AML/CTF Reforms 2026 Australia: Key Information for Agents

The AML/CTF regime refers to the set of rules and laws designed by the Australian federal government and AUSTRAC, to prevent financial crime. The regime has been in place for some time for Tranche 1 entities such as banks, fund managers and financial planners. The regime is being introduced to ‘Tranche 2 entities’ from 1 July 2026. Tranche 2 entities include real estate agents, conveyancers, lawyers, accountants and some other service providers.

The main impact for agents and salespeople relates to conducting Customer Due Diligence (CDD), which includes ‘Know-Your Client’ (KYC) – effectively identity verification, and potentially some additional follow-up questions, depending on the risk level of the client and transaction. Initial CDD involves identifying your customer (name, date of birth, address), verifying that information with ID documents, and confirming the client’s reason for requesting your services i.e. to buy or sell a property.

Collecting this information should allow you to form a risk profile of the client and assign them a risk rating. Additional checks may be required depending on the client, the client’s risk rating e.g. if they are an overseas client from a high-risk jurisdiction or a Politically Exposed Person (PEP), they would be considered higher risk and would need more stringent checks, and the nature of the transaction. It is the same kind of check your bank does when you open an account.

The regime goes live on 1 July 2026. For all new transactions after this date, you must conduct CDD.

For transactions that began prior to 1 July 2026, you will only need to conduct CDD if the following apply:

1. they are a repeat, recurring customer i.e. not a one-off customer; and
2. suspicions of money laundering (or other financial crime) exist.

Practically, that means:

• where the Sales Agency Agreement (SAA) and Contract were both signed before 1 July 2026 (even where settlement occurs on or after 1 July 2026), you will not need to conduct CDD on the Vendors or Purchasers
• where you have signed a SAA with a Vendor before 1 July 2026, then you do not need to conduct CDD on the Vendor (even after the Vendor signs the Contract)
• for all Contracts signed on or after 1 July 2026 (including where the SAA was signed before 1 July 2026), you will need to conduct CDD on Purchasers
• where the SAA and Contract were both signed on or after 1 July 2026, you will need to conduct CDD on the Vendors and Purchasers.

Seller’s agents must complete the initial CDD on the Vendor(s) immediately after the SAA is signed, and prior to completing any services for the Vendor in preparation of the sale (e.g. you must complete the initial CDD before advertising the property on property portals, before reaching out to your database of potential buyers, and before organising other marketing collateral). For the Purchaser(s), a seller’s agent has until: (1) 28 days after the date of Contract; or (2) at least 3 days before Settlement, whichever is earlier, to complete CDD.

Buyer’s agents must complete initial CDD on the Purchaser immediately after a Buyer’s Agency Agreement is signed. For Vendor(s), a buyer’s agent has until: (1) 28 days after the date of Contract; or (2) at least 3 days before Settlement, whichever is earlier, to complete CDD.

See below for questions around sharing CDD with conveyancers through reliance agreements.

This really depends on the client, their circumstances, and their response times, as well as your agency’s method for conducting CDD.

For clients who are Australian citizens, and purchasing ‘reasonably priced’ real estate (which you will determine for your own agency’s AML program), CDD should be relatively straightforward and involve no more than 1 or 2 information requests to the client, which a client could probably complete in less than 5-10 minutes. This can be automated via an AML platform, which is likely to be a more streamlined approach, or it can be done manually by collecting and verifying the CDD information yourself.

For clients who are non-Australian citizens, or other higher risk clients such as trusts or PEPs, these will involve collecting and verifying greater amounts of information, so would be likely to involve 2 or 3 information requests, with a larger number of questions and potentially delays in clients responding to information requests.

However, for the majority of mum and dad transactions, it should be a very quick and seamless process, particularly if you utilise the services of an AML provider.

Customer Due Diligence (CDD) is the process for identifying and verifying the client’s identity, as well as the process for understanding the risk profile of the client before and during the business relationship. The level of CDD required is determined by the risk profile (e.g. low, medium or high) of the client and the transaction. For example, a high-risk client (e.g. a PEP or a client from a high-risk jurisdiction) will require Enhanced Due Diligence (EDD) i.e. a more rigorous check that requires you to understand more about the client, such as their funding source(s). On the other hand, Simplified Customer Due Diligence (SDD) is a less rigorous check required for low-risk clients, which would typically be Australian citizens involved in a straight-forward matters such as the purchase of real estate that is ‘reasonably priced’, and funded predominantly with a mortgage. CDD sits in the middle of SDD and EDD.

