AML compliance officer — your first 30 days

You have just been appointed your agency's AML/CTF compliance officer. For most real estate agencies, that means the principal has taken on the role — which is the right call for a small agency. It also means you now carry specific legal responsibilities for implementing and managing your AML/CTF program.

This post is for you: a practical, week-by-week plan for getting up to speed and getting things in place during your first 30 days.

What the compliance officer role actually is

Before diving into the week-by-week plan, it is worth being clear about what this role involves.

The AML/CTF Act requires your agency's program to appoint a compliance officer at senior management level. Senior management means someone with the authority to make decisions and allocate resources — not a junior administrator. In a five-person agency, this is typically the principal. In a larger agency, it might be the operations manager.

What the role requires:

Implementing and managing the AML/CTF program day to day
Keeping the program up to date as the business and regulations evolve
Overseeing CDD processes and ensuring they are followed consistently
Ensuring SMRs and TTRs are filed when required, within the required timeframes
Overseeing staff training and keeping training records
Conducting (or commissioning) the Annual Compliance Report each year
Notifying AUSTRAC of any changes to the business within 14 days

What it is not: The compliance officer is not personally required to perform every CDD check or file every report. The role is oversight and accountability — ensuring the processes exist, are followed, and are documented. In a small agency, there may be significant overlap with doing the work directly, and that is fine.

Week 1: Understand your obligations

The most important thing in your first week is not to build anything — it is to understand what you are responsible for.

This week:

Read the AUSTRAC guidance for real estate. AUSTRAC has published sector-specific guidance and a Program Starter Kit for real estate agencies. The Starter Kit is designed for agencies with 15 or fewer personnel providing one designated service. If that describes your agency, it is your primary reference document — read it end to end.

Map your agency's designated services. The Act applies to agencies brokering the purchase, sale, or transfer of real estate. Confirm which transactions your agency facilitates, and which staff are involved in AML-relevant duties. This shapes your training obligations and the scope of your CDD procedures.

Understand the 19 obligations. Your obligations fall into two categories: six preparation tasks to complete before 1 July 2026, and thirteen ongoing obligations from that date. See our AML compliance checklist for a full breakdown.

Identify gaps in your current preparation. Is your risk assessment drafted? Is your program document started? Has AUSTRAC enrolment been completed? By the end of Week 1, you should know clearly what has been done and what still needs to happen.

Week 2: Complete (or review) the risk assessment and program

If your agency has already started its risk assessment and program document, Week 2 is your review and sign-off week. If you are starting from scratch, it is your drafting week.

The risk assessment:

As compliance officer, you are responsible for the risk assessment — specifically, for ensuring it accurately reflects your agency's actual risk profile and has been approved by senior management. A pre-populated template from the AUSTRAC Starter Kit is a good starting point; your job is to customise it to your circumstances.

The risk assessment must cover:

Your customer types and any elevated-risk categories (non-residents, overseas buyers, high-net-worth individuals)
The services you provide and any higher-risk transaction types
How you deliver those services (in-person, remote, digital)
The geographic locations involved (clients, funds, properties)

Once drafted, the risk assessment must be signed off. Document that sign-off.

The program document:

The program document must cover CDD procedures, reporting procedures (SMR and TTR), record keeping, staff training, governance, and employee due diligence. The AUSTRAC Starter Kit provides Word templates for each of these — for most small agencies, the work is customising those templates rather than writing from scratch.

As compliance officer, your job in Week 2 is to:

Review each section of the program against your agency's actual procedures
Fill in any gaps (especially the CDD and reporting procedures — these are the most operationally critical)
Confirm that the program document is signed off by senior management (yourself, in a small agency)

AML Simple's program generator guides you through each component →

Week 3: Train your staff and set up CDD procedures

Staff training:

The Act requires all staff who perform AML-relevant duties to receive AML/CTF risk awareness training before they start those duties. For existing staff, this means before 1 July 2026.

Training must cover:

What AML/CTF is and why it applies to real estate
How to identify suspicious behaviour and real estate-specific red flags
How to escalate concerns to you (the compliance officer)
CDD procedures — what to collect, how to verify, when to ask more questions
The tipping-off offence (a criminal offence to tell a client that an SMR has been or will be filed)

A one-hour briefing is sufficient for most small agencies at this stage. Document who was trained, when, and what topics were covered. These records must be kept for seven years.

