The Risk Is Not the Same at Scale

When a solo principal operating a boutique agency gets their AML compliance wrong, the consequences are serious — but they are largely contained. One reporting entity, one exposure, one set of consequences.

When a franchise group or multi-office network gets it wrong — even in just one office — the story is very different. The regulator sees a systemic problem. The accountability spreads across the entire group. The remediation is not surgical; it is a full-body audit. And the reputational damage does not stay in one postcode — it follows the brand across every office in the network.

This is the risk reality that franchise heads, group principals, and network directors need to understand before they make any compliance infrastructure decision. The question is not just “are we compliant?” The question is: “if our weakest office falls short, does our entire group go down with it?”

For most franchise networks operating today without a centralised, consistent compliance framework, the honest answer to that question is yes.

Why AUSTRAC Focuses Enforcement on Large Groups

It would be comforting to believe that AUSTRAC is most interested in catching the most egregious individual offenders. But enforcement strategy is not purely about justice — it is also about efficiency and systemic impact. Large organisations get targeted precisely because they offer the regulator the biggest return on enforcement effort.

$1.3B

Westpac penalty — largest civil penalty in Australian corporate history

$450M

Crown Resorts settlement — systemic AML failures across multiple properties

$25.2M

Maximum civil penalty per contravention for a body corporate under the AML/CTF Act

The pattern across every major AUSTRAC enforcement action is consistent: the regulator identifies what it calls serious and systemic non-compliance. That phrase is critical. AUSTRAC is not primarily interested in one missed form or one agent who forgot a step. It is interested in failures that reveal a structural breakdown in compliance governance across an organisation.

For a large franchise group, a single office committing a compliance failure is not viewed in isolation. AUSTRAC asks the obvious question: if this is happening here, is it also happening in the other twenty offices? That question triggers a group-wide audit. The cost of that audit — in management time, legal fees, remediation requirements, and business disruption — can dwarf any penalty the regulator ultimately imposes.

AUSTRAC’s approach to large groups: The AML/CTF Act’s Reporting Groups framework means that entities within a corporate group or control structure now automatically form a reporting group unless they explicitly opt out. One failure in the group can expose the lead entity to liability across the entire network. See: austrac.gov.au — Reporting Groups

The Consistency Problem: Your Weakest Link Sets Your Standard

Here is the compliance reality inside most real estate franchise networks right now. Every office has been told they need to be AML compliant. Most have made some attempt to comply. But ask yourself honestly: are they all executing it the same way? To the same standard? With the same level of rigour? Are the agents in your Mackay office approaching compliance the same way as the team in your Sydney CBD office?

Almost certainly not. And that inconsistency is exactly what regulators look for.

Consider the range of people who end up holding Compliance Officer responsibilities in a typical multi-office network without a centralised solution:

Each of these people brings different knowledge, different diligence, and different interpretations of what compliance actually requires. None of them chose this role because they are passionate about AML governance. They are doing it because someone had to, and it landed on them. The result is office-by-office improvisation — which is precisely the inconsistency that AUSTRAC’s Reporting Groups framework is designed to surface and address.

The Scenario No Franchise Head Wants to Live Through

A buyer at one of your offices makes a cash deposit above $10,000. The agent, under listing pressure, does not flag it through the AML system. The Threshold Transaction Report is not lodged. Six months later, that transaction becomes part of a broader investigation into the buyer’s activities.

AUSTRAC does not just look at that one transaction. It looks at your entire network. Auditors arrive at multiple offices. Your compliance programs across all locations are reviewed. Gaps are found — not because every office was negligent, but because the standard was inconsistent, the training was uneven, and there was no centralised oversight to catch the problem before it escalated.

The licensee of that one office faces personal liability. The group head office faces liability as the lead entity under the reporting group structure. Every office in the network sees its compliance framework scrutinised. The investigation appears in industry media. Your brand is associated publicly with AML non-compliance.

And it all started because one agent did not flag one transaction.

What AUSTRAC Actually Expects from Groups and Franchises

AUSTRAC’s published guidance is explicit that compliance obligations do not “scale down” for larger organisations — they scale up. The regulatory expectation for a group or franchise network is not just that each individual office complies. It is that the group complies, as a single governed entity, with consistent standards applied across every office.

Under the AML/CTF Rules 2025 and AUSTRAC’s regulatory expectations for reporting groups, the following are required:

01

A Single, Group-Wide AML/CTF Program

One AML/CTF program must apply across all member entities of the reporting group. That program must be tailored to the group’s actual business activities, not a template distributed to individual offices to implement however they see fit. AUSTRAC’s position is that if it is not documented at group level, it does not exist.

02

A Nominated Lead Entity with Real Authority

The lead entity must be nominated in writing, must have genuine authority to set and enforce AML policy across the network, and must actively govern — not passively oversee. AUSTRAC has made clear that passive oversight converts efficiency into liability. The lead entity is accountable for failures across the group.

03

Standardised CDD, Reporting, and Training Across All Offices

Customer Due Diligence procedures, reporting protocols, and staff training must be standardised and consistently applied across every office in the network. One office conducting superior compliance while another takes shortcuts does not average out — it creates a liability gap at group level.

