Blockchain Bites: TL;DR: Australia implements sweeping reforms to AML/CTF rules, SEC Taskforce receives Ten Commandments for crypto regulation, El Salvador bids adios to bitcoin legal tender experiment

TL; DR: Australia implements sweeping reforms to AML/CTF rules

In November 2024, the Australian Parliament passed the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (the 2024 Act) which introduced sweeping reforms to Australia’s Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act). In this article, we will refer to the AML/CTF Act as amended by the 2024 Act as the Amended AML/CTF Act. The 171 page 2024 Act (which is accompanied by an 179 page Explanatory Memorandum (Explanatory Memorandum)) is intended to:

1. extend Australia’s AML/CTF regime to cover additional services that are recognised by the Financial Action Task Force (FATF) as posing high AML/CTF risks;
2. reframe and clarify the AML/CTF regime and customer due diligence obligations;
3. enable the Australian Transaction Reports and Analysis Centre (AUSTRAC) to require the disclosure of information and conduct examinations; and
4. update the AML/CTF regime to reflect changing business structures, technologies, and illicit financing methods.

Shortly after the passing of the 2024 Act, AUSTRAC released exposure draft legislation detailing proposed amendments to the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No.1) (Rules) for public consultation (Exposure Draft). The consultation period remains open until next Friday.

The revised rules are intended to align with the Amended AML/CTF Act and, if implemented, effect reforms in areas such as AML/CTF programs, customer due diligence, introducing/harmonising FATF’s internationally recognised “Travel Rule”, compliance reporting, correspondent banking, and reporting group structures.

This is round one of a two part consultation on changes to the Rules, with further consultations expected on these and other measures (including enrolment and registration processes) in due course. Ultimately, there will be two sets of rules, the General Rules, and certain existing rules contained in a modified version of the current rules known as the Exemption Rules.

Too long, didn’t read – what do I need to know?

In this article, we summarise some of the key changes in respect of the following focus areas:

1. Changes for the crypto-asset or “virtual assets” sector and the Travel Rule;
2. Changes for the financial sector;
3. Changes to the AML/CTF program requirements;
4. Changes to customer due diligence requirements; and
5. Reporting groups and lead entities.

Reporting entities will of course need to grapple with the full details of these changes in the coming months ahead of full implementation commencing in 2026.

1) Changes for the crypto-asset sector and the Travel Rule

The proposed reforms will significantly expand the regulation of crypto-assets by replacing the definition of “digital currency” with a broader “virtual asset” category (aligning with FATF’s lexicon). This includes certain NFTs, governance tokens, and private stablecoins, but excludes central bank digital currencies, loyalty points, and in-game tokens.

Entities providing “digital asset” related “designated services” under Table 1 of section 6 of the AML/CTF Act will need to comply with the new regime. These services will now be referred to as “registrable virtual asset services”, and any business that provide such services are required to register with AUSTRAC as “Virtual Asset Service Providers”. Key obligations include the Travel Rule, which mandates VASPs to transmit payer and payee information with transactions, conduct due diligence on wallets, and report unverified self-hosted wallets to AUSTRAC.

The reforms amend several of the digital asset related designated services (including separating Item 50A into three constituent parts) as follows:

VASPs must also report international value transfers, prepare risk assessments, and ensure compliance with the new registration and reporting requirements expected to be implemented under AUSTRAC’s draft AML/CTF Rules.

VASPs initiating or receiving virtual asset transfers will have to comply with a modified Travel Rule, ensuring transaction details are shared between institutions and steps are taken to verify the ownership of unhosted wallets or report unverified digital wall transactions to AUSTRAC. These changes are intended to bring Australia in line with FATF standards but will likely prove controversial with privacy advocates.

VASPs should engage qualified experts and begin compliance preparations now, as the implementation of the above into business operations may take time. Changes are expected to become effective by as early as March 2026.

2) Changes for the financial sector

The Amended AML/CTF Act introduces measures affecting all reporting entities providing financial designated services, including banks, VASPs, and remittance service providers.

Value transfer obligations are streamlined into a single value transfer chain, ensuring key transfer information is passed along regardless of technology. The reforms introduce International Value Transfer Service (IVTS) reports, replacing International Funds Transfer Instruction (IFTI) reports. Value transfer service obligations begin on 31 March 2026, while IVTS obligations will commence later, with transitional rules maintaining IFTI reporting until technical updates are complete.

