Key Takeaways
- Every Tranche 2 reporting entity must appoint an AML/CTF compliance officer before 1 July 2026 — it is a structural requirement of Part A of your program
- For boutique developers doing 10–30 transactions per year, expect 2–5 hours per month on compliance officer duties; most weeks take under 15 minutes once processes are established
- The compliance officer must have sufficient seniority and authority — for small developers, the business owner or director is the natural and recommended choice
- You can outsource program development, training, and independent reviews, but the nominated compliance officer and SMR decisions cannot be fully outsourced to an external party
- No prescribed certification is required by AUSTRAC — the officer needs working knowledge of the AML/CTF Act, CDD procedures, and reporting obligations, achievable through AUSTRAC’s free guidance materials
In this article
The legal requirement Who can be the compliance officer? What the role involves Small developers: the owner as compliance officer Larger developers: dedicated or shared role Can you outsource the role? Training requirements How to formally appoint Frequently asked questionsThe Legal Requirement
Under the AML/CTF Act, every reporting entity must appoint an AML/CTF compliance officer as part of their compliance program. This is not optional — it is a structural requirement of Part A of your AML/CTF program.
The compliance officer is the person accountable for:
- Overseeing the implementation and maintenance of the AML/CTF program
- Ensuring the organisation meets its reporting obligations to AUSTRAC
- Managing the response to suspicious matters and escalations
- Coordinating staff training on AML/CTF procedures
- Being the primary point of contact for AUSTRAC
The compliance officer must be nominated when you enrol via AUSTRAC Online. Their details are recorded on your enrolment and must be updated if the person changes.
Who Can Be the Compliance Officer?
AUSTRAC requires the compliance officer to have sufficient seniority and authority within the organisation to effectively implement the AML/CTF program. The reforms guidance outlines that the person must be able to:
- Make decisions about compliance procedures without requiring approval from others
- Direct staff to follow CDD and screening procedures
- Allocate resources to compliance activities
- Escalate and report suspicious matters without interference
- Access all relevant transaction and customer records
| Developer Size | Typical Compliance Officer | Works? |
|---|---|---|
| Solo / owner-operator | The business owner or director | Yes — meets seniority requirement by default |
| Small team (2–10 people) | Director, general manager, or senior project manager | Yes — provided they have authority over sales and operations |
| Mid-tier developer | CFO, company secretary, or head of legal/risk | Yes — common choice for mid-sized organisations |
| ASX-listed developer | Dedicated compliance manager, general counsel, or company secretary | Yes — often a dedicated role or added to existing GRC function |
| Junior sales consultant | — | No — lacks seniority and authority to implement the program |
| External accountant | — | No — not part of the organisation, cannot direct staff |
What the Role Involves
The compliance officer role is not a full-time job for most property developers. For a boutique developer doing 10–30 transactions per year, expect to spend 2–5 hours per month on compliance officer duties. For volume operations, this scales proportionally.
Core responsibilities
Small Developers: The Owner as Compliance Officer
For most small to mid-tier property developers, the business owner or director is the natural choice for compliance officer. This is the approach AUSTRAC anticipates for smaller reporting entities.
Advantages:
- Automatic authority — no organisational politics or approval chains
- Direct visibility into every transaction
- No additional salary cost
- Simplifies AUSTRAC enrolment
The key requirement is that you actually do the work. Nominating yourself as compliance officer but never reviewing transactions, never updating the program, and never completing training creates a compliance gap that AUSTRAC will identify in an assessment.
Practical tip for owner-operators
Block 30 minutes per week for compliance officer duties. Use this time to review any new buyer onboarding, check sanctions screening results, and address any flagged items. AMLTranche’s dashboard shows outstanding items at a glance — most weeks this takes less than 15 minutes once your processes are established.
Larger Developers: Dedicated or Shared Role
For developers with multiple active projects, large sales teams, or interstate operations, the compliance officer role needs more structure:
- Dedicated compliance manager — for ASX-listed developers or those with 50+ transactions per year. This person may also handle other regulatory obligations (privacy, WHS, building compliance).
- CFO or company secretary — a common choice for mid-tier developers. AML compliance sits naturally alongside their existing governance responsibilities.
- General counsel — if you have in-house legal, the AML compliance officer role is a natural extension of their risk management function.
For developers using reporting groups across multiple SPVs, the compliance officer is appointed at the lead entity level and covers all group members. You do not need a separate compliance officer for each SPV.
Can You Outsource the Role?
You can outsource compliance support but not compliance accountability.
What can and cannot be outsourced
Training Requirements
There is no prescribed certification required by AUSTRAC for compliance officers. You do not need a law degree, a compliance qualification, or a specific course completion. However, you must be able to demonstrate a working knowledge of:
- The AML/CTF Act and its application to your business
- Your organisation’s AML/CTF program and procedures
- Customer due diligence requirements (including ECDD for high-risk customers)
- Suspicious matter identification and reporting obligations
- DFAT sanctions screening requirements
- Record-keeping obligations (7-year retention)
- Tipping-off prohibitions
Practical options for training:
- AUSTRAC’s free guidance materials and e-learning modules
- Industry association workshops (HIA, MBA, Property Council of Australia)
- AMLTranche’s built-in training modules with completion tracking
- External compliance training providers
How to Formally Appoint
Appointment checklist
Get a free compliance checklist for your business:
No spam. Unsubscribe anytime.
Frequently Asked Questions
Who can be the compliance officer?
A senior manager with sufficient authority to implement the AML/CTF program. For small developers, this is typically the director or owner. For larger organisations, the CFO, company secretary, or a dedicated compliance manager.
Can the business owner be the compliance officer?
Yes, and for most small to mid-tier developers, this is the most practical approach. The owner meets the seniority requirement by default and has full authority over business operations.
Can you outsource the role?
You can outsource program development, training, and reviews. But the nominated compliance officer must be someone within the organisation who has authority to make decisions. The accountability cannot be fully outsourced.
What training is required?
No prescribed certification. The compliance officer must have working knowledge of the AML/CTF Act, CDD procedures, suspicious matter reporting, and record-keeping obligations. Training through AUSTRAC materials, industry courses, or platform-provided modules is sufficient.
What if you don’t appoint one?
Failing to appoint a compliance officer is a breach of the AML/CTF Act. AUSTRAC can issue infringement notices, enforceable undertakings, or pursue civil penalties. It is a fundamental program requirement.