In-house AML compliance at a small real estate agency: what the ongoing work actually looks like

The setup takes a few hours. The ongoing work is lighter than most agencies expect.

Real estate principals deciding between outsourced and in-house AML compliance tend to overestimate how much the day-to-day actually involves. This post breaks it down.

Two things to separate: setup and ongoing

Setting up in-house AML compliance involves one-time work: completing your risk assessment, writing your AML/CTF program, enrolling with AUSTRAC, appointing a compliance officer, and training your staff.

That's real work, but it happens once (and then gets updated when things change).

Ongoing compliance is different. It's a set of routine tasks that attach to your normal business activities — not a separate compliance department you have to run.

What the ongoing work actually involves

Per transaction: customer due diligence and sanctions screening

Before providing a designated service to a new client, you must:

Collect the client's name, date of birth, and residential address
Verify their identity using a reliable, independent method (physical inspection of ID, video call with document sighting, or electronic verification via DVS)
Screen them against DFAT's Consolidated Sanctions List and UN Security Council lists
Assign a risk rating (low, standard, or high)
Record all of the above — and retain those records for a minimum of 7 years under the AML/CTF Act 2006

For most residential transactions with straightforward clients, this takes 5 to 10 minutes per client. The identity check happens at or before listing (vendor side) or at the start of your relationship with a buyer.

If you're already doing identity checks for trust account compliance, a significant part of this workflow is familiar territory. The AML layer adds sanctions screening and a documented risk rating.

As needed: Suspicious Matter Reports

If a transaction raises genuine concern about money laundering or terrorism financing, you must file a Suspicious Matter Report (SMR) with AUSTRAC.

Terrorism-related SMRs: within 24 hours of forming the suspicion. All other SMRs: within 3 business days.

You do not have to investigate to be certain — you must file when you form a suspicion.

For most small suburban agencies, SMR filings will be rare. AUSTRAC's guidance notes that the obligation is triggered by genuine suspicion formed through your professional judgment, not by a checklist of transaction features.

As needed: Threshold Transaction Reports

If you receive A$10,000 or more in physical cash as part of a designated service, you must report it to AUSTRAC within 10 business days.

For residential agencies working with institutional financiers, physical cash at this level is uncommon. For commercial or development-focused agencies with direct investor clients, TTRs may be more frequent.

Annually: AML/CTF Annual Compliance Report

Once per year (January to March, starting in 2027), you lodge a report with AUSTRAC covering your program's operation for the previous calendar year.

This is a structured return — not a free-form document. It asks about your program, risk assessment updates, CDD practices, and any SMRs or TTRs filed. If your records are in order throughout the year, completing the report is straightforward.

Every three years (minimum): Independent evaluation

An independent review of your AML/CTF program is required at least every three years. The first deadline is staggered between 30 June 2029 and 31 December 2030, depending on your AUSTRAC Account Number.

This is the one obligation that requires an external party. The reviewer must be genuinely independent — not your compliance officer or someone who helped design your program.

What this looks like in practice at a 3-person agency

For a small agency doing 50 to 80 transactions a year, the week-to-week picture looks roughly like this:

When a new vendor or buyer comes in: identity check, sanctions screen, risk rating, record saved. The bulk of this is the same verification step you're doing for other regulatory purposes.

When something unusual happens (a client who won't provide ID, a cash offer at market price from an unfamiliar source): review your program's SMR trigger guidance, make a documented decision.

At the end of the year: pull your records together for the Annual Compliance Report.

There is no compliance officer sitting at a desk reviewing transactions all day. For small agencies, the compliance officer role typically sits with the principal or a senior agent who understands the business — someone who can make judgment calls when they arise.

The time burden is front-loaded into setup. Once the program is live and workflows are in place, ongoing compliance integrates into the transaction process rather than sitting beside it.

Where it does get harder

Three situations add complexity:

High-risk clients. Foreign nationals purchasing without financing, clients connected to high-risk jurisdictions, or foreign politically exposed persons require Enhanced CDD — additional identity information, source of funds evidence, and documented senior management sign-off before proceeding.

Beneficial ownership. When the purchaser is a company or trust, you need to identify who ultimately owns or controls the entity (25% or more ownership, or effective control). This means looking through the structure to find the individual beneficial owners. If the client can't or won't provide this, that itself is a risk signal.

Business changes. If your agency adds a new service, expands into a new market, or your risk profile changes materially, your risk assessment needs updating. Programs aren't set-and-forget.

The compliance officer's actual job

The compliance officer doesn't do the CDD on every transaction. They are responsible for:

Ensuring the program is implemented and followed
Overseeing staff training
Making decisions on escalated or unusual cases
Notifying AUSTRAC of any changes to their appointment (deadline: 29 July 2026 for new Tranche 2 entities)
Staying current on regulatory changes and updating the program when needed

At a small agency, this is a governance role more than a full-time function.

The practical test for in-house viability

In-house AML compliance works for agencies that:

Have a principal or senior agent who can own the compliance function
Can complete identity checks as part of their existing client intake process
Are willing to document their decisions (not just follow a checklist)

Outsourcing makes more sense when: no one in the agency has the capacity to own ongoing compliance decisions, or the transaction profile is complex enough that specialist judgment is genuinely needed for every transaction.

Many small agencies doing residential sales find that in-house compliance is a viable approach.

AUSTRAC legal basis for obligations referenced in this post: Anti-Money Laundering and Counter-Terrorism Financing Act 2006. Penalties for non-compliance: up to A$33 million per contravention. AUSTRAC's Program Starter Kits for real estate are available at austrac.gov.au.

AML Simple is a compliance workflow tool. This post describes regulatory obligations and common industry approaches. It does not constitute legal advice. If you have specific compliance questions for your agency's circumstances, consult a qualified AML/CTF adviser.