If the party you are acting for (e.g. for the seller’s agent, this would be the Vendor, and if you are a buyer’s agent, this would be the Purchaser) refuses to complete initial CDD (identity verification), then you are unable to start providing them with a service, and you will have to cease to act. Naturally, no transaction will have occurred.

If the party you aren’t acting for (e.g. for the seller’s agent, this would be the Purchaser and for the buyer’s agent, this would be the Vendor) doesn’t cooperate with you to complete initial CDD (identity verification), you are considered as having complied with your AML/CTF obligations if the following has been done:

• you’ve taken all reasonable steps to establish the other party’s identity, including through reliance arrangements where possible
• you’ve recorded all of the steps taken to attempt initial CDD (identity verification) on this other party, including the difficulties faced
• you’ve considered if there is a suspicious matter reporting (SMR) obligation in relation to the other party and have recorded this (and completed the SMR if required).

Accordingly, if a Vendor doesn’t complete their initial CDD, the transaction will never get off the ground as you won’t be able to act for them.

However, if a Purchaser doesn’t complete the initial CDD, the Contract doesn’t necessarily fall over and you will not be in trouble if you have followed the above steps and the Contract proceeds to Settlement. Practically speaking, if a Purchaser refuses to engage with you on an initial CDD, they may also refuse to do so with a Conveyancer/Solicitor, and if that is the case, Settlement wouldn’t be able to proceed and the Purchaser would end up being in default of the Contract, which you would terminate in the normal manner.

If the Vendor or Purchaser is a medium or high-risk client (i.e. SDD will not suffice), then you will also need to collect additional information from them depending on the transaction and what makes them a higher risk.

If the client completes initial CDD (identity verification), but then refuses to provide the additional information requested as part of the CDD or EDD process, then you must consider whether this is suspicious, and escalate the matter to your internal Compliance Officer. Your Compliance Officer will need to consider whether your agency reports that person to AUSTRAC via a SMR. If it is the Vendor, your agency will need to decide whether you continue to act for them or not.

This is ultimately a commercial decision for you. It is influenced by the size of your business, the number and type of clients and transactions you see, the resource(s) available to meet your AML obligations, and the functionality required for your business. Whilst an AML provider is not essential, it could help automate CDD and maintain records relevant to the CDD. Some AML providers also offer additional functionality such as training, full outsourcing of CDD and producing your company-wide risk assessment and AML Policy. It is our expectation that most agencies and conveyancers in South Australia will engage an AML provider to assist them meet their obligations.

Currently, Greatforms is in the process of finalising integrations with easyAML, First AML and AMLHUB.

We are open to integrating with other AML providers, which will depend on the number of users that this could benefit, given the time required to complete the integrations.

Each AML provider has their own charging structure, which can include an implementation fee, a subscription fee or a transaction fee. These fees can vary based on the volume of users, the extent you are using their platform, the type of client/matter and the level of due diligence required. See the contact details below for the abovementioned AML providers if you would like further information:

• easyAML – Chris King chris@easyaml.com
• First AML – Lisa Fernandes lisa.fernandes@firstaml.com
• AMLHUB – Andrew Freeman-Greene andrew.freeman-greene@amlhub.co.nz

• First AML already held. Link to recording here: https://youtu.be/RYQBo7jKGRo
• easyAML already held. Link to recording here: https://youtu.be/O5iD6AXMejM
• AMLHUB demo date is to be announced shortly.

This depends on your business, and its needs. However at a high-level, you should consider:

• • Whether you require a CDD solution only, or a full-suite solution that includes a CDD solution, produces your wider AML program and offers training, or a solution that you can fully outsource.
  • Whether the AML provider offers Australia-based customer support and what hours their support is available
  • Whether they offer a ‘white-label’ service
  • Whether the AML provider integrates with Greatforms or your other desired systems
  • The AML provider’s reputation – this may relate to the provider’s performance in an overseas jurisdiction and its success/market share or the track record of any related companies
  • The target market of the AML provider – some firms are solely focused on Tranche 2 entities, whereas some firms are focused on specific sectors or companies of a particular size
  • Whether you would like an automated or human-based solution
  • The implementation timeline

Yes, these will be updated to allow you to recover the cost of the AML checks for the Vendor and Purchaser from the Vendor. Of course it is your commercial decision whether you want to cover the cost yourself, include it in your administration fee, or charge for it separately in the SAA, but the SAAs will be updated to provide you with that option.

