16 September 2025
7 min read
#Property, Planning & Development
Published by:
Significant changes are on the way for real estate agents and property developers. Under the updated 2025 Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) rules, real estate agents who broker the sale, purchase, or transfer of real estate, as well as property developers involved in off-the-plan sales or transfers not brokered by an independent agent, can now rely on the collection and verification of know your customer (KYC) information as part of initial customer due diligence (ICDD), previously carried out by another reporting entity or foreign equivalent. While this added convenience is available, it also brings ongoing responsibilities that must be carefully managed.
From 31 March 2026, these new rules for real estate agents and property developers providing designated services will officially take effect. Although these requirements may seem challenging at first, compliance can become more manageable by strategically relying on third parties to collect and verify KYC information.
The updated rules now provide clear guidance on what is required when relying on another reporting entity or a foreign equivalent for ICDD verification and information collection. This process must be fully documented in Part B of an AML/CTF program. Division 8 of Part 6 in the 2025 AML/CTF rules does not apply to ‘outsourcing’ or conducting customer due diligence (CDD) through agency arrangements. Instead, these provisions address situations where real estate agents and property developers rely on KYC information collected during CDD by another reporting entity or foreign equivalent, either under a CDD arrangement or on a case-by-case basis.
For formal CDD arrangements, the other party must be a reporting entity or a foreign equivalent regulated by laws aligned with FATF recommendations on CDD and record keeping. The arrangement must be suitable for the money-laundering (ML), terrorism financing (TF), and proliferation financing (PF) risks of the relying entity. This means considering the nature, size, and complexity of the other party’s business, their customer base, and the country in which they operate. For higher risk or more complex services and customers, the relying entity must carefully consider if the other business can perform initial CDD (ICDD) to the required standard.
The relying reporting entity must obtain KYC information from the other party before starting any designated service, unless delayed ICDD is permitted. They must also obtain copies of the data used for KYC verification, either immediately (such as through an IT system) or as soon as possible after a request. The responsibilities of each party, including record-keeping, must be clearly documented in the arrangement.
For case-by-case reliance, the requirements are similar but apply to specific situations. Reliance is restricted to another reporting entity or foreign equivalent and must be appropriate to the ML, TF, and PF risks of the customer, considering the other party’s business and customer base. The relying entity must have reasonable grounds to believe it can obtain all KYC and verification data before providing the service, or later if delayed ICDD is allowed. The responsibilities of each party must be documented.
The consequences of failing to do ICDD depend on the structure of the reliance. If a real estate agent or property developer uses a formal, ongoing CDD arrangement, they are still responsible for fixing any problems with their own customer checks. As long as these issues are addressed, they are still considered to have collected and verified the required KYC information.
If reliance is done on a case-by-case basis, the rules are stricter. If the other party did not actually collect or verify the required KYC information, the relying business is not considered to have met its own KYC obligations. In these cases, the business cannot claim it completed the required checks unless the other party truly did them.
Imagine a real estate agent or property developer working on a property sale with other professionals, such as lawyers. Instead of repeating KYC checks for the same client, they can streamline onboarding by relying on the KYC process already completed by another party involved in the transaction. This approach saves time, reduces hassle for clients, and makes business operations more efficient.
However, this shortcut is subject to important conditions. Under the latest AML/CTF rules, reliance on another party is only allowed if it is a regulated reporting entity or a foreign equivalent that meets FATF standards. Any arrangement with a regulated third party must be tailored to address the risks of ML, TF, and PF, considering the other party’s business operations and customer base.
When relying on a third party for ICDD, it is essential to obtain all required KYC information before providing any designated services, unless the rules allow for delayed ICDD. Timely access to all verification data is crucial, and an agreement should clearly outline each party’s responsibilities, including who will be responsible for record-keeping.
To stay ahead of financial crime risks, all agreements and arrangements with third parties must be reviewed regularly. A reporting entity must assess whether the agreement or arrangement continues to meet the standards for CDD arrangements. The timing of reviews should reflect the ML, TF, and PF risks of the services provided, but must occur at least every two years. If there is a significant change in circumstances, such as shifts in customer type, new services, or regulatory updates, an immediate review is required.
Reliance is not a ‘set and forget’ solution. The AML/CTF framework requires ongoing attention to ensure agreements and arrangements remain effective and compliant. Findings from each review should be recorded, noting the compliance status, any issues identified, and actions taken to resolve them. Keeping these records up to date demonstrates a commitment to compliance and provides important evidence if the agency or developer is audited or reviewed by regulators.
For both real estate agents and property developers, wise reliance on KYC information can make business smoother, faster, and more client-friendly, as long as all requirements are met. Maintaining robust reliance agreements, conducting thorough risk assessments, and ensuring that reviews are properly documented and acted upon will support ongoing compliance with the AML/CTF regime and help safeguard the integrity of Australia’s property market.
Our key takeaways for real estate agents and property developers include:
By following these steps, reporting entities can confidently meet regulatory obligations and help create a safer, more transparent property industry. Vigilance, informed decision-making, and strong compliance practices are essential for ongoing success.
For a refresher, see our previous article on the AML/CTF obligations for the real estate sector.
If you have questions about the AML/CTF laws or need support in developing a compliance program that meets your legal obligations, please contact us here.
Disclaimer
The information in this article is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, we do not guarantee that the information in this article is accurate at the date it is received or that it will continue to be accurate.
Published by:
