframes.
The volume problem
Here’s where it gets real. A mid-sized agency handling 100 transactions per year needs to conduct CDD on every vendor. If even 20% involve companies, trusts, or other complex structures, that’s 20 enhanced or detailed CDD processes — each requiring beneficial ownership identification, potentially source of funds enquiries, and senior sign-off.
Add to that: annual training for a team of 10-15 people, documented and logged. Quarterly risk assessment reviews. Record retention systems that need to hold documents for 7 years — across staff turnover, CRM changes, and office moves.
This is not a small administrative burden. For agencies already stretched thin on admin — and if you’ve read our breakdown of how agents spend 10+ hours per week on admin, you know most are — Tranche 2 adds a meaningful layer of work. When agents are already burning out from admin overload, piling compliance on top without the right systems makes the retention problem worse.
The question isn’t whether you can afford to comply. The question is how you build systems that make compliance efficient rather than crippling.
Where Systematic Workflows Fit
The agencies that handle Tranche 2 well won’t be the ones that throw more hours at it. They’ll be the ones that build compliance into their existing systems — checklists, automation triggers, document management, and reminders — so it happens as a byproduct of doing business, not a separate job.
1. Structured CDD Workflows
The biggest risk in CDD isn’t getting it wrong — it’s getting it inconsistent. Agent A collects a driver’s licence and a utility bill. Agent B only collects a passport. Agent C forgets to check whether the vendor is an individual or a trust.
What a system looks like:
When a new vendor signs an agency agreement, a standardised checklist triggers automatically. The checklist adapts based on the entity type:
- Individual vendor: Collect government-issued photo ID. Collect secondary verification (Medicare card, bank statement, utility bill). Verify details. Log in CRM. Mark CDD as complete.
- Company vendor: Collect company extract (ASIC). Identify all directors and beneficial owners. Collect photo ID for each. Verify. Log. Mark complete.
- Trust vendor: Collect trust deed. Identify trustee and beneficiaries. If corporate trustee, also complete company CDD. Collect ID for relevant individuals. Verify. Log. Mark complete.
The checklist doesn’t change based on which agent is running the listing. It’s the same process every time, documented the same way, stored in the same place.
Most modern CRMs — Rex, AgentBox, Eagle — support custom workflows, task triggers, and checklists. If yours doesn’t, even a structured template in your project management tool (Asana, Monday, Trello) can serve as the backbone. Our real estate automation software guide reviews the platforms that handle these kinds of workflow triggers best.
2. Document Collection and Storage
Seven years of identity documents, CDD assessments, training records, and compliance documents is a lot of paper — or a lot of scattered PDFs in random email threads and desktop folders.
What a system looks like:
- A standardised folder structure for every transaction (physical or digital) that includes a compliance subfolder
- Document naming conventions that make retrieval possible years later
- A central compliance register that logs: client name, transaction, CDD tier applied, documents collected, date verified, verified by whom
- Automated reminders when documents are missing or incomplete before a transaction can proceed
If your agency uses a cloud-based document management system (even Google Drive or SharePoint with a disciplined folder structure), this is achievable. The key is consistency — every transaction, every time, same structure.
3. Risk Assessment and Review Cycles
Your ML/TF risk assessment isn’t a one-time document. It needs annual review at minimum, plus updates whenever your business changes — new service lines, new geographic markets, significant shifts in client types.
What a system looks like: Annual calendar reminders for the review. A structured template covering the 5 risk dimensions. Version control on previous assessments (demonstrates to AUSTRAC how your thinking has evolved). Trigger-based reviews when circumstances change rather than waiting for the annual cycle.
The same principle applies to your AML/CTF program — quarterly compliance health checks (15-minute checklist: are CDD records complete? Training current? Any outstanding SMR deadlines?) prevent drift from the procedures you set up in July.
4. Training Management
With staff turnover in real estate, tracking who’s been trained, when their refresher is due, and ensuring new starters complete training before handling transactions is a genuine logistics challenge.
What a system looks like: A training register (spreadsheet, HR system, or CRM field) recording staff name, role, training date, content covered, and next refresher due. Automated reminders 30 days before each refresher. An onboarding checklist that blocks new staff from being assigned to transactions until AML/CTF training is complete. Version-controlled training materials that trigger a new round when your program changes.
