Recent AUSTRAC guidance for DCEs: review red flag indicators

If you're a registered as a registered digital currency exchange (DCE) with AUSTRAC, you'll know that amongst other obligations, you need to:

1. Regularly review your AML/CTF Program and money-laundering and terrorist-financing (ML/TF); and

2. take into account any feedback provided by AUSTRAC in respect of the DCE industry, that is relevant to identification, mitigation and management ML/TF risks arising from the provision of your item 50A designated service.

AUSTRAC recently provided guidance that DCEs should be considering and incorporating FATF's guidance and insights on ML/TF, in particular FATF's Virtual Assets Red Flag Indicators of Money Laundering and Terrorist Financing Report. We recently wrote about other AUSTRAC guidance relevant to DCEs.

You may have already considered the FATF report in relation to your transaction monitoring program, as the report was released in September 2020 (we wrote about it at the time), but if you haven't yet done so, you should now.

In particular, the report provides guidance on the following types of Red Flags:

1. Technological features that increase anonymity such as peer-to-peer exchanges and anonymity-enhanced cryptocurrencies;

2. Geographical risks;

3. Irregular, unusual or uncommon transactional patterns;

4. Illogical transaction sizes for the consumer;

5. Unusual sender or recipient profiles; and

6. Sources of funds or wealth.

A useful exercise is to review the red flag indicators against your own transaction monitoring program and consider the case studies in light of your AML/CTF Program to see if following your AML/CTF Program, your business would have identified the red flag or had procedures in place to mitigate the ML/TF risks.

AUSTRAC's guidance also noted that virtual assets are dynamic and rapidly evolving and indicated that FATF's guidance on the regulation of virtual asset service providers should be followed for further insight into evolving ML/TF risks and updates to come later this year.

The authors note that Australia's regulation of digital currency related services is much narrower than the FATF recommendations and for any change to the Australian regime will require new laws to be drafted, introduced into then passed by Parliament. This may take quite some time. The more pressing issue for DCEs may be the need to comply with international regulation prior to any Australian obligations, particularly when dealing with international liquidity providers.

In your next Board meeting or compliance committee meeting, consider if your DCE has had an independent review recently and if not, schedule one in for this year. That way in your next AUSTRAC Compliance Report you can check "yes" to that box.