Blockchain Bites: Sanctions spotlight: Australia targets illicit crypto flows; Australia eyes 1% GDP gain from digital finance; What a relief: AML transitional rules have landed

Sanctions spotlight: Australia targets illicit crypto flows

On the anniversary of Russia’s invasion of Ukraine, the Australian Government introduced new sanctions targeting 180 individuals, entities and vessels linked to Russia including a number of cryptocurrency related businesses. For the first time, Australia is targeting cryptocurrency entities that enable cross-border payments to sustain Russia’s military operations. The announcement makes clear that businesses using cryptocurrency to circumvent sanctions are now potential enforcement targets.

Australian sanctions compliance has traditionally focused on banks, exporters and trade finance providers, reflecting the central role of the banking and finance sector in facilitating the acquisition of technology and equipment used in conflict. Building on the Australian Sanctions Office (ASO)’s 2025 guidance, the latest sanctions announcement makes clear that fintech and digital asset businesses, including decentralised finance (DeFi)), will be held accountable for sanctions compliance.

Australian sanctions, which are imposed under the Autonomous Sanctions Act 2011 (Cth) and associated regulations, prohibit dealings with designated individuals, entities, vessels and sectors, as well as certain activities connected with sanctioned countries. The rules apply to everyone, not just regulated entities.

In 2025, the ASO issued updated sector‑specific guidance for cryptocurrency exchanges as well as new guidance for fintech and “DeFi companies” identifying four recurring risk categories that firms are expected to address:

1. Customer risk

The ASO expects fintech companies to screen customers against Australia’s Consolidated List at onboarding and on an ongoing basis, including by identifying beneficial owners. Sanctioned individuals or entities may be concealed through layered or complex ownership structures. This is in line with the Anti-money Laundering and Counter-Terrorism Financing Amendment Act 2024 (AML/CTF Amendment Act), which broadened regulatory obligations for digital asset businesses, payment providers and other higher‑risk sectors.

2. Jurisdiction risk

Given the inherently cross‑border nature of fintech and DeFi business models, firms must ensure they are not inadvertently dealing with sanctioned persons or entities, including through intermediaries such as sanctioned banks. This risk is heightened for businesses operating in adjacent areas such as trade finance or commodities‑related payments.

The guidance highlights elevated risk in dealings connected to Russia, Iran, Myanmar and the Democratic People’s Republic of Korea, and expects robust IP and address‑based controls to prevent services being provided in sanctioned regions.

3. Transaction risk

Even where counterparties initially clear screening, individual transactions may still breach sanctions, including where payments are routed through a sanctioned bank or structured to avoid detection. Businesses are expected to take reasonable precautions and exercise due diligence, including monitoring both crypto and fiat transactions for indicators of sanctions evasion.

4. Product and service risk

The ASO expects sanctions controls should be applied at the product level, proportionate to risk exposure. To that end, ASO implies that it will be no defence to say that a product (including decentralised software) was simply misused by bad actors. Services such as crypto trading, peer‑to‑peer transfers, prepaid cards and correspondent‑style arrangements each present distinct risk profiles. Expanding into new product lines should trigger an updated sanctions risk assessment before launch.

Strict liability and penalties

Sanctions offences are strict liability for body corporates and attract significant penalties, calculated by reference to the value of the contravening transaction. Individuals face up to 10 years’ imprisonment and/or substantial fines. Penalties may be cumulative.

Areas lacking clarity

While the announcement signals that industry should be alert to sanctions compliance, there remains significant ambiguity as to how sanctions framework applies to decentralised protocols with no clear operator, governance body or Australian nexus. Uncertainty also remains for developers, infrastructure providers or interface operators, particularly where they lack direct customer relationships. However, given the seriousness of the penalties for non-compliance, businesses and software developers operating in this space should take steps to understand their obligations. Previous US enforcement actions indicate the very serious ramifications of sanctions breaches.

Conclusion

The Australian Government has clearly signalled that sanctions compliance is an increasing priority for digital asset businesses. If you require assistance understanding your obligations and the impact of these developments – including the reforms implemented by the Anti-Money Laundering and Counter Terrorism Financing Amendment Act commencing on 31 March 2026, please reach out to the Piper Alderman Blockchain team.

