A Guide to Anti-Money Laundering for Crypto Firms

AML In Australia: What You Need To Know

AML Compliance Knowledge & Training

Australia has one of the largest economies in the Asia Pacific, and hosts thousands of international businesses, including a diverse community of FinTech service providers. From 2017 to 2021, the number of Australian FinTechs doubled to around 800, contributing to a broad ecosystem of banks, neobanks, payment service providers, and virtual asset service providers (VASP) – amongst many others. In order to protect its diverse financial system, Australia has put a range of AML/CFT laws in place – with strict penalties for firms that fail to achieve compliance. 

Ensure your company is able to meet its regulatory obligations and can address criminal threats, with our guide to AML in Australia

Who is Australia’s AML/CFT regulator?

The Australian Transaction Reports and Analysis Centre (AUSTRAC) is Australia’s primary financial regulator. Established in 1989, AUSTRAC’s stated purpose is to protect Australia’s financial system from abuse by using ‘financial intelligence and regulation to disrupt money laundering, terrorism financing and other serious crime’. 

In practice, AUSTRAC provides oversight for Australia’s banks and financial institutions, ensuring that they comply with the country’s financial regulations and report suspicious transactions when they detect them. When AUSTRAC receives suspicious activity reports (SAR) from financial service providers, it will determine whether a criminal investigation is necessary. Where regulatory violations are found, AUSTRAC has the authority to enforce criminal and financial penalties. 

AUSTRAC supervises over 15,000 businesses in Australia and also works closely with international counterparts to contribute to the global fight against money laundering and the financing of terrorism. 

Australia’s Anti-Money Laundering Acts

Australia has passed several key AML/CFT laws:

  • The Anti-Money Laundering/Counter-Terrorism Financing Act (AML/CTF) Act 2006: The AML/CTF Act sets out key compliance obligations for the private sector, and the requirement to report suspicious activity to AUSTRAC.
  • The AML/CTF Rules Instrument 2007: The Rules Instrument sets out instructions for how the AML/CTF Act should be implemented.
  • The AML/CTF (Prescribed Foreign Countries) Regulations 2018: The Prescribed Foreign Countries rules concern AML/CFT measures specific to trading with Iran and North Korea. 

Anti-Money Laundering Obligations in Australia 

Australia implements AML legislation in order to meet its obligations to the Financial Action Task Force (FATF). Accordingly, under the AML/CTF Act (and associated legislation), firms must meet the following key compliance steps: 

1)  Register with AUSTRAC: All private sector firms that provide designated financial services must register with AUSTRAC in order to obtain an operating license. AUSTRAC lists the types of firms that must register in the AML/CTF Act. 

2) Develop an AML program: Following FATF guidance, firms in Australia must put a risk-based AML program in place. The program must include a range of AML/CFT policies and procedures, including customer due diligence (CDD), enhanced due diligence (EDD), sanctions screening, and politically exposed person (PEP) screening. Firms must also appoint an AML Compliance Officer to oversee their AML program. 

3) Report to AUSTRAC: When a firm in Australia detects suspicious activity, it must have a process in place to report that activity to AUSTRAC via a suspicious matter report (SMR). Transactions of $10,000 or more must be reported automatically. 

4) Keep AML records: Firms must implement a system to keep customer AML records for a period of at least seven years. Those records must be produced for law enforcement agencies upon request for use in AML/CFT investigations. 

How Is AML Compliance Changing?

In 2015, a FATF Mutual Evaluation Report (MER) of Australia revealed a range of AML/CFT deficiencies. Those deficiencies had left the country vulnerable to financial criminals, and led to a number of high-profile regulatory compliance violations. Significant issues raised in Australia’s MER included inadequate CDD requirements and inadequate AML/CFT controls for correspondent banks. The FATF also emphasized Australia’s failure to extend AML/CFT regulations to designated non-financial businesses and professions (DNFBP) such as casinos, law firms, and real estate agencies.

In response to the FATF’s evaluation, the Australian government passed a range of new AML/CFT legislation between 2021 and 2022, introducing the following regulatory measures and controls: 

  • Financial services firms in Australia must conduct risk-based CDD for all clients. Firms may also engage third-party service providers to conduct CDD on their behalf.
  • CDD requirements have been extended to correspondent banking relationships. Cross-border money transfers of $10,000 or more must be reported to AUSTRAC. 
  • Expanded information sharing rules between the public and private sectors. 

