On 17th October AUSTRAC released its long-awaited AML/CTF Reforms Guidance, outlining how the updated laws will apply to both existing and soon-to-be regulated industries — including real estate.
This is a milestone toward Tranche 2 implementation, providing clarity and insight into how the AML/CTF Act and the Rules relate, and what AUSTRAC’s expectations are, thereby giving reporting entities a good idea of what compliance will look like in practice and how they should prepare.
We’ve chosen to summarise Risk Assessment (RA) and Customer Due Diligence (CDD) as two key focus areas for the real estate industry to understand, while also providing an overview of the broader AML/CTF obligations.
Clear, Practical Guidance
As expected, this guidance provides a practical tone, using a “you should / we expect / you may, for example ” approach that bridges the gap between regulatory theory and operational practice.
It includes clear worked examples and insights, making it easier to interpret and apply in day-to-day business. For real estate professionals, this means compliance obligations can now be approached with more confidence and consistency.
Australia Steps into Global Alignment
These reforms bring Australia closer to international AML standards, particularly with the introduction of customer risk scoring and a stronger emphasis on Risk Assessments, moving compliance to a meaningfully risk-based approach.
For the real estate industry where large transactions and complex ownership structures are common — this shift represents a move toward a genuinely risk-based approach. It’s no longer just about ticking compliance boxes, but about truly understanding and managing risk at both the customer and business level.
Risk Assessment: Understanding and Prioritising Exposure
In addition to customer-level risk, every reporting entity must conduct a business-wide risk assessment to identify and assess the ML/TF and proliferation-financing risks they face when providing (or planning to provide) designated services.
The methodology must be tailored to the size, nature, and complexity of your business. Smaller real estate offices may adopt a simpler approach, while larger groups with multiple offices or service types will need more robust assessments.
Three Key Steps
1.Identify inherent risks: Consider the types of services, customer base, delivery channels, and countries you engage with.
2.Assess inherent risks: Evaluate each risk’s likelihood and potential impact.
3.Prioritise and evaluate: Determine how to mitigate and manage risk.
Importantly, the guidance urges entities to focus first on inherent risk — the exposure before controls are applied — to understand true vulnerabilities. Only then should residual risk (after controls) be considered.
All documentation must be clear, usable by management, and regularly reviewed and updated to reflect changes in the business or risk environment.
Customer Risk Rating: A Practical Framework
As part of the new reforms Customer Due Diligence (CDD), also referred to as Know Your Customer (KYC) obligations, every customer must be assigned a risk rating based on their money-laundering and terrorism-financing (ML/TF) risk.
This is distinct from your overall business risk assessment— it focuses on each individual customer, based on information available during onboarding and throughout the relationship.
The Process
1.Develop a customer risk rating system – Consider your customers, services, delivery channels, and countries of exposure.
2.Identify customer risk during onboarding – Assign a risk rating before providing any designated service.
3.Monitor and reassess over time – Stay alert to changes in customer behaviour or circumstances and adjust the rating when necessary.
Examples
Record-Keeping
AUSTRAC stresses the need to document everything — from the rationale behind each rating to ongoing monitoring decisions. This will be critical for audits and demonstrating compliance.
What This Means for Real Estate
For real estate professionals, this guidance should provide clarity — not confusion. It outlines what’s expected, and how to practically integrate compliance into everyday operations.
Getting Started: Practical Steps 1–4
Preparing for your AML/CTF capture should start now, as not only do you need your foundational assessments and documents prepared, you need to appoint an AML Compliance Officer, undergo training in your obligations and how to meet them, and adjust your business processes. That’s where AMLHUB can help.
The introduction of this guidance is an opportunity, not just an obligation.
Use the lead-up to 31 March 2026 to strengthen your compliance capability — review your AML/CTF Program, engage senior management early, and update staff training.
The real estate industry now has a clear path forward: a framework that balances compliance with practicality and brings Australia in line with global best practice.
No surprises. Just clarity, structure, and a stronger foundation for protecting our industry.
Contact AMLHUB today to book a demo or discuss how we can help your organisation transition seamlessly into the new regime.