The OMARA Letter You Hope Never Arrives: Automating Compliance Readiness for Migration Agents

The letter arrived on a Tuesday. Plain envelope, Commonwealth crest, addressed to the principal registered migration agent. Three paragraphs. The Office of the Migration Agents Registration Authority was conducting a compliance monitoring activity in relation to her practice. She was requested to produce complete client files for twelve named clients within twenty-one days. A scheduled office inspection would follow.

I know the agent this happened to. She is experienced, competent, and genuinely cares about her clients. She has been registered for over a decade and runs a respected four-person practice in Melbourne. She is exactly the kind of agent you would assume has nothing to worry about.

She spent the next three weeks in a state of controlled panic.

The problem was not that she had done anything wrong. The problem was that she could not prove she had done everything right. Her files were scattered across Migration Manager for case notes, OneDrive for client documents, Outlook for correspondence, HubSpot for client contact details, and a separate Excel spreadsheet for her document register. Producing a single complete file for one client meant manually pulling information from five different systems, cross-referencing dates, printing email chains, and hoping nothing had been misfiled or deleted.

Twelve clients. Five systems each. Twenty-one days. And she still had a practice to run.

The Compliance Landscape Every Agent Lives In

Here is the reality that most agents try not to think about: OMARA does not need a reason to audit you. There is no minimum complaint threshold. There is no safe period after your last renewal. The 2024 ANAO performance audit found that OMARA’s enforcement activities needed strengthening, and all eleven recommendations were agreed to. That means more audits, more scrutiny, and less tolerance for agents whose files have gaps.

The Code of Conduct is specific about what your files must contain. A signed service agreement executed before you commenced work. A record of every communication — written correspondence and notes of oral communications, including the substance of advice given. A document register tracking every significant original document you received and returned, with dates and client acknowledgments. Financial records showing the separation of client and operating accounts. Evidence that you provided the consumer guide before entering a service agreement. And all of this must be retained for seven years after the last action on the matter.

That is not a best-practice suggestion. Those are obligations with consequences.

What Three Weeks of Panic Looks Like

My colleague — I will call her Sarah, though that is not her name — spent the first two days of those three weeks simply working out what she had for each of the twelve clients. She created a master spreadsheet with columns for every compliance requirement and started ticking boxes.

The results were sobering. Of the twelve client files requested:

• Nine had signed service agreements, but three were undated or had been signed after work commenced
• Seven had adequate file notes, but five had significant gaps — particularly around phone consultations where advice was given but no contemporaneous note was created
• Four had complete document registers; the remaining eight had partial registers or none at all
• Eleven had communication records via email, but oral communications were documented inconsistently across all twelve
• Only two had a clear record of consumer guide provision

Sarah is not a negligent agent. She is a busy one. Every gap in her files was the result of a moment where the urgent displaced the important — a client call that ran long and the file note never got written, a passport returned in person without updating the register, a consumer guide sent via email but not logged anywhere searchable.

She pulled through. She reconstructed what she could from email trails, calendar entries, and bank statements. She wrote retrospective file notes where she could recall the substance of conversations. She located the missing service agreements and had clients re-execute backdated versions where possible. She engaged a compliance consultant to review the reconstructed files before the inspection.

The inspection identified several areas of concern but ultimately resulted in re-education rather than formal sanctions. She was fortunate. The outcome could have been conditions on her registration, a requirement for supervision, or worse.

The Gap Between Recording and Compliance

The agents who use Migration Manager have a structural advantage here. MM was designed around the Code of Conduct, and its file note system, service agreement templates, and document register are built into the workflow. If you use MM consistently, your compliance position is strong.

But “consistently” is doing enormous work in that sentence. MM records what you put into it. It does not chase you when you forget. It does not flag that you received a passport two weeks ago and never logged the return. It does not notice that you had a forty-minute phone call with a client and never created a file note. It does not alert you that a service agreement was uploaded without an execution date.

