This week new laws came into effect that require anyone who operates a digital currency exchange (DCE) to comply with anti-money laundering and counter-terrorism financing (AML-CTF) regulations. This includes anyone who allows traders to buy and sell Bitcoin, Ethereum and other digital and cryptocurrencies that are interchangeable with money or can be used to buy goods or services.
The transitional arrangements came into effect on 3 April 2018. These apply to existing and new DCEs. In this post, we outline the 6 things you need to do now if you’re a DCE.
1. Enrol with AUSTRAC and register as an exchange
When you must apply to register depends on whether you’re an existing DCE or a new one.
Before you submit your application you need to have police checks completed for key personnel. This includes owners, directors, or any person who makes decisions affecting your business.
2. Have an AML-CTF Program and compliance arrangements
You have until 2 October 2018 to have an AML-CTF Program and compliance arrangements in place.
You must identify your ML-TF risks in your AML-CTF Program, as well as document your compliance arrangements to manage these risks. There are specific things that your AML-CTF Program must include. You can find AUSTRAC’s guidance for your AML-CTF Program here.
Your compliance arrangements must include an employee due diligence program, regular independent review of the AML-CTF Program, training for employees, senior management oversight, incorporation of guidance from AUSTRAC and an AML-CTF Compliance Officer.
Practically, in order to undertake KYC checks and report the matters below, you should have an AML-CTF Program and compliance arrangements in place from the day you are registered (or ideally, before then).
However, until 2 October 2018, AUSTRAC will not take any enforcement action if you have taken ‘reasonable steps’ to comply with the relevant provision of the Act. AUSTRAC’s considerations about ‘reasonable steps’ are set out here.
3. Report suspicious matters and threshold transactions
From the day you submit your application to register you must report transactions of $10,000 or more to AUSTRAC. You must also report any suspicious matters to AUSTRAC. While this is not in any of AUSTRAC’s public statements or website, AUSTRAC has told us this verbally.
AUSTRAC has also told us that you will not be able to submit a report to them until they have registered you. If you need to submit a report to AUSTRAC, you must contact them to expedite your application.
4. Complete Know Your Customer (KYC) checks and verification
You must complete KYC checks on all your customers. This must be done before you submit your application to register with AUSTRAC because once you submit your application, you must report suspicious matters and threshold transactions. You can only do this if you know who your customers are.
You may also need to complete ongoing customer checks. To do this you need to:
5. Keep records
You must keep records about your AML-CTF Program, transactions and KYC checks. We recommend that you keep records from at least the day you are registered by AUSTRAC. This includes your application to register.
6. Comply or face penalties
If you don’t do these things you may face civil and criminal penalties. These include fines and up to 7 years imprisonment.
AUSTRAC also has the power to issue an infringement notice, which is like an instant fine, if you do not:
If you are unsure whether these changes apply to you, would like to know more about your obligations, or need help registering with AUSTRAC, we’d be happy to help.
Author: Chris Deeble