A completed AML program: worked example for a 5-person agency

Most guides explain what an AML/CTF program needs to contain. Almost none show you what one actually looks like when it's done.

This post fills that gap. Below is a worked example - a hypothetical completed AML/CTF program for a realistic 5-person residential real estate agency. It follows the AUSTRAC Program Starter Kit structure and shows the decisions a real agency would make for each section.

Read it as a reference. Your program will have different details - different risk factors, different staff, different circumstances. But the structure and the type of content required will look similar.

The agency: Coastal Property Pty Ltd

Business: Residential real estate agency, Brisbane south side (QLD) Designated service: Brokering the purchase, sale, and transfer of residential real estate Staff: 5 people (see below) Enrolled with AUSTRAC: April 2026 (after enrolment opened 31 March 2026) Program status: Adopted by senior management, May 2026

Staff and AML roles:

Name	Role	AML-relevant?
Sarah Mitchell	Principal	Yes - also appointed Compliance Officer
James Kowalski	Licensed sales agent	Yes - performs CDD on buyer and seller clients
Priya Nair	Licensed sales agent	Yes - performs CDD on buyer and seller clients
Tom Ferreira	Property manager	No - manages rentals only (not a designated service)
Bec Huang	Administration	Yes - assists with record keeping and CDD file management

A note on Tom: Tom is excluded from AML obligations because property management is not a designated service under the AML/CTF Act 2006. If Tom were to assist with property sales transactions, that would change - he would then be performing AML-relevant duties and would need to be trained and covered by the program.

Section 1: ML/TF/PF risk assessment

The risk assessment is the foundation of the program. It documents Coastal Property's money laundering, terrorism financing, and proliferation financing (ML/TF/PF) risks across the four categories required by AUSTRAC, and shows what controls reduce those risks.

Assessment methodology: 3x3 risk matrix (likelihood x impact). Inherent risk rated before controls; residual risk rated after controls.

Customers

Customer type	Inherent risk	Controls	Residual risk
Local Brisbane buyers/sellers (majority of clients)	Low	Standard CDD, identity verification	Low
Interstate buyers (purchase without inspection)	Medium - not met in person	Video call verification, additional source-of-funds question	Low
Company or trust buyers	Medium - beneficial ownership complexity	Beneficial ownership identification procedure	Low-Medium
Foreign nationals or non-residents	High - jurisdiction risk, funds origin unclear	Enhanced CDD required, senior management approval	Medium

Current client base assessment: Coastal Property's clients are predominantly local Queensland owner-occupiers and local investors. The agency has not dealt with any known politically exposed persons (PEPs) or foreign nationals in the past 12 months. Interstate buyers represent approximately 15% of buyer clients.

Services

Service	Inherent risk	Controls	Residual risk
Residential sales brokerage	Medium - real estate is inherently ML-vulnerable (high value, long settlement)	CDD before service, sanctions screening	Low-Medium
Auction sales	Medium-High - limited time to complete full CDD before hammer falls	Delayed CDD procedure documented (s 29 AML/CTF Act), must complete within 15 days of exchange or before settlement	Low-Medium

No unfinanced (all-cash) purchases have occurred in the past 12 months. The agency notes this as a risk indicator to monitor.

Delivery channels

Channel	Inherent risk	Controls	Residual risk
In-person (open homes, office meetings)	Low - agent meets client face to face	Physical document inspection	Low
Remote buyers via video call	Medium - agent does not meet client physically	Live video call identity verification procedure	Low
Online enquiries / email-only contact	High - no physical interaction	Require in-person or video call verification before CDD complete	Low

Geographic locations

Geography	Inherent risk	Controls	Residual risk
South-east Queensland (primary area)	Low	Standard controls	Low
Interstate Australia (funds from other states)	Low-Medium	Source-of-funds question at CDD	Low
Offshore funds or foreign jurisdictions	High	Enhanced CDD, senior management sign-off	Medium

Overall residual risk: LOW to MEDIUM-LOW. The agency's primary risk is from interstate or remote buyers. All other risk categories are low given the local, largely financed nature of the client base.

