3rd June 2021

AUSTRAC Mulls Adoption of FATF's Travel Rule

The Australian government is weighing how it can extend AML/CFT regulation to cryptocurrencies, Nicole Rose, the CEO of AUSTRAC, confirmed on May 25. Specifically, and among other measures, the government agency is exploring whether to apply the Financial Action Task Force’s Travel Rule to cryptocurrency exchanges.

Speaking before the Australian Senate, Rose explained that the Travel Rule and other such measures would help create transparency and counter money laundering and other illicit activity. While she acknowledged that there would need to be legislative changes to implement the Travel Rule, it would give the department “visibility of the payer and the payee primarily, which at the moment we don’t have.”

Currently, exchanges must enroll with AUSTRAC and register with the Digital Currency Exchange (DCE). They also must implement a risk-based program to identify and mitigate AML/CFT risks and comply with specific identity verification and reporting requirements, including submitting information on suspicious transactions, international transactions, and those involving over AU$10,000.

Applying the Travel Rule would take those regulations further and require crypto exchanges to collect and disclose information about their customers when money changes hands as part and parcel of a transaction.

Rose and AUSTRAC are undoubtedly weighing the implementation of the Travel Rule because the difficult-to-trace nature of cryptocurrencies has made it a popular way to hide ill-gotten gains from all sorts of illicit activities. Even so, Rose’s comments come as countries all over the world are grappling with a specific type of crime: ransomware attacks — a threat that involves encrypting a company’s files and then extorting payment for their release. The ransom — paid in crypto — is funneled through digital wallet transfers and cryptocurrency exchanges to evade detection.

Per Check Point Research, these attacks have increased by over 100% in 2021 compared with the same period last year. The cybersecurity firm also found that hackers targeted companies in the Asia-Pacific region more often than any other region.

The scale and profile of these attacks are increasing as well. In late April and May alone, attacks on UnitingCare Queensland, Apple, the US-based Colonial Pipeline, a European division of Toshiba Corp, and Ireland’s health service, among others, made headlines. Most recently, on June 1, the world’s largest meat supplier, JBS SA in Brazil, announced that it experienced a ransomware attack that disrupted its operations in North America and Australia.

It’s this threat, in particular, that has underscored the appeal of the Travel Rule for AUSTRAC and provides an urgent impetus for its implementation. According to Rose, capturing additional information from “businesses that exchange fiat currency to digital currency and visa versa” is an area of particular interest to AUSTRAC and would help to detect money laundering at that natural nexus.

Rose didn’t indicate when the government would make a final decision on the Travel Rule or what those regulations would look like in practice. But companies should start preparing now to ensure their compliance processes can adapt to any change in compliance rules as they occur.