Australia’s Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) regulator, AUSTRAC, has released its guidance with respect to new laws that require digital currency exchange (DCE) providers to register and comply with AML/CTF obligations.

AUSTRAC takes a broad approach in interpreting what is covered within the legal definition of a DCE. Essentially, any operation that converts fiat currency (such as the Australian dollar or equivalent) into any digital currency, or vice versa, will be considered by AUSTRAC as a DCE.

Because the AML/CTF regime adopts a risk-based approach, when conducting their Money Laundering / Terrorism Financing (ML/TF) risk assessments and developing their AML/CTF Programs, DCE providers should take into account risk factors associated with operating in the “digital world”.  For example, DCE transactions involving proxies, unverifiable IP addresses, disposable email addresses, blacklisted addresses (such as those on the “darknet”), ransom-ware, anonymous digital currencies and ever changing devices are just some of the risk indicators that AUSTRAC has identified.

In addition to the requirement of enrolling and registering with AUSTRAC, DCE providers need to take all reasonable steps to mitigate against these ML/TF risks and to comply with AML/CTF obligations that include conducting customer due diligence (know your customer), staff training, employee due diligence, suspicious matter reporting, reporting of transactions involving $10,000 (Australian dollar or equivalent) or more in physical cash and keeping records.

Although the new AML/CTF regime covering DCE providers commenced on 3 April 2018, AUSTRAC has announced the following transitional arrangements to allow more time for registrable DCE providers to achieve compliance:

  • DCE providers already enrolled with AUSTRAC before 3 April 2018 (for example, they provide other designated services regulated under the AML/CTF Act) will need to update their enrolment details by 11 June 2018;
  • DCE providers not already enrolled with AUSTRAC but who have provided DCE services before 3 April 2018, or start to provide DCE services between 3 April 2018 and 14 May 2018, will need to register with AUSTRAC by 14 May 2018; and
  • DCE providers intending to provide DCE services on or after 15 May 2018 will need to register with AUSTRAC before they provide these services.

During the transitional periods, a DCE provider can continue to provide services while its registration application is being assessed by AUSTRAC. However, it is a criminal offence to provide, and civil penalty consequences apply for providing, DCE services while unregistered after 14 May 2018, unless exemption has been granted by AUSTRAC.

AUSTRAC’s guidance with respect to DCE providers can be found here.