Key Takeaways

Who is this checklist for?

Property developers, volume builders, boutique developers, and anyone who builds and sells property directly to buyers. If you sell through an agent and have no direct contact with the buyer, the agent carries the AML obligation for that transaction — but most developers have some direct sales.

Phase 1: Foundations (Weeks 1–2)

These steps establish whether you are in scope and set up the structural requirements. Use AUSTRAC's eligibility checker to confirm your business is covered, then review the before you start guidance for an overview of what AUSTRAC expects.

Steps 1–4

1 Confirm you are in scope. Do you sell real estate directly to buyers as part of a business? If yes, you are a reporting entity. This includes house-and-land packages, off-the-plan apartments, spec builds, display home sales, and land subdivisions. Not sure? Read this.
2 Map every entity that sells property. List every legal entity in your group that provides a designated service. Each is a separate reporting entity. If you operate through SPVs, each selling SPV must be identified. Consider whether a reporting group applies.
3 Appoint your AML/CTF compliance officer. Must have sufficient seniority and authority. For most developers, this is the director or owner. Document the appointment in writing. Full guide here.
4 Enrol with AUSTRAC. Portal opens 31 March 2026 via AUSTRAC Online. Each reporting entity enrols separately. You need your ABN, business details, and compliance officer name. If you have a reporting group, reference the lead entity.

Phase 2: Program Development (Weeks 3–5)

Build your AML/CTF program — the written compliance framework AUSTRAC requires. AUSTRAC's real estate program starter kit provides a useful baseline.

Steps 5–9

5 Complete your ML/TF risk assessment. Evaluate customer types (domestic, foreign, trust, SMSF), products (off-the-plan, completed homes, land), channels (display village, online, agents), and geography. This shapes your entire program. See what to include.
6 Develop Part A of your AML/CTF program. Risk management framework: compliance officer role, employee due diligence, training plan, transaction monitoring, reporting procedures, record-keeping, and independent review commitment.
7 Develop Part B — Customer Identification Procedures. How you verify individuals, companies, trusts, partnerships, and foreign buyers. When standard CDD applies vs Enhanced CDD. What documents you accept. How you handle electronic verification. Refer to AUSTRAC's customer due diligence guidance for detailed requirements.
8 Get senior management approval. The program must be formally approved by a director, the board, or senior management. Document the approval with date and signature.
9 Set up your compliance platform. Choose AML software built for developers. Configure identity verification, sanctions screening, CDD workflows, and record-keeping. AMLTranche auto-generates your program from step 5.

Phase 3: Operationalise (Weeks 6–8)

Turn the written program into a working process that your team follows on every transaction.

Steps 10–13

10 Train all buyer-facing staff. Sales consultants, project managers, and admin staff who handle buyer information must complete AML/CTF training. Cover: CDD procedures, red flag indicators, escalation process, tipping-off prohibitions. Record completion.
11 Integrate CDD into your sales workflow. CDD must be a mandatory gate before contract generation. Build identity verification and sanctions screening into your standard sales process so it cannot be skipped or forgotten.
12 Set up DFAT sanctions screening. Configure automated screening against the DFAT consolidated sanctions list. For off-the-plan sales, set up periodic re-screening to catch changes during the settlement period.
13 Establish your escalation and SMR workflow. Define who reviews suspicious matters, who makes the decision to lodge a Suspicious Matter Report, timeframes (3 business days / 24 hours for terrorism), and how information is restricted to prevent tipping off.

Phase 4: Go Live (Weeks 9–10)

Test your processes and go live before the 1 July deadline.

Steps 14–15

14 Test on real or simulated transactions. Run your CDD and screening processes on actual buyer data (with consent) or test cases. Verify that identity verification works, sanctions screening returns results, records are stored correctly, and the escalation workflow functions.
15 Go live — 1 July 2026. From this date, every new designated service must be preceded by CDD. Ensure your compliance officer is actively monitoring the dashboard, training records are current, and the AML/CTF program is accessible to all relevant staff.

Timeline Summary

When What Steps
Weeks 1–2 Scope confirmation, entity mapping, compliance officer, AUSTRAC enrolment 1–4
Weeks 3–5 Risk assessment, AML/CTF program (Part A + B), management approval, platform setup 5–9
Weeks 6–8 Staff training, workflow integration, sanctions screening, SMR procedures 10–13
Weeks 9–10 Testing, go-live 14–15

After Go-Live: Ongoing Obligations

Compliance is not a one-time setup. After 1 July 2026, you must maintain these ongoing activities:

Complete this checklist in under an hour.

AMLTranche handles steps 5–14 automatically. Risk assessment, program generation, identity verification, sanctions screening, training tracking, and audit trail — all from one platform. From $59/month.

Get Started → Book a Demo →

Get a free compliance checklist for your business:

No spam. Unsubscribe anytime.

Frequently Asked Questions

How many steps to comply with Tranche 2?

Six core legal obligations, but practically around 15 steps from scoping through to go-live. Most developers can complete everything in 4–8 weeks using compliance software.

When should I start?

Now. AUSTRAC enrolment opens 31 March 2026. Obligations begin 1 July 2026. Starting early gives you time to test your processes before the deadline.

Can I do this without a consultant?

Yes. AMLTranche auto-generates your AML/CTF program, provides IDV and screening tools, and guides you through each step. Consultants can help with complex multi-entity groups, but most developers can self-serve.

What if I am not ready by 1 July?

Selling property without being enrolled and compliant after 1 July 2026 is a breach of the AML/CTF Act. Penalties include civil fines up to $23.1M for companies and criminal sanctions for failure to report suspicious matters.

Is this checklist for agents or developers?

This checklist is specifically for property developers and builders who sell directly. The core obligations are the same for all Tranche 2 entities, but the practical steps — SPV structures, off-the-plan CDD timing, foreign buyer handling — are developer-specific.