AUSTRAC Registration Requirements for Crypto Exchanges in Australia (2025 Guide)

• Share

Running a crypto exchange in Australia without AUSTRAC registration is a fast track to legal trouble. The good news? The paperwork is manageable if you know exactly what the regulator expects.

Quick Takeaways

• All platforms that swap fiat for crypto (or crypto for fiat) must be registered with AUSTRAC now.
• Prepare a complete AML/CTF Program and a Money‑Laundering/Terrorism‑Financing Risk Assessment before you apply.
• Application is submitted online; AUSTRAC can refuse, suspend, or add conditions.
• From 31March2026 the scope widens to cover crypto‑to‑crypto swaps, custodial services, and ICO‑related activities.
• Non‑compliance can mean criminal charges, hefty fines, and irreversible reputation damage.

What is AUSTRAC registration?

AUSTRAC registration is the mandatory anti‑money‑laundering (AML) and counter‑terrorism financing (CTF) compliance framework for businesses that provide digital‑currency exchange services in Australia. It is governed by the Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006 (AML/CTF Act). Failure to register is a criminal offence, punishable by up to 10 years imprisonment or a $1.05million fine per breach.

Who needs to register?

The rule applies to any Digital Currency Exchange (DCE) that facilitates fiat‑to‑crypto or crypto‑to‑fiat transactions. This includes:

• Online platforms that let users buy Bitcoin with AUD or sell Ethereum for AUD.
• Physical locations such as crypto‑ATM operators.
• Remittance services that move funds from a bank account into a digital‑currency wallet.

As of October2025, the requirement does not extend to pure crypto‑to‑crypto swaps, custody services, or token‑sale platforms-yet. Those will fall under the expanded scope on 31March2026.

Current (2025) Registration Requirements

Before you hit the “Submit” button, AUSTRAC expects three core deliverables:

1. AML/CTF Program - a documented set of policies, procedures, and controls to detect and deter money‑laundering and terrorism financing.
2. Money‑Laundering/Terrorism‑Financing Risk Assessment (ML/TF Risk Assessment) - a systematic analysis of the specific risks your exchange faces, including customer types, transaction values, and geographic exposure.
3. Proof of Know Your Customer (KYC) processes - identity verification, source‑of‑funds checks, and ongoing monitoring.

Other supporting documents include: business registration certificates, board member details, appointed compliance officer credentials, and evidence of a designated AML/CTF officer.

Preparing the Documentation

Getting the paperwork right saves weeks of back‑and‑forth with AUSTRAC. Follow this practical checklist:

• Draft a full AML/CTF Program that references the latest Financial Action Task Force (FATF) recommendations.
• Complete the ML/TF Risk Assessment using a risk‑matrix (likelihood×impact) for each identified threat.
  • Typical risk factors: high‑value transfers, politically exposed persons, countries on the UN sanctions list.
• Set up a KYC workflow that captures:
  • Full legal name, DOB, and residential address.
  • Government‑issued photo ID (passport or driver’s licence).
  • Proof of address (utility bill, bank statement).
  • Source‑of‑funds declaration for transactions >AU$10,000.
• Appoint a dedicated AML/CTF Officer with at least two years of compliance experience.
• Maintain a secure, audit‑ready electronic record‑keeping system for at least seven years.

Step‑by‑Step Application Process

1. Visit AUSTRAC’s online portal and run the AUSTRAC registration assessment tool to confirm you fall within the DCE definition.
2. Create an AUSTRAC user account; you’ll need your Australian Business Number (ABN) and ACN.
3. Upload the AML/CTF Program, ML/TF Risk Assessment, KYC policy, and supporting corporate documents.
4. Pay the non‑refundable application fee (currently AU$2,500 for DCEs).
5. Submit the application. AUSTRAC typically acknowledges receipt within 48hours and may request clarifications within 14days.
6. Upon approval, you’ll receive a registration certificate and your AUSTRAC Registration Number (ARN). Record this ARN on all customer‑facing material.

If AUSTRAC refuses or imposes conditions, you can appeal within 28days or address the concerns and re‑apply.

What Changes on 31March2026?

The regulator is widening its net to cover activities that were previously “grey”. The new scope adds:

• Crypto‑to‑crypto swaps (e.g., swapping BTC for ETH).
• Digital‑asset custody and management services.
• Facilitating ICOs, token sales, and other digital‑currency issuances.
• Transfer‑on‑behalf services (e.g., custodial wallets moving funds for clients).

These additions mean almost every crypto‑related business will need a fresh AUSTRAC registration or a supplemental amendment to an existing one.

Compliance Obligations After Registration

Registration is just the start. Ongoing duties include:

• Continuous monitoring of transactions for suspicious patterns; file Suspicious Matter Reports (SMR) to AUSTRAC within 24hours of detection.
• Submit Threshold Transaction Reports (TTR) for any single transaction or series of related transactions exceeding AU$10,000.
• Annual compliance reporting - a self‑assessment confirming all AML/CTF controls remain effective.
• Maintain up‑to‑date KYC records and refresh identity verification every three years or upon material change.
• Conduct internal audits at least once a year, preferably by an independent third party.

AUSTRAC vs ASIC: When Do You Need an AFSL?

AUSTRAC registration covers AML/CTF, but Australian Securities and Investments Commission (ASIC) may also require an Australian Financial Services License (AFSL) if your platform offers regulated financial products such as tokenised securities, derivatives, or managed investment schemes.

Key differences:

• AUSTRAC focuses on money‑laundering controls; AFSL adds capital‑adequacy, consumer‑protection disclosures, and prudential reporting.
• You can be AUSTRAC‑registered without an AFSL, but you cannot offer a financial product without the AFSL.
• Non‑compliance with either regulator can trigger separate enforcement actions.

Practical Tips & Common Pitfalls

• Start early. Draft your AML/CTF Program at least three months before you intend to launch.
• Engage a compliance consultancy (e.g., Zitadelle AG or Xenia Compliance) to vet your documentation.
• Avoid “one‑size‑fits‑all” KYC - tailor verification levels to transaction risk.
• Keep an eye on the March2026 deadline; many operators apply for amendment early to avoid a compliance gap.
• Document every request from AUSTRAC. A clear audit trail can be decisive if enforcement escalates.

Comparison: Current vs Post‑March2026 Requirements

Next Steps for New Entrants

1. Map your business model against the current AUSTRAC definition.
2. Kick off AML/CTF program drafting - involve legal counsel early.
3. Run the AUSTRAC assessment tool; if you plan crypto‑to‑crypto services, prepare for the 2026 amendment.
4. Choose a compliance partner (Zitadelle AG, Xenia Compliance, etc.) for document review.
5. Submit the registration, then set up automated SMR/TTR filing.
   • Consider a SaaS compliance platform to ease ongoing reporting.
6. Monitor regulatory updates - AUSTRAC publishes draft guidance quarterly.

Frequently Asked Questions

• Tags
• AUSTRAC registration
• crypto exchange compliance
• Australia crypto regulations
• AML CTF requirements
• digital currency exchange