AML regulations for Australian crypto firms: How to comply

Australia’s anti-financial crime regime underwent significant changes in 2024. The Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Amendment Act, a major update to the country’s central piece of AML legislation, passed in December, prompting firms across the financial services landscape to review their compliance setups. 

Meanwhile, with virtual assets growing in global popularity, regulatory focus has turned towards the crypto sector. In February 2025, the Australian Transaction Reports and Analysis Center (AUSTRAC), the country’s main AML/CFT regulator, announced a raft of investigations and enforcement actions against more than fifty crypto businesses. 

In this article, we’ll review the AML regulations Australian crypto service providers need to know, what the future might hold for these regulations, and how your organization can ensure ongoing compliance with them. 

Crypto regulations in Australia

The AML/CTF Amendment Act has significantly impacted virtual asset service providers (VASPs). It modernized the definition of “virtual assets” to replace the older term “digital currency,” and expanded the scope of the AML/CTF Act to cover businesses in this area. It also classed virtual asset services as high-risk. Under the AML/CTF Act, you must therefore: 

• Register with AUSTRAC before providing services, and renew this registration every three years. 
• Maintain an AML compliance program with written policies and procedures specifying how you meet your regulatory requirements. 
• Take a risk-based approach to compliance. This means conducting regular business-wide risk assessments to determine the specific financial crime risks you face and allocating resources based on these. A risk-based approach is key to dealing with threats while operating efficiently. 
• Identify and verify your customers. This includes collecting information at onboarding as part of know your customer (KYC) procedures, identifying the beneficial owners of all accounts, and conducting ongoing customer monitoring. You must conduct enhanced due diligence (EDD) on higher-risk customers. 
• Monitor customer transactions to identify suspicious payments, such as unusually large or complex transactions, payments with no apparent purpose, or payments just below reporting thresholds. 
• Report suspicious activity to AUSTRAC using suspicious matter reports (SMRs). You are also required to submit compliance reports when required by AUSTRAC. 
• Keep records relating to customer identification procedures, transactions, and your AML compliance program. These records must be stored securely and be accessible during an audit. 

Crypto and gambling in Australia 

While electronic gaming machines (EGMs or ‘pokies’) and other forms of gambling are hugely popular in Australia, the gambling sector has inherent money laundering risks. To combat these, the government introduced an amendment to the Interactive Gambling Bill in 2024. This banned the use of credit cards, other credit-related products, or digital currencies as payment methods for interactive gambling services (i.e. those provided on broadcasting, datacasting, telephone, or online platforms). Australian gambling providers should follow AUSTRAC’s AML guidance for the sector, which outlines requirements around compliance programs, due diligence, and transaction reporting. 

The State of Financial Crime 2025

Uncover the compliance trends you need to know about in our report, based on a survey of 600 industry professionals and packed with expert analysis.

Download your copy

Future regulatory possibilities for crypto in Australia

Even since the AML Amendment Act, Australia’s efforts to improve its regulatory framework have been ongoing. In late 2024 and early 2025, AUSTRAC consulted firms on updates to its AML/CTF Rules Instrument, which offers guidance on how to meet legal requirements. These changes are intended to simplify firms’ overall regulatory requirements and offer more flexibility in meeting them. From a crypto perspective, the new rules include updated requirements on the ‘Travel Rule,’ meaning you must carry out counterparty due diligence on virtual asset value transfers. Final confirmation of all changes is expected to follow later in 2025. 

While regulatory oversight of the crypto sector may be relaxed in other jurisdictions in 2025, this is unlikely true in Australia. AUSTRAC has made clear its intention to step up enforcement against non-compliant VASPs: in 2024, it established a cryptocurrency taskforce dedicated to identifying these firms, focusing especially on digital currency exchanges (DCEs) and crypto ATMs. Announcing its 2025 wave of action against DCEs, the regulator said it “remains concerned about money laundering risks in the DCE sector.” Faced with a potential increase in scrutiny, you should ensure your organization is primed to demonstrate full regulatory compliance. 

Compliance tips for Australian crypto firms 

As the wave of enforcement actions against Australian crypto firms demonstrates, the consequences of non-compliance can be severe. Without effective compliance tools and processes in place, your growth could be threatened by fines from regulators and the loss of consumer trust that results from these. 

In the past, meeting strict regulatory requirements while continuing to grow has been a major pain point for scaling businesses. However, thanks to the range of specialist AML software solutions on the market, onboarding more customers and processing more transactions no longer have to drain compliance resources continually. Instead, you should leverage solutions built around artificial intelligence (AI) and machine learning (ML) to automate parts of the compliance process, maximizing your analysts’ expertise while keeping your costs down. In particular, you should follow these best practices: 

• Conduct risk-calibrated due diligence: To reduce unnecessary delays when onboarding new customers, calibrate your customer due diligence (CDD) processes to the varying levels of risk they represent. Higher-risk customers require enhanced due diligence (EDD), such as extra identification checks or source of funds (SOF) and source of wealth (SOW) checks. 
• Screen customers against the latest information: The information that helps you understand customer risks can change rapidly, which means you need to have access to systems that reflect these changes as quickly as possible, especially with some ML tools able to constantly scan sanctions lists and other information sources Using old data means you could miss out on financial crime red flags and sharply increases your risk of regulatory action. 
• Monitor customers after onboarding: The information you gather as part of CDD could be subject to change, so you should treat customer risk levels as dynamic, not static. Rather than periodically re-verifying customer information, which could lead to gaps in your data or inaccurate information, you should conduct automated monitoring on an ongoing basis to understand any changes in customer information that may affect their risk level. 
• Implement smart transaction monitoring: Your transaction monitoring solution should alert you to patterns of behavior that appear inconsistent with customer profiles or have other red flags associated with them, such as frequent unexplained transfers to high-risk jurisdictions or a series of transactions consistently just below reporting thresholds. Manual monitoring cannot analyze transactions in the depth you need, especially not at scale, so you should search for an automated transaction monitoring solution that fits your business’ needs. 
• Combine technology with talent: A crucial factor in building an effective compliance function is using specialist technology to unlock your compliance analysts’ productivity rather than expecting it to replace them entirely. To support an efficient compliance team and satisfy regulators, appoint an experienced compliance officer to oversee your AML program and implement in-depth, regular AML training for all customer-facing employees. This will allow them to act as a first layer of defense against financial crime by spotting red flags and escalating potentially suspicious activity to senior compliance staff. 

Automated crypto compliance tools

ComplyAdvantage’s AML software solutions help Australian crypto service providers optimize their compliance setups for growth by streamlining compliance spend without compromising on regulatory requirements. 

Our AI-powered customer screening solution uses advanced matching algorithms to ensure the accuracy of alerts, reducing the number of false positives that create needless friction for customers and waste compliance resources. Our systems also update politically exposed person (PEP) and sanctions data in real-time for you and use this data for automated customer and event risk scoring, so you can make rapid, data-driven decisions when onboarding new customers and processing transactions. 

Further, our industry-leading solution can help ensure your organization meets its transaction monitoring requirements without hindering growth. Scalable to billions of transactions, it leverages a comprehensive rules library of industry typologies while using advanced ML models to identify emerging suspicious payment patterns beyond existing rules.

This article is part of a series on the state of global crypto regulations in 2025. Find out more by reading the other articles in the series: 

• AML regulations for US crypto firms: A 2025 guide
• AML regulations for UK crypto firms: Top compliance tips