5. Suspicious Matter Reporting Workflows
If filing an SMR requires finding a form, working out where to send it, and navigating an unfamiliar AUSTRAC portal — all within 3 business days — it’s a recipe for missed reports.
What a system looks like: A simple internal digital form for flagging suspicious matters to the Compliance Officer. Clear guidance with real estate-specific examples of what constitutes reasonable grounds for suspicion. A documented workflow for the Compliance Officer to assess internal reports and file with AUSTRAC within timeframes. A log of all internal reports, whether or not they resulted in an SMR filing — this demonstrates your compliance culture to AUSTRAC.
Practical Workflow Example: Vendor Onboarding with AML/CTF
Here’s the full sequence when a vendor signs an agency agreement — designed to slot into your existing listing workflow, not replace it.
Trigger: Agency agreement signed
- Determine entity type (1 min) — Individual, company, trust, SMSF, or foreign entity? This selects the CDD checklist.
- Collect identity documents (5-10 min) — Photo ID + secondary document for individuals. ASIC extract + director/beneficial owner ID for companies. Trust deed + trustee ID for trusts.
- Verify (5 min) — Sight originals or use electronic verification. Cross-check details. Record what was sighted, by whom, when.
- Assess CDD tier (2 min) — Any enhanced CDD triggers? PEP, complex structure, international element, unusual transaction? If yes, escalate to Compliance Officer.
- Log in compliance register (2 min) — Vendor name, entity type, CDD tier, documents collected, verification date, verified by. Store copies in compliance folder.
- Proceed with listing — CDD complete. Normal workflow continues.
Total additional time for a standard residential vendor: 15-20 minutes. The difference between smooth and painful is whether the checklist exists before the vendor walks in — or whether the agent is improvising each time.
A Note on Technology: CRM Integration and Screening Tools
Several technology providers are building AML compliance tools specifically for Australian real estate. If you’re evaluating options, our guide to the best AI tools for Australian agencies covers what to look for across the broader tech stack. For Tranche 2 specifically, here’s what matters:
- Electronic Verification Services (EVS): Verify client identity digitally by cross-checking against government databases (passport, driver’s licence, Medicare). Faster and more reliable than manual verification, especially for remote clients.
- Sanctions and PEP screening: Automated checks against sanctions lists and politically exposed person databases. Running these manually is impractical — automated screening takes seconds.
- CRM integrations: If Rex, AgentBox, Eagle, or your CRM can trigger compliance tasks when a new vendor or transaction is created, the workflow becomes part of your existing process. Check with your CRM provider about Tranche 2-specific features they’re releasing.
- Document management: Any system that standardises how compliance documents are named, stored, and retrieved will save you hours when AUSTRAC asks to see your records 5 years from now.
The wrong approach is waiting for a “perfect” solution before starting. The best compliance system is the one that’s operational on 1 July 2026 — even if it’s a well-structured spreadsheet and a disciplined folder system. You can upgrade the technology later. You can’t backdate your compliance. For independent agencies without franchise-level IT support, our guide on how independent agencies can compete with franchise tech covers practical approaches to building your own systems.
For a broader look at how automation and systems reduce admin burden in real estate agencies, our complete guide to AI for real estate covers the wider landscape — and our real estate automation guide walks through the full system-building approach. If you want to see what systematic workflows look like in practice for lead management, our lead follow-up automation guide walks through a real example.
The Penalty Section: Why This Can’t Be Ignored
This section is not to alarm you. It’s to make clear that Tranche 2 compliance is not a “best practice” or a “nice to have.” It’s the law, and the penalties are designed to ensure compliance.
Civil penalties
- Bodies corporate: Up to $2.2 million per breach
- Individuals: Up to $555,000 per breach
Note: per breach. If you fail to conduct CDD on 10 vendors, that’s potentially 10 separate breaches — not one.
Criminal penalties
- Up to 10 years imprisonment for serious offences (e.g., knowingly facilitating money laundering, tipping off a client about an SMR)
Regulatory consequences
- AUSTRAC can share compliance information with state regulators — meaning your state real estate licence could be affected
- Enforcement actions are public, which means reputational damage on top of financial penalties
The strict liability reality
Several Tranche 2 obligations are strict liability — meaning AUSTRAC doesn’t need to prove you intended to breach the law. If you failed to conduct CDD, you breached. If you failed to file an SMR within the required timeframe, you breached. If your records are incomplete, you breached.
