Skip to content

AML/CTF obligations for Virtual Asset Service Providers

Designated services offered by

Virtual Asset Service Providers

Under the AML/CTF Amendment Bill 2024, specific services provided by Virtual Asset Service Providers (VASPs) will be designated as covered activities and will be subject to AML/CTF obligations. These services include:

Exchanging Virtual Assets for Fiat Currency

Providing services that allow customers to buy or sell cryptocurrencies using traditional money.

Exchanging One Virtual Asset for Another

Facilitating the trade of different cryptocurrencies, including privacy-focused coins that enhance anonymity.

Providing Custodial or Hosted Wallet Services

Storing or managing virtual assets on behalf of clients, which can be exploited for illicit transactions.

Offering Peer-to-Peer (P2P) Trading Platforms

Enabling direct transactions between users without a regulated intermediary, increasing anonymity risks.

Facilitating Initial Coin Offerings (ICOs) and Token Sales

Raising funds through crypto-based investments, which can be misused to channel illicit funds.

Providing Crypto-Backed Lending and Financial Services

Allowing clients to borrow against their virtual assets, creating opportunities for money laundering.

Operating Virtual Asset ATMs (Crypto ATMs)

Providing physical kiosks for buying or selling cryptocurrencies, often with minimal identity verification.

Operating Virtual Asset ATMs (Crypto ATMs)

Providing physical kiosks for buying or selling cryptocurrencies, often with minimal identity verification.

Providing Cross-Border Virtual Asset Transfers

Facilitating the movement of cryptocurrencies across jurisdictions, which can be used to evade financial controls.

Offering Mixing and Tumbling Services

Services that obscure transaction history by pooling and redistributing funds, making it difficult to trace illicit activity.

Facilitating Decentralised Finance (DeFi) Services

Platforms offering decentralised lending, borrowing, or trading services, often without traditional KYC controls.

If your business provides any of these services, it will be subject to AML/CTF obligations.

Why are Virtual Asset Service Providers

Subject to AML/CTF laws?

Virtual Asset Service Providers (VASPs) are subject to AML/CTF laws because cryptocurrencies and other virtual assets can be exploited by criminals to launder illicit funds, finance terrorism, and evade regulatory oversight. Criminals may misuse VASPs by:

Enabling Anonymous Transactions

Cryptocurrencies can be traded without revealing true identities, making it easier to launder illicit funds.

Facilitating Cross-Border Transfers

Virtual assets allow rapid international transfers without traditional banking oversight.

Using Mixing and Tumbling Services

Criminals obscure transaction history by blending illicit funds with legitimate ones.

Exploiting Peer-to-Peer (P2P) Platforms

Direct transactions between users bypass regulated financial institutions, increasing anonymity.

Concealing Beneficial Ownership

Virtual asset wallets and decentralized finance (DeFi) platforms complicate the tracing of beneficial owners.

Funding Illicit Activities

Cryptocurrencies are used to finance illegal goods, ransomware attacks, and terrorist organisations.

Using Virtual Assets to Evade Sanctions and Regulatory Controls

Criminals use virtual assets to bypass international financial restrictions.

Using Crypto ATMs for Cash-Based Laundering

Physical kiosks allow anonymous purchases and conversions of crypto into cash.

Conducting Fraudulent Initial Coin Offerings (ICOs)

Illicit actors create fake crypto projects to collect funds and launder money.

Lack of Oversight in Decentralised Finance (DeFi)

DeFi platforms operate without central authority, making it difficult to enforce AML/CTF controls.

By imposing AML/CTF obligations, supervisors are aiming to prevent Virtual Asset Service Providers (VASPs) from being exploited as unwitting enablers of financial crime.

Money Laundering and Terrorism Financing (ML/TF)

Risks in the VASP sector

Virtual Asset Service Providers face significant ML/TF risks, including:

  • Anonymity and Pseudonymity – Virtual assets allow users to transact without revealing their real identities, making it difficult to trace illicit funds
  • Rapid Cross-Border Transfers – Cryptocurrencies enable instant international transactions, bypassing traditional banking controls and regulatory oversight
  • Use of Mixing and Tumbling Services – Criminals launder funds by obfuscating transaction trails through cryptocurrency mixers and tumblers
  • Exploitation of Peer-to-Peer (P2P) Exchanges – Direct trading between individuals can occur without regulatory oversight, increasing the risk of illicit activity
  • Obscured Beneficial Ownership – Virtual wallets, decentralised finance (DeFi) platforms, and layered transactions make it difficult to identify the true owner of funds
  • Terrorist Financing Through Crypto Donations – Extremist groups use virtual assets to receive and distribute funds anonymously
  • Sanctions Evasion and Illicit Trade – Cryptocurrencies are used to circumvent financial sanctions and facilitate illegal goods transactions on dark web marketplaces
  • Crypto ATMs for Money Laundering – Physical kiosks enable anonymous cash-to-crypto conversions, allowing criminals to integrate illicit cash into the financial system
  • Fraudulent Initial Coin Offerings (ICOs) and Token Sales – Criminals create fake crypto projects to collect funds from unsuspecting investors and launder money
  • Limited AML Controls in Decentralised Finance (DeFi) – DeFi platforms operate without centralised oversight, making it difficult to enforce AML/CTF regulations

To comply with the AML/CTF Act by 1 July 2026, virtual asset service providers must conduct a thorough ML/TF risk assessment to identify, mitigate, and manage risks effectively.

