How to choose an AML compliance tool for your agency

A year ago, real estate principals asking "what software should I use for AML compliance?" would have drawn a blank. There wasn't much to choose from.

That's changed. With the July 2026 AUSTRAC deadline approaching, a crop of purpose-built tools have entered the market. AML Simple went live. AMLTranche came out of beta. easyAML, once a standalone option, was absorbed by enterprise provider First AML. AML Assured launched with real-estate-specific positioning. PEXA Group entered with PEXA Clear, a per-transaction verification tool built on FrankieOne technology.

For agency principals, this is actually good news - you have real choices. But it also means doing a bit of homework before you commit.

This guide walks you through five things worth looking at before you sign up for any AML compliance tool. It's written for agency principals who are evaluating their options, not compliance professionals who live and breathe this stuff.

---

What we're not covering

Before we start - this guide doesn't include a pricing comparison table, and it doesn't pick apart individual competitors.

Why not? Pricing changes. Features change. Any comparison table we publish today could be out of date in a month. And frankly, a takedown of a competitor isn't what you need right now - you need a framework for evaluating options yourself.

What we are covering: the questions worth asking, and the things that genuinely matter when choosing a tool you'll depend on to keep your agency compliant.

---

1. Is it actually built for real estate?

This sounds obvious, but it's worth checking.

The AML/CTF obligations for real estate agents have some specific quirks that generic compliance software doesn't handle well. The most important one: auction-day delayed CDD.

Under the AML/CTF rules, you're normally required to complete customer due diligence before you provide a designated service. At auction, that's often not practical - you don't know who's bidding until the day. The law allows a delayed CDD exception for auction transactions, but only under specific conditions and time limits (15 calendar days from exchange of contracts, or before settlement, whichever comes first).

Generic KYC tools built for financial services don't know anything about auction workflows. A tool built for real estate should.

Other real estate-specific needs include:

• Trust and entity verification - you'll regularly deal with buyers purchasing through family trusts, SMSFs, or companies. Identifying the beneficial owner (the actual person behind the entity) is a core CDD obligation. Your tool should make this straightforward.
• Dual-role agencies - many agencies handle both sales and property management. Only the sales side triggers AML/CTF obligations. A good tool should be clear about this distinction rather than putting your property management team through unnecessary steps.
• Multi-agent workflows - in larger agencies, different people handle different parts of a transaction. Your tool should support that, rather than assuming one person does everything.

Questions to ask: Does the tool handle auction-day delayed CDD? How does it manage entity and trust verification? Was it designed with real estate workflows in mind, or adapted from something else?

As of April 2026, tools with real estate-specific workflows include AML Simple, AMLTranche, AML Assured, and PEXA Clear. Tools ported from financial services (generic KYC platforms, enterprise AML suites) may not handle the auction-day exception or trust beneficial ownership in the way real estate agents need.

---

2. Does it cover your full obligations - not just part of them?

AML compliance for real estate isn't a single task. It's a set of ongoing obligations. Some of the core ones include (for the full list, see AUSTRAC's real estate guidance):

• An AML/CTF program - a written document that sets out your agency's policies and procedures for managing money laundering and terrorism financing risk. This is required before 1 July 2026, and it needs to reflect your actual business (your client types, services, locations, and risk exposure).
• Customer due diligence (CDD) - verifying who your clients are, including the beneficial owner if they're acting through a company or trust.
• Sanctions and PEP screening - checking clients against the DFAT Consolidated List (mandatory) and politically exposed persons (PEP) lists.
• Record keeping - retaining CDD records, transaction records, and supporting documents for seven years.
• Suspicious matter reports (SMRs) - if you identify something that looks suspicious, you have 3 business days to report it to AUSTRAC (24 hours for terrorism-related matters).
• Annual compliance reports - a mandatory report to AUSTRAC due by 31 March each year (first due March 2027, covering the July-December 2026 period).

Some tools cover only part of this. A screening-only tool, for example, might handle sanctions checks but leave you to manage your program document separately. That works if you have a compliance team - but for most small agencies, having everything in one place is significantly easier to manage.

Another thing to check: client verification limits. Some platforms cap how many identity verifications you can run per month on entry-tier plans. AMLTranche, for example, caps identity verifications at 5 per month on their Solo plan and 20 per month on Team. easyAML charges per verification above included counts. Tools with unlimited clients on flat-rate subscriptions (like AML Simple's Starter tier) mean you are not watching a meter tick upward during a busy settlement period.