The Amended AML/CTF Act also revises the bearer negotiable instrument definition to align with FATF standards, excluding non-bearer and non-negotiable instruments from cross-border movement reporting. This change is intended to address industry concerns about the previous broad definition and reduce regulatory compliance burdens.

3) Changes to the AML/CTF program requirements

The reforms introduce a (welcome) major overhaul to AML/CTF programs requirements in an effort to streamline compliance and risk management obligations for reporting entities.

In summary:

• the distinction between Part A and Part B of AML/CTF Programs is removed;
• risk assessments are now compulsory in AML/CTF programs with mandated risk assessment triggers;
• regular reporting to a reporting entity’s ‘governing body’ (e.g. board) will be mandated to enable it to exercise its oversight role;
• an eligible AML/CTF compliance officer must be designated;
• due diligence and training requirements will apply for employees and contractors engaged in AML/CTF related functions;
• reporting entities must implement safeguards against tipping off;
• a simplified regime for Australian companies operating overseas through a foreign branch or subsidiary of an Australian reporting entity will be created; and
• risk mitigation strategies such as a senior manager approval requirement for high-risk customers will be implemented.

A reporting entity must have a AML/CTF policies in place before a business begins offering designated services. These reforms are expected to become effective in March 2026.

4) Changes to customer due diligence requirements

The reforms introduce a more flexible, principles-based approach, requiring businesses to rethink their onboarding and monitoring processes. While the reforms eliminate rigid verification steps, they also create new compliance challenges.

Businesses will no longer follow prescribed CDD steps for specific customer types but must instead determine appropriate measures based on risk. Certain exemptions apply, including deferrals for politically exposed persons (PEPs) in specific circumstances. In some cases, compliance can be deemed met through foreign laws or transitional provisions, and ongoing monitoring now extends beyond money laundering to broader serious crime risks.

One key change is the new requirement to collect and verify a customer’s place of birth for designated services under travel rule obligations, which could prove practically difficult due to limited documentation availability. Similarly, businesses dealing with trustees must go beyond simply identifying a class of beneficiaries and be prepared to verify individual beneficiaries when distributions occur.

With these changes set to take effect by 31 March 2026, businesses will need to review and refine their AML/CTF programs, ensuring their KYC and CDD frameworks are robust enough to meet the new principles-based requirements.

5) Reporting groups and lead entities

The Amended AML/CTF Act replaces “designated business groups” with “reporting groups,” introducing a new compliance framework. A reporting group is a business group where at least one member provides a designated service, and a lead entity is required for each reporting group. The lead entity is liable for the group’s AML/CTF compliance and must have direct control over other members providing designated services.

The reforms aim to simplify the previous framework by removing the requirement that all group members be reporting entities.

Conclusion

The sweeping reforms introduced by the Amended AML/CTF Act will bring significant regulatory changes, creating both compliance challenges and operational uncertainties for businesses. With new obligations affecting the crypto sector (or should we say, “virtual asset” sector), financial services, AML/CTF programs, customer due diligence, and reporting groups, businesses must be proactive in understanding and implementing these changes.

Given the complexity and breadth of the reforms (which are set to take effect as early as March 2026), businesses should not wait to assess their compliance obligations. Engaging with legal and regulatory professionals in advance will help navigate possible uncertainties and avoid costly missteps.

Written by Steven Pettigrove and Luke Higgins

SEC Taskforce receives Ten Commandments for crypto regulation

The Chair of the US Securities and Exchange Commission (SEC) Crypto Task Force has set forth a set of key priorities or “crypto commandments” as the Trump administration embarks on its new approach to crypto regulation. Commissioner Hester Peirce, long known for her balanced approach to crypto regulation, has been tasked with leading the newly established Crypto Task Force to reset policy toward the industry. The overall message is clear: the SEC aims to bring clarity, reduce regulatory confusion, and create a framework that fosters innovation while keeping fraudsters accountable.

According to Peirce:

the Task Force wants to travel to a destination where people have great freedom to experiment and build interesting things, and which will not be a haven for fraudsters.

For crypto enthusiasts, developers, and investors, this marks a shift from the SEC’s historically regulation by enforcement led approach. Peirce suggests the Task Force will work toward a structured and transparent regulatory path. While the inherent complexities of crypto regulation mean it will be a while before it is “smooth sailing” (to the extent that can ever be reached in regulated environments), the priorities give a clearer sense of direction for policy development and regulatory enforcement.

