top of page


Anti-Money Laundering (AML) Program for Virtual Asset Service Providers (VASPs)

The AUSTRAC guide is intended to help Australian digital currency exchange businesses develop an effective AML/CTF program in line with obligations under the AML/CTF Act 2006 and its associated Rules. It supports the implementation of FATF’s Travel Rule—key to the Wire Transfer Regulations—by requiring that all value transfers involving digital currencies carry identifying information on originators and beneficiaries. This aligns VASP operations with traceability and transparency standards imposed on traditional financial institutions.


Customer Due Diligence (CDD) & KYC

VASPs must perform comprehensive Know Your Customer (KYC) checks prior to providing services. These include verifying customer identity through government-issued documentation or reliable electronic data and maintaining records of these checks for at least seven years. Enhanced CDD is required for high-risk customers, politically exposed persons (PEPs), and those transacting with jurisdictions deemed high-risk. These controls are critical to achieving WTR-compliant

transparency in virtual asset transfers.


Risk-Based AML/CTF Controls

The guide mandates a risk-based approach to money laundering and terrorism financing (ML/TF). VASPs must identify ML/TF risks related to customer types, service delivery channels, digital asset types, and foreign jurisdictions. Businesses are required to implement proportionate controls, including transaction limits, geo-location checks, source-of-funds assessments, and sanctions screening. These controls directly align with WTR principles by preventing anonymised or suspicious fund movements.


Information Collection & Transaction Monitoring

For all transactions, VASPs must collect and maintain:


  • Full customer name

  • Date of birth and residential address (or equivalent identifiers)

  • Wallet address and transaction reference

  • Source and destination of funds


Ongoing transaction monitoring must detect structuring, rapid currency exchange, unusual frequency or velocity of trades, and interaction with known darknet addresses, mixers, or ransomware. These surveillance duties ensure compliance with the WTR requirement to trace the movement of funds and identify anomalies that may indicate illicit activity.


Suspicious Matter & Threshold Transaction Reporting

Suspicious Matter Reports (SMRs) must be filed with AUSTRAC within 3 business days for ML-related suspicions or 24 hours for terrorism financing suspicions. Similarly, Threshold Transaction Reports (TTRs) are mandatory for physical cash transactions exceeding AUD10,000. The reporting regime ensures that unusual or high-risk wire transfers are flagged for regulatory review, reinforcing the WTR’s focus on proactive intervention.


Beneficial Ownership & Third-Party Intermediaries

Where the customer is a company, trust, or partnership, VASPs must identify and verify all beneficial owners holding 25% or more of the entity or exercising effective control. This includes verifying trust deeds and company registration data. In cases involving intermediaries or nested services, VASPs are held responsible for ensuring full visibility into the transfer chain—a principle that mirrors the WTR’s demand for accountability across ordering, intermediary, and beneficiary institutions.


Blockchain Analytics & Obfuscation Risks

VASPs are expected to use proprietary or commercial blockchain analytics tools to monitor wallet behaviour and detect interactions with illicit networks. Particular focus is placed on obfuscation tactics such as tumblers, mixers, privacy coins, and darknet marketplaces. These tools are key to WTR-aligned enforcement in the crypto sector, where the risk of anonymity is high.


Record Keeping & Governance

All KYC and transactional data must be retained for seven years and be accessible to AUSTRAC and other authorities upon request. The AML/CTF program must be overseen by a designated compliance officer and subject to regular independent review. Internal AML training, employee due diligence, and board-level oversight are mandatory, ensuring that WTR compliance is embedded institutionally.


Conclusion: WTR Compliance Integration

AUSTRAC’s 2025 AML program guidance for VASPs operationalises the FATF Travel Rule and Australia’s Wire Transfer Regulations for the virtual asset sector. By requiring robust KYC, risk-based monitoring, comprehensive transaction documentation, and regulatory reporting, the framework ensures that digital currency transactions are as traceable and auditable as traditional wire transfers. With strong emphasis on blockchain analytics, beneficial ownership transparency, and ongoing compliance reviews, the AUSTRAC guidance ensures that WTR obligations are fully integrated into the governance and daily operations of VASPs in Australia.


bottom of page