For the multi-tool agents — those running HubSpot plus OneDrive plus Outlook plus a separate accounting system — the gap is even wider. Each tool does its job adequately, but no tool knows what the other tools contain. Your CRM does not know whether the client’s OneDrive folder has a signed service agreement. Your email does not know whether the advice you gave in a reply has been captured as a file note. Your spreadsheet document register does not know whether the passport you logged as received has been logged as returned.

The compliance gap is not in any single system. It is in the spaces between them.

Building an Always-Audit-Ready Practice

The transformation is not about buying new software. It is about connecting the tools you already use so that compliance happens as a byproduct of your normal workflow, not as an additional task you have to remember.

Layer 1: The Compliance Health Check

The foundation of audit readiness is knowing the state of your files at all times, not just when OMARA writes to you. A weekly automated scan of every active client file answers five questions:

1. Does a signed service agreement exist with a valid execution date?
2. Is there a record of consumer guide provision?
3. When was the last file note created, and is there an interaction since then that lacks a corresponding note?
4. Is the document register current — are all original documents received accounted for, and are all returned documents logged with dates?
5. Are financial records reconciled — do client account transactions match the work logged?

Any “no” answer generates an alert. Not an email that gets buried. A specific, actionable item: “Client Rajesh Patel — no file note created since phone consultation on 14 November. Create file note or mark as non-advisory interaction.”

Layer 2: Automated File Note Prompts

The single most common audit finding is inadequate file notes. Not missing files, not unsigned agreements — file notes. Specifically, the failure to document oral communications and the substance of advice given.

Every migration agent knows they should create a file note after every client phone call, every meeting, and every email where they gave substantive advice. Almost no one does it consistently. The call ends, the next client is waiting, and the file note gets pushed to “later.” Later becomes tomorrow. Tomorrow becomes next week. Next week becomes never.

The fix is simple: connect your calendar and email to a prompt system. When a calendar event involving a client concludes, the system waits one hour, then sends you a prompt: “You had a 30-minute meeting with [Client Name] at 2:00 PM. Create a file note?” When an outbound email containing substantive advice is sent, the system flags it: “This email to [Client Name] appears to contain immigration advice. Has this been captured in a file note?”

You still write the file note. The system does not write it for you — and it should not, because the substance of your advice requires your professional judgement to document accurately. But the system ensures that no interaction slips through the gap between “I should write that up” and “I forgot.”

Layer 3: Document Register Automation

The document register is a deceptively simple requirement that causes outsized problems during audits. You must maintain a register of significant original documents — passports, birth certificates, educational qualifications, employment references — noting when each was received, from whom, and when it was returned.

In practice, agents receive original documents in person, by post, and sometimes via courier. They return them the same way. The register is a spreadsheet that gets updated when someone remembers to update it. During an audit, OMARA wants to see that every original document received has a corresponding return entry, with dates and ideally a client acknowledgment.

The automated approach connects document uploads to the register. When a file is added to a client’s OneDrive folder and tagged as an original document, the register is updated with the received date and document type. When the document is returned, the agent logs the return in a simple form — client name, document type, return method, date — and the register updates accordingly. A monthly scan identifies any original documents that have been held for more than ninety days without being returned, generating a reminder to either return the document or record why it is being retained.

Layer 4: The Audit-Ready Export

This is where everything comes together. When OMARA requests a client file, you need to produce a complete record. Not “most of it now and the rest by Friday.” A complete record.

With connected systems, the export pulls from every source and assembles a single file:

• Service agreement with execution date and signatures
• Consumer guide provision record with acknowledgment
• Complete communication log — every email sent and received, with dates
• File notes in chronological order, including the subject matter and whether oral or written
• Document register entries for that client, showing all originals received and returned
• Financial summary showing all fees charged, payments received, and account reconciliation
• All supporting documents from the client’s folder, organised by category

What took Sarah three weeks across twelve clients should take minutes. Not because the information is different, but because the information is already connected rather than siloed across five systems that do not talk to each other.

