Binance faces another AML audit: What are the compliance risks in the crypto industry?

In late August 2025, the Australian Transaction Reports and Analysis Centre (AUSTRAC) announced that it had ordered Binance Australia ("Binance Australia") to appoint an external auditor to review its anti-money laundering program. AUSTRAC stated that this decision was made after identifying serious deficiencies in Binance's anti-money laundering and counter-terrorist financing controls. The regulator also expressed concerns about Binance's high employee turnover, lack of local resources, and lack of senior management oversight—raising questions about the adequacy of Binance's anti-money laundering and counter-terrorist financing governance. Binance Australia has 28 days to nominate an external auditor for AUSTRAC's consideration and selection. Matt Poblocki