The SEC’s 10 Crypto Commandments

1. Security Status: Determining which crypto assets qualify as securities under US laws.
2. Scoping Out: Identifying areas that fall outside the SEC’s jurisdiction and clarifying enforcement boundaries.
3. Coin and Token Offerings: Exploring a potential framework for temporary relief for token issuers, allowing them to operate with more certainty while maintaining transparency.
4. Registered Offerings: Evaluating modifications to existing registration pathways, such as crowdfunding to make compliance more accessible for crypto projects.
5. Special Purpose Broker-Dealer licence: Reviewing and updating broker-dealer rules to accommodate crypto asset trading, including securities and non-securities.
6. Custody Solutions for Investment Advisers: Establishing a practical framework for investment advisers to custody crypto assets securely and legally.
7. Crypto Lending and Staking: Assessing regulatory approaches for lending and staking activities, which remain critical to the crypto economy.
8. Crypto Exchange-Traded Products: The SEC is receiving proposals for new crypto exchange-traded products, and its Crypto Task Force will work with staff to clarify the approval process, consider modifications like staking and in-kind transactions, and address custody and other regulatory issues before implementation.
9. Clearing Agencies and Transfer Agents: The Task Force will also address how crypto interacts with clearing agency and transfer agent rules, working with market participants on tokenising securities and integrating blockchain into traditional finance.
10. Cross-border Sandbox: Enhancing collaboration with international regulators to establish global standards for crypto oversight.

Why This Matters and what’s next

For years, crypto market participants have been stuck in a regulatory limbo in the US, facing enforcement actions without clear rules and what might be called a disingenuous invitation to “come in register”. Peirce’s statement acknowledges these challenges and signals a willingness to craft a more structured approach. The emphasis on clarity and practicality suggests that the SEC may finally be moving away from its stance of “regulation by enforcement.”

This does not mean crypto-related businesses and projects can do what they want. The SEC will still impose compliance obligations, and some participants will find them restrictive. However, these ten commandments provide a much-needed framework that seeks to balance innovation with investor protection. Commissioner Peirce has called on the industry and the public to stay engaged and help shape policy development via submissions and consultations as the Taskforce begins its important work.

Written by Steven Pettigrove, Luke Higgins and Michael Bacina

El Salvador bids adios to bitcoin legal tender experiment

After making waves in 2021 as the first country to recognise bitcoin as legal tender (meaning that citizens would be forced under law to accept bitcoin in settlement of debts), El Salvador has been forced to say ‘adios’ to that classification as part of deal from the International Monetary Fund. The classification had unexpected impacts around the world, including into how cryptocurrencies should be taxed.

El Salvador’s National Bitcoin Office continued buying bitcoin after the IMF deal was finalised, and plan to buy more:

El Salvador presently holds 6,050 bitcoins worth around USD$635M and seems to have made a very substantial gain on it’s holdings to date. However reports suggested that despite bitcoin becoming legal tender, El Salvador citizens did not take up the use of bitcoin in great numbers. A study from Yale’s School of Management had interesting findings:

The researchers were impressed by how many people were aware of and downloaded the app: almost 68 percent of potential users knew about Chivo Wallet; 78 percent of that group at least tried to download it. But from there, the numbers declined drastically. Despite incentives by the government—including a $30 Bitcoin bonus, a discount on gas when bought with the Chivo Wallet, and the elimination of certain transactional fees—almost 20% of people who downloaded the app hadn’t used their bonus by the time of the survey and most people who spent their bonus didn’t continue to use the app after doing so.

But despite theories that users were avoiding bitcoin due to volatility, it might be that they were more educated than expected around privacy:

people shared that they did not trust the app or Bitcoin because they are not anonymous, as cash is. The latter explains why Chivo Wallet was not even used to conduct transactions in dollars.

This finding is consistent with research by the RBA which found that consumers placed significant value on privacy features for any retail CBDC.

With President Trump passing an executive order banning a Central Bank Digital Currency from the USA, and many becoming more aware of the lack of privacy inherent in public cryptocurrency transactions, it is essential for widespread adoption of any payment system that users can enjoy privacy over their transactions, or network effects necessary for a currency to work will not take root.

Written by Steven Pettigrove and Michael Bacina