From 1 July 2026, Australia’s anti-money laundering and counter-terrorism financing (AML/CTF) reforms will bring new services and entities, often referred to as ‘tranche 2’, under AUSTRAC regulation. For conveyancing firms and real estate businesses, the challenge is not simply understanding new obligations. It is building a process that works in the real world of settlements, strict deadlines, multi-office delivery, and large volumes of sensitive identity documentation.

A PEXA survey found 78% of lawyers and conveyancers feel unprepared for the reforms, and 65% are unfamiliar with the new AML obligations. This article explains what AML compliance means in practice for property professionals and provides a practical 12-month roadmap to prepare without creating unnecessary administrative burden.

What is changing, and who is captured?

Under the reforms, businesses that provide ‘designated services’ may become reporting entities and must meet AUSTRAC’s AML/CTF obligations. AUSTRAC summarises the key obligations and notes that tranche 2 services and entities will be captured from 1 July 2026. 

In the property sector, one of the key in-scope concepts is the brokering of the sale or purchase of real estate (and related services), and AUSTRAC provides guidance to help businesses assess whether they may be regulated. Hyperlink AUSTRAC reform hub (above) and keep scope language factual rather than absolute.

Even while final sector guidance continues to be refined, AUSTRAC has consistently highlighted real estate as a higher-risk channel for money laundering, and it publishes sector-specific risk insights and indicators for the industry. 

AML compliance in plain English

AML compliance is best understood as a set of repeatable, auditable capabilities embedded into your everyday workflow. AUSTRAC’s reform guidance summarises these obligations clearly. 

At a minimum, property businesses should be able to:

• Enrol (and where required, register) with AUSTRAC
• Develop and maintain an AML/CTF program tailored to your risk profile
• Assign governance and accountability, supported by staff training
• Conduct Customer Due Diligence (CDD), including enhanced steps for higher-risk matters
• Report when required and keep records, including a defensible evidence trail

To make this feel real in day-to-day operations, your onboarding and transaction processes need to consistently capture due diligence evidence, securely store it, and retrieve it quickly when required. This is where many property firms will need to lift capability, because informal practices (email chains, unmanaged shared drives, inconsistent onboarding between offices) are exactly where evidence gaps and security risks appear.

Note: AUSTRAC publishes real-estate-specific suspicious activity indicators. You don’t need to memorise them, but you do need a workflow that lets staff recognise and escalate concerns consistently. 

Key dates: Plan backwards from the 2026 reforms

PEXA’s tranche-2 readiness timeline is a useful planning anchor for conveyancers and real estate professionals, because it turns ‘future compliance’ into practical milestones. 

• August 2025: New AML/CTF Rules published
• October 2025: Core AUSTRAC guidance released
• December 2025: AUSTRAC starter kits for small businesses
• January 2026: Final sector-specific guidance
• March 2026: Enrolment opens for new reporting entities

Use these milestones to set internal deadlines for governance, process design, technology uplift and testing, not just policy drafting.

The 12-month AML readiness roadmap for property businesses

Months 1–3: Scope, governance, and process mapping

Outcome: clarity on what is in scope, who owns compliance, and where evidence lives.

• Confirm whether you provide a designated service and which parts of the business may be affected
• Appoint an AML/CTF owner and executive sponsor
• Map your workflow from enquiry to settlement (or listing to sale)
• Identify gaps such as duplicate data entry, missing records, inconsistent checks, or unsecured storage

This phase is where multi-office and aggregator models either get ahead, get stuck later. If ownership and process are unclear now, later controls become inconsistent across teams.

Months 4–6: Build the AML program and CDD workflow

Outcome: controls aligned to operational reality, not just documentation.

• Draft your AML/CTF program and risk assessment approach (customer types, transaction types, channels and geography)
• Define a straightforward CDD workflow: what is collected, when checks occur, how exceptions are handled, and when enhanced steps apply
• Establish a clear escalation pathway for suspicious activity (including who approves, what is recorded, and how evidence is retained)
• Implement role-based training to drive consistent execution across teams

At this stage, the most common failure is writing policies that staff cannot follow under pressure. A well-designed workflow should reduce friction, not add it.

Months 7–9: Technology uplift and operational readiness

Outcome: a secure, consistent evidence trail across the business.

AML readiness increases the amount of sensitive personal information you handle. That raises privacy and cyber risk, so your controls need to match the reality of the data you are collecting.

Key priorities include:

• Secure identity and document capture (minimise manual handoffs)
• Centralised storage with strong access controls (least privilege + MFA where appropriate)
• Audit logging for evidence access and changes
• Monitoring for gaps (incomplete checks, overdue items, high-risk indicators)

This phase should include operational testing to ensure compliance steps don’t create settlement delays or client friction, particularly for high-volume teams and multi-office workflows.

Months 10–12: Test, refine, and prove compliance

Outcome: confidence you can operate at speed and withstand scrutiny.

• Pilot AML workflows on real matters and remove bottlenecks
• Finalise evidence retention and retrieval processes
• Establish ongoing review and reporting cycles (so readiness stays current)

By this point, compliance should be part of normal operations, not a one-off project that disappears until an audit, or a deadline.

Common AML pain points in conveyancing and real estate

• Inconsistent onboarding across offices:
  Without a single standard, risk-based compliance becomes uneven and difficult to defend.
• Poor evidence management:
  Unmanaged shared drives and inbox-based processes create gaps and increase breach exposure.
• Lack of executive visibility:
  Without clear reporting, leadership can’t see exceptions, delays, or emerging risk trends across the business.
• Weak security around identity data:
  AML readiness is also a cybersecurity challenge. Collecting more identity documentation requires stronger access controls, monitoring, and governance, supported by clear workflows and accountable owners.

Conclusion

AML/CTF reform is a major shift for conveyancing and real estate professionals, but it does not need to become an overwhelming compliance burden. The firms that move early will be best placed to protect transactions, maintain settlement velocity, and avoid last-minute disruption as the reforms take effect.

At its core, AML compliance is about building consistent, defensible processes: knowing your customer, applying a risk lens, securing sensitive information, and ensuring your team can respond confidently when issues arise. Done well, it strengthens governance and operational maturity across multi-office environments, making compliance easier to sustain and far less disruptive to clients and settlements.

How BITS helps property professionals prepare without losing momentum

BITS supports multi-site and compliance-sensitive organisations by combining mature service operations with practical compliance and security fundamentals, designed to reduce burden and improve consistency.

In an AML context, this includes:

• Workflow and evidence design: standardised capture and retention of due diligence evidence
• Security uplift for sensitive data: MFA, least-privilege access, secure storage, and monitoring
• 24/7 operational support: reducing disruption at critical transaction times
• Executive reporting: visibility across locations, exceptions, and risk trends

If your goal is to be confidently ready well before the reforms take effect, the best starting point is a practical assessment covering both the compliance process and supporting technology.

Contact us to book an AML readiness and security gap assessment.

Related Blogs

• Empowering Australian Construction Firms with Scalable IT and Cyber Security Solutions for Future Growth
• How Businesses Can Align ISO Certification with SMB1001 for Better Compliance and Growth
• What Is SMB1001 Certification and Why Does an Organisation Need It?