Advanced
Price Range From To
Other Features

Information Security Policy

1. Purpose

This policy outlines how Anthony Stevens Real Estate protects the confidentiality, integrity, and availability of all business and client information, and supports compliance with applicable laws, including the Privacy Act 1988 (Cth) and Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) obligations.

2. Scope

This policy applies to:

  • All employees, contractors, and representatives
  • All systems, software, and devices used by the business
  • All client and transaction-related information

3. Types of Information Covered

The business collects and manages sensitive information including:

  • Customer identification documents (KYC / AML verification)
  • Financial and banking details
  • Property transaction records
  • Contracts, leases, and legal documentation
  • AML/CTF records and risk assessments

4. Core Security Principles

4.1 Confidentiality

All personal and transaction data is accessed only by authorised personnel and disclosed only where required by law or with client consent.

4.2 Integrity

Information is maintained accurately and protected against unauthorised alteration, ensuring reliability for regulatory and transaction purposes.

4.3 Availability

Information and systems are maintained to support ongoing business operations and regulatory reporting requirements.

5. Information Handling & Storage

5.1 Digital Data

  • Stored in secure, reputable platforms (e.g. CRM systems, AML verification platforms such as AMLHub)
  • Protected with passwords, access controls, and multi-factor authentication where available
  • Regular backups and system protections are maintained

5.2 Physical Documents

  • Stored securely in locked cabinets or restricted-access offices
  • Access limited to authorised personnel
  • Secure destruction (e.g. shredding) when no longer required

6. Access Control

  • Access is granted based on role and business need
  • Staff must not share login credentials
  • Systems must be secured when unattended
  • Access is revoked immediately upon termination or role change

7. AML/CTF Compliance Alignment

Anthony Stevens Real Estate implements information security practices that directly support its AML/CTF compliance obligations, including:

7.1 Customer Identification & Verification (KYC)

  • Secure collection and storage of identity verification documents
  • Use of trusted digital verification platforms where applicable
  • Protection of sensitive identity data from unauthorised access

7.2 Record Keeping

  • AML/CTF records are retained securely for the required statutory period (typically 7 years)
  • Records are easily retrievable for audit, compliance reviews, or AUSTRAC reporting

7.3 Risk Management

  • Client and transaction data is protected to support risk-based assessments
  • Systems are designed to minimise fraud, identity misuse, and unauthorised transactions

7.4 Reporting & Monitoring

  • Information is maintained securely to enable accurate reporting of suspicious matters if required
  • Access to AML/CTF information is restricted to authorised personnel only

7.5 Third-Party AML Providers

  • Any AML/KYC platform used (e.g. AMLHub) must maintain strong security controls and data protection standards
  • Data shared with third parties is limited to what is necessary for compliance

8. Use of Technology

  • Business systems must be secure and regularly updated
  • Antivirus and cybersecurity protections are maintained
  • Public Wi-Fi is not used for accessing sensitive systems unless secured
  • Only approved platforms are used for storing or transmitting client information

9. Data Breach & Incident Response

A data breach includes unauthorised access, disclosure, or loss of information.

Response procedures:

  1. Immediate reporting to management
  2. Containment of the breach
  3. Assessment of impact (including AML/CTF implications)
  4. Notification to affected individuals and regulators (including OAIC / AUSTRAC if applicable)
  5. Implementation of corrective measures

10. Third-Party Providers

  • Only trusted providers with appropriate security standards are engaged
  • Service providers must comply with privacy and data protection obligations
  • Ongoing due diligence is undertaken

11. Compliance & Legal Obligations

Anthony Stevens Real Estate complies with:

  • Privacy Act 1988 (Cth) and Australian Privacy Principles
  • AML/CTF legislative requirements and AUSTRAC guidance
  • Victorian real estate laws and regulations

12. Staff Responsibilities

All personnel must:

  • Handle client and AML information securely and confidentially
  • Follow internal compliance procedures
  • Report suspicious activity, potential fraud, or breaches immediately
  • Complete AML/CTF and information security training as required

13. Policy Review

This policy will be reviewed annually or in response to:

  • Regulatory changes (including AML/CTF updates)
  • Business or system changes
  • Security incidents or audit findings

14. Summary

Anthony Stevens Real Estate is committed to maintaining strong information security practices that support both client trust and regulatory compliance, including AML/CTF obligations. Secure information handling underpins all property transactions and compliance activities.

Compare listings

Compare