Australia's financial intelligence unit yesterday (Tuesday) published three companion documents to its 2024 national risk assessments, naming artificial intelligence and virtual assets as new accelerants reshaping money laundering, terrorism financing and proliferation financing.
The release lands seven weeks before tranche 2 obligations under the reformed Anti-Money Laundering and Counter-Terrorism Financing Act take effect, sweeping an estimated 80,000 to 90,000 new entities into AUSTRAC's perimeter.
The full breakdown, with charts and methodology, is available on the FM Intelligence portal.
Tranche 2 Adds Lawyers, Accountants and Real Estate to AUSTRAC's Perimeter
The reform brings real estate professionals, lawyers, accountants, conveyancers, dealers in precious metals and additional virtual asset service providers into the regime.
Norton Rose Fulbright estimates the change adds 80,000 to 90,000 reporting entities to the roughly 17,000 currently regulated, a roughly fivefold expansion.
- Australia's Digital Asset License Deadline Nears with 10% Turnover Penalty Looming
- Aussie Regulator Granted 290 New AFS Licences in FY25, While Curbing 215 Others
- Aussie Regulators Propose Full Licensing and Stronger Consumer Protections for Crypto
The expansion builds on years of compliance pressure on existing license categories, including AUSTRAC's earlier action against more than 50 remittance and crypto exchange providers for reporting breaches.
Existing reporting entities have been bound by the reformed AML/CTF Act since March 31, while tranche 2 obligations begin on July 1.
AI Joins the Laundering Toolkit Across All Three Updates
For the first time, AUSTRAC treats AI as a cross-cutting accelerant rather than a single channel.
The money laundering update lists identity fabrication, fake document generation, scam proceeds laundering and transaction structuring designed to mimic legitimate customer behavior among the AI-enabled methods now in play.
The proliferation financing update names four use cases by sanctioned-state actors: automating shell-company networks, generating fictitious entities, producing falsified trade documentation and optimizing sanctions evasion.
The pattern aligns with Sumsub's Identity Fraud Report, which logged a 180% year-over-year rise in multi-layered fraud combining deepfakes and AI-generated identities.
$2 Billion Bybit Theft Points to the Crypto Visibility Gap
AUSTRAC disclosed that DPRK-linked actors stole more than US$2 billion in crypto from Bybit in 2025, calling it the largest known instance of state-linked crypto revenue generation globally.
The agency said virtual asset service provider obligations are concentrated on fiat on- and off-ramps, leaving visibility gaps for crypto-native and decentralized activity, a concern the Bank for International Settlements has also raised on USD stablecoins.
The regulator has acted on similar concerns at home. AUSTRAC ordered Binance Australia to appoint an external auditor in August 2025, directed audits at Airwallex and MHITS earlier this year, and fined Revolut Australia AU$187,800 for late reporting.
Full charts, risk-rating revisions and methodology across all three AUSTRAC updates are available in the FM Intelligence analysis.
