Skip to main content

New AUSTRAC Rules for Virtual Assets: What Australian Crypto Operators Need to Know

The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 is now law. Virtual asset service providers face new obligations from 31 March 2026, with the travel rule commencing 1 July 2026. Here's what Australian and international operators need to do.

New AUSTRAC Rules for Virtual Assets: What Australian Crypto Operators Need to Know

New AUSTRAC Rules for Virtual Assets: What Australian Crypto Operators Need to Know

Australia's anti-money laundering regime for virtual assets is changing. The Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Amendment Act 2024 received Royal Assent on 10 December 2024, and the new obligations for virtual asset service providers commence on 31 March 2026.1

If you operate a virtual asset service in Australia, or serve Australian customers from overseas, you need to understand what is coming.

Quick take

  • The Amendment Act expands the designated services that trigger obligations under the Australian Transaction Reports and Analysis Centre (AUSTRAC)
  • The travel rule for virtual asset transfers commences 1 July 20262
  • New AML/CTF program requirements shift to a risk-based, outcomes-focused approach
  • Tranche 2 entities (lawyers, accountants, real estate professionals) come under regulation from 1 July 2026
  • Operating an unregistered digital currency exchange service remains a criminal offence

For Australian Operators

If you operate a virtual asset service in Australia, here is what changes.

Expanded designated services

The Amendment Act expands the services that fall within AUSTRAC's regulatory scope.3 If you provide services involving virtual assets and were not previously caught as a digital currency exchange provider, check whether the expanded definitions now apply to you.

The term "virtual asset" aligns with Financial Action Task Force (FATF) definitions and covers a broad range of digital representations of value that can be digitally traded or transferred.

The travel rule

Despite the concerns that the travel rule would be difficult to monitor, track and report on, Australia is implementing the FATF travel rule for virtual asset transfers under the Act. From 1 July 2026, virtual asset service providers must collect, hold, and transmit originator and beneficiary information when transferring virtual assets.42

In practice, this means:

  • Before sending a transfer, you must collect information about the originator (name, account number or unique transaction reference, and either address, national identity number, customer identification number, or date and place of birth)
  • You must transmit this information to the receiving provider
  • Before crediting a transfer, you must collect information about the beneficiary
  • You must retain records of this information

If you facilitate cross-border or inter-provider transfers, this will require infrastructure changes. Many providers will need to integrate with travel rule solutions or build internal capabilities.

The travel rule creates particular challenges for transfers involving non-custodial wallets or decentralised protocols, where counterparty information may not be readily available.

New AML/CTF program requirements

The Act shifts from a compliance-based approach to a risk-based, outcomes-oriented approach.5

In order to comply, your program must:

  • Identify and assess money laundering, terrorism financing, and proliferation financing risks relevant to your business
  • Establish policies to manage and mitigate those risks
  • Define roles and responsibilities, with governing bodies and senior management accountable for oversight
  • Appoint a fit and proper AML/CTF compliance officer. Existing reporting entities must notify AUSTRAC by 30 May 2026; newly regulated virtual asset service providers must notify AUSTRAC by 29 July 2026.6

The emphasis is on outcomes - demonstrating that your controls actually address the risks you face. This requires more than ticking boxes as providers are expected to conduct due diligence on their internal risk profile as relevant to AML/CTF concerns.

Enhanced customer due diligence

Customer due diligence (CDD) requirements are restructured into initial and ongoing obligations.7

Initial CDD requires you to establish, on reasonable grounds and before providing designated services:

  • The identity of your customer, their representatives, any person they are acting on behalf of, and any beneficial owner
  • Whether any of these persons are subject to targeted financial sanctions or are politically exposed persons
  • The money laundering and terrorism financing risk level of the customer

Ongoing CDD requires you to monitor and manage these risks by applying measures appropriate to each customer, with enhanced due diligence for high-risk customers.

Existing reporting entities have a transitional period for initial CDD: you may continue using your current applicable customer identification procedures (ACIP) when onboarding new customers for up to three years from 31 March 2026 (until 30 March 2029), or transition to the reformed initial CDD framework at any time during that window. Ongoing CDD under the reformed provisions is mandatory from 31 March 2026 with no transitional period.8

Registration

If your activities fall within the designated service definitions, you must be registered with AUSTRAC. Operating an unregistered digital currency exchange service is a criminal offence under section 76A of the AML/CTF Act.9

If you are already provding crypto or digital asset services registered under the old regime, we strongly advise you to re-assess your business in light of the new requirements. This will help you work out the need to update your enrolment and registration details to reflect the expanded definitions of "designated services".

You should also ensure that your Australian legal advisers, accountants and agents are registered or have taken steps to be registered. Note that this is likely to extend to service providers offering nominee director services.


For International Operators

If you are based overseas and serve Australian customers, or are considering entering the Australian market, here is what you need to know.

When do Australian obligations apply?

Australian AML/CTF obligations apply when you provide a designated service to a customer in Australia. The trigger is the provision of the service in Australia, not where your entity is incorporated.

If you are actively marketing to Australian customers, onboarding Australian customers, or facilitating transactions for Australian customers, you are likely providing designated services in Australia.

