What a relief: AML transitional rules have landed

The Australian Department of Home Affairs and AUSTRAC have released the widely anticipated exposure draft of the Anti-Money Laundering and Counter-Terrorism Financing Transitional Rules 2026 (Transitional Rules). The Transitional Rules are designed to guide industry through the shift to Australia's modernised AML/CTF regime, which introduces a range of new designated services for virtual assets (as well as so-called tranche 2 entities), uplifted governance and compliance obligations, and new reporting requirements for reporting entities.

In 2024, Australia adopted major changes to existing AML laws intended to bring Australia's regime into alignment with Financial Action Task Force standards. These changes were effected under the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Amending Act). Subsequently, the Government consulted on and tabled a complete re-write of the rules which specify detailed compliance obligations for reporting entities. Additional minor changes were proposed earlier this year. The Transitional Rules now provide a clearer roadmap for how existing reporting entities, and those becoming regulated entities for the first time, can move across to the new regime in a staged manner.

Industry has been invited to provide its feedback on the exposure draft at economiccrime@homeaffairs.gov.au, with the consultation period closing by 6 March 2026.

What the Transitional Rules seek to achieve

The Transitional Rules will take effect on 31 March 2026 and operate as a bridge between compliance with existing the AML/CTF framework and the requirements under the Amending Act. They aim to:

1. give existing reporting entities certainty about how their current arrangements carry across;

2. offer new entrants more time to enrol or register; and

3. ensure businesses can keep managing money-laundering (ML) and terrorism-financing (TF) risks whilst preparing for the new regime.

Below is an overview of the key transitional measures for virtual asset service providers (VASPs).

1. Digital currency exchange registrations roll over automatically

   
   

Those registered as a digital currency exchange (DCE) provider with AUSTRAC immediately before 31 March 2026 will automatically be treated as a virtual asset service provider (VASP) under the new regime.

'VASP' is the new term umbrella term that captures not only traditional fiat-to-crypto exchanges but also crypto-to-crypto trading, custody services, value transfer services and certain other 'virtual asset' related activities. The 'VASP' terminology also mirrors international approaches (e.g., Singapore and Hong Kong). However, the scope of the new designated services is potentially broad, and all businesses operating in the virtual asset sector are encouraged to review their operations and seek advice if they are unsure if they are conducting a designated service.

This confirmation is welcome confirmation that existing DCEs will not need to re-register with AUSTRAC. However, like all other reporting entities, they will face new governance and compliance obligations as well as certain obligations which are specific to VASPs. For example, it is anticipated that DCEs will need to uplift their current AML/CTF Program and implement the travel rule where they are not already doing so.

2. Three-year transition for initial customer due diligence

One of the most significant transitional measures relates to initial customer due diligence (CDD) obligations. Under the new rules, reporting entities must complete initial CDD before providing a designated service to a customer. Existing reporting entities (including VASPs) will have until 30 March 2029 to move across to the new CDD framework.

During this three-year window, an entity will be taken to meet its AML/CTF program obligations if it:

• is enrolled as a reporting entity on 30 March 2026; and
  

• maintains AML/CTF policies requiring it to:
  

  • carry out CDD using customer identification procedures; and
    

  • apply those procedures to all customers that the entity provides designated services to through an Australian permanent establishment.

This relief covers initial CDD only - it does not deem compliance with ongoing CDD obligations. Entities may choose either to:

• continue using their existing applicable customer identification procedures (ACIP) for onboarding new customers for up to three years; or
  

• transition to the reformed initial CDD framework at any time between 31 March 2026 and 30 March 2029.

Where the current AML/CTF Act allows identification after service commencement, this remains available during the transition (but only if the existing rules are fully complied with).

AUSTRAC guidance notes that reporting entities must adopt one consistent approach to initial CDD during the transition period for all new customers and customer types.

3. Moving from IFTI to IVTS reporting
   

Reporting entities must transition from the international funds transfer instruction (IFTI) reporting regime to the new international value transfer service (IVTS) reporting regime by the default date of 31 March 2029.

A later transition date (up to 30 September 2029) is available by notifying AUSTRAC in writing, provided the entity was subject to IFTI obligations during the transition period.