As of February 2022, Australia had not introduced new DNFBP legislation but had made a commitment to do so in the AML/CTF Increased Transparency Bill. In April 2022, the Australian Senate criticized the ongoing delay in DNFBP legislation and also called for the introduction of a beneficial ownership register

Anti-Money Laundering Australia: Compliance Best Practices 

While AML/CFT challenges in Australia vary by the unique needs of each firm, there are best practices that may help enhance compliance. In particular, a range of technological tools and platforms offer significant advantages for AML/CFT teams. These include: 

  • Customer relationship management: CRM systems are designed to help firms automate the regulatory aspects of customer relationships, including customer onboarding, client data management, and AML/CFT risk assessments. 
  • Identity verification: IDV platforms enhance the CDD process which requires firms to establish and verify their customers’ identities in order to conduct accurate AML risk assessments. Digital identity verification is faster and more accurate than manual compliance, allowing firms to easily capture and store things like birth certificates, addresses, and company information. 
  • AML/CFT Screening: Customer screening tools cover a range of important AML/CFT obligations. In particular, firms may integrate: 
    • Sanctions screening tools to establish whether customers are subject to international sanctions measures. 
    • PEP screening to determine whether a customer is a political figure or government official – and therefore a higher AML/CFT compliance risk.
    • Adverse media screening in order to capture customer involvement in news stories relevant to their risk profile. 
  • Transaction monitoring: Firms should monitor their customers’ transactions for suspicious activity that might be indicative of money laundering. That activity might include unusually high or low frequencies of transactions or transactions with high-risk countries. 
  • Case management: Firms should integrate case management systems (CMS) in order to facilitate the timely remediation of AML alerts and the submission of SARs to AUSTRAC.
  • Social network analysis: SNA tools may be particularly useful for internal money laundering investigations, enabling firms to spot connections between accounts or financial trends that would have been missed by manual analysis. 

Australia’s evolving AML/CFT landscape means that firms must stay up to date with their compliance obligations and understand how their risk exposure might change with the introduction of new legislation. Beyond using AUSTRAC’s latest news and updates page, firms should also seek to understand emerging money laundering methodologies, new legislative trends, and the capabilities of the latest AML/CFT technologies. 

ComplyAdvantage can help Australian firms achieve their compliance objectives with a range of automated AML solutions tailored to their unique risk profiles. Complementing the expertise of compliance teams, our solutions integrate cutting-edge smart technology to speed up and streamline your AML program in a challenging regulatory landscape. 

A Guide to AML for Australian FinTechs

Uncover the core compliance responsibilities that arise from Australia’s AML/CTF regime and how FinTechs should respond using a risk-based approach.

Download the guide
Australia has one of the largest economies in the Asia Pacific, and hosts thousands of international businesses, including a diverse community of FinTech service providers. From 2017 to 2021, the number of Australian FinTechs doubled to around 800, contributing to a broad ecosystem of banks, neobanks, payment service providers, and virtual asset service providers (VASP) - amongst many others. In order to protect its diverse financial system, Australia has put a range of AML/CFT laws in place - with strict penalties for firms that fail to achieve compliance.  Ensure your company is able to meet its regulatory obligations and can address criminal threats, with our guide to AML in Australia

Who is Australia’s AML/CFT regulator?

The Australian Transaction Reports and Analysis Centre (AUSTRAC) is Australia’s primary financial regulator. Established in 1989, AUSTRAC’s stated purpose is to protect Australia’s financial system from abuse by using ‘financial intelligence and regulation to disrupt money laundering, terrorism financing and other serious crime’.  In practice, AUSTRAC provides oversight for Australia's banks and financial institutions, ensuring that they comply with the country’s financial regulations and report suspicious transactions when they detect them. When AUSTRAC receives suspicious activity reports (SAR) from financial service providers, it will determine whether a criminal investigation is necessary. Where regulatory violations are found, AUSTRAC has the authority to enforce criminal and financial penalties.  AUSTRAC supervises over 15,000 businesses in Australia and also works closely with international counterparts to contribute to the global fight against money laundering and the financing of terrorism. 

Australia’s Anti-Money Laundering Acts

Australia has passed several key AML/CFT laws:
  • The Anti-Money Laundering/Counter-Terrorism Financing Act (AML/CTF) Act 2006: The AML/CTF Act sets out key compliance obligations for the private sector, and the requirement to report suspicious activity to AUSTRAC.
  • The AML/CTF Rules Instrument 2007: The Rules Instrument sets out instructions for how the AML/CTF Act should be implemented.
  • The AML/CTF (Prescribed Foreign Countries) Regulations 2018: The Prescribed Foreign Countries rules concern AML/CFT measures specific to trading with Iran and North Korea. 

