Additional travel rule obligations when transferring virtual assets (Reform)

Learn what your business needs to do to meet its travel rule obligations when transferring virtual assets. 

On this page

Some reporting entities have extra obligations under the travel rule. These rules apply to reporting entities that: 

  • accept instructions for the transfer of virtual assets (known as ordering institutions)
  • make transferred virtual assets available (known as beneficiary institutions). 

AML/CTF policies for virtual asset transfers

This section refers to the Act section 46A and the Rules sections 5-17 and 5-18.

You’ll need specific anti-money laundering and counter-terrorism financing (AML/CTF) policies to meet your travel rule obligations. 

AML/CTF policies for ordering institutions 

If you’re an ordering institution that completes virtual asset transfers you must have AML/CTF policies that describe how you’ll:

  • conduct due diligence to determine if a transfer is to a custodial or self-hosted virtual asset wallet
  • conduct due diligence if a transfer to a custodial virtual asset wallet is required – to determine if the person is appropriately licensed or registered under laws that give effect to the Financial Action Task Force (FATF) recommendations
  • manage and mitigate the money laundering, terrorism financing and proliferation financing risks (we refer to these as ML/TF risks) associated with transferring to a virtual asset wallet controlled by a person that isn’t required to be licensed or registered under laws that give effect to the FATF recommendations
  • establish whether the person who controls the wallet can securely receive the transfer message and keep it confidential
  • collect information about the identity the payee for a transfer to a self-hosted virtual asset wallet
  • any steps you’ll take to verify the person who controls the virtual asset wallet. 

In future, transfers to or from unverified self-hosted wallets will be required to be reported to us. 

These reports are new, and distinct from existing threshold transaction or suspicious matter reports. The purpose of these reports is to support oversight of transfers to unverified self-hosted wallets, while still allowing these transfers to occur.  

The timing for this reporting obligation to enter into force will be set through ministerial transitional rules.

AML/CTF policies for intermediary institutions 

Intermediary institutions are less common in virtual asset transfers. If you’re an intermediary institution you don’t need dedicated AML/CTF policies relating to virtual asset transfers but must comply with the obligations generally applicable to intermediary institutions. 

Learn more about what AML/CTF policies intermediary institutions need.

AML/CTF policies for beneficiary institutions 

If you’re a beneficiary institution that completes virtual asset transfers you must have policies that describe how you’ll:

  • conduct due diligence to determine if a transfer is from a custodial or self-hosted virtual asset wallet
  • conduct due diligence when you receive virtual assets from a custodial wallet to determine if the person who controls the wallet is required to be licensed or registered under laws that give effect to the FATF recommendations
  • establish whether the ordering institution and any intermediaries are capable of securely sending the transfer message
  • identify the payer when receiving value from a self-hosted virtual asset wallet and any steps you’ll take to verify who controls the virtual asset wallet.

If you’re a beneficiary institution you must also have policies that describe how you’ll manage and mitigate the ML/TF risk of receiving assets from virtual asset wallets where the person who controls the wallet is:

  • the payer when the self-hosted virtual asset wallet controller is unverified
  • not required to be licensed or registered under laws that give effect to the FATF recommendations
  • licensed or registered under laws that give effect to the FATF recommendations and the ordering or intermediary institution(s) involved in the transfer can’t securely send information.

Ordering institution obligations when transferring virtual assets

This section refers to the Act section 66A(2)–(4).

If you’re an ordering institution sending a virtual asset transfer, you must determine, before you provide the designated service, whether the wallet receiving the virtual asset, is any of the following: 

  • a custodial virtual asset wallet controlled by an entity that’s required to be licensed or registered under a law that gives effect to the FATF recommendations
  • a custodial virtual asset wallet controlled by an entity that isn’t required to be licensed or registered under a law that gives effect to the FATF recommendations
  • a custodial virtual asset wallet controlled by an entity that’s required to be licensed or registered under a law that gives effect to the FATF recommendations, but isn’t
  • a self-hosted virtual asset wallet controlled by the payee. 

You must undertake due diligence to make sure you have reasonable grounds for determining what type of virtual asset wallet is receiving the value. For example, searching the wallet details using a blockchain explorer may provide reasonable grounds where the information about the wallet has a high degree of confidence and is otherwise reliable.

If the beneficiary institution is licensed or registered or isn’t required to be licensed or registered under a law that gives effect to the FATF recommendations, you must pass on certain information as part of the virtual asset transfer. 

You’re prohibited from transferring virtual assets on behalf of your customer to a beneficiary institution that’s operating illegally. If the beneficiary institution is required to be licensed or registered, but isn’t, you must not to accept an instruction to transfer virtual assets. 

Beneficiary institution obligations when transferring virtual assets

This section refers to the Act section 66A(5)–(7).

If you’re a beneficiary institution that receives a virtual asset transfer, there are certain matters you must determine before providing a designated service. These include if the virtual asset wallet that sent the virtual asset, is any of the following, a:

  • custodial virtual asset wallet controlled by an entity that’s required to be licensed or registered under a law that gives effect to the FATF recommendations
  • custodial virtual asset wallet controlled by an entity that isn’t required to be licensed or registered under a law that gives effect to the FATF recommendations
  • custodial virtual asset wallet controlled by an entity that is required to be licensed or registered under a law that gives effect to the FATF recommendations but isn’t
  • self-hosted virtual asset wallet controlled by the payer.

Before you do a virtual asset transfer you must make sure you’ve received the payer and payee information and that the payee information is accurate. 

You must undertake due diligence to make sure you have reasonable grounds for determining what kind of virtual asset wallet the virtual assets have been sent from. For example, searching the wallet details using a blockchain explorer may provide reasonable grounds where the information about the wallet: 

  • has a high degree of confidence
  • is otherwise reliable.

If a virtual asset wallet is controlled by an entity that’s required to be licensed or registered but isn’t, you must not make the virtual asset transfer available to the payee. 

Data security

This section refers to the Act sections 66A(3), (9) and (10).

If you’re an ordering institution, you’re not required to pass on certain information as part of a virtual asset transfer, if you: 

  • have established on reasonable grounds that the beneficiary institution can’t receive the information securely
  • reasonably believe that there’s a risk the beneficiary institution can’t protect the confidentiality of the information. 

You must make and keep a record of the reasons for not passing on the information.

If you’re a beneficiary institution, you don’t have to make sure that you’ve received the required information contained in a transfer message and that the payee information is accurate, if you: 

  • have established on reasonable grounds that the ordering institution or an intermediary institution in the value transfer chain can’t pass on the information securely
  • follow your AML/CTF program and identify, assess, mitigate and manage the ML/TF risk associated with providing the service.

Exemptions for transfers to a self-hosted virtual asset wallet

This section refers to the Rules section 8–8.

There’s an exemption to the travel rule when the transfer is to a self-hosted virtual asset wallet. 

This exemption means a business doesn’t need to send information to another business in the transfer chain when the transfer is to a self-hosted virtual asset wallet. However, for transfers involving self‑hosted wallets:

  • an ordering institution transferring virtual assets to the self-hosted wallet must collect and verify payer information and collect the payee information and tracing information
  • a beneficiary institution receiving virtual assets from a self-hosted wallet must obtain the payer information and tracing information, and (if it doesn’t hold it already) the payee’s full name, before making the virtual assets available to the payee.

This guidance sets out how we interpret the Act, along with associated Rules and regulations. Australian courts are ultimately responsible for interpreting these laws and determining if any provisions of these laws are contravened. 

The examples and scenarios in this guidance are meant to help explain our interpretation of these laws. They’re not exhaustive or meant to cover every possible scenario.

This guidance provides general information and isn't a substitute for legal advice. This guidance avoids legal language wherever possible and it might include generalisations about the application of the law. Some provisions of the law referred to have exceptions or important qualifications. In most cases your particular circumstances must be taken into account when determining how the law applies to you.

Last updated: 15 Oct 2025
Page ID: 1354

Was this page helpful?

Please note that feedback you provide here will be used only for the purpose of improving our website. If you have a specific question about your AML/CTF obligations, please contact us.