Sign-off: Sarah Mitchell (Principal), dated 1 May 2026. Review due: 1 May 2027, or sooner if the business changes (new services, new markets, new staff structures) or if regulatory requirements are updated.

Section 2: Compliance officer appointment

Name: Sarah Mitchell Position: Principal, Coastal Property Pty Ltd Appointed: 1 May 2026 AUSTRAC notified: 15 May 2026 (before the 29 July 2026 deadline)

Why Sarah? As principal, Sarah has the authority to make compliance decisions and allocate resources - the two things a compliance officer needs to be effective. The AML/CTF Act requires the compliance officer to be at senior management level and to be "fit and proper" to carry out the role. No specific AML qualification is required, but the person must be capable of understanding the agency's obligations and have the standing to act on them.

Sarah's responsibilities under this program:

Maintain and update the AML/CTF program
Review CDD records completed by agents (weekly review each Monday)
Ensure all staff complete initial and annual training
Make decisions on suspicious matters and file SMRs when required
Oversee sanctions and PEP screening
Notify AUSTRAC of any changes to the business within 14 days
Lodge the Annual Compliance Report between 1 January and 31 March each year

Section 3: CDD procedure - worked example

Here is how Coastal Property completes CDD for a typical buyer client.

Scenario: John Chen is purchasing a residential property at 14 Maple Street, Yeronga QLD for A$650,000. He is a local Brisbane buyer, purchasing as an investment property with bank finance.

Step 1: Collect client information

James (the agent) collects the following at the first meeting:

Full legal name: John Wei Chen
Date of birth: 15 April 1982
Residential address: 12 Park Avenue, Newstead QLD 4006
Acting on own behalf? Confirmed yes - no representative, purchasing in his own name
Nature and purpose of the transaction: Purchasing residential investment property at 14 Maple St, Yeronga. Funding source: bank mortgage with ANZ.

Step 2: Identity verification

James inspects John's Queensland driver's licence at the open home on 10 March 2026. He confirms the photo matches John.

Document recorded:

Type: Australian driver's licence
Number: 023456789
Issuer: Queensland Department of Transport and Main Roads
Expiry: 15 April 2027
Verified by: James Kowalski, 10 March 2026, method: in-person document inspection

Step 3: Beneficial ownership check

John is buying in his personal name. No company or trust structure is involved. Beneficial ownership identification is not required.

If John were buying through a company or trust, the agent would identify any individual with 25% or more ownership or effective control before proceeding.

Step 4: Sanctions and PEP screening

Before proceeding, James screens John against:

DFAT Consolidated List (Australian and UN sanctions): no match
PEP assessment: John is determined not to be a politically exposed person (foreign or domestic) based on information collected and publicly available information.

Screening recorded: screened by James Kowalski, 10 March 2026. Result: no match. Record retained in the CDD file for John Chen.

Step 5: Risk rating

Overall risk rating: LOW

Rationale: Local Brisbane buyer, financed purchase, standard identity document (QLD driver's licence), met in person, no suspicious indicators, no PEP or sanctions flags.

No enhanced CDD required. Standard ongoing monitoring applies.

Section 4: Staff training

Initial training delivered: 15 March 2026

Delivered by: Sarah Mitchell (Principal / Compliance Officer)

Format: One-hour briefing session covering:

What the AML/CTF Act requires and why real estate is now regulated
What a designated service is - and that property management is not one
CDD procedure - what to collect, how to verify, when to ask more questions
How to identify red flags and suspicious activity
How to escalate concerns to Sarah
SMR and TTR procedures - including the tipping-off offence (it is a criminal offence to tell a client an SMR has been filed)
Record-keeping requirements - what to retain and for how long
Consequences of non-compliance for the agency and for individuals

Staff trained:

James Kowalski (sales agent) - attended 15 March 2026
Priya Nair (sales agent) - attended 15 March 2026
Bec Huang (admin) - attended 15 March 2026

Tom Ferreira (property manager) was not included - he does not perform AML-relevant duties.

Training records: Attendance sheet signed by each participant, retained in the agency's AML/CTF program file.

