If you’re running a real estate agency in Australia, you’re likely aware that AML/CTF obligations are heading your way. AUSTRAC has made it clear: real estate is a high-risk sector for money laundering, and compliance is no longer optional. The good news? You don’t need to build your program from scratch. AUSTRAC’s real estate AML starter kit gives you the templates, checklists, and guidance to get compliant without hiring a consultant or drowning in paperwork.
This guide walks you through exactly how to use AUSTRAC’s resources to set up a practical compliance program for your agency. We’ll cover the core components, risk assessments, customer due diligence, and reporting obligations, and show you how to customise the templates for your specific operations. Whether you’re a solo agent or managing a small team, you’ll find actionable steps to meet your legal requirements.
At StackGo, we help regulated businesses like real estate agencies verify client identities directly within their existing CRM. Once your AML program is in place, tools like IdentityCheck can streamline the customer due diligence process we’ll discuss below. But first, let’s get your foundations sorted.
What the AUSTRAC real estate starter kit covers
The real estate AML starter kit provides you with three main resources: a written AML/CTF program template, a customer due diligence checklist, and supporting guidance documents. These aren’t generic compliance materials. AUSTRAC designed them specifically for small real estate agencies handling property sales and management, with practical language that reflects how your business actually operates.
Templates and program documents
You’ll find a customisable AML/CTF program template that covers all mandatory sections required under the Act. This includes your risk assessment framework, governance structure, customer identification procedures, and ongoing monitoring protocols. The template runs approximately 30 pages but uses plain language rather than legal jargon.
AUSTRAC also provides a Part A document that explains your obligations in detail, walking through each section of the program template. You can use this as a reference guide when customising the templates for your specific agency operations.
Customer identification checklists
The starter kit includes step-by-step verification checklists for different customer types: individuals, companies, and trusts. Each checklist specifies exactly what documents you need to collect, how to verify them, and when you can use simplified versus standard procedures. You’ll also find guidance on handling beneficial ownership requirements for corporate entities.
These checklists ensure your team follows consistent verification procedures for every client transaction.
Risk assessment frameworks
AUSTRAC provides a risk matrix template that helps you assess money laundering and terrorism financing risks specific to real estate. The framework considers factors like transaction size, customer profile, property location, and payment methods. You’ll score each risk factor and determine appropriate mitigation controls based on your assessment results.
The kit also includes example risk scenarios common in property transactions, such as cash deposits, offshore buyers, and third-party payments.
Step 1. Confirm you are in scope and enrol
Before you customise the real estate aml starter kit templates, you need to determine whether your agency falls under AUSTRAC’s reporting obligations. Not every property business needs to comply, so your first step involves checking the specific triggers that bring you into scope.
Check if AML/CTF applies to your agency
You’re required to register if you receive $10,000 or more (in total) in the course of a single designated service. This includes property sales commissions, property management fees, or any combination of payments related to one transaction. The threshold applies to the total amount your agency receives, not the property value.
AUSTRAC defines designated services as transactions involving property valued at $10,000 or more. If you only handle rentals under this threshold or provide property appraisals without transaction involvement, you may not need to register. However, most agencies handling property sales will meet the criteria.
Complete your AUSTRAC enrolment
Once you confirm you’re in scope, you must enrol with AUSTRAC within 28 days of providing your first designated service. You’ll need your ABN, business details, and contact information for the compliance officer. The enrolment process takes approximately 15 minutes through AUSTRAC’s online portal.
You cannot legally operate without completing enrolment if you meet the threshold requirements.
Step 2. Build your AML and CTF program and controls
Now that you’ve enrolled, you need to adapt the program template from the real estate aml starter kit to match your agency’s operations. This step involves customising the standard document with your specific business details, risk assessment outcomes, and control measures. You’re not writing from scratch, but you do need to make the template reflect your actual procedures.
Customise the program template
Open the Part B template and replace all placeholder text with your agency information. You’ll need to specify your governance structure, including who serves as your compliance officer and what authority they hold. Document your business structure, the types of property transactions you handle, and your geographic service areas.
Add your agency’s specific risk scenarios based on your typical client profile. For example, if you primarily handle residential sales under $2 million, your risk assessment will differ from agencies dealing with commercial properties or international buyers. The template provides example scenarios, but you need to reflect your actual business risks.
Document your risk controls
Create a controls matrix that links each identified risk to specific mitigation measures. Your controls might include transaction monitoring thresholds, enhanced due diligence triggers, or approval requirements for high-risk clients. The starter kit provides a basic framework, but you need to specify exactly what actions your team will take when they encounter each risk type.
Your written program becomes your legal obligation, so ensure every control you document is actually implemented in practice.
Step 3. Set up customer due diligence workflow
The customer due diligence workflow forms the operational heart of your compliance program. You need to establish when verification happens, what documents your team collects, and how they confirm identity before any transaction proceeds. The real estate aml starter kit provides checklists you must integrate into existing procedures.
Create your verification checklist
Build a step-by-step checklist that your team follows for every client. This should specify the exact documents required for individuals (driver’s licence or passport plus secondary document), companies (ASIC extract and director identification), and trusts (trust deed and trustee verification). Your team must physically sight original documents or certified copies, not photocopies.
Document your verification timeline in the checklist. You must complete CDD before providing the designated service, which means before accepting any property listing or executing a sale contract.
Your team needs clear instructions on what to do when a client cannot provide standard identification documents.
Implement verification procedures
Set up a document collection system that maintains verification records for seven years. Each file must contain copies of identification documents, verification dates, and the staff member who completed the check.
Train your team on when to escalate unusual cases to your compliance officer, including clients who cannot provide standard ID or transactions that trigger your risk thresholds.
Step 4. Reporting and record keeping routines
Your compliance obligations extend beyond customer verification. You must establish reporting triggers and maintain detailed records of all transactions and due diligence activities. The real estate aml starter kit includes templates for both routine reporting and record retention systems that meet AUSTRAC’s seven-year requirement.
Set up reporting triggers
You need to file Suspicious Matter Reports (SMRs) within three business days whenever you form a suspicion about money laundering or terrorism financing. Common triggers include clients who avoid identification requirements, use multiple payment sources without explanation, or request unusual transaction structures. Train your team to recognise these red flags and escalate immediately to your compliance officer.
You must also submit Threshold Transaction Reports (TTRs) for cash transactions of $10,000 or more within ten business days. This applies to physical currency only, not bank transfers or cheques.
Your reporting obligation exists even if the transaction doesn’t proceed, as long as you formed a reasonable suspicion.
Maintain compliance records
Keep copies of all identification documents, verification records, and transaction details for seven years after the relationship ends. Your records must include the date verification occurred, who completed it, and what documents you sighted. Store these records securely with access limited to authorised staff only.
Create a retention schedule that specifies when you can destroy old records, ensuring you never delete anything before the seven-year period expires.
Next steps to stay compliant
You’ve now worked through the real estate aml starter kit and established your compliance program. Your next priority involves maintaining that program through regular reviews and updates. Schedule quarterly reviews of your risk assessment to account for new transaction types or client profiles. Update your procedures whenever AUSTRAC releases new guidance or your business operations change.
Train your team on the procedures you’ve documented. Every staff member who interacts with clients needs to understand when verification occurs, what documents to collect, and how to escalate suspicious transactions. Run practice scenarios to test their knowledge.
Once your manual processes are solid, consider how technology can reduce your compliance workload. IdentityCheck automates customer due diligence directly within your existing CRM, eliminating manual data entry and verification steps. Your team can verify identities without switching between systems, and all records remain compliant with AUSTRAC’s requirements.