04

Tiered Compliance Supervision for Larger Networks

For groups of 25 or more staff or multiple branches, AUSTRAC’s guidance contemplates a tiered supervision structure — internal compliance oversight within each branch, a Compliance Function Manager overseeing multiple branches, and centralised reporting and dashboard consolidation at group level. Monthly audit sampling and a network-wide AML incident register are expected practice.

05

Seven-Year Record Keeping at Group Level

Records must be maintained for seven years and must be producible across the entire group on AUSTRAC request. This includes identity documents, AML forms, compliance decisions, training records, staff sign-off acknowledgements, and annual competency review documentation. Individual offices keeping their own records in their own way is not group-level compliance.

06

Independent Evaluation Every Three Years

The group’s AML/CTF program must undergo independent evaluation at least every three years to assess whether it is actually working — not just whether it exists on paper. That evaluation must be genuinely independent: not the principal reviewing their own office, and not the same software platform generating a compliance score on its own output.

07

Functional Separation: Sales Stays Sales

AUSTRAC’s governance expectation is clear that AML compliance decisions should not be spread across sales agents. A qualified, embedded compliance function must maintain functional separation between sales activity and compliance execution. An agent who is simultaneously trying to close a listing and make substantive AML risk judgements is not a compliant arrangement.

The Technology Question: Legacy Platforms vs Purpose-Built Infrastructure

Most AML platforms currently marketing to the real estate sector share a common heritage. They were built by technology developers who identified a compliance gap, built a software product to fill it, and brought it to market quickly ahead of the 1 July 2026 deadline. Some of them are genuinely well-built products. But they carry the assumptions of their origins.

Technology developers think in terms of workflow automation, user interfaces, and data pipelines. They are very good at digitising processes. What they are less naturally equipped to provide is the governance architecture, the compliance judgement, and the institutional understanding of how real estate businesses actually operate that genuine AML compliance infrastructure requires.

Property360 was built from the opposite direction. Eighteen years of finance industry experience — including direct involvement in building the finance arm of a national real estate franchise network — informs every design decision in the SENTINEL platform. The founders understand real estate because they have operated inside it. They understand AML compliance because they have been doing it in financial services for nearly two decades. The technology was built on top of that knowledge, not instead of it.

SENTINEL is also built on current AI architecture, not legacy systems that have been incrementally patched over years. When franchise networks evaluate compliance infrastructure, the age and architecture of the underlying technology matters — particularly when that technology needs to scale across multiple offices, handle large data volumes, and adapt to regulatory changes as AUSTRAC’s guidance evolves.

Security: What Enterprise Groups Need to Know

For a franchise network or large group, the security credentials of any compliance platform are not a nice-to-have. They are a due diligence requirement. Your AML platform handles sensitive personal identity data, financial source information, and compliance records across your entire network. The security posture of that platform is your security posture.

Property360’s SENTINEL platform is built to enterprise security standards:

✓ Property360 SENTINEL

  • SOC 2 Type II certified — security, availability, processing integrity, confidentiality, and privacy controls independently audited over time
  • Australian-hosted infrastructure — data sovereignty maintained onshore
  • 256-bit encryption in transit and at rest
  • Role-based access control — agents see only their submissions; CO has full oversight; principal has group-level view
  • AI-assisted analysis with human oversight at every decision point
  • GreenID integration — government database verification in real time
  • Audit trail for every action, every submission, every approval decision
  • Seven-year compliant record storage by design

— Most Competitor Platforms

  • AMLHUB: ISO 27001 certified — a strong baseline security standard, but ISO 27001 is a management system certification, not an operational controls audit. SOC 2 Type II is the higher bar for ongoing operational assurance
  • First AML: Security certifications not prominently disclosed in Australian market materials
  • PEXA AML: Infrastructure security inherited from broader PEXA platform — not specifically disclosed for AML module
  • Most platforms: No disclosed AI-assisted analysis capability for CO review
  • Most platforms: No embedded human Compliance Officer — security of data handled by software, not governed by accountable people

SOC 2 Type II is the relevant benchmark for enterprise clients evaluating software platforms that handle sensitive data. Unlike ISO 27001, which certifies that a security management system exists, SOC 2 Type II certifies that the actual security controls are operating effectively over a sustained period — typically six to twelve months. For a franchise group handling identity data across dozens of offices, that distinction matters.

Property360’s Model for Groups and Franchises

The challenge Property360 was built to solve at scale is exactly the consistency problem described above. Our Compliance Officers are not freelancers with varying interpretations of what compliance means. They are trained professionals operating from the same program, using the same platform, applying the same standards, and reporting into the same governance structure — regardless of which office they are supporting.

Why Consistency Is Our Structural Advantage

When a principal in your Cairns office submits an AML report through SENTINEL, it is reviewed by a Property360 CO using exactly the same risk framework, the same risk flags, and the same escalation criteria as a submission from your Gold Coast office or your Adelaide office. The standard does not vary by geography or by whoever happened to be available that week.