“We didn’t know” is not a defence. “We didn’t have time” is not a defence. “Our CRM doesn’t support it” is not a defence.
The agencies that are at greatest risk are not the ones deliberately facilitating money laundering — they’re the ones that simply didn’t build the systems to comply. Non-compliance through neglect or disorganisation carries the same legal exposure as non-compliance through intent.
What to Do This Week
You have 92 days. Here’s the priority sequence — starting this week, not next month.
This week (by 5 April 2026)
- Start your AUSTRAC enrolment. The portal is open at austrac.gov.au. You’ll need your ABN, business details, and service information. Don’t wait until the deadline.
- Appoint your Compliance Officer. Document the appointment. If it’s you (the principal), make it official. Start reviewing AUSTRAC’s guidance materials for real estate.
- Brief your team. A 15-minute all-hands: Tranche 2 is real, it takes effect 1 July, and we’re building our compliance program over the next 3 months. No panic needed — but everyone needs to know it’s coming.
April 2026
- Complete your ML/TF risk assessment. Work through the 5 dimensions. Document it. Be honest about where risks sit.
- Draft your AML/CTF program. Based on the risk assessment, write (or commission) the program. AUSTRAC has published guidance and templates — start there.
- Design your CDD workflow. Map the process: trigger, steps, storage. Test it on your next listing.
May-June 2026
- Build your record-keeping system. Folder structure, register template, retention policy. Get it operational before July.
- Deliver staff training. Role-specific, documented, covering your actual program. Every relevant staff member trained before 1 July.
- Establish your SMR workflow. Create the internal reporting pathway so every agent knows exactly how to flag something suspicious.
- Run a dry run. Last week of June: process a mock transaction through the full workflow. Identify gaps. Fix them before the 1st.
The Bottom Line
AML/CTF Tranche 2 is the most significant regulatory change to hit Australian real estate agencies in years. It adds real obligations — identity verification, risk assessment, suspicious matter reporting, record keeping, and training — to an industry that’s already stretched thin on admin.
But it’s also manageable. The agencies that build this into their operations systematically — with clear workflows, structured checklists, proper document management, and consistent training — will absorb the compliance burden without it derailing their business. The agencies that try to wing it, or leave it until the last minute, are the ones that will struggle.
This is a systems problem. And systems problems are solvable. For regional agencies dealing with compliance alongside all the other admin demands, the same systems-first approach we outline in our real estate automation for regional Australia guide applies here. If you’re not sure where your agency’s biggest automation opportunities are — compliance or otherwise — our free AI readiness assessment gives you a personalised starting point in two minutes.
The legislation is set. The dates are fixed. The penalties are real. What’s in your control is how prepared you are when the obligations start on 1 July 2026.
Start with AUSTRAC enrolment this week. Appoint your Compliance Officer. Brief your team. Then work through the rest methodically over the next three months.
Need help building your AML/CTF compliance workflows? We help Australian real estate agencies design and implement systems that make compliance manageable — from CDD checklists and document management to training programs and automated review cycles. If you want to be ready by 1 July without losing your mind, let’s talk.
Book a free compliance readiness session at headlanddigital.co/assessment
Josiah Purss
Founder, Headland Digital
Josiah helps Australian real estate agencies cut through the AI hype and implement practical solutions that save agents real time. Based in Port Macquarie, he works with principals and their teams to build AI workflows that actually work — no jargon, no fluff, just results.
Ready to save your agents hours every week?
From ready-made prompts ($37) to full implementation roadmaps ($297) — self-serve AI toolkits built for Australian real estate agencies.
Get the complete bundle and save $134 → | Book a free 15-min chat →
More Insights
Independent Real Estate Agency Technology: How to Compete With Franchise Tech (Without the Franchise Fee)
Build a tech stack that matches or beats franchise capabilities. Complete guide for independent Australian agencies — tools, costs, workflows, and implementation.
Real Estate Agent Burnout Solutions: How to Keep Your Best People by Removing the Work They Hate
Practical real estate agent burnout solutions for agency principals. 5 workflows to cut admin hours, reduce turnover, and keep your top performers.
Real Estate Automation Software in Australia: A Practical Guide for Independent Agencies
Compare Australian real estate automation software — CRMs, AI tools, and workflow platforms. What to use, what to skip, and how to build a system that works.