Kyrstie Nolan, Barry Plant, Head of Operations. Image: Supplied
Kyrstie Nolan, Barry Plant, Head of Operations. Image: Supplied

There’s a lot of noise right now around who should “carry the compliance load” for AML. Reporting Groups, outsourced models, hands-off partnerships – all promising simplicity.

But simplicity often comes with a trade-off. And in this case, it’s not just operational – it’s about where your risk sits.

The core question: should agencies join a formal Reporting Group or remain Independent Entities?

Both ends of the spectrum present challenges. A hands-off franchisor approach can leave offices exposed. A fully centralised model can introduce constraints and redistribute risk across the network.

And that risk is increasing.

From July 1, once you become an AML reporting entity, the Small Business Exemption under the Privacy Act disappears. Even under a $3M turnover, you’ll be bound by the Australian Privacy Principles.

That shifts the risk profile significantly.

Centralising compliance doesn’t just centralise process – it centralises data. That creates a concentrated pool of sensitive client information, introducing a significant privacy and data risk that is often overlooked.

This is where Reporting Groups carry hidden exposure. At Barry Plant, this was a key consideration. It’s why we adopted a Hybrid Model – providing strategy, technology, training, and support, while keeping responsibility and client relationships where they belong – within each office.

If you’re weighing your options, these are the questions that matter:

In a formal Reporting Group, you are only ever as strong as your weakest link.

One failure can impact the whole network – whether it’s an audit issue, missed KYC, or poor data handling. A decentralised approach contains that risk at an office level.

2. Where does visibility sit?

AML is about tracking money movement in real time.

Centralised models can create distance from deposits entering trust accounts.

Is the deposit coming from the name on the contract?

Is it arriving in fragmented or unusual amounts?

Local oversight allows those questions to be asked and addressed as the funds are received, rather than after the fact during reconciliation or audit.

It also raises a broader question: how is suspicious activity identified?

If a property sells unusually quickly, or well above market value, that context isn’t always visible on paper. It often comes from being close to the transaction, understanding the client, the deal, and what feels out of the ordinary.

3. Who is asking your clients the uncomfortable questions?

The agent-client relationship is built on trust.

When compliance is handled centrally, clients may be asked to share sensitive financial information with someone they haven’t met, particularly during Enhanced Due Diligence, when they are questioned about their source of wealth or personal finances.

For some, that may not be an issue. For others, it can create friction.
Keeping this local preserves trust and continuity.

4. Does your business stop if one person gets the flu?

This is a practical consideration.

Under AML obligations, you can’t act for a vendor until KYC is complete, Enhanced Due Diligence is addressed where required, and reporting obligations are met. Settlement can’t proceed until the buyer side is also compliant.

So what happens if that central function is unavailable?

Listings get delayed. Settlements stall.

Distributed responsibility keeps deals moving.

5. Is your compliance framework built for your market?

Real estate is local.

Different offices carry different risk profiles – from foreign investment to purely domestic transactions.

Yet under a single Reporting Entity, everyone operates under the same framework.

That framework has to be broad enough to cover all scenarios, which means it’s rarely specific enough to reflect any one business accurately.

A more tailored approach allows your risk assessment and compliance program to align with the realities of your market – your clients, your transactions, and how your office actually runs. These should be your most defensible documents.

6. Who is covering the cost of education?

AML training is not optional. It’s a legal requirement, and it doesn’t stop after July 1.

Every new hire must be trained, and existing staff must be regularly refreshed annually, even if you’re in a reporting group.

Over time, this creates a sustained operational cost that should be considered as part of your broader compliance strategy.


There’s no one-size-fits-all answer when it comes to AML compliance models.

For us, the Hybrid Model reflects a balance – combining centralised support with local accountability.

But regardless of the model you choose, the key consideration remains the same:

Where responsibility sits will ultimately define your exposure.

Don’t mistake convenience for safety. Choose a structure that gives you visibility, protects your clients, and supports your team.