For more information on the ML/TF risks faced by virtual asset service providers ,click here.

AML/CTF

Programs and Policies

In addition to designing, executing and maintaining a money laundering, terrorism financing and proliferation financing (ML/TF/PF) risk assessment reporting entities are expected to implement AML/CTF policies that are both appropriate and proportionate to the identified risks, in order to mitigate and manage these risks.

The diagram below outlines at a high-level the other key pillars of an AML/CTF Program:

In addition to designing, executing and maintaining a money laundering, terrorism financing and proliferation financing (ML/TF/PF) risk assessment reporting entities are expected to implement AML/CTF policies that are both appropriate and proportionate to the identified risks, in order to mitigate and manage these risks.

AI AML-Value-Chain A4 final
HOW Virtual Asset Service Providers CAN MEET THEIR

AML/CTF Obligations

To meet AML/CTF obligations, virtual asset service providers must:

Conduct an Enterprise-Wide ML/TF/PF Risk Assessment considering factors such as customer risks, product and services risks, channel risks, transaction risks, and geographical risks

Develop and maintain AML/CTF policies, outlining compliance measures and risk mitigation strategies

Conduct Customer Due Diligence (CDD), verifying customer identities before transactions. High-risk clients require Enhanced Due Diligence (EDD)

Conduct Know Your Employee (KYE) checks, by performing employment and criminal history background checks and enhanced controls for employees occupying key risk roles

Provide initial and ongoing AML/CTF training to employees (and contractors) to ensure they understand their obligations and can identify ML/TF risks and escalate as appropriate

Monitor transactions to detect unusual activity or suspicious patterns indicative of money laundering or terrorism financing (or have oversight of financial institutions conducting on their behalf)

Conduct regulatory reporting to AUSTRAC where required

Conduct an independent review of AML/CTF policies at least every 3-years

Maintain records of all customer due diligence, reports, and related correspondence for at least seven years

These measures are critical to safeguarding virtual asset service providers from criminal exploitation and ensuring compliance with Australia’s strengthened AML/CTF framework.

Note: The AML/CTF Rules are being developed by AUSTRAC and are under a consultation process and are subject to change.

In focus

Blogs

Emerging Risks in Tranche 2 Professions: Virtual Assets and Cryptocurrencies

February 27, 2025

How do organised criminals exploit virtual asset service providers to launder the proceeds of their crimes and what can you do to prevent this happening in your business?

February 25, 2025

Case Studies : How do organised criminals exploit virtual asset service providers to launder the proceeds of their crimes and what can you do to prevent this happening in your business?

February 19, 2025

Anti-Money Laundering 101: What do Australian virtual asset service providers need to know about the AML/CTF Amendment Act 2024 and how can they start to prepare to comply?

February 17, 2025

In focus

Whitepapers

Anti-Money Laundering 101_ What do Australian Virtual Asset Service Providers need to know about the AML_CTF Amendment Act 2024 and how can they start to prepare to comply

Anti-Money Laundering 101: What do Australian Virtual Asset Service Providers need to know about the AML/CTF Amendment Act 2024 and how can they start to prepare to comply?

Virtual asset providers must prepare for compliance with these requirements.

Access this resource
Cryptocurrency and AML Global approaches to regulating Virtual Asset Service Providers (VASPs)

Cryptocurrency and AML: Global approaches to regulating Virtual Asset Service Providers (VASPs)

Regulations on cryptocurrency and AML focus on Virtual Asset Service Providers (VASPs), requiring compliance measures to prevent financial crimes, enhance transparency, and mitigate money laundering risks in digital asset transactions.

Access this resource
How do organised criminals exploit virtual asset service providers to launder the proceeds of their Crimes and what can you do to prevent it

How do organised criminals exploit virtual asset service providers to launder the proceeds of their Crimes and what can you do to prevent it?

Criminals exploit virtual asset providers for money laundering; implementing strong compliance, monitoring, and due diligence measures can help prevent illicit activity.

Access this resource
How do organised criminals exploit virtual asset service providers to launder the proceeds of their crimes and what can you do to prevent this happening in your business

How do organised criminals exploit virtual asset service providers to launder the proceeds of their crimes and what can you do to prevent this happening in your business?

Criminals launder money through virtual assets: strong compliance prevents exploitation.

Access this resource

Get in touch with our team

Contact us