This is what AUSTRAC expects from a group: one program, one standard, applied consistently across every office. It is what most franchise networks cannot deliver using office-by-office arrangements with different staff holding the CO role in different locations.

All COs trained in Tranche 2 AML/CTF compliance for real estate — not generic compliance professionals
SENTINEL provides identical workflows, risk flags, and escalation pathways at every office in the network
Group-level principal portal gives the head office full visibility across all submissions, all risk statuses, all approvals and holds
Centralised audit trail — every decision is documented, attributable, and available for AUSTRAC review
AI-assisted analysis (Claude-powered) provides CO with structured risk guidance on every submission — consistent analysis, not variable human interpretation
Pricing for groups and franchises is by application — structured around your network size, agent count, and operational requirements

New to This Space. Not New to This Work.

Property360 entered the real estate AML compliance market ahead of 1 July 2026. Some of our competitors have been in the New Zealand real estate AML market for years. We are aware that this is a point they raise, and we want to address it directly.

New to the real estate compliance market is not the same as new to AML compliance. Our founding team brings eighteen years of AML compliance experience from the financial services industry — where the obligations have been in place, and actively enforced, for nearly two decades. The compliance frameworks, the governance architecture, and the risk methodology that Property360 deploys were not invented for this market. They were adapted from a sector where getting AML wrong has had real consequences for real businesses for a long time.

Phil Rice spent years building and operating finance and compliance infrastructure inside real estate businesses — including developing the finance arm for a national real estate franchise network. He understands both sides of the equation in a way that a technology entrepreneur building a compliance SaaS product does not. The difference in that understanding shows in how Property360’s model is structured.

Additionally, Property360’s platform is built on current AI architecture — not legacy technology that predates modern AI capabilities. As AUSTRAC’s expectations evolve and the real estate sector’s compliance maturity increases, that technological foundation positions Property360 to adapt without the constraints that legacy platforms face when adding new capabilities to old infrastructure.

The CFO Model and Group Finance Arms

Property360’s CFO Model — which embeds both a Compliance Officer and a Finance Officer within the agency workflow — is the only model of its kind currently available in the Australian real estate compliance market. For groups and franchises evaluating their options, we want to be both clear and respectful about how this fits.

We are aware that some franchise organisations already operate finance arms of their own, and those relationships are valuable to the network and its members. Property360’s CFO Model is not a challenge to those arrangements, and we would not presume to insert ourselves where an existing model is working well.

Where we believe a conversation is worth having is when the CO or CFO model becomes relevant on its own merits — when a principal is looking for embedded compliance infrastructure that also happens to carry a finance capability, and the existing arrangement does not provide that level of operational embedding.

The Property360 CFO Model is genuinely different from conventional real estate finance arms — including those established during the earlier generation of real estate finance integration. The Compliance and Finance Manager embedded through this model is trained specifically in Tranche 2 AML/CTF compliance for real estate. This is not a general mortgage broker who has read the AUSTRAC guidelines. This is a qualified professional who has been doing AML compliance in financial services throughout their career — and now brings that same standard into the real estate environment.

Not just any broker qualifies for this role. The Property360 CFO Model has specific qualification requirements for the Compliance and Finance Manager role. The training framework, the compliance methodology, and the operational standards are set by Property360. Emerald Edge — Property360’s training and growth platform — provides the coaching framework that ensures the embedded CFM delivers both compliance outcomes and genuine business growth for the principal and their network.

Emerald Group Holdings: The Broader Ecosystem

Property360 operates within Emerald Group Holdings, which provides franchise networks and large group clients with access to something most AML compliance providers cannot offer: genuine business coaching and growth infrastructure. Through Better Business Coach, group and franchise members can access certified business coaching that addresses the commercial challenges of running a real estate business — not just the compliance obligations.

For a franchise head evaluating compliance infrastructure, this matters. The right compliance partner is not just the one that keeps AUSTRAC satisfied. It is the one that understands your business, supports your growth, and can grow with your network as it expands. Property360’s position within Emerald Group Holdings means we bring that broader capability to every engagement.

The Question Franchise Heads Should Be Asking

Before your next board meeting or network principal conference, ask yourself these questions about your current compliance arrangement:

These are uncomfortable questions. They are also the right ones. The cost of addressing them now — through proper centralised compliance infrastructure — is a fraction of the cost of addressing them after AUSTRAC has already started asking them on your behalf.

Disclaimer: This article is provided for general informational purposes only and does not constitute legal, compliance, or regulatory advice. AML/CTF obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and the AML/CTF Rules 2025 are complex and vary by business structure. Statutory liability remains with the reporting entity regardless of third-party systems or services used. Groups and franchise networks should obtain independent legal advice in relation to their specific obligations. Australian Credit Licence 392611.

Built for groups. Ready for your network.

Property360 structures custom compliance frameworks for franchise networks and multi-office groups. Pricing is by application based on your network size and requirements. Book a strategy call with Phil Rice and the Property360 team to discuss what the right model looks like for your organisation.

Book a Strategy Call