Written by Steven Pettigrove, Katrina Sharman and Tahlia Kelly

Australia eyes 1% GDP gain from digital finance

The Australian Digital Finance Cooperative Research Centre (DFCRC) has released a 166-page report outlining the possible productivity gains and economic windfall available to Australia through innovation in digital finance. The report, informed by both the DFCRC’s research and industry consultation, paints a simple picture: Australia is sitting on a possible AUD $24 billion per year opportunity if it embraces digital finance innovation at scale.

The report states that whilst Australia has all the right characteristics – world-class payments infrastructure and deep capital markets – the window to capture a competitive advantage is narrowing and that we are currently on track to realise less than 5% of potential economic gains by 2030 unless regulatory clarity and industry coordination improve. Regulatory uncertainty, licensing ambiguity and fragmented adoption remain our strongest blockers to progress.

The DFCRC categorises the largest economic opportunities into three “core” buckets:

1. Better Markets – AUD $10 billion p.a.
2. Better Payments – AUD $8 billion p.a.
3. Better Assets – AUD $6 billion p.a.

Together, these represent roughly 1% of national GDP in upside.

Better Markets

The DFCRC focuses on how trading, clearing and settlement infrastructure could be simplified and made more efficient. The report notes that the majority of potential market-level gains (AUD $10 billion per year) derive from two structural changes: (1) real-time atomic settlement; and (2) improved mobility of collateral.

Atomic settlement removes the time gap between execution and settlement which thereby reduces counterparty exposure, eliminating settlement failures and otherwise reducing the amount of margin or collateral that would be posted purely to manage such settlement risk. This is particularly relevant in public debt and equity markets, where settlement failures and associated compensation mechanisms (such as securities lending arrangements to avert failed delivery) impose heavy costs.

Real estate markets are also analysed, but here the gains arise from operational efficiencies rather than trading throughput. Tokenised title systems and automated settlement are methods that the DFCRC states could reduce conveyancing complexity and settlement delays, which is estimated to comprise roughly a third of the total cost base for conveyancing functions.

Across these market segments, the DFCRC’s position is consistent: measurable benefits arise not from digitising existing assets, but from replacing legacy workflows with modern infrastructure that is capable of instant settlement. Without these structural changes, tokenisation delivers only marginal improvements.

Better Payments

The payments analysis is similarly pragmatic. The DFCRC finds that the bulk of Australia’s potential gains (AUD $8 billion per year) are concentrated in cross-border payments and foreign exchange (FX) settlement, rather than domestic retail payments. Australia’s domestic system is already relatively efficient following two decades of regulatory reform and the rollout of the New Payments Platform. By contrast, the international environment remains dependent on correspondent banking chains, manual reconciliation and multi-day settlement windows.

The report’s modelling shows that replacing multi‑intermediary cross‑border workflows with direct settlement using tokenised money, whether wholesale CBDC, stablecoins issued under Australian regulation, or tokenised bank deposits, would materially reduce correspondent bank charges and FX spread costs. FX markets are highlighted as a major source of potential economic surplus because of their exceptionally high turnover. Even modest reductions in transaction costs (e.g., through automated market‑maker mechanisms or consolidated liquidity pools) translate into billions of dollars in annual savings.

A recurring theme throughout this section is that significant improvements to the payment system depend on the availability of trusted, programmable settlement assets. Without regulated tokenised money, the supporting infrastructure required to unlock many of these economic benefits cannot operate at scale. In this respect, the DFCRC highlights that payments reform and financial market reform are codependent.

Better Assets

The DFCRC states that gains (AUD $6 billion per year) are to be made from making assets more functional, rather than merely digitising them. The report outlines three priorities: (1) collateral mobility; (2) lifecycle automation and on‑chain credit/liquidity; and (3) embedded compliance.

Tokenised collateral can be pledged and substituted effectively instantly, reducing funding spreads and freeing capital in repurchase agreements (repo), derivatives margining and securities lending. Encoding bond lifecycle events (issuance, coupons, redemptions) into smart contracts cuts recurring registry and servicing costs that currently rely on manual workflows. Extending these rails to collateralised lending, invoice finance and intraday repo lowers intermediation costs using conservative Australian benchmarks.

Finally, programmatic KYC/AML and machine‑readable records reduce labour‑intensive compliance and improve transparency in opaque markets (e.g., corporate bonds, private credit). The report also flags tokenised government bonds as a keystone asset for settlement, collateral and liquidity, supporting both public and private tokenised markets.

