If you are operating a cryptocurrency/digital currency exchange (DCE) which exchanges fiat (Australian or foreign currency) for digital currency and/or vice versa, you would be aware that from 3 April 2018, you have had obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act).
When the laws came into effect, a policy principle period was declared until 2 October 2018 to allow DCEs time to comply with their new obligations under the regime.
What did the policy principle period mean?
The policy principle period meant that AUSTRAC could only take enforcement action against a DCE if it was satisfied they had failed to take reasonable steps to comply with the relevant provisions.
In determining whether a DCE was taking reasonable steps, AUSTRAC considered:
- whether the DCE complied with the provision as soon as practicable in respect of a customer who was assessed to be of high money laundering and terrorism financing (ML/TF) risk;
- any transition plan outlining the actions and timeframes to achieve compliance;
- the extent of oversight by the Board or CEO of the DCE with the transition plan; and
- whether sufficient resources had been allocated to enable compliance before the end of the principle period.
What does the ending of the policy principle period mean?
DCE providers must now be fully compliant with their obligations under the AML/CTF legislation now that the policy principles period has expired. These obligations include:
- registering and enrolling with AUSTRAC;
- adopting and maintaining an AML/CTF Program that mitigates and manages your ML/TF risks after having undertaken a ML/TF risk assessment on your DCE;
- undertaking enhanced and ongoing customer due diligence;
- undertaking employee due diligence;
- AML/CTF risk awareness training;
- reporting suspicious matters to AUSTRAC;
- reporting threshold transactions to AUSTRAC if you pay or accept cash from customers;
- arranging for your Program to be independently reviewed on a regular basis, for compliance with the AML/CTF legislation; and
- record keeping obligations in relation to customer identification, transactions, and your AML/CTF Program.
What should you do?
If you have not done so already, you should have your Program reviewed by a third party, to assess whether your AML/CTF Program:
- effectively addresses your ML/TF risks;
- is compliant with the AML/CTF regime;
- has been implemented effectively; and
- is being complied with by you.
If the review detects any issues, you can then address them to ensure compliance as soon as possible.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.