The Australian Government brought cyrptocurrency exchanges under a regulatory framework, Amendments to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) on April 3, 2018. Under the laws, the crypto trading market is treated on par with securities market, and digital currency exchange (DCE) providers are required to comply with the AML/CTF obligations laid down in the recommendations.

The Australian approach governs crypto exchanges along the lines of money service businesses, by imposing certain obligations to help law enforcement identify money launderers and terror financers.

What is a cryptocurrency or digital currency exchange under AUSTRAC?

DCE services operating as a cryptocurrency exchange are referred to as ‘digital currency businesses’.

AUSTRAC provides for the definition of a DCE, tying it up with AML compliance:

“If your business exchanges money (whether Australian or foreign currency) for digital currency, or digital currency for money, then you have obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act)”

Who and what is covered?

All cryptocurrency exchanges operating within the jurisdiction of Australia are governed by the new guidelines.

To help digital currency exchange operators understand whether they are to register under the new regime, AUSTRAC has issued a “Guide to Preparing and Implementing an AML/CTF Program”. It also clearly states that registration with AUSTRAC as a DCE does not automatically endorse its legitimacy, but depends upon the AML/CTF compliance approach adopted.

Businesses providing DCE services prior to the law must apply for enrolment by 14 May 2018 to be elgible for DCE services from 15 May. If already enrolled, the entities must update their enrolment by 11 June 2018.

All DCEs (cryptocurrency exchanges) registered with AUSTRAC are required to:

  • register and enrol their business with AUSTRAC
  • adopt and maintain an AML/CTF program
  • identify, mitigate and manage the risks of ML and TF
  • report suspicious activities to AUSTRAC

A suspicious matter can relate to any crime, not just ML/TF. A suspicious matter reporting (SMR) must be filed within 24 hours if related to terrorism financing; and 3 business days if suspicion is related to money laundering, tax evasion or other ground.

  • have threshold transaction reporting obligations where physical currency accepted or paid out is AUD10,000 (or its equivalent) or more
  • maintain customer records for a minimum period of seven years


Guidelines for maintaining AML/CTF program

AUSTRAC provides the most comprehensive regulatory framework for digital currency exchange businesses.

1) A DCE must have a risk awareness training program in place to factor

  • the business’ obligations under the AML/CTF Act and the consequences of non-compliance
  • the types of ML/TF risk faced by the business might face and potential consequences

2) The AML/CTF program must have an employee due diligence program that sets out the process of employee accountability, by

3) Submit AML/CTF compliance reports by the due date.

4) Conduct ongoing customer due diligence (OCDD) & transaction monitoring (TM), by

  • updating, verifying and re-verifying customer information
  • maintaining a TM program to identify suspicious and reportable transactions

4) As part of the enhanced customer due diligence program, DCEs are required to apply enhanced diligence where there is a high ML/TF risk, when a suspicious matter reporting obligation arises, or where a customer is a foreign politically-exposed person (PEP), and when

  • the business provides digital currency exchange services to a customer who is, or who has a beneficial owner who is, a PEP; or
  • the business has entered in or is proposing to enter into a transaction with an entity who is physically located in a prescribed/sanctioned foreign country.

Enhanced CDD compliance includes seeking further information from the customers or third party sources to obtain information about the source of wealth or funds the customer is using to invest or transact in the digital currency.

AUSTRAC rules for sanctions/PEP screening and beneficial ownership

The new regime for DCE or cryptocurrency exchange services are required to comply with the Australian sanctions laws, and conduct screening for sanctions, PEP and beneficial ownership.

A. Sanctions Screening

Customers are to be screened against the Department of Foreign Affairs and Trade (DFAT) Consolidated List of designated persons and entities subject to sanctions.

B. Verifying Beneficial Ownership

For checking on beneficial ownership of domestic customers, the DCE must in addition to collecting information from the customer, use an online identification verification service or API.

C. Politically Exposed Person (PEP)

During customer oboarding, a DCE must also determine whether the customer is a PEP by using a screening service. Additionally, DCEs are recommended to make use of sophisticated screening APIs for negative news screening – crunching information from feeds and adverse media – to factor the risk level of the PEP.