.svg)
The scrutiny of the world’s largest exchange reflects broader reforms aimed at closing gaps in virtual asset regulation and tackling money laundering risks in the digital asset sector.
Last week, the Australian Transaction Reports and Analysis Centre (AUSTRAC) ordered Binance to appoint an external auditor due to “serious concerns” about its local anti-money laundering and counter-terrorism financing (AML/CTF) controls.
The order was prompted by Binance’s latest independent review, which AUSTRAC described as “limited in scope” relative to the company’s size, risk profile and product and service offerings.
“Businesses need to maximise the value of independent reviews and ensure appropriate testing and review across critical processes and controls,” said Brendan Thomas, CEO of AUSTRAC. “They should seek and expect a level of rigour and challenge.”
In addition, AUSTRAC identified Binance’s “high staff turnover” and “lack of local resourcing and senior management oversight” as key AML governance concerns.
“This is a global company operating across borders in a high-risk environment,” Thomas added. “Capacity and risk controls need to correspond to the size of a business and its market presence, particularly as it scales.”
Binance has 28 days to nominate an external auditor for AUSTRAC’s consideration and selection.
AUSTRAC targets crypto exchanges
The order comes just one month after AUSTRAC published its regulatory priorities as part of a crackdown on financial crime during the 2025–26 financial year.
The regulator identified the digital asset sector alongside cash-intensive businesses as areas where money laundering risk is poorly managed and where the risk of harm from illicit activity is greatest.
The Binance audit order also refers to AUSTRAC’s 2024 National Risk Assessment, in which the regulator describes the growth in criminal use of crypto-assets and exchanges as a key finding.
“Digital currency exchanges (DCEs) will likely pose an increasing money laundering vulnerability over the next three years,” AUSTRAC said.
“As the digital currency ecosystem continues to evolve, domestic criminals will undoubtedly identify new opportunities to launder and conceal illicit funds from law enforcement.”
Closing the gaps in digital asset regulation
Since 2018, DCEs have been regulated in Australia under the AML/CTF Act, which required DCE reporting entities to comply with basic AML/CTF obligations such as identifying their customers, maintaining transaction records and reporting suspicious matters to AUSTRAC.
However, until amendments to the AML/CTF Act were enacted in November 2024, the legislation only captured the exchange of digital currency to fiat currency and vice versa.
In contrast, the new AML/CTF Amendment Act redefines these assets as “virtual assets”, and expands the regulatory framework to include four additional virtual asset services:
- Exchanges between one or more other forms of virtual assets.
- Transfers of virtual assets on behalf of a customer.
- Safekeeping or administration of virtual assets.
- Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.
These additional designated services align with those of Recommendation 15 of the Financial Action Task Force (FATF).
Similarly, the AML/CTF Amendment Act 2024 extends the FATF Travel Rule to all entities that provide “value transfer” services, including virtual asset service providers (VASPs).
The Travel Rule refers to the requirement that information about a payer and payee must be transmitted (i.e. must travel) with transfers of value.
As outlined in FATF Recommendations 15 and 16, the Travel Rule is a record-keeping and data transmission requirement, not a reporting requirement.
Both the Travel Rule and the newly designated virtual asset service rules are set to come into effect in Australia on March 31, 2026.
Binance comes under scrutiny as AML obligations multiply
The timing of the external audit order means that Binance will be responding to AUSTRAC while also preparing itself for the new provisions of the AML/CTF Amendment Act.
In its 2024 National Risk Assessment, AUSTRAC said that aligning Australia’s regulation of crypto exchanges with FATF’s recommendations would “help to reduce money laundering vulnerability” in the sector.
However, it is important to note that changes to Australia’s AML framework can achieve their stated goals only to the extent that reporting entities respond in kind.
This is where AUSTRAC appears to have doubts about both Binance specifically and the digital asset sector more broadly.
“Big global operators may appear well resourced and positioned to meet complex regulatory requirements, but if they don’t understand local money laundering and terrorism financing risks, they are failing to meet their AML/CTF obligations in Australia,” said Thomas.
“Businesses can have systems and processes that apply to multiple jurisdictions – but they need to reflect local regulatory requirements.
“The systems must adapt to the regulatory requirements, not the other way around.”
Binance confident in its compliance investments
So far, Binance has commented publicly on the audit order only to “acknowledge” AUSTRAC’s request.
Last month, however, in a blog post to mark the company’s eighth anniversary, Binance CEO Richard Teng spoke optimistically about the evolution of Binance’s compliance activities.
“As regulatory clarity improves in key markets, crypto is becoming a mature and legitimate asset class,” he said. “Adoption is accelerating, and Binance users are at the heart of it.”
Teng said that Binance continues to “invest heavily” in compliance, and in 2025 the company’s global compliance spend will exceed that of 2024 by 30 percent.
“These investments help us keep your funds and data safe, provide secure and compliant products, and maintain the highest level of integrity for our marketplace,” he added.
It remains to be seen whether Binance’s resources will translate into the high standards of AML compliance that AUSTRAC is seeking under its evolving regulatory framework.
However, the external audit order demonstrates that Australia’s regulators are willing to use the enforcement tools they have at their disposal when warnings to key sectors appear to go unheard.
Since 2024, as covered by Vixio, AUSTRAC has been targeting non-compliant crypto exchanges, resulting in multiple suspensions, cancellations and non-renewals of registrations.
Binance would be the biggest name so far to be caught up in the crackdown, but it would not be the first time that an Australian regulator has targeted one of the firm’s key regulatory permissions.
In 2023, the Australian Securities and Investments Commission (ASIC) cancelled the Australian Financial Services (AFS) license of Binance’s local derivatives arm.
The cancellation was made in response to a request from Binance itself, following allegations from ASIC that it had misclassified more than 500 retail investors as wholesale customers, thus giving them access to prohibited derivative products.
The regulator oversaw compensation payments by Binance of approximately A$13m ($6.5m) to affected clients.
In December 2024, ASIC sued Binance Derivatives Australia for consumer protection failures. The case remains open at the time of writing.
