For Crypto Businesses

AML/CTF program for digital currency exchanges in Australia — AUSTRAC DCE

Operating a digital currency exchange in Australia means AUSTRAC registration plus an active AML/CTF program — and the 2024 reforms widen the definition to cover more digital-asset business models.

Start FreeView Requirements

Compliance Challenges for Crypto Businesses

Digital currency exchanges (DCEs) must be registered with AUSTRAC and operate a full AML/CTF program. Tranche 2 expands this to broader digital-asset service providers.

DCE registration is a precondition, not a formality

Operating an unregistered exchange is a criminal offence under Part 6A of the AML/CTF Act. Registration is also revocable, and AUSTRAC has cancelled registrations of providers found non-compliant.

Travel-rule expectations are escalating

AUSTRAC's 2024 guidance signalled increased emphasis on the FATF Travel Rule for transfers between virtual asset service providers (VASPs). Programs need to address counterparty due diligence on outbound and inbound transfers.

Self-custody and mixers create unique CDD challenges

Withdrawals to unhosted wallets, on-chain mixers and bridges are typologies AUSTRAC actively flags. Your program needs to define how the exchange treats these, not just monitor them.

Tranche 2 broadens 'digital asset service provider'

The 2024 amendments move beyond 'digital currency exchange' to a wider 'digital asset service provider' concept (e.g. custodial wallet providers, brokers). Many businesses that thought they were outside scope are now in.

What Crypto Businesses Need for Compliance

The AML/CTF Act 2006 (Cth) and the AML/CTF Rules require all reporting entities to maintain these documents and procedures.

AUSTRAC DCE registration under Part 6A of the AML/CTF Act
AML/CTF Program with Part A and Part B sections — s 81
ML/TF Risk Assessment for fiat on/off-ramps and crypto-to-crypto flows
CDD with blockchain-analytics integration for source-of-funds inquiry
Travel-rule procedures for VASP-to-VASP transfers
TTR for $10,000+ fiat cash equivalents (s 43)
SMR workflow with mixer/bridge typology coverage
Sanctions screening at the wallet and counterparty level

Deadline & Applicability

Digital currency exchanges have been regulated since 2018. The AML/CTF Amendment Act 2024 expands coverage to broader digital-asset service providers from 1 July 2026; existing DCEs should review their registrations and programs against the new scope.

Last reviewed: · Information is general guidance, not legal advice.

How AutoAML Helps Crypto Businesses

AI-Generated Documents

All 13 compliance documents drafted from your service mix and risk profile — Part A, Part B, risk assessment, CDD scripts, the lot.

Team & Audit Trail

Invite your team, assign Compliance Officer roles, and keep a tamper-evident audit log AUSTRAC supervisors can read.

SMR & TTR Built-in

Reporting workflows, training tracking, annual review reminders and document version control — so the program stays alive after day one.

Frequently Asked Questions

Crypto Businesses & AUSTRAC: common questions

Do we need to register if we only do crypto-to-crypto trading?
Pre-Tranche 2, the registration trigger was fiat-to-crypto exchange. From 1 July 2026 the broader 'digital asset service provider' definition is expected to capture more crypto-to-crypto and custodial models — many businesses outside scope today will be in.
What is the FATF Travel Rule and does Australia enforce it?
The Travel Rule requires VASPs to share originator and beneficiary information for transfers above a threshold. AUSTRAC's 2024 guidance signalled escalating expectations; your program should define how you collect, transmit and receive this information.
Can we let users withdraw to unhosted wallets?
There is no outright prohibition. Your program needs to define the risk treatment — e.g. withdrawal limits, additional CDD, source-of-funds questions, blockchain analytics — and apply it consistently.
How do we handle a sanctioned wallet address?
Freeze the address on detection, lodge an SMR, and report under the Autonomous Sanctions regime. Your sanctions-screening provider should be tested regularly, not assumed correct.
What's the penalty for operating an unregistered exchange?
Operating an unregistered DCE is a criminal offence under Part 6A — up to 7 years' imprisonment for individuals or significant corporate fines. AUSTRAC has cancelled and refused registrations where compliance is found wanting.
How often does our program need to be updated?
At minimum annually, plus on any material change to products, technology stack or risk environment. Crypto risk evolves faster than most sectors — quarterly Part A reviews are common in well-run exchanges.

Related industries under AUSTRAC Tranche 2

Many firms work across more than one designated-service category. Check the related sectors below.

For Fintech Companies

AML/CTF program for Australian fintechs — AUSTRAC reporting entity guide

Read more
For Trust & Company Service Providers

AML/CTF program for trust and company service providers — AUSTRAC Tranche 2

Read more
For Jewellers

AML/CTF program for jewellers and bullion dealers in Australia

Read more

Get a DCE/VASP AML/CTF program in 10 minutes

All 13 AUSTRAC-aligned documents drafted from your service mix. Free until the 1 July 2026 deadline.

Start Your Free Compliance ProgramPrefer to talk first? Book a 15-min setup call

Free until the 1 July 2026 AUSTRAC deadline. Cancel anytime.