AML & KYC compliance for cryptos

AML & KYC compliance for cryptos

With the rise of cryptocurrency in Australia, what are the rules around Know Your Customer and Anti-Money Laundering?

The last few years have seen a significant increase in the number of Australians who have invested in various cryptocurrencies. According to Roy Morgan’s latest research, over 1 million Australians aged 18 and over now have an investment in cryptocurrency – at an average value of just over $20,000. This makes Australia one of the world’s most significant adopters of cryptocurrencies per capita.

But it’s a high risk game.

Cryptocurrency is increasingly used to buy and sell lethal drugs on the dark web and by drug cartels seeking to launder their profits. In addition, some terrorist groups are known to have solicited cryptocurrency donations worth millions of dollars through online social media campaigns.

Unsurprisingly, the rise in scams and the potential for using cryptocurrency in money laundering has led to growing calls for regulation. The Financial Action Task Force (FATF) is urging nations to intensify the implementation of a risk-based approach to prevent anti-money laundering and terrorist financing through cryptocurrency.

However, while the terms Know Your Customer (KYC) and Anti-Money Laundering (AML) are well known in the financial sector, they need to be established in the crypto space globally.

In this article, we’ll look at what KYC and AML mean for cryptocurrency in Australia:

Anti-Money Laundering and Cryptocurrency

Money laundering is the term for financial transactions that enable criminals to change illegally obtained money or other assets into “clean” money or assets with no obvious link to their criminal origins. It can involve transactions with financial institutions, businesses or private individuals.

Cryptocurrency transactions may create a higher risk for money laundering due to their anonymity, cross-border nature, and lack of centralised oversight.

That’s where Anti-Money Laundering regulations come in.

AML compliance is designed to protect financial systems by keeping people from carrying out financial transactions with money from illegal sources.

In 2018, AUSTRAC, Australia’s financial intelligence agency and anti-money laundering and counter-terrorism financing regulator, implemented AML/CTF laws for digital currency exchange (DCE) providers operating in Australia.

DCEs with a business operation in Australia must register with AUSTRAC and meet the AML/CTF compliance and reporting obligations. The laws cover any service that involves the exchange of any fiat currency, whether or not in Australian dollars, to cryptocurrency and vice versa.

Under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, DCEs must collect information to establish customers’ identities, monitor transactions, have a system to monitor suspicious activity, report any suspicious transactions over $AU10,000 and establish an AML/CTF compliance program.

These laws are designed to help protect DCEs from money laundering and terrorism financing while helping to strengthen public and consumer confidence in the cryptocurrency sector.

Being AML compliant has many benefits for DCEs, including:

  • Keeps customer data secure across numerous physical and digital channels.
  • Uses global customer databases to check the backgrounds of new customers and compare against lists of sanctioned individuals.
  • Monitors transactions closely and reports illegal or suspicious activity.
  • Creates automated fraud detection services that can stand in the way of identity theft or block account access.
  • Preserves and enhances an organisation’s reputation and maintains value for shareholders by avoiding association with criminal activity.
  • Reduces fines or costs associated with non-compliance with AML regulations.

Preventing Crypto Crime with KYC

Know Your Customer (KYC) is the mandatory process of verifying a person’s identity when onboarding them as a customer and over time. It is a critical part of AML compliance.

One of the core activities of KYC is customer due diligence (CDD). This includes collecting personal information to verify a customer’s identity and prevent fraud before they engage in financial activity with an organisation, and checking personal customer information against global watch lists or sanctions against individuals.

For business customers, you need to collect business information to analyse a customer’s business structure, funding sources, stakeholders, and other critical business details. AUSTRAC regulations require DCEs to document the procedures they use to collect and verify (KYC) information about their customers.

The verification of KYC information generally involves asking a customer to provide their details and confirming those details against identification documents such as a driver’s licence or passport, or an online identification verification service.

You must collect and verify KYC information before providing the cryptocurrency service to that customer. The types of information that you must collect and verify depends on the type of customer. AUSTRAC sets standard guidelines for information relating to individuals, domestic companies and trustees of trusts.

The second part of KYC is creating risk profiles or conducting risk assessments.

Organisations may apply enhanced due diligence (EDD) for customers identified as high-risk, such as a politically-exposed person (PEP).

According to AUSTRAC, EDD measures must be applied in the following cases:

  • There is a high risk of money laundering or terrorism.
  • A customer is (or has a beneficial owner who is) a foreign politically exposed person (PEP).
  • A customer’s suspicious activity or behaviour may lead to making a suspicious matter report (SMR).
  • A transaction involves a person or a company that has a presence or is incorporated in a prescribed foreign country.

Thirdly, KYC includes monitoring customers regularly for any suspicious activity or signs of illegal financial activities and updating customer risk profiles as needed.

How to comply with KYC and AML regulations

Cryptocurrency exchanges and other businesses in the industry need to have the proper AML and KYC technologies in place to ensure regulatory compliance, detect fraud and prevent financial crime.

Find out how our solutions help you meet your KYC and AML obligations, verify your customers’ ages, check for Politically Exposed Persons (PEPs) and sanctions, monitor transactions, and more.

Sign up for more expert insight

Hear from us when we launch new research, guides and reports.