Registration requirements

Foreign entities providing designated services in Australia must register with AUSTRAC. There is no exemption for offshore providers serving Australian customers remotely.

Registration requires an Australian presence. In practice, this typically means establishing an Australian subsidiary or branch, or partnering with a registered Australian entity.

The travel rule and cross-border transfers

The travel rule applies to transfers between Australian virtual asset service providers and foreign providers. If you are a foreign provider sending transfers to, or receiving transfers from, Australian providers, you will need to be able to exchange originator and beneficiary information. This is critical to ensure your Australian operations continue to operate in accordance with the Act.

Australian providers will be required to collect this information before crediting incoming transfers. If you cannot provide it, Australian counterparties may be unable to process your transfers.

Practical considerations before entering Australia

If you are evaluating the Australian market, consider:

  • Registration lead time: AUSTRAC registration is not instant. Factor in time for application, review, and approval.
  • Local presence: You will likely need an Australian entity or partner. If you decide to partner with another firm, this may complicate your approval process as there will be increased scrutiny of source of funds and who has operational control over the business.
  • AML/CTF program: You will need an AML/CTF program that addresses Australian requirements, not just your home jurisdiction's rules.
  • Travel rule infrastructure: Ensure you can exchange required information with Australian counterparties.
  • Ongoing compliance: Australian obligations are ongoing and are likely to be refined as the new policies roll out. Although Australian regulators tend not to make sudden changes, it is strongly recommend that you get local compliance capability or a reliable Australian adviser to help guide you through. Contact one of our lawyers for more advice.

Key Dates

DateWhat happens
10 December 2024AML/CTF Amendment Act 2024 received Royal Assent
31 March 2025Tipping off offence changes came into effect
31 March 2026Virtual asset service provisions commence (AML/CTF program, CDD, registration); Tranche 2 enrolment opens
30 May 2026Existing reporting entities must notify AUSTRAC of AML/CTF compliance officer6
1 July 2026Travel rule commences for virtual asset transfers; Tranche 2 obligations begin (lawyers, accountants, real estate)2
29 July 2026Newly regulated VASPs and Tranche 2 entities must notify AUSTRAC of AML/CTF compliance officer6

AUSTRAC has published transitional rules confirming the deferral of the travel rule for virtual assets to 1 July 2026 and a three-year window for transitioning initial CDD procedures. Operators should review the published rules carefully and not assume further deferrals will follow.2


Checklist

For Australian operators:

  • Check whether your activities fall within the expanded designated service definitions
  • Review your current AUSTRAC registration and update if required
  • Assess travel rule readiness: can you collect, hold, and transmit originator/beneficiary information?
  • Update your AML/CTF program to reflect the new risk-based framework
  • Appoint a fit and proper AML/CTF compliance officer and notify AUSTRAC by 30 May 2026
  • Review and update your CDD procedures
  • Build governance and record-keeping before you have to explain gaps to a regulator

For international operators:

  • Determine whether you are providing designated services in Australia
  • If so, plan for AUSTRAC registration (including Australian entity or partner)
  • Develop an AML/CTF program that meets Australian requirements
  • Ensure travel rule capability for transfers with Australian counterparties
  • Engage Australian legal or compliance advice before launch

Bottom line

The AML/CTF Amendment Act 2024 is now enacted law and AUSTRAC has started working with industry groups to provide guidance and training on next steps.

If you operate a virtual asset service in Australia, or serve Australian customers from overseas, your AML/CTF program, CDD, and registration obligations are live from 31 March 2026. The travel rule for virtual asset transfers follows on 1 July 2026. There is no reason to wait.

If you want help understanding your obligations, scoping what changes you need to make, or preparing for AUSTRAC engagement, get in touch.


For a confidential discussion about your organisation's AML/CTF compliance requirements, contact Daimon Legal.

The information on this page is general in nature and does not constitute legal advice. Please review our Legal Disclaimer for important information about the limitations of this content and the terms governing your use of this website.

Footnotes

  1. Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth) (Act No 110 of 2024): s 2 (commencement); Sch 2 (customer due diligence); Sch 6 (virtual asset services); Sch 8 (value transfers and travel rule).

  2. AUSTRAC, AML/CTF transitional rules update, 2026 — travel rule for virtual asset transfers deferred to 1 July 2026. 2 3 4

  3. AUSTRAC, New industries and services to be regulated, 2025.

  4. AUSTRAC, The travel rule, 2025.

  5. AUSTRAC, AML/CTF program obligations, 2025.

  6. AUSTRAC, AML/CTF transitional rules update, 2026 — existing reporting entities must notify AUSTRAC of AML/CTF compliance officer appointment by 30 May 2026; newly regulated virtual asset service providers must notify by 29 July 2026. 2 3

  7. AUSTRAC, Customer due diligence, 2025.

  8. AUSTRAC, AML/CTF transitional rules update, 2026 — existing reporting entities may continue using current applicable customer identification procedures (ACIP) for initial CDD for up to three years from 31 March 2026; ongoing CDD is mandatory from 31 March 2026 with no transitional period.

  9. Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), s 76A.