The Cost of Getting It Wrong

I want to be direct about the stakes because I think some agents underestimate them. OMARA’s graduated response framework sounds reasonable on paper — early resolution, re-education, conditions, suspension, cancellation, barring. In practice, the consequences compound quickly.

Conditions on registration might mean mandatory supervision, which means paying a supervising agent to review your files regularly. That is an ongoing cost, typically several thousand dollars per year, and it signals to clients and referral partners that something went wrong.

Suspension means you cannot practise. Your clients need to be transferred to another agent or their matters stall. Your income stops. Your lease, your staff, your insurance — those costs do not stop.

Cancellation and barring are career-ending for the period specified, and the reputational damage extends well beyond it.

The Two-Phase Approach for Agents Starting Behind

If reading this article has made you uncomfortably aware of gaps in your own files, you are not alone. Most agents I speak with have some level of compliance debt — files that are not quite complete, file notes that were never written, document register entries that were never made.

The path forward has two phases, and trying to do both simultaneously is a mistake.

Phase one is remediation. Take your active client list — every client with an open matter or a matter closed within the past two years — and run a manual compliance check against the Code of Conduct requirements. Service agreement present and dated. Consumer guide provision documented. File notes adequate and contemporaneous. Document register current. Financial records reconciled. Flag every gap.

Then close the gaps. Write the retrospective file notes where you can still recall the substance of the interaction. Locate or re-execute missing service agreements. Update the document register from bank statements, courier receipts, and email records. This is tedious, unglamorous work, and it typically takes two to four weeks of concentrated effort for a practice with fifty to one hundred active clients.

Phase two is prevention. Once your current files are clean, put the automated systems in place so they stay clean. The weekly compliance health check catches new gaps before they accumulate. The file note prompts ensure oral communications are documented within twenty-four hours. The document register automation tracks originals from receipt to return. The audit-ready export means you can respond to an OMARA request in hours rather than weeks.

Phase one without phase two means you will be back in the same position within six months. Phase two without phase one means your new files will be pristine but your historical files will remain a liability. You need both.

What Sarah Would Do Differently

I spoke with Sarah six months after her audit. She had implemented most of what I have described in this article — not because I told her to, but because the experience of those three weeks left a mark.

She told me that the hardest part was not the audit itself. It was the realisation that she had been one complaint away from it happening at any time during the previous decade, and her files had never been in a state where she could have responded with confidence. The audit letter did not create the problem. It revealed it.

Her practice now runs a weekly compliance health check every Monday morning. She reviews the report over coffee. Most weeks, there are one or two items — a file note prompt she dismissed and needs to go back to, a document register entry that needs a return date. She addresses them before her first client meeting. The entire process takes twenty minutes.

She described those twenty minutes as the most valuable time she spends each week. Not because of what they accomplish in themselves, but because of the anxiety they eliminate. She no longer has a low-grade fear of the post. She knows the state of her files. She knows they are complete. If the letter arrives again tomorrow, she can respond in hours, not weeks.

Getting Started This Week

You do not need to build everything at once. Start with the one thing that will make the biggest difference to your compliance position immediately.

This week: Create a compliance checklist spreadsheet. List every active client. For each client, check five boxes: service agreement (signed and dated), consumer guide (provided and acknowledged), file notes (current within thirty days), document register (no outstanding originals beyond ninety days), financial records (reconciled). See where you stand.

Next week: Address the gaps. Start with service agreements and consumer guide records, because these are binary — they either exist or they do not, and they are the easiest to remediate.

Week three: Set up automated file note prompts. Connect your calendar to a reminder system so that every client meeting generates a prompt to create a file note within twenty-four hours. This single automation closes the most common compliance gap.

Week four: Build the weekly compliance health check. Automate the spreadsheet you created in week one so it refreshes every Monday, scanning your systems for new gaps.

The letter from OMARA is not a matter of if. For an increasing number of agents, it is a matter of when. The only question is whether you will spend three weeks reconstructing your files in a panic, or twenty minutes on a Monday morning confirming that everything is already in order.

Twenty minutes a week is not a lot to ask for the certainty that your registration — and your livelihood — is secure.