Conclusion

The DFCRC’s report shows that Australia is at a critical juncture. A recurrent theme throughout the report is the need for regulatory clarity. This sits uneasily with the current Australian landscape. Parliament is progressing digital asset legislation, while ASIC’s latest guidance suggests substantial overlap with the existing financial services regulatory regime. Meanwhile, significant payment sector reforms are in train. Overlapping or inconsistent regulations threaten to put a brake on the digital finance revolution. The outcome, the DFCRC implies, is delay and lost value. The path forward requires careful regulatory design and fit for purpose rules in order to seize the economic gains identified by the DFCRC.

Written by Steven Pettigrove and Luke Higgins

What a relief: AML transitional rules have landed

The Australian Department of Home Affairs and AUSTRAC have released the widely anticipated exposure draft of the Anti-Money Laundering and Counter-Terrorism Financing Transitional Rules 2026 (Transitional Rules). The Transitional Rules are designed to guide industry through the shift to Australia’s modernised AML/CTF regime, which introduces a range of new designated services for virtual assets (as well as so-called tranche 2 entities), uplifted governance and compliance obligations, and new reporting requirements for reporting entities.

In 2024, Australia adopted major changes to existing AML laws intended to bring Australia’s regime into alignment with Financial Action Task Force standards. These changes were effected under the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Amending Act). Subsequently, the Government consulted on and tabled a complete re-write of the rules which specify detailed compliance obligations for reporting entities. Additional minor changes were proposed earlier this year. The Transitional Rules now provide a clearer roadmap for how existing reporting entities, and those becoming regulated entities for the first time, can move across to the new regime in a staged manner.

Industry has been invited to provide its feedback on the exposure draft at [email protected], with the consultation period closing by 6 March 2026.

What the Transitional Rules seek to achieve

The Transitional Rules will take effect on 31 March 2026 and operate as a bridge between compliance with existing the AML/CTF framework and the requirements under the Amending Act. They aim to:

1. give existing reporting entities certainty about how their current arrangements carry across;
2. offer new entrants more time to enrol or register; and
3. ensure businesses can keep managing money-laundering (ML) and terrorism-financing (TF) risks whilst preparing for the new regime.

Below is an overview of the key transitional measures for virtual asset service providers (VASPs).

1. Digital currency exchange registrations roll over automatically

Those registered as a digital currency exchange (DCE) provider with AUSTRAC immediately before 31 March 2026 will automatically be treated as a virtual asset service provider (VASP) under the new regime.

‘VASP’ is the new term umbrella term that captures not only traditional fiat-to-crypto exchanges but also crypto-to-crypto trading, custody services, value transfer services and certain other ‘virtual asset’ related activities. The ‘VASP’ terminology also mirrors international approaches (e.g., Singapore and Hong Kong). However, the scope of the new designated services is potentially broad, and all businesses operating in the virtual asset sector are encouraged to review their operations and seek advice if they are unsure if they are conducting a designated service.

This confirmation is welcome confirmation that existing DCEs will not need to re-register with AUSTRAC. However, like all other reporting entities, they will face new governance and compliance obligations as well as certain obligations which are specific to VASPs. For example, it is anticipated that DCEs will need to uplift their current AML/CTF Program and implement the travel rule where they are not already doing so.

2. Three-year transition for initial customer due diligence

One of the most significant transitional measures relates to initial customer due diligence (CDD) obligations. Under the new rules, reporting entities must complete initial CDD before providing a designated service to a customer. Existing reporting entities (including VASPs) will have until 30 March 2029 to move across to the new CDD framework.

During this three-year window, an entity will be taken to meet its AML/CTF program obligations if it:

• is enrolled as a reporting entity on 30 March 2026; and
• maintains AML/CTF policies requiring it to:
  • carry out CDD using customer identification procedures; and
  • apply those procedures to all customers that the entity provides designated services to through an Australian permanent establishment.

This relief covers initial CDD only – it does not deem compliance with ongoing CDD obligations. Entities may choose either to:

• continue using their existing applicable customer identification procedures (ACIP) for onboarding new customers for up to three years; or
• transition to the reformed initial CDD framework at any time between 31 March 2026 and 30 March 2029.

Where the current AML/CTF Act allows identification after service commencement, this remains available during the transition (but only if the existing rules are fully complied with).

AUSTRAC guidance notes that reporting entities must adopt one consistent approach to initial CDD during the transition period for all new customers and customer types.

