Virtual asset service providers
VASPs or Digital Currency Exchanges (DCEs) must register with AUSTRAC and implement full AML/CTF programs under the AML/CTF Act 2006.
AML/CTF Act 2006 — Virtual Asset Service Providers (VASPs) / Digital Currency Exchange Providers (DCEs)
AML/CTF Obligations
Register with AUSTRAC before providing any digital currency exchange services
Conduct an ML/TF Risk Assessment and implement a unified AML/CTF program based on it
Conduct KYC on all customers before providing any designated service
Lodge IFTI reports for international transfers of $1,000 AUD equivalent or more
Lodge SMR reports within 3 business days of forming a suspicion
Lodge TTR reports within 10 business days of a cash transaction of $10,000 AUD or more
DCEs must lodge SMRs within 3 business days of forming a suspicion, IFTIs within 10 business days of the transfer instruction, and TTRs within 10 business days of a threshold cash transaction.
Typical Customer Risk Profiles
High-volume retail traders — frequent, large-amount traders are higher risk by volume alone. One undetected structuring pattern across 500 daily transactions is far harder to catch manually than across 5.
Customers from high-risk jurisdictions — wallets linked to sanctioned countries carry heightened risk regardless of individual profile.
Anonymous wallet activity — customers moving funds through privacy coins or untraced wallets require enhanced scrutiny by default.
Immediate large trades after account opening — a common pattern in smurfing, account takeover, and layering schemes.
Recommended Compliance Pack
Crypto Pack
Pre-configured for Virtual asset service providers — KYC rules, risk thresholds, AUSTRAC report templates, CDD workflows, and monitoring rules aligned to your obligations. Ready from day one.
View pack detailsWhat's included
System default — customisableBiometric KYC with document verification — customers onboarded in under 2 minutes
Real-time sanctions and PEP screening against OFAC, UN, EU, DFAT, and UK HMT lists
Pre-built crypto transaction monitoring rules including structuring detection and velocity checks
IFTI, TTR, and SMR report templates pre-populated from transaction data with AUSTRAC validation
Immutable audit trail for every customer interaction and compliance decision
Example workflow
Default — you can modify stepsCustomer signs up
Completes digital onboarding — name, DOB, address, photo ID uploaded from phone.
KYC runs automatically
Document verified, biometric liveness check, sanctions and PEP screening — all in the background.
Risk score assigned
Customer assigned Low, Medium, or High risk. High-risk accounts flagged for MLRO review before access.
Trading begins
Every transaction monitored against pre-built crypto AML rules — structuring, velocity, high-risk wallets.
Alert raised
Suspicious pattern detected. Case created automatically. Assigned to analyst.
Report filed
MLRO reviews, SMR or IFTI prepared from case data, submitted to AUSTRAC on time.
Pricing Recommendation
Recommended
Professional
DCEs typically have high transaction volumes requiring full transaction monitoring and automated IFTI/TTR/SMR generation. The Professional plan includes all monitoring rules, case management, and bulk report submission.
View full pricingReady to get compliant as a VASP / DCE?
Your Crypto Pack is configured on day one. 7-day free trial — no credit card, no consultants, no configuration sprints.