Ready, set, go: New AML/CTF rules tabled in Parliament

Provision

Outline

Status

1-6 Enrolment details

Section 1-6 specifies that the 'enrolment details' defined in section 5 of the AML/CTF Act are those listed in sections 3.2, 3.3 and 3.4 of the AML/CTF Rules. The details apply to all applications and must be provided when enrolling as a reporting entity. ED2 introduced additional requirements such as the number of employers and whether the entity is a member of any industry or professional associations which is reflected in the new rules.

Unchanged

1-7 Registrable details

Under the ED2 rules, remittance service providers (RSPs) and VASPs must apply for registration with AUSTRAC before offering registrable services in addition to enrolling as reporting entities. Registration is different from enrolment because AUSTRAC must review and approve the application before granting registration.

According to the Explanatory Memorandum, an important aspect of the definition of 'registrable details' is that it determines what information AUSTRAC will publish on the Remittance Sector Register and the Virtual Asset Service Provider Register. This information can be accessed by foreign regulators and law enforcement agencies to allow them to verify that a person is

appropriately regulated for AML/CTF to provide remittance or virtual asset services.

The published details include the person's name, ABN, the address of their principal place of business and the domain names of any websites through which services are provided.

Amended

3-2 Information about applicant's designated services

This section prescribes the information required in an enrolment application. Section 3-2(2) requires the applicant to advise whether it is registered, has applied or intends to apply for registration on the VASP register.

Unchanged (previously section 2-2)

4-2 Publication of register information

Subsection 4.2(1) requires the AUSTRAC CEO to publish the person’s name, the registrable details outlined above and an indication if the person’s registration is suspended on the VASP register.

Amended (previously section 3-2)

4-4 Application - general information

The rule specifies the general identifying, ownership and operating structure information the candidate must include in their application such as identities of beneficial owners and the size, nature and complexity of the business.

Amended (previously section 3-4)

4-5 Information relating to ML/TF risks

This section requires the applicant to identify the ML/TF risks they might face in providing their services, in five broad categories: 1. the types of customers they service; 2. foreign countries they operate in; 3. the specific products and services offered; 4. the delivery channels used to provide services; and 5. the types of transactions undertaken.

Unchanged (previously section 3-5)

4-6 Information relating to AML/CTF policies

This section sets out the information required to be provided in a registration application about the candidate's AML/CTF policies such as whether training is in place, whether policies are regularly reviewed and updated and undertaking due diligence on employees.

Amended (previously section 3-6)

4-14 Additional requirements for VASP registration

Section 4-14 sets out the additional requirements for VASP registration such as the types of virtual assets offered, the delivery channels used to provide them, whether transaction or time limits apply and the expected average monthly number of designated services provided. Wallet address information must also be provided.

Unchanged (previously 3-14)

5-3 Policies related to targeted financial sanctions

Under a new requirement introduced in ED2, all reporting entities must develop and maintain AML/CTF policies to ensure compliance with targeted financial sanctions when providing designated services.

Amended (previously 5-3). The amendment replaces the ED2 terminology of ‘money, property or virtual assets’ to simply ‘assets’.

6-21 Establishing source of wealth

This is a new section that requires, when undertaking both initial and ongoing CDD where enhanced CDD obligations arise, a reporting entity must establish the source of wealth or funds of a customer.

New

6-22 Enhanced CDD requirements for certain virtual asset services

This is a new section that requires a reporting entity to apply enhanced CDD measures on a customer where the customer has deposited or received physical currency in the course of exchanging virtual money or assets under item 50A of table 1 of the AML/CTF Act (s 6). Enhanced CDD includes: 1. collecting and verifying KYC information on the customer's source of wealth (noting the additional trigger in 6-21); and 2. collecting and verifying KYC information on the customer's source of funds for every transaction involving the exchange of physical currency for virtual assets or vice versa. According to the Explanatory Memorandum, ‘[t]his section responds to the inherently very high ML/TF risks presented by crypto-ATM and other physical currency based virtual asset exchange services’ (at [401]).

New

8-6 Payment transparency – transition to revised FATF recommendations

Section 66A of the amended AML/CTF Act introduces the travel rule which requires that certain identifying information about the payor and payee be transmitted with transfers of value including virtual asset transfers.

This section is an alternative way that an institution in a value transfer chain can fulfil obligations related to collecting, verifying, passing on and monitoring payer information in line with the travel rule.

In June 2025, FATF revised recommendation 16 to change the content of ‘travel rule’ information. Although the global transition to these revised requirements might take some time, the Explanatory Memorandum notes that reporting entities such as VASPS newly subject to travel rule obligations may wish to build new systems to the new standard. If a reporting entity chooses the new standard, it must use it for all elements of travel rule information.

New

9-4 Reports of suspicious matters – information about the matter

Where a matter involves virtual assets, reports must include the type of virtual assets, quantity of virtual assets, the value in AUD, the exchange rate in determining value, the unique transaction reference number and wallet address.

However, the new rules introduce two new requirements in SMRs:

1.    the full name of any person who controls, or controlled, the virtual asset (including a decentralised autonomous organisation, if applicable); and 2. the full name of any person in whose name the assets are, or were, held.

Amended (previously 8-4)

9-8 Reports of threshold transactions - information about the transaction

The additional information required for SMRs also applies to threshold transaction reports.

Amended (previously 8-8)

Part 12

Part 12 allows for a range of transitional provisions such as allowing SMRs and TTRs to be in the old forms for the first three months after commencement of the new rules/obligations.

New