Anti-Money Laundering Obligations in Australia 

Australia implements AML legislation in order to meet its obligations to the Financial Action Task Force (FATF). Accordingly, under the AML/CTF Act (and associated legislation), firms must meet the following key compliance steps:  1)  Register with AUSTRAC: All private sector firms that provide designated financial services must register with AUSTRAC in order to obtain an operating license. AUSTRAC lists the types of firms that must register in the AML/CTF Act.  2) Develop an AML program: Following FATF guidance, firms in Australia must put a risk-based AML program in place. The program must include a range of AML/CFT policies and procedures, including customer due diligence (CDD), enhanced due diligence (EDD), sanctions screening, and politically exposed person (PEP) screening. Firms must also appoint an AML Compliance Officer to oversee their AML program.  3) Report to AUSTRAC: When a firm in Australia detects suspicious activity, it must have a process in place to report that activity to AUSTRAC via a suspicious matter report (SMR). Transactions of $10,000 or more must be reported automatically.  4) Keep AML records: Firms must implement a system to keep customer AML records for a period of at least seven years. Those records must be produced for law enforcement agencies upon request for use in AML/CFT investigations. 

How Is AML Compliance Changing?

In 2015, a FATF Mutual Evaluation Report (MER) of Australia revealed a range of AML/CFT deficiencies. Those deficiencies had left the country vulnerable to financial criminals, and led to a number of high-profile regulatory compliance violations. Significant issues raised in Australia’s MER included inadequate CDD requirements and inadequate AML/CFT controls for correspondent banks. The FATF also emphasized Australia’s failure to extend AML/CFT regulations to designated non-financial businesses and professions (DNFBP) such as casinos, law firms, and real estate agencies. In response to the FATF's evaluation, the Australian government passed a range of new AML/CFT legislation between 2021 and 2022, introducing the following regulatory measures and controls: 
  • Financial services firms in Australia must conduct risk-based CDD for all clients. Firms may also engage third-party service providers to conduct CDD on their behalf.
  • CDD requirements have been extended to correspondent banking relationships. Cross-border money transfers of $10,000 or more must be reported to AUSTRAC. 
  • Expanded information sharing rules between the public and private sectors. 
As of February 2022, Australia had not introduced new DNFBP legislation but had made a commitment to do so in the AML/CTF Increased Transparency Bill. In April 2022, the Australian Senate criticized the ongoing delay in DNFBP legislation and also called for the introduction of a beneficial ownership register

Anti-Money Laundering Australia: Compliance Best Practices 

While AML/CFT challenges in Australia vary by the unique needs of each firm, there are best practices that may help enhance compliance. In particular, a range of technological tools and platforms offer significant advantages for AML/CFT teams. These include: 
  • Customer relationship management: CRM systems are designed to help firms automate the regulatory aspects of customer relationships, including customer onboarding, client data management, and AML/CFT risk assessments. 
  • Identity verification: IDV platforms enhance the CDD process which requires firms to establish and verify their customers’ identities in order to conduct accurate AML risk assessments. Digital identity verification is faster and more accurate than manual compliance, allowing firms to easily capture and store things like birth certificates, addresses, and company information. 
  • AML/CFT Screening: Customer screening tools cover a range of important AML/CFT obligations. In particular, firms may integrate: 
    • Sanctions screening tools to establish whether customers are subject to international sanctions measures. 
    • PEP screening to determine whether a customer is a political figure or government official - and therefore a higher AML/CFT compliance risk.
    • Adverse media screening in order to capture customer involvement in news stories relevant to their risk profile. 
  • Transaction monitoring: Firms should monitor their customers’ transactions for suspicious activity that might be indicative of money laundering. That activity might include unusually high or low frequencies of transactions or transactions with high-risk countries. 
  • Case management: Firms should integrate case management systems (CMS) in order to facilitate the timely remediation of AML alerts and the submission of SARs to AUSTRAC.
  • Social network analysis: SNA tools may be particularly useful for internal money laundering investigations, enabling firms to spot connections between accounts or financial trends that would have been missed by manual analysis. 
Australia’s evolving AML/CFT landscape means that firms must stay up to date with their compliance obligations and understand how their risk exposure might change with the introduction of new legislation. Beyond using AUSTRAC’s latest news and updates page, firms should also seek to understand emerging money laundering methodologies, new legislative trends, and the capabilities of the latest AML/CFT technologies.  ComplyAdvantage can help Australian firms achieve their compliance objectives with a range of automated AML solutions tailored to their unique risk profiles. Complementing the expertise of compliance teams, our solutions integrate cutting-edge smart technology to speed up and streamline your AML program in a challenging regulatory landscape.  [cta_card title="A Guide to AML for Australian FinTechs" cta_img="" category="" bodytext="Uncover the core compliance responsibilities that arise from Australia’s AML/CTF regime and how FinTechs should respond using a risk-based approach." cta_text="Download the guide" cta_url="https://complyadvantage.com/insights/aml-guide-for-australian-fintechs/"]

Originally published September 23, 2022, updated September 23, 2022

Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.

Copyright © 2022 IVXS UK Limited (trading as ComplyAdvantage).