AUSTRAC Issues New Guidance on Suspicious Crypto Behavioral Indicators

The Australian Transaction Reports and Analysis Centre (AUSTRAC) has issued new guidance to help firms tackle the criminal abuse of digital currencies and stop ransomware attack payments. The new guidance follows a number of recent updates from the regulator, including a recent report on forced sexual servitude. The guides provide practical information, case studies, and key behavioral and financial indicators to help firms understand, identify and report suspicious activity related to these areas, and are a must-read for compliance teams. 

Crypto Regulation in Australia

New legislation to build a regulatory framework covering crypto custody, market licensing, taxation, and decentralized autonomous organizations (DAO), was proposed by the Australian government in March, demonstrating the importance of reducing money laundering and terrorist financing (ML/FT) risk in the sector.

Blockchain Australia CEO Steve Vallas said: “The use of digital currencies for criminal purposes has no place in our sector. Open dialogue, pro-active guidance, and strong relationships between government and industry are necessary to ensure businesses can identify and report behavior that puts Australians at risk of harm.”

AUSTRAC’s digital currencies report highlights how the increased use of cryptoassets – now used by around 3.6 million Australians according to pollsters Finder – has created opportunities for criminals to operate outside of the traditional financial sector. Decentralized finance (DeFi), staking, and non-fungible token (NTFs) are singled out as particular emerging risks. 

However, AUSTRAC is keen to stress that it does not want banks to de-bank all crypto firms, recognizing their potential to drive innovation and efficiencies in sectors including payments, logistics, and healthcare.

Financial and Behavioral Indicators

Key areas of financial crime where digital currencies are being used are highlighted in the report. These include the purchase and sale of illicit products on the darknet, terrorism financing, scams, tax evasion, and ransomware attacks. The report provides financial and behavioral indicators that should trigger enhanced due diligence (EDD) processes.

It also provides helpful general financial and behavioral indicators that firms should be mindful of. These can help firms review customer profiling information and transaction monitoring alerts. 

Identification, verification, and profile information

• Customer is reluctant or declines to provide identification or personal information 
• Customer provides stolen, forged, or fake documentation, a copy of original, or documents with visible alterations
• Company beneficial ownership is difficult to establish 
• Customer onboarding documentation is unable to be verified 
• Customer acts on behalf of someone else 
• Customer appears to be using a virtual private network (VPN) or encrypted email to hide their identity 
• Customer is known to law enforcement, via publicly available information or has adverse media or open-source reports
• Customer frequently changes their identification information 
• Customer is difficult to contact, responds only via email or web chat, and at unusual hours 

Sources of funds and wealth

• Customer has unexplained wealth and provides inconsistent explanations or declines to provide a source 
• Customer purchases large amounts of digital currency inconsistent with their profile
• Structuring (or perceived structuring) of government-issued currency deposits or digital currency withdrawals via cryptocurrency ATMs or retail locations
• Customer requests higher limits inconsistent with their occupation or profile 

Account activity

• Use of chain-hopping to obfuscate source or destination of funds 
• Multiple customers send funds to the same external wallet address (that is not a service) 
• Sanctions lists or analytical tools indicate a customer’s wallets, or wallets the customer is transacting with, are associated or linked to illicit activity 
• Unusual transactions such as customers moving earnings through mixers, multiple conversions, or layering through multiple exchanges prior to cashing out 
• Customers regularly make significant profits or losses by transacting with the same wallet addresses
• Multiple customer accounts are opened with the same personal details 
• Customer accesses their accounts from a high number of different devices or IP addresses 
• Customer seems anxious or impatient with the time taken to make a large transaction 
• Customer is evasive about the reason for the transfer 
• Customer wants to increase transaction limits shortly after opening an account. 
• Customer creates or attempts to create separate accounts under different names 
• Customer attempts to coerce or persuade staff to ignore reporting obligations 

It’s important to note that these indicators on their own do not always indicate suspicious activity. Analysts should consider whether a behavior listed here is suspicious in the context of a customer’s behaviors and wider risk profile. 

However, firms should submit an SMR to AUSTRAC if they suspect, on reasonable grounds, that a customer is not who they claim to be, or the designated service relates to ML/TF, is unlawful or proceeds of crime or tax evasion.

Read more about cryptocurrency regulations in Australia.