CDD procedures:

By the end of Week 3, your agency should have a working CDD procedure — the step-by-step process your agents follow when onboarding a new client for a transaction.

At minimum, that procedure covers:

What information to collect before providing a designated service
What documents are acceptable for identity verification and which methods to use
How and when to conduct sanctions and PEP screening
What to record and where
The escalation path for unusual situations (including who makes the call if a client cannot be verified)

For a practical walkthrough of how CDD actually works, see: How to run your first client screening — a step-by-step walkthrough

Week 4: AUSTRAC notification and setting your ongoing calendar

AUSTRAC notification:

Your compliance officer details must be notified to AUSTRAC by 29 July 2026 — but do not wait until July. Complete your AUSTRAC enrolment as soon as it opens (31 March 2026) and include your details at that point. For a walkthrough of the enrolment process, see: How to enrol with AUSTRAC as a real estate agency.

Your ongoing compliance calendar:

As compliance officer, your role does not end once the program is in place. Set up your compliance calendar now, while you have the context:

1
Ongoing: CDD and screening for each transaction
Every client in a designated service transaction needs initial CDD and sanctions/PEP screening before you provide the service. Build this into your standard onboarding process so it happens consistently, not as an afterthought.
2
Regular: Review CDD records
Set a recurring time — weekly or fortnightly — to review completed CDD records, check that nothing has been missed, and confirm that any pending items are followed up.
3
When triggered: File SMRs and TTRs
Suspicious Matter Reports: within 24 hours (terrorism financing) or 3 business days (other suspicious activity). Threshold Transaction Reports: within 10 business days of a qualifying cash transaction. These are not optional and are not deferrable.
4
Annually: Staff training refresher
AML/CTF training is an ongoing obligation, not a once-off. At minimum, all relevant staff need an annual refresher. Document attendance each time.
5
Annually: Annual Compliance Report
Between 1 January and 31 March each year. The first report covers 1 July to 31 December 2026, due by 31 March 2027. Start keeping a simple log of compliance activities from 1 July — it makes the report straightforward.
6
When your business changes: Update AUSTRAC within 14 days
New compliance officer? Changed address? New designated services? Any change must be notified to AUSTRAC within 14 days. Do not let this slip — it is a specific legal obligation.

A note on competency and professional development

Taking on the compliance officer role does not require a compliance qualification. Many agency principals who serve as their own compliance officer have no formal compliance background — the Act requires seniority and authority, not a specific credential.

That said, the role carries real obligations, and the complexity of your circumstances matters. If your agency regularly deals with high-value transactions, overseas buyers, or complex ownership structures, investing in professional development or occasional expert advice is worth considering.

Reading this post and using a compliance tool helps you build and run your processes — it does not substitute for training, professional development, or expert advice where your circumstances require it.

AML Simple Expert Advice — 45-minute sessions with a qualified AML professional →

Your 30-day checkpoint

By the end of your first 30 days, you should have:

✅ Read the AUSTRAC guidance and Program Starter Kit
✅ Confirmed your agency's designated services and which staff are in scope
✅ Completed (or reviewed and signed off) the ML/TF/PF risk assessment
✅ Completed (or reviewed) the AML/CTF program document
✅ Delivered initial staff training and documented it
✅ Set up your CDD procedure so agents know exactly what to do with each new client
✅ Completed AUSTRAC enrolment and notified your compliance officer details (or booked this for 31 March if not yet open)
✅ Set your ongoing compliance calendar with recurring tasks

That is a solid foundation. The ongoing work from here is running the process — not building it from scratch.

58 days until obligations commence

1 July 2026

AML Simple helps you run the compliance officer role — start free

Risk assessment, program generation, CDD workflows, record keeping, and screening — AML Simple gives the compliance officer a structured system to manage day-to-day obligations.

Get AUSTRAC ready

About AML Simple: AML Simple is a compliance workflow tool, not a provider of legal or regulatory advice. This post describes the AML/CTF compliance officer role under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and AUSTRAC guidance as general educational information. It does not constitute compliance advice and is not a substitute for professional guidance specific to your circumstances. The role carries specific legal responsibilities — reading this post and using a compliance tool does not satisfy any training or competency requirement applicable to your situation. Always consult a qualified AML/CTF compliance professional for advice tailored to your agency. AUSTRAC's guidance and legislation take precedence over any description in this post — always check primary sources.