Some virtual-asset related services do not have this flexibility. For example, if an entity provides services such as transferring virtual assets on behalf of customers before 31 March 2029, it must move to IVTS reporting on the default transition date.

4. Relief period to implement obligations re self-hosted virtual asset wallets
   

Obligations relating to the reporting of transfers to self-hosted virtual asset wallets will not apply to designated services that start before 31 March 2029. This gives VASPs extra time to build appropriate reporting processes for unverified self-hosted wallets. However, broader travel rule obligations will still come into effect from 1 July which means that VASPs must take steps to due diligence and identify self-hosted wallets as part of travel rule compliance.

5. Delayed application of obligations for certain registrable virtual asset services

   
   

Until 1 July 2026, several key requirements under the AML/CTF Act will not apply to certain registrable virtual asset services (excluding item 50A relating to the exchange of virtual assets for money and related arrangements). The delayed obligations include:

• AML/CTF programs (Part 1A);
  

• Customer due diligence (Part 2);
  

• Reporting obligations (Part 3);
  

• Transfers of value (Part 5); and
  

• Record‑keeping requirements under Part 10 (Division 2-6).

This allows existing DCEs additional time to comply with certain governance and compliance procedures.

6. Enrolment and registration of registrable virtual assets services
   

Persons providing only new registrable virtual asset services must apply to register as a VASP by 29 July 2026, instead of within 28 days of commencement under the Principal Act. After 1 July 2026, new entrants will need to apply before commencing operations.

This provides temporary relief from the prohibition on providing registrable virtual asset services without being formally registered. This allows:

• continued provision of services up to 30 June 2026, provided a registration application is lodged by 29 July 2026; or

  
  

• commencement of services after an application is lodged (by 29 July 2026), while the application remains under consideration, provided AUSTRAC has not yet approved or refused the application.

  
  

The Rules also temporarily remove the deemed refusal mechanism for applications made between 31 March 2026 and 29 July 2026, ensuring applications lodged during this period are not automatically refused due to AUSTRAC inaction.

7. Staggering initial independent evaluations

   
   

The Transitional Rules set two pathways for first independent evaluations.

For established reporting entities, if the entity is enrolled on 30 March 2026 and has already completed at least one independent review of Part A of its AML/CTF program, its first evaluation under the new regime is compliant if conducted by: (i) four years after its last review; or (ii) 31 March 2027, whichever is later.

For newly regulated entities, they must comply with a staggered evaluation timetable. The deadline depends on the last two digits of the entity's enrolment identifier, with dates between 30 June 2029 and 31 December 2030.

8. Extended timeframe for notifying AUSTRAC of an AML/CTF compliance officer
   

Under the reforms, reporting entities normally need to appoint an AML/CTF compliance officer within 28 days of providing designated services and notify AUSTRAC within 14 days.

The Transitional Rules modify this as follows:

1. entities enrolled on 30 March 2026 will comply if they notify AUSTRAC by 30 May 2026; and
   

2. certain newly regulated entities and VASPs with delayed enrolment will comply if notification is given by the later of 14 days after entry on the Reporting Entities Roll or 29 July 2026. 

Conclusion

The Transitional Rules provide welcome clarity for digital asset businesses, fintechs and other reporting entities preparing for the new AML/CTF regime. Given the short consultation period, minimal further changes are expected. By introducing staged timeframes, targeted relief, and clear transition pathways, the Transitional Rules now provide a clear pathway for existing DCEs and new VASPs to transition to the new regime. For most, this will mean taking steps to uplift their AML/CTF framework and commence implementation in line with the Transitional Rules. Others will now need to take steps to register as a VASP under the new regime.

All virtual assets businesses with Australian operations are encouraged to review the changes, assess whether you are carrying out a designated service and, for those who have not already, prepare to uplift your AML/CTF Program and commence implementation ahead of the 31 March deadline.

If you require assistance understanding how these rules apply to your business, please reach out to the Piper Alderman Blockchain team.

Written by Steven Pettigrove, Luke Higgins, Tahlia Kelly and Sophie Nguyen