AUSTRAC Registration Requirements for Crypto Exchanges in Australia 2025

If you're running or planning to launch a crypto exchange in Australia, you need to know one thing: AUSTRAC registration isn't optional. It's the law. And if you skip it, you're not just risking fines-you're risking jail time.

Who Needs to Register with AUSTRAC?

Not every crypto business needs to register. Only those that exchange Australian dollars (or any fiat currency) for digital currency-or the other way around-must apply. That includes online platforms, mobile apps, and even physical crypto ATMs. If your business lets someone buy Bitcoin with AUD or cash out Ethereum for cash, you're in scope.

Here’s what’s NOT covered yet: swapping one crypto for another, like BTC for ETH. But that’s changing. Starting March 31, 2026, AUSTRAC will require registration for all crypto-to-crypto trades, custody services, and even helping people launch ICOs. If you’re thinking of waiting until next year to get started, you’re already behind.

The Core Requirements: AML/CTF Program and Risk Assessment

Before you even hit the "Apply" button on AUSTRAC’s portal, you need two things: a written AML/CTF Program and a Money Laundering and Terrorism Financing (ML/TF) Risk Assessment. These aren’t templates you copy from a website. They need to reflect your actual business operations.

Your AML/CTF Program must include:

• How you verify customer identities (KYC)
• How you monitor transactions for suspicious activity
• Who’s responsible for compliance inside your company
• How you train staff on spotting red flags
• What you do when you spot something suspicious

The Risk Assessment has to show you understand where your business is most vulnerable. For example: Do you serve customers from high-risk countries? Do you allow large, anonymous cash deposits? Do you offer peer-to-peer trading with no ID checks? AUSTRAC looks for gaps-and they’ll reject your application if your risk assessment is too vague or incomplete.

The Registration Process: What You Actually Submit

AUSTRAC doesn’t accept rough drafts. You need to submit:

• Completed online application form
• Your finalized AML/CTF Program
• Your ML/TF Risk Assessment
• Details about your business structure, directors, and shareholders
• Proof of identity for key personnel

You can use AUSTRAC’s online tool to check if your business model requires registration. But don’t rely on it alone. Many businesses think they’re exempt because they only deal in crypto-until AUSTRAC tells them their wallet-to-wallet transfer service counts as a digital currency exchange. The rules are broad, and the regulator interprets them strictly.

What Happens After You Apply?

There’s no set timeline. Some applications get approved in 6 weeks. Others sit for 6 months. Why? Because AUSTRAC doesn’t just check paperwork-they assess your entire operation. They look at your tech stack, your customer onboarding flow, your transaction monitoring tools, even your customer support scripts.

They can refuse your application for any reason they deem a risk. That includes:

• Weak KYC procedures
• History of financial crime by directors
• Use of offshore servers without local oversight
• Failure to demonstrate ongoing compliance capacity

Even if you’re approved, AUSTRAC can suspend or cancel your registration later. They’ve done it before. In 2024, two exchanges lost their registration after failing to report suspicious transactions for over 90 days. One had no monitoring system at all.

What Happens After Registration?

Registration isn’t a one-time checkbox. It’s an ongoing obligation. Once registered, you must:

• Report all transactions over $10,000 AUD within 10 business days
• Report any suspicious activity immediately, no matter the amount
• Keep records of all transactions and customer IDs for at least 7 years
• Submit an annual compliance report to AUSTRAC
• Update your AML/CTF Program every year-or whenever your business changes

Failure to report? Fines can hit $21 million AUD for corporations. Individuals can face up to 10 years in prison. And your business name will be published on AUSTRAC’s enforcement list-killing your reputation overnight.

AUSTRAC vs ASIC: Don’t Confuse the Two

Many crypto businesses think if they’re registered with AUSTRAC, they’re covered. That’s not true. AUSTRAC handles anti-money laundering. ASIC handles financial products.

If you’re selling tokens that act like shares, bonds, or derivatives-like a token that gives you dividends or voting rights-you need an Australian Financial Services License (AFSL) from ASIC. This adds another layer: capital requirements, disclosure rules, and strict consumer protection obligations.

As of June 2025, only a handful of crypto exchanges hold both AUSTRAC registration and an AFSL. Most are either too small to afford ASIC compliance or don’t realize their tokens qualify as financial products. That’s a dangerous gamble. ASIC has started cracking down hard on unlicensed token sales.

What’s Coming in March 2026

The biggest change isn’t happening now-it’s coming in March 2026. That’s when AUSTRAC’s rules will expand to cover:

• Crypto-to-crypto exchanges
• Custody services (holding crypto on behalf of clients)
• Providing financial services for ICOs or token launches
• Trading platforms that match buyers and sellers without holding funds

This isn’t just a tweak. It’s a full alignment with global standards from the Financial Action Task Force (FATF). Australia is moving toward treating crypto exchanges like banks. If you’re not ready, you won’t be allowed to operate.

Common Mistakes New Exchanges Make

Most businesses that fail registration make the same errors:

• Using third-party KYC tools without verifying their compliance
• Thinking "we only do small transactions" means they’re exempt
• Copying another exchange’s AML program without adapting it
• Delaying training for staff until after launch
• Assuming AUSTRAC will give them time to fix things after they start operating

One exchange in Melbourne started trading in late 2024 without registration. They thought they’d "get around to it." They were fined $1.8 million AUD and shut down in February 2025. Their CEO is now facing criminal charges.

How to Get It Right

Don’t wing it. The smart move is to work with a compliance consultant who’s handled AUSTRAC registrations before. They’ll help you:

• Build a custom AML/CTF Program that fits your business
• Map out your risk areas accurately
• Prepare documentation that meets AUSTRAC’s expectations
• Anticipate the 2026 changes and build them into your system now

It’s not cheap-but it’s cheaper than getting shut down. Most professional packages cost between $15,000 and $40,000 AUD. That’s a fraction of what a single enforcement action can cost.

Consumer Protection Isn’t Optional Either

Even if you’re not selling financial products, you still have to follow Australian Consumer Law. That means:

• No false claims about returns or security
• No hiding fees in fine print
• No misleading ads like "100% guaranteed profits"

AUSTRAC doesn’t enforce this-but the ACCC does. And they’ve already taken action against at least three crypto platforms in 2025 for deceptive marketing. You can be registered with AUSTRAC and still get sued by consumers.

Final Reality Check

Australia isn’t a crypto-free zone. It’s a crypto-regulated zone. The days of flying under the radar are over. If you want to operate legally, you need to treat compliance like your core product-not an afterthought.

Start now. Get your AML/CTF Program written. Do your risk assessment. Talk to a compliance expert. Don’t wait for March 2026 to panic. By then, it’ll be too late for most.