Story image

Australia rolls out compliance laws for cryptocurrency & digital exchange service providers

18 Apr 18

AUSTRAC has cracked down on cryptocurrency and digital currency exchange (DCE) providers operating in Australia with a new mandate, all changes effective immediately.

DCEs with a business operation located in Australia must now register with AUSTRAC. They must also meet the government’s anti-money laundering and counter-terrorism financing (AML/CTF) compliance and reporting obligations.

If they don’t register with AUSTRAC, they may be subject to criminal offence and civil penalties.

According to AUSTRAC CEO Nicole Rose, the new laws will help the agency and DCEs minimise the risk of criminals using digital currency exchanges for money laundering, terrorism financing, and cybercrime.

The agency will have stronger compliance and intelligence capabilities, particularly under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.

The Act requires regulated entities to collect information that establishes a customer’s identity, monitor transactional activity, and report to AUSTRAC transactions or activity that is suspicious or involves large amounts of cash over $10,000.

According to AUSTRAC’s website, obligations also include:

- enrolling and/or registering your business with AUSTRAC
- customer identification and verification of identity
- record keeping
- establishing and maintaining an AML/CTF program
- ongoing customer due diligence and reporting (suspicious matters, threshold transactions and international funds transfer instructions).

Rose says the digital currency sector has generally welcomed the new DCE laws.

“It’s recognised that this reform will help protect their business operations from money laundering and terrorism financing, while regulation will also help strengthen public and consumer confidence in the sector,” she says.

“AUSTRAC now has increased opportunities to facilitate the sharing of financial intelligence and information relating to the use of digital currencies, such as bitcoin and other cryptocurrencies, with its industry and government partners.

“The information that these businesses will collect and report to AUSTRAC will have immediate benefit in the fight against serious crime and terrorism financing.”

Current DCEs have a transition period until May 14 to register with AUSTRAC and meet all AML/CTF requirements. For any business that aims to provide DCE services from May 15, they must register with AUSTRAC before providing those services.

“You may continue providing DCE services while your registration application is being assessed. Criminal offence and civil penalty consequences will apply after 14 May 2018 for providing DCE services while unregistered,” AUSTRAC states.

What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Bitdefender announces security integration with Kaseya
The new partnership will allow VSA by Kaseya’s cloud and on-premises users to deploy and manage security with Bitdefender Cloud Security for MSPs.
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.