Currently we have no intention to change any contractual terms between the Vendor and Purchaser to deal with AML/CTF. This is because the Vendor will have already satisfied their CDD immediately after the SAA was signed, and as stated above, the Contract can still proceed to settlement, even if the Purchaser does not complete their initial CDD as requested by you. And if the Purchaser fails to complete settlement because they refuse to complete their AML/CTF checks with a Conveyancer or Solicitor, or no Conveyancer or Solicitor is able to work with them due to AML/CTF concerns, then the Purchaser will not be able to settle, and the standard default and termination provisions of the Contract will apply.

Yes, both conveyancers and agents are required to undertake the same AML checks on their clients. However, ‘reliance agreements’ can be signed to allow one business to rely on another business’s CDD, providing that business is a reporting entity to AUSTRAC and certain requirements are met.

Reliance agreements allow a regulated business (including agencies and conveyancers) to rely on the CDD, including customer identification and verification checks, completed by another regulated business. This prevents the duplication of “Know Your Customer” (KYC) processes and streamlines onboarding.

Any reliance agreement must be in writing and must include provisions that:

• set out the responsibilities of each party, including for record keeping
• enable you to obtain all the CDD/KYC information collected by the third party before you begin to provide a designated service or, if applicable, within the required timeframe allowed for delayed initial CDD
• enable you to get copies of the independent and reliable data the other party used to verify the customer’s CDD/KYC information immediately or as soon as practicable after you request it.

An agency can have multiple reliance agreements, however, the agency remains ultimately liable for the CDD and ensuring their AML/CTF obligations are met, meaning you can’t enter into a reliance agreement and not assess the CDD that is provided to you. You must also be confident that the other party you enter into a reliance agreement with is carrying out their tasks to a standard that complies with the AML/CTF obligations. Each reliance agreement must be assessed by your agency at least every 2 years to ensure you remain comfortable that the other party is completing their tasks to your required standard.

While it will be interesting to see how this plays out in practice, we anticipate that agents will likely complete their own CDD for Vendors immediately after signing SAAs, and are more likely to rely on reliance agreements with known Purchaser’s conveyancers after Contracts have been signed.

If you would like to sign a reliance agreement with Eckermann Conveyancers, please contact Sam Michael (sam.michael@eckermanns.com.au).

See here for further information Reliance under customer due diligence arrangements | AUSTRAC

You should direct your AML questions to your Compliance Officer within your agency.

Your Compliance Officer can direct their queries to either: AUSTRAC Contact Centre (1300 021 037 or contact@austrac.gov.au), your AML provider (if you have one), and they are also welcome to reach out to Sam Michael (sam.michael@eckermanns.com.au), the Eckermanns Compliance Officer, if they would like to run anything past him.

The below is a rough guide, which assumes you will utilise an AML provider to assist with your obligations.

Assuming you are going to engage an AML provider, then the below is a brief checklist:

• Appoint a Compliance Officer who will be responsible to lead your AML compliance obligations for your agency – ASAP  (note: you will need to inform AUSTRAC of your Compliance Officer by no later than 29 July)
• Choose your AML provider (ideally one that integrates with Greatforms)  – ASAP so you can understand their processes
• Create procedures for CDD that fit into your agency’s systems – by mid-June
• Undertake staff training – as soon as possible after procedures for CDD created, to ensure readiness for 1 July
• Register your agency with AUSTRAC, ideally by 1 July and no later than 29 July
• Finalise and approve your AML Policy and Risk Assessment by 1 July
• Start operating by 1 July

 If your client is an individual, they will be required to provide proof of who they are, typically a copy of their passport or driver’s license.

If your client is a company or trust, they will need to provide information on who is the ultimate beneficial owner(s), and who controls the entity.

For some transactions, clients may be asked to confirm additional details, for example, their source of funds i.e. from inheritance, savings or employment.

By you communicating to Vendors and Purchasers the importance of providing the requested information in a timely manner, disruptions should be minimised.

While your AML provider will be your best initial point of contact, AUSTRAC provide a wide range of information on their website (Newly regulated businesses: get ready for the reforms | AUSTRAC). They also provide starter kits for each sector, which include starter documents for your company’s risk assessment and AML Policy, as well as guidance on the information you need to collect during CDD, broken down by customer type.

We expect industry bodies will also update their guidance regularly.

For any additional guidance required, you are welcome to reach out to Sam Michael (sam.michael@eckermanns.com.au).

Agencies must maintain records of their AML Policy and Risk Assessment, including approvals of these documents, for seven years.

Agencies must also maintain records of CDD for 7 years. This includes client identity information, the client’s risk ratings, any additional information required from the client and the rationale for decisions or requests made. If you use the services of an AML provider, it is expected that they will keep these records for you.

From the agency’s perspective, they will only need to do the CDD on John Smith. It will be up to the conveyancer to do the CDD on both John and Mary Smith.