Questions to ask: Does the tool cover the full scope of my obligations, or just one piece? What happens when I need to file an SMR - does the tool help with that, or do I do it manually? Does it handle record keeping and the audit trail?

---

3. Does it guide you, or just hand you a document?

There's a meaningful difference between a tool that helps you think through your compliance obligations and one that simply generates a template.

Your AML/CTF program needs to reflect your specific business. A small buyer's agency operating in one suburb has a different risk profile from a large franchise with multiple offices across several states. A one-size-fits-all program document that doesn't reflect your specific business may not meet AUSTRAC's expectations - and that's a risk worth avoiding.

A good compliance tool should ask you questions about your agency: your client base, your services, your geographic footprint, your delivery channels. It should use those answers to shape your program, your risk assessment, and your CDD procedures.

This matters beyond the setup phase too. AUSTRAC expects you to understand your own program. If you're ever audited, being able to explain why your risk assessment looks the way it does - based on your specific circumstances - is far more credible than pointing to a generic document you downloaded.

What to look for:

• Guided program wizard - a step-by-step process that takes your inputs and shapes your program accordingly, rather than a template you fill in yourself
• Risk assessment built in - the tool should walk you through an ML/TF/PF risk assessment as part of the program setup, not treat it as an afterthought
• Ongoing education - the better tools explain why each step matters, so your team actually understands what they're doing

Questions to ask: How does the program generator work? Does it ask questions about my specific agency, or does it produce the same document for everyone? Does it help me understand my risk assessment, or just produce one?

---

4. Is the 'tool vs advice' boundary clear?

This one is easy to overlook, but it matters.

Compliance software is a tool. It helps you build and run your AML program. It does not - and legally cannot - constitute professional compliance advice. If you need advice about whether a specific transaction is suspicious, or whether your risk assessment approach is adequate for your business, you need a qualified compliance professional. A tool can't substitute for that.

The reason this matters: some tools blur the line. They might present their automated risk outputs as definitive, or imply that using their software means you're covered. That's not accurate - and if AUSTRAC ever reviews your program, the question they'll ask is whether you made the compliance decisions, not whether your software did.

A good tool makes this boundary explicit. It positions itself as a workflow aid - helping you structure your thinking, collect the right information, and document your decisions - while making clear that you're the compliance decision-maker.

It should also be clear when you need human advice. Things like complex beneficial ownership structures, high-risk customer assessments, or unusual transaction patterns are situations where having a compliance professional available matters. Look for a tool that offers that as an explicit option - ideally with a qualified compliance expert on call - rather than one that pretends the software handles everything.

Questions to ask: Does the tool make clear what it can and can't do? Does it offer access to a real compliance professional when I need one? Is the risk assessment positioned as a workflow guide or as a compliance verdict?

---

5. Where is your data stored, and for how long?

You're required to keep AML/CTF records for seven years. That's not a soft guideline - it's a legal obligation under the AML/CTF Act. Your compliance tool needs to be able to hold that data reliably for the full retention period.

Two things to check:

Data residency. Where are your client records stored? For Australian agencies, storing sensitive customer identification data on servers overseas creates unnecessary risk - regulatory, legal, and reputational. AUSTRAC doesn't currently mandate Australian data residency, but it's good practice and reduces jurisdictional complexity. Look for a tool that stores your data in Australia, specifically.

Audit trail. An audit trail records who did what and when - which staff member ran a screening check, when a CDD file was completed, when a record was accessed. If AUSTRAC reviews your program, or if you're ever involved in a legal dispute related to a transaction, an immutable audit trail is essential evidence. Not all tools provide this by default.

Questions to ask: Where are my records stored - which country and region? What happens to my data if I cancel my subscription? Does the tool maintain an audit trail of all compliance actions, and can I export it?

---

Putting it together

Most agencies aren't going to need enterprise-grade compliance infrastructure. If you run a small to mid-sized agency, you need something that covers your obligations end-to-end, guides you through the process without requiring a compliance background, keeps your data in Australia, and is honest about what it can and can't do for you.

That's what AML Simple was built to do. We designed it specifically for Australian real estate agents, with guided workflows for everything from your initial program setup through to ongoing CDD, sanctions screening, and annual compliance report preparation. All data is stored in Sydney. The audit trail is automatic. And when you need professional compliance advice - not just a tool - our Expert Advice service connects you with a qualified professional.

You can start for free and see how it works before committing to anything.

---