News Overview

In late August 2025, the Australian Transaction Reports and Analysis Centre (AUSTRAC) announced that it has ordered Binance Australia (hereinafter referred to as "Binance Australia") to appoint an external auditor to review its anti-money laundering program. AUSTRAC stated that this decision was made after discovering serious issues with Binance's anti-money laundering and counter-terrorism financing controls. The regulator also expressed concerns about high employee turnover at Binance, lack of local resources, and insufficient oversight from senior management—these issues have raised questions about whether Binance's governance for anti-money laundering and counter-terrorism financing is adequate. Binance Australia has 28 days to nominate an external auditor for AUSTRAC to review and select.

Matt Poblocki, General Manager of Binance Australia and New Zealand, said that Binance acknowledges AUSTRAC's decision and added that this move "is one of their regulatory review measures, not an enforcement action." AUSTRAC CEO Brendan Thomas pointed out that the 2024 National Risk Assessment emphasizes how crypto assets are increasingly prone to abuse by criminals, and the action against Binance is a result of focused industry regulation, "This is a global company operating cross-border in a high-risk environment. We expect it to conduct rigorous customer identification, due diligence, and effective transaction monitoring," "All crypto operators need to ensure they comply with Australian laws and curb related criminal risks."

FinTax Commentary

In Australia, entities providing crypto services must register with the Australian Transaction Reports and Analysis Centre (AUSTRAC) as reporting entities and comply with Australia's anti-money laundering and counter-terrorism financing (AML/CTF) laws. A key part of AML/CTF compliance is ensuring that the company's AML/CTF program (mainly policies and procedures) undergoes independent review. The independent review report must explain how the company fulfills its AML/CTF obligations, including management oversight procedures, company money laundering and terrorism financing risk assessments, record-keeping procedures, AUSTRAC reporting obligations, and ongoing customer due diligence, and it needs to assess whether the AML/CTF program is effectively implemented. Australia's AML/CTF regulatory framework is primarily based on the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and its amendments, which stipulate that relevant entities should undergo independent reviews "periodically," while considering the nature and scale of the business, the complexity of the services provided, and the level of money laundering and terrorism financing risks faced by the business.

According to AUSTRAC's public news release, this time Binance is required to undergo an external audit because AUSTRAC has concerns about the adequacy of Binance's anti-money laundering and counter-terrorism financing controls. These concerns stem from multiple aspects, including high employee turnover at Binance, the absence of local resources and senior management oversight, and the limited scope of Binance's latest independent review relative to its scale, business, and risk assessment, among others. These issues collectively lead to compliance deficiencies in Binance Australia's fulfillment of AML/CTF obligations.

Since the beginning of this year, AUSTRAC has been strengthening its oversight of cryptocurrency exchanges and has taken a series of regulatory or enforcement actions against entities suspected of not complying with certain requirements. In May, AUSTRAC fined the Melbourne-based exchange Cointree $75,120 because the company delayed submitting suspicious matter reports related to potential money laundering, and this delay hindered the timely conduct of enforcement actions. Previously, AUSTRAC had also taken regulatory actions against 13 remittance service providers and cryptocurrency exchanges, while issuing compliance warnings to over 50 institutions. In addition, in terms of the latest policies, the latest amendments to Australia's Anti-Money Laundering and Counter-Terrorism Financing Act 2006 were passed by Parliament in November 2024, with the main compliance obligations coming into effect on March 31, 2026, or July 1, 2026 (depending on the applicable entities). The updated act aims to align Australia's anti-money laundering and counter-terrorism financing measures with the global standards set by the Financial Action Task Force (FATF), and accordingly expands AUSTRAC's investigation and enforcement powers. At the same time, the regulatory scope of the act has been expanded to cover more crypto asset-related services to address the special risks in this industry. Starting from March 2026, AUSTRAC will require crypto companies to obtain user data and report financial transaction information. In July 2025, AUSTRAC also released its regulatory priorities for 2025-2026, emphasizing that "this year marks a shift in regulatory approach—from regulation primarily checking compliance to regulation focusing on substantive risks and harms," and it will focus on the crypto industry as a high-risk area.

In the above context, the anti-money laundering audit order issued by AUSTRAC to Binance Australia is one of the latest measures to curb illegal financial activities in crypto, and it is also a snapshot of the reality that governments around the world are tightening regulation on cryptocurrency exchanges. In fact, as governments in various countries intensify their regulatory efforts, the crypto industry's awareness of compliance is also undergoing a shift, and for many crypto companies, compliance work is increasingly seen as an inherent competitive advantage, with audit compliance being an important aspect of it.

Drawing from the Binance Australia anti-money laundering audit incident, related crypto companies may want to pay more attention to the following two aspects in the future: First, localized governance. As AUSTRAC CEO Thomas said in the relevant statement: "Large global operators may seem resource-rich and capable of complying with complex regulatory requirements, but if they do not understand local money laundering and terrorism financing risks, they cannot fulfill their obligations to conduct such activities in Australia." Although Binance holds regulatory approvals or licenses in about 20 jurisdictions, these licenses are not uniform across all jurisdictions, so it must adjust according to the regulatory requirements of each country. Regulators will prefer crypto companies with strong local teams and abundant local resources, as companies will have a better understanding of local market risks and regulatory provisions, which is crucial for achieving compliance. Second, audit compliance. AUSTRAC requires Binance Australia's auditor to strengthen the audit, and regulatory bodies in other countries may also introduce similar provisions, making "external audit orders" a routine regulatory tool in the crypto field, thereby ensuring that crypto companies genuinely assume corresponding audit compliance responsibilities. From another perspective, focusing on audit compliance is not just to avoid penalties, but to build a sustainable business model and strengthen the ability to respond to regulatory challenges.

Looking from Australia to the world, countries are all working to build a comprehensive and effective crypto regulatory system, and accompanying this is the ongoing regulatory uncertainty. Some of this uncertainty translates into compliance risks faced by crypto market participants.

For crypto companies, they can consider: (1) Improving the independent review mechanism, pre-planning response processes for triggering external audits, and doing a good job in related record-keeping. Ensure that their own AML/CTF program has undergone sufficient independent review, and conduct appropriate testing in the key processes and control measures of the independent review. The frequency and scope of the independent review can be matched with factors such as business scale and risk level to better align with actual needs; (2) Filling gaps in local resources and strengthening localized governance. Appropriately expand local teams, dynamically fine-tune company systems in combination with regulatory guidelines and enforcement trends in each jurisdiction, and enhance consistency with local departmental regulatory expectations. In short, the incident where AUSTRAC initiated an anti-money laundering audit on Binance Australia reminds the crypto industry that there is still room for improvement in focusing on audit compliance and localized governance, and this is closely related to nurturing trust in the crypto ecosystem and achieving sustainable innovative development.

Reference:

1. https://cointelegraph.com/news/australia-orders-external-audit-of-binance-s-local-unit-over-aml-concerns

2. https://www.onesafe.io/blog/binance-australia-audit-impact-crypto-compliance-asia

3. https://www.austrac.gov.au/austrac-ceo-brendan-thomas-speech-australian-institute-professional-intelligence-officers-conference-2025

4. https://www.austrac.gov.au/news-and-media/media-release/austrac-orders-audit-global-crypto-exchange

5. https://cincodias.elpais.com/criptoactivos/2025-08-22/australia-pide-a-binance-una-auditoria-externa-ante-preocupaciones-sobre-lavado-de-dinero-y-financiacion-de-terrorismo.html

6. https://www.onesafe.io/blog/binance-australia-audit-impact-crypto-compliance-asia