Anti-Money Laundering 101: What do Australian virtual asset service providers need to know about the AML/CTF Amendment Act 2024 and how can they start to prepare to comply?

Introduction

In November 2024, the Australian Parliament enacted the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (AML/CTF Amendment Act), marking a significant expansion of the nation’s financial regulatory framework. This legislation extends AML/CTF obligations to include Virtual Asset Service Providers (VASPs), acknowledging the sector’s vulnerability to exploitation by financial criminals.

As a VASP, understanding the implications of this amendment is crucial. This article provides an overview of the AML/CTF Amendment Act 2024, its specific impact on VASPs, and practical steps to prepare for compliance.

What are the key provisions of the AML/CTF Amendment Act 2024?

The AML/CTF Amendment Act 2024 introduces several pivotal changes:

1. Expansion to Virtual Asset Services: The Act broadens the AML/CTF regime to encompass additional virtual asset-related services beyond the existing regulation of exchanges between virtual assets and fiat currency. The newly designated services include:

• Exchanges between one or more forms of virtual assets
• Transfers of virtual assets on behalf of a customer
• Safekeeping or administration of virtual assets
• Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset

A new definition of ‘virtual asset’ has been inserted in the AML/CTF Act to replace the previous terminology of ‘digital currency’, providing clarity and ensuring additional asset types such as stablecoins and non-fungible tokens (NFTs) are captured.

2. Implementation Timeline: The new AML/CTF obligations for VASPs will commence on 31 March 2026. Entities must apply to register with AUSTRAC before this date and must not provide virtual asset-related designated services before AUSTRAC has confirmed their registration. Criminal penalties apply for non-compliance

3. Enhanced AML/CTF Program Requirements: The Act updates the existing requirement for an AML/CTF program, emphasising a shift from a compliance-based approach to a risk-based, outcomes-oriented approach. This includes:

• ML/TF/PF Risk Assessment: Identifying and assessing risks related to money laundering, terrorism financing and proliferation financing that the business may reasonably face in providing its designated services

• AML/CTF Policies: Developing and maintaining policies, procedures, systems, and controls that appropriately manage and mitigate identified risks and ensure compliance with AML/CTF obligations

• Roles and Responsibilities: Emphasising the role of governing bodies and senior management in overseeing risk and compliance, including the explicit requirement to appoint a fit and proper AML/CTF compliance officer responsible for implementing the AML/CTF program

Implications for Virtual Asset Service Providers

With the inclusion of VASPs under the AML/CTF regime, businesses in this sector must now adhere to specific obligations designed to prevent financial crime:

• Registration with AUSTRAC: VASPs must apply to register with AUSTRAC before 31 March 2026 and must not provide virtual asset-related designated services before AUSTRAC has confirmed their registration. Criminal penalties apply for non-compliance

• AML/CTF Program Development: Firms are required to develop and maintain a tailored AML/CTF program that identifies, assesses, and mitigates risks associated with money laundering, terrorism financing, and proliferation financing

• Customer Due Diligence (CDD): VASPs must implement procedures to verify the identity of clients and beneficial owners, understand the nature and purpose of the business relationship, and conduct ongoing monitoring to detect suspicious activities

• Reporting Obligations: Suspicious matters, threshold transactions, and international value transfer services must be reported to AUSTRAC within specified timeframes 

• Record-Keeping: Detailed records of transactions, client identification, and due diligence processes must be maintained for a minimum period, as stipulated by the Act

Preparing for Compliance: Practical Steps for Virtual Asset Service Providers

To align with the forthcoming AML/CTF obligations, VASPs should consider the following proactive measures:

1. Educate and Train Staff: Ensure that all team members are aware of the new AML/CTF requirements and understand their roles in compliance. Regular training sessions can help staff identify red flags and understand reporting procedures

2. Conduct an ML/TF/PF Risk Assessment: Evaluate your firm’s services, client base, distribution channels and geographical exposure to identify areas susceptible to money laundering, terrorism financing, and proliferation financing risks. This assessment will inform the development of your AML/CTF program

3. AML/CTF Program: Create a comprehensive program that outlines policies and procedures for customer due diligence, reporting, record-keeping, and ongoing compliance monitoring

4. Implement Robust CDD Processes: Establish procedures to verify client identities, understand the nature of their activities, and monitor transactions for inconsistencies or suspicious behaviour

5. Establish Reporting Protocols: Define clear internal processes for escalating and reporting suspicious matters to

Criminals exploit weak regulatory controls, anonymity features, and cross-border transactions to integrate the proceeds of crimes such as drug trafficking, fraud, cybercrime, and terrorism financing into the legitimate financial system.

To combat these threats, VASPs must implement robust Anti-Money Laundering (AML) measures, comply with global financial regulations, and actively monitor transactions to prevent financial crime.