All posts
record-keepingcomplianceaustrac

Record keeping requirements under the AML/CTF Act

A plain-English guide to AML/CTF record keeping obligations for Australian real estate agencies — what records to keep, for how long, and in what format.

By AML Simple Team

Record keeping requirements under the AML/CTF Act

When your AML/CTF obligations kick in on 1 July 2026, record keeping starts on day one. You don't wait until something goes wrong to start filing things away — the Act requires you to capture and retain compliance records from the moment you begin providing designated services.

This post explains what you need to keep, how long you need to keep it, and what format is acceptable. It's one of the more practical obligations: once you understand the requirements, it's straightforward to build into your workflow.

Why record keeping matters

AUSTRAC can request your records at any time. If you're audited or investigated, your records are your evidence that you carried out your obligations — that you identified your clients, ran your screenings, and filed your reports. Without records, you can't demonstrate compliance, even if you actually did everything right.

Record keeping is also a compliance discipline in its own right. Keeping accurate records forces you to complete each step properly rather than rushing through it.

What records you must keep

The AML/CTF Act 2006 specifies several categories of records that must be retained. Here's what that looks like in practice for a real estate agency:

Customer identification records Everything you collected and recorded when verifying a client's identity — the document type, document number, issuer, expiry date, who verified the identity, when, and by what method (in person, video call, or electronic verification). You do not need to retain a copy of the document itself — recording the details is sufficient.

Transaction records Records of designated service transactions — property sales or transfers you brokered as part of your business.

Sanctions and PEP screening results The outcome of each DFAT consolidated list and Politically Exposed Person (PEP) screening you run — including a timestamp, the result, and (where a potential match was identified) the decision you made and why.

SMR and TTR copies Copies of every Suspicious Matter Report (SMR) and Threshold Transaction Report (TTR) you file with AUSTRAC.

AML/CTF Program versions Every version of your AML/CTF program — including superseded versions. When you update your program (for example, when regulations change or you add a new service), you keep the old version too, not just the current one.

Training records Records showing which staff received AML/CTF training, when, and what was covered. This applies to new staff training as well as ongoing annual training.

Risk assessment documents Your ML/TF/PF risk assessment — the foundational document that underpins your whole program. When you review and update it, retain the previous version.

Records that demonstrate compliance The Act also requires you to keep records reasonably necessary to demonstrate that you've met your obligations. In practice, this includes audit trails showing who completed each CDD step, when screenings were run, and what decisions were made on escalated matters. Think of it as the "paper trail" that lets you reconstruct what happened on any given transaction.

How long to keep records

The minimum retention period under the AML/CTF Act is 7 years. When that 7-year clock starts depends on the record type:

| Record type | Retention period | |---|---| | Customer identification records | 7 years after you stop providing designated services to that customer | | Transaction records | 7 years after the transaction | | Sanctions and PEP screening results | 7 years | | SMR/TTR copies | 7 years after filing | | AML/CTF Program versions | 7 years after the record is no longer relevant to demonstrating compliance | | Training records | 7 years after the record is no longer relevant to demonstrating compliance | | Risk assessment documents | 7 years after the record is no longer relevant to demonstrating compliance |

For program-related records (program versions, risk assessments, training records), the 7 years runs from when the record is no longer relevant to demonstrating your compliance with the Act — not from a fixed calendar event. In practice, this means you keep them well beyond the date you updated or replaced them.

The safe approach: When in doubt, keep the record. Disposing of a record you should have retained carries more risk than retaining one you could have discarded.

What format do records need to be in?

Both paper and electronic records are acceptable under the AML/CTF Act. There is no requirement to use electronic systems — a well-organised paper-based filing system can satisfy the obligation.

What matters is that your records are:

  • Retrievable — you can find them within a reasonable time when needed
  • Accessible — they can be read and provided to AUSTRAC on request
  • Complete — the record captures all the information the Act requires

If you use electronic records, make sure your storage is reliable and that you're not dependent on a single system that could fail or become inaccessible over a 7-year period. Regular backups are good practice.

Practical tips for staying organised

Start from day one. Your record keeping obligation begins when you start providing designated services on 1 July 2026. Build your filing system before the date, not after.

Use a consistent file structure. Whether paper or electronic, having a consistent structure per client — identification records, transaction records, screening results — makes it much easier to retrieve records when needed.

Document your decisions. If you flagged a potential match on a sanctions screen and dismissed it, record why. If you applied simplified CDD to a client, record why they qualified. AUSTRAC expects you to be able to explain your reasoning, not just your actions.

Don't delete old program versions. When you update your AML/CTF program, keep the previous version in a clearly labelled archive. You'll need to demonstrate that your program was adequate at the time it was in use.

How AML Simple helps

AML Simple automatically stores your compliance records as you work — CDD records, screening results, program versions, and training logs — and keeps them organised in one place. You don't have to maintain a separate filing system on top of running your agency.

Records are stored on Australian servers and are accessible for the full 7-year retention period. If AUSTRAC ever requests your records, you can retrieve and export them quickly.

AML Simple is a workflow tool that helps you keep records organised — it doesn't replace the need to understand your obligations or seek professional advice on complex situations.

AML Simple keeps your records organised — start free →

Further reading

For AUSTRAC's official guidance on record keeping requirements under the reformed AML/CTF framework:

AML Simple is a compliance workflow tool, not a provider of legal or regulatory advice. This post explains record keeping requirements as we understand them — it is not legal advice. If you have questions about your specific obligations, consult a qualified AML/CTF compliance professional. See our Expert Advice service for professional guidance.

Back to all posts

We use cookies from LinkedIn and Facebook to measure our ad performance. Your account data is never shared with advertisers.