Real estate agencies in Brazil are designated reporting entities under the COAF framework — they are required to conduct customer due diligence, maintain records of high-value transactions, and report suspicious activity. In practice, most agencies know this in theory. Very few have a structured process that would survive an actual COAF investigation.
The compliance obligation has three operational pillars. The first is customer due diligence (CDD): verifying the identity of the buyer, seller, or tenant, assessing their risk profile, and documenting the basis for approving the transaction. The second is property due diligence: verifying the property's legal status, ownership chain, and absence of encumbrances before any contract is signed. The third is transaction reporting: filing communications with COAF for transactions meeting the threshold defined in Resolution 36/2021 or flagged by risk indicators.
CDD starts with structured data collection. A KYC workflow for a buyer or tenant collects: identity documents, proof of income or assets, source-of-funds declaration, PEP screening confirmation, and LGPD consent record. These are not fields on a shared spreadsheet — they are required attachments on a workflow that does not advance without each document. The analyst who reviewed each document signs off at the end of the KYC stage. That sign-off is the CDD record.
Property due diligence is a parallel workflow tied to the same transaction. Required documents vary by transaction type: for a rental, you need a current property registration (matrícula atualizada, maximum 30 days old), property tax clearance (IPTU), and habite-se certificate if applicable. For purchase and sale, the list extends to negative certifications, ITBI documentation, and debt clearance. An approval gate from the legal coordinator blocks the contract from being generated until every document is verified and current.
The COAF reporting obligation is triggered by specific conditions: cash or cash-equivalent transactions above R$50,000 per Resolution 36/2021, or transactions with suspicion indicators regardless of value. When these conditions are present, the workflow branches to a COAF communication sub-flow with mandatory fields: transaction details, parties involved, risk indicators identified, and confirmation of filing. The record is immutable once submitted — any auditor can pull it with date, content, and confirmation.
Integration between CDD, property due diligence, and COAF reporting is what most agencies lack. The three often happen in separate email threads, separate spreadsheets, or separate people who do not share a record. When a COAF investigation arrives, the agency has to reconstruct the compliance record from emails and memory. A workflow that ties all three to the same transaction record eliminates reconstruction entirely.
For franchise networks operating multiple branches, the structural requirement is centralized oversight with local execution. Each branch runs its own KYC and due diligence workflows using the compliance template defined by headquarters. The national compliance officer has a consolidated view of all open transactions, overdue KYC steps, and pending COAF filings across every branch — without having to call each location.