Record keeping does not get much attention in AML/CTF conversations, but it is one of the obligations most likely to catch firms out. It is not a one-off task you complete at onboarding. It runs through every part of your compliance program, from the first time you verify a client to the day you close a matter and beyond. This post covers what you need to keep, how long to keep it, and what good practice looks like in a conveyancing context.
What does record keeping mean under AML/CTF?
Record keeping means creating, storing, and managing records of your AML/CTF activities in a way that demonstrates compliance. Your records show AUSTRAC that you identified your clients correctly, assessed risk appropriately, and acted on that assessment. If your business is ever investigated, your records also help authorities trace the flow of funds and identify suspicious activity.
What records do you need to keep?
The types of records you keep depend on the services you provide, but for conveyancers and property lawyers, there are four main categories.
Customer due diligence (CDD) records are required every time you provide a designated service. These records must show the personal information you collected, the steps you took to verify it, your ML/TF risk assessment and reasoning, any beneficial ownership findings, and the outcome of PEP and sanctions screening.
From 1 July 2026, you are not required to retain full copies of identity documents such as passports or driver’s licences. Instead, record the information extracted from the document, including name, date of birth, document type and number, and expiry date, along with what you did to verify it. If a client’s information changes during the relationship, keep both the updated records and the previous CDD records where reasonably necessary to demonstrate compliance.
Transaction records must be created and kept for every transaction related to a designated service. This includes all records you create yourself and any documents the client provides in connection with that service.
AML/CTF program records cover your written program, risk assessment, all prior versions, approval records, change history, independent evaluation reports, and staff training records.
Suspicious matter reports (SMRs) and the underlying records that informed them must also be retained. Restrict access to SMR records to authorised staff only to avoid any risk of tipping off.
How long do you need to keep records?
Keep all records for a minimum of 7 years. The retention period starts from the end of the relevant activity. Retain transaction records for 7 years from the date the transaction was completed, and CDD records from the date the client relationship ended.
How should records be stored?
Bringing record keeping into your workflow
For most firms, the challenge with record keeping is not knowing what to keep. It is having a reliable process to do it consistently across every matter, every time.
The triSearch Compliance Centre is built directly into triConvey and removes the manual work from record keeping. It maintains structured records across your entire compliance program, from CDD and ongoing monitoring through to suspicious matter reporting, and stores them securely with full audit trails retained for 7 years. Your records are organised, searchable, and ready when you need them, whether that is for an internal review, an auditor, or AUSTRAC.
With the 1 July 2026 deadline approaching, now is the time to make sure your record keeping process is built into your workflow, not bolted on after the fact. Find out how the triSearch Compliance Centre supports your record keeping obligations here
