Record keeping requirements under the AML/CTF Act
A plain-English guide to AML/CTF record keeping obligations for Australian real estate agencies — what records to keep, for how long, and in what format.
Record keeping requirements under the AML/CTF Act
When your AML/CTF obligations kick in on 1 July 2026, record keeping starts on day one. You don't wait until something goes wrong to start filing things away — the Act requires you to capture and retain compliance records from the moment you begin providing designated services.
This post explains what you need to keep, how long you need to keep it, and what format is acceptable. It's one of the more practical obligations: once you understand the requirements, it's straightforward to build into your workflow.
Why record keeping matters
AUSTRAC can request your records at any time. If you're audited or investigated, your records are your evidence that you carried out your obligations — that you identified your clients, ran your screenings, and filed your reports. Without records, you can't demonstrate compliance, even if you actually did everything right.
Record keeping is also a compliance discipline in its own right. Keeping accurate records forces you to complete each step properly rather than rushing through it.
What records you must keep
The AML/CTF Act 2006 specifies several categories of records that must be retained. Here's what that looks like in practice for a real estate agency:
Customer identification records Everything you collected and recorded when verifying a client's identity — the document type, document number, issuer, expiry date, who verified the identity, when, and by what method (in person, video call, or electronic verification). You do not need to retain a copy of the document itself — recording the details is sufficient.
Transaction records Records of designated service transactions — property sales or transfers you brokered as part of your business.
Sanctions and PEP screening results The outcome of each DFAT consolidated list and Politically Exposed Person (PEP) screening you run — including a timestamp, the result, and (where a potential match was identified) the decision you made and why.
SMR and TTR copies Copies of every Suspicious Matter Report (SMR) and Threshold Transaction Report (TTR) you file with AUSTRAC.
AML/CTF Program versions Every version of your AML/CTF program — including superseded versions. When you update your program (for example, when regulations change or you add a new service), you keep the old version too, not just the current one.
Training records Records showing which staff received AML/CTF training, when, and what was covered. This applies to new staff training as well as ongoing annual training.
Risk assessment documents Your ML/TF/PF risk assessment — the foundational document that underpins your whole program. When you review and update it, retain the previous version.
Records that demonstrate compliance The Act also requires you to keep records reasonably necessary to demonstrate that you've met your obligations. In practice, this includes audit trails showing who completed each CDD step, when screenings were run, and what decisions were made on escalated matters. Think of it as the "paper trail" that lets you reconstruct what happened on any given transaction.
How long to keep records
| Record type | Retention period |
|---|---|
| Customer identification records | 7 years after you stop providing designated services to that customer |
| Transaction records | 7 years after the transaction |
| Sanctions and PEP screening results | 7 years |
| SMR/TTR copies | 7 years after filing |
| AML/CTF Program versions | 7 years after the record is no longer relevant to demonstrating compliance |
| Training records | 7 years after the record is no longer relevant to demonstrating compliance |
| Risk assessment documents | 7 years after the record is no longer relevant to demonstrating compliance |
Source: AML/CTF Act 2006, Part 10·As of March 2026
For program-related records (program versions, risk assessments, training records), the 7 years runs from when the record is no longer relevant to demonstrating your compliance with the Act — not from a fixed calendar event. In practice, this means you keep them well beyond the date you updated or replaced them.
What format do records need to be in?
Both paper and electronic records are acceptable under the AML/CTF Act. There is no requirement to use electronic systems — a well-organised paper-based filing system can satisfy the obligation.
Your records must be:
If you use electronic records, make sure your storage is reliable and that you're not dependent on a single system that could fail or become inaccessible over a 7-year period. Regular backups are good practice.
Practical tips for staying organised
Practical tips
How AML Simple helps
AML Simple automatically stores your compliance records as you work — CDD records, screening results, program versions, and training logs — and keeps them organised in one place. You don't have to maintain a separate filing system on top of running your agency.
Records are stored on Australian servers and are accessible for the full 7-year retention period. If AUSTRAC ever requests your records, you can retrieve and export them quickly.
AML Simple is a workflow tool that helps you keep records organised — it doesn't replace the need to understand your obligations or seek professional advice on complex situations.
58 days until obligations commence
1 July 2026
Keep your records organised — start free
AML Simple automatically stores your CDD records, screening results, and program versions — organised and retrievable for the full 7-year retention period.
Get AUSTRAC readyFurther reading
For AUSTRAC's official guidance on record keeping requirements under the reformed AML/CTF framework: