Since September 2025, all cryptocurrency ATM (CATM) providers in Australia have operated with additional registration conditions to help reduce their exposure to money laundering, terrorism financing and other serious financial crimes. 

The conditions require CATM providers to:

  • limit cash deposits and withdrawals
  • provide mandatory scam warnings
  • apply specific enhanced customer due diligence (ECDD) triggers.

These measures are helping providers detect complex, unusual or high-risk patterns, which have financial crime indicators. 

Robust ECDD processes are enabling CATM providers to identify and disrupt at-risk customers and transactions earlier.

How ECDD is helping CATM providers identity suspicious activity

The following three cases each provide examples of ECDD measures identifying suspect activity resulting in reporting to AUSTRAC:

  1. A CATM provider identified a customer conducting cash transactions totalling close to $60,000. The customer was subject to ECDD but avoided providing source of funds information, resulting in account closure and suspicious matter reporting. AUSTRAC referred the individual to law enforcement. Following further investigation, law enforcement issued a warning to the individual.
    1. Another CATM provider conducted ECDD on a customer who was deemed likely to be conducting activity potentially linked to money laundering. The source of funds documents the customer provided did not adequately explain their large transaction volumes. That CATM provider submitted an SMR to AUSTRAC identifying that the customer had transacted more than $400,000 cash in less than 18 months. This customer has been referred to law enforcement and is currently under investigation on suspicion of scamming and laundering proceeds of crime.
    2. Customer A had been identified by multiple CATM providers as likely structuring transactions, with SMRs submitted in relation to transactions totalling over $1 million. Following the introduction of specific ECDD triggers, a new customer, Customer B was identified, whose account was being used by, and on behalf of Customer A. The new account has since been suspended and Customer A has been referred to law enforcement.

What you can do

Crypto transactions are often near instant and irreversible, making it critical that providers maintain strong monitoring and ECDD processes. 

To play your part, you should:

  • ensure appropriate ECDD triggers are implemented and regularly reviewed
  • closely monitor large, rapid or repeated cash deposits
  • verify source of funds when transaction behaviour appears unusual
  • investigate transactions involving high-risk or suspicious patterns
  • take actions where appropriate, including submitting an SMR
  • Learn more about the new obligations for ECDD if you accept cash.

Strong ECDD controls help detect and disrupt scam activity, money mule behaviour and potential money laundering conducted through CATMs. 

Read more about Crypto ATM providers to meet minimum standards and Scams involving cryptocurrency ATMs.