3. Moving from IFTI to IVTS reporting

Reporting entities must transition from the international funds transfer instruction (IFTI) reporting regime to the new international value transfer service (IVTS) reporting regime by the default date of 31 March 2029.

A later transition date (up to 30 September 2029) is available by notifying AUSTRAC in writing, provided the entity was subject to IFTI obligations during the transition period.

Some virtual-asset related services do not have this flexibility. For example, if an entity provides services such as transferring virtual assets on behalf of customers before 31 March 2029, it must move to IVTS reporting on the default transition date.

4. Relief period to implement obligations re self-hosted virtual asset wallets

Obligations relating to the reporting of transfers to self-hosted virtual asset wallets will not apply to designated services that start before 31 March 2029. This gives VASPs extra time to build appropriate reporting processes for unverified self-hosted wallets. However, broader travel rule obligations will still come into effect from 1 July which means that VASPs must take steps to due diligence and identify self-hosted wallets as part of travel rule compliance.

5. Delayed application of obligations for certain registrable virtual asset services

Until 1 July 2026, several key requirements under the AML/CTF Act will not apply to certain registrable virtual asset services (excluding item 50A relating to the exchange of virtual assets for money and related arrangements). The delayed obligations include:

• AML/CTF programs (Part 1A);
• Customer due diligence (Part 2);
• Reporting obligations (Part 3);
• Transfers of value (Part 5); and
• Record‑keeping requirements under Part 10 (Division 2-6).

This allows existing DCEs additional time to comply with certain governance and compliance procedures.

6. Enrolment and registration of registrable virtual assets services

Persons providing only new registrable virtual asset services must apply to register as a VASP by 29 July 2026, instead of within 28 days of commencement under the Principal Act. After 1 July 2026, new entrants will need to apply before commencing operations.

This provides temporary relief from the prohibition on providing registrable virtual asset services without being formally registered. This allows:

• continued provision of services up to 30 June 2026, provided a registration application is lodged by 29 July 2026; or
• commencement of services after an application is lodged (by 29 July 2026), while the application remains under consideration, provided AUSTRAC has not yet approved or refused the application.

The Rules also temporarily remove the deemed refusal mechanism for applications made between 31 March 2026 and 29 July 2026, ensuring applications lodged during this period are not automatically refused due to AUSTRAC inaction.

7. Staggering initial independent evaluations

The Transitional Rules set two pathways for first independent evaluations.

For established reporting entities, if the entity is enrolled on 30 March 2026 and has already completed at least one independent review of Part A of its AML/CTF program, its first evaluation under the new regime is compliant if conducted by: (i) four years after its last review; or (ii) 31 March 2027, whichever is later.

For newly regulated entities, they must comply with a staggered evaluation timetable. The deadline depends on the last two digits of the entity’s enrolment identifier, with dates between 30 June 2029 and 31 December 2030.

8. Extended timeframe for notifying AUSTRAC of an AML/CTF compliance officer

Under the reforms, reporting entities normally need to appoint an AML/CTF compliance officer within 28 days of providing designated services and notify AUSTRAC within 14 days.

The Transitional Rules modify this as follows:

1. entities enrolled on 30 March 2026 will comply if they notify AUSTRAC by 30 May 2026; and
2. certain newly regulated entities and VASPs with delayed enrolment will comply if notification is given by the later of 14 days after entry on the Reporting Entities Roll or 29 July 2026.

Conclusion

The Transitional Rules provide welcome clarity for digital asset businesses, fintechs and other reporting entities preparing for the new AML/CTF regime. Given the short consultation period, minimal further changes are expected. By introducing staged timeframes, targeted relief, and clear transition pathways, the Transitional Rules now provide a clear pathway for existing DCEs and new VASPs to transition to the new regime. For most, this will mean taking steps to uplift their AML/CTF framework and commence implementation in line with the Transitional Rules. Others will now need to take steps to register as a VASP under the new regime.

All virtual assets businesses with Australian operations are encouraged to review the changes, assess whether you are carrying out a designated service and, for those who have not already, prepare to uplift your AML/CTF Program and commence implementation ahead of the 31 March deadline.

If you require assistance understanding how these rules apply to your business, please reach out to the Piper Alderman Blockchain team.

Written by Steven Pettigrove, Luke Higgins, Tahlia Kelly and Sophie Nguyen