Annual refresher: Scheduled for March 2027. Sarah will update content to reflect any regulatory or program changes since the initial session.

Section 5: Ongoing monitoring and reporting

Weekly compliance review

Each Monday morning, Sarah reviews:

CDD files completed by agents in the previous week
Any screening results not yet signed off
Any open client matters where CDD has not been completed

This review typically takes 20-30 minutes for a five-person agency.

Sanctions list monitoring

The agency uses AML Simple's automated alert system to be notified when the DFAT Consolidated List is updated. When an update occurs, all active clients are re-screened before the next transaction with that client.

Suspicious matter escalation procedure

If an agent identifies a potential red flag (for example, a client refuses to provide ID, requests deposit payment to an unrelated third party, or makes a cash offer with no apparent source of funds), the agent:

Does not confront the client
Immediately escalates to Sarah by phone or in person
Documents the concern in the client's file

Sarah then assesses the matter and, if she has reasonable grounds for suspicion, lodges an SMR with AUSTRAC:

Terrorism financing suspicion: SMR must be lodged within 24 hours
Money laundering or other: SMR must be lodged within 3 business days

The tipping-off offence means the agency must not disclose to the client that an SMR has been or may be filed. This applies to everyone at the agency - not just Sarah.

Threshold Transaction Reports (TTRs)

Cash transactions of A$10,000 or more (or foreign currency equivalent) must be reported to AUSTRAC within 10 business days. Coastal Property has not received any cash at this threshold. If they did, Sarah would file a TTR via AUSTRAC Online.

Annual Compliance Report

The first Annual Compliance Report covers 1 July to 31 December 2026. It must be lodged with AUSTRAC by 31 March 2027. Sarah has set a calendar reminder for 15 January 2027 to begin preparing the report.

What this example shows you

A completed AML/CTF program for a small residential agency is not as complicated as it might sound. The core of it is:

A documented risk assessment that reflects your agency's actual client base and operating model
A compliance officer with genuine authority and clear responsibilities
A CDD checklist your agents can follow for every client
A training session that happened before July 2026, with records kept
A weekly review habit and a clear escalation path for anything suspicious

The AUSTRAC Program Starter Kit gives you pre-populated Word documents to start from. AML Simple walks you through the same content in a structured workflow - and keeps your records, screening results, and audit trail in one place.

58 days until obligations commence

1 July 2026

Build your agency's AML program - start free

AML Simple guides you through risk assessment, CDD procedures, staff training records, and ongoing monitoring in a structured workflow consistent with the AUSTRAC Program Starter Kit. No compliance background required.

Get AUSTRAC ready

About this post and this example: This is a hypothetical worked example using a fictional agency (Coastal Property Pty Ltd) for educational purposes only. It does not constitute legal, financial, or regulatory advice, and is not a template for your agency's program. AML Simple is a compliance workflow tool, not a provider of legal or regulatory advice. Using this tool does not guarantee compliance with the AML/CTF Act or any other regulation. You are responsible for ensuring your business meets all regulatory obligations.

Every agency's circumstances are different. Your risk assessment, compliance officer, CDD procedures, and monitoring arrangements must reflect your specific business. Consult a qualified AML/CTF compliance professional if you need advice tailored to your situation - or consider our Expert advice service.

AUSTRAC's guidance and the AML/CTF Act 2006 take precedence over any description in this post. Always check primary sources.

Sources

AML/CTF Act 2006: https://www.legislation.gov.au/C2006A00169/latest/text
AUSTRAC Real Estate Program Starter Kit: https://www.austrac.gov.au/reforms/sector-specific-guidance/real-estate-guidance/real-estate-program-starter-kit
AUSTRAC Initial CDD for individuals (Reform): https://www.austrac.gov.au/amlctf-reform/reforms-guidance/amlctf-program-reform/customer-due-diligence-reform/initial-customer-due-diligence-reform/initial-customer-due-diligence-guides-customer-type-reform/initial-cdd-individuals-reform
DFAT Consolidated List: https://www.dfat.gov.au/international-relations/security/sanctions/consolidated-list