10 Aug 2023

Regulation Focus Series | Article 7: Australia and AUSTRAC

Australia has emerged as a leading financial center in the Asia-Pacific region as a result of its dynamic and developed economy and innovative technology sector. 

As an attractive destination for financial activities, Australia offers a diverse range of services and products that are tailored to meet the needs of both domestic and international markets. With its highly regulated environment and strong legal framework, many diverse types of financial service companies operating in Australia can benefit from access to a secure and reliable infrastructure. 

Australia is also home to a thriving cryptocurrency market, with many exchanges and other exciting new products, platforms and projects offering financial services available to both retail investors and businesses alike. Leading financial institutions, payment providers, crypto companies and other businesses are actively expanding operations in the country, taking advantage of its supportive regulatory framework and vibrant digital ecosystem.

Combined with its relative proximity to Asia, Australia is well-positioned to become a major player in the global crypto industry. In this article, we explore the financial regulations governing Financial Institutions (FIs), Fintechs, Payment Service Providers (PSPs), crypto companies and other Virtual Asset Service Providers (VASPs) operating in the country, including the country’s Anti-Money Laundering (AML) regime and Know Your Customer (KYC) requirements. 


Australia’s main financial regulator is the Australian Transaction Reports and Analysis Centre (AUSTRAC), which establishes and enforces AML and counter-terrorism financing (CTF) rules for businesses.

AUSTRAC regulations are designed to protect the Australian financial system from criminal activities such as money laundering, terrorism financing, tax evasion, fraud and other forms of corruption. Its rules apply to businesses in a range of sectors, including banking, finance, money transfer services, cryptocurrency exchanges and casinos. 

Under AUSTRAC regulations, regulated businesses must register with the agency and report any suspicious transactions as soon as they are identified. They must also keep records of all financial transactions for a period of seven years. Additionally, businesses must put in place appropriate risk management systems to mitigate the risks associated with criminal activities such as money laundering. 

AUSTRAC also provides guidance and resources to assist businesses in understanding and complying with its regulations. It offers training courses, seminars and public forums to educate business owners on the requirements of the AUSTRAC system. Businesses can also register for access to AUSTRAC’s online portal, which provides helpful information about AML/CTF compliance. 

Rules for FIs, VASPs and other regulated businesses

AUSTRAC has outlined comprehensive rules and guidelines to ensure that all FIs, VASPs and other regulated businesses operating in Australia are compliant with applicable laws and regulations. 

To begin with, all regulated businesses must register with AUSTRAC before they can begin providing services in Australia. This registration process involves providing specific information about the business, including its name, address, contact details and type of service offered. 

The second component of AUSTRAC's regulations is the requirement for all regulated companies to implement a comprehensive AML/CTF program. This program should include risk assessments, customer due diligence measures, ongoing monitoring of customer activities and reporting of suspicious transactions. 

AUSTRAC also requires all regulated businesses — including VASPs and crypto companies — to comply with the Digital Currency Exchange Register (DECR). The DECR is a public database of all registered VASPs and crypto companies which allows AUSTRAC to monitor the activities of these businesses. 

KYC Rules

Know Your Customer (KYC) is a crucial part of the compliance process for regulated businesses operating in Australia. AUSTRAC works to protect the integrity of Australia's financial system by ensuring that regulated businesses meet their obligations to collect and report KYC information. 

This includes collecting details such as: 

  • Customer name 
  • Address
  • Contact information 
  • Date of birth 
  • Nationality. 

This information must also be verified by the business to ensure accuracy. 

In addition, businesses must keep records of all customer transactions, as well as maintain records on any third parties they use for processing payments or providing services related to their business operations. All KYC information must be kept up-to-date, and should be reviewed at least once a year. 

How to comply with AUSTRAC

As Australia embraces the blockchain and cryptocurrency industry, companies must take note of AUSTRAC's regulatory requirements. Crypto companies and VASPs must comply with these regulations to operate in the country, which is quickly becoming the financial hub of the Asia-Pacific region. This compliance further solidifies Australia's standing as a reputable location for businesses and investors in the crypto space. 

AUSTRAC regulations require crypto companies and VASPs to: 

  • Register with the agency 
  • Obtain an Australian Financial Services (AFS) license
  • Comply with its AML/CTF rules
  • Report certain higher risk or suspicious transactions for AML purposes and keep organized and accessible records of customer identification and transaction data

Companies must also have appropriate risk-based policies, procedures and controls to manage the risks associated with their activities in relation to money laundering and terrorism financing. This includes establishing an adequate compliance framework which involves conducting assessments of potential risks, implementing internal systems and procedures, and providing ongoing training for employees on AML/CTF requirements. 

It is especially important that crypto companies and VASPs take the time to understand AUSTRAC's regulations and ensure they are compliant. Doing so will not only help protect customers and build greater resilience against fast-changing regulations governing the sector, but also build trust in Australia's growing cryptocurrency industry. 

Ultimately, compliance with AUSTRAC regulations is essential for regulated businesses operating in Australia. 

By ensuring that businesses are collecting the right KYC information to meet AUSTRAC's requirements, Australia continues to remain one of the world’s leading financial hubs for both domestic and international customers. These regulations help protect all parties involved in financial transactions by providing robust controls on the flow of money, helping keep Australians' funds safe and secure. 

How KYC-Chain Can Help

Is your business regulated by the AUSTRAC or looking to do business in Australia? KYC-Chain’s end-to-end onboarding solution will allow you  to securely and efficiently carry out the necessary KYC/AML checks for doing business in Australia in full compliance.

Get in touch and we’ll be happy to show you how KYC-Chain can be your KYC onboarding solution.

Any Questions?

Our team is always ready to help you and your business.
Get in touch

Latest Articles

We should have some subheading here, it’s good for SEO as well
Cayman Islands KYC Essentials: KYC-Chain’s Multi Scope
Summary In the fast-evolving landscape of financial regulations, the Cayman Islands remain a pivotal jurisdiction for global investment and financial…
24 Jun 2024
Regulation Focus Series | Article 11: Germany and BaFin
As Europe's largest economy and a major global financial powerhouse, Germany is unsurprisingly a major target for illicit financial activity.…
31 Jan 2024
What does the EU's MiCA Regulation mean for Crypto Companies?
The EU recently introduced a new regulation called the Markets in Crypto-Assets (MiCA) in order to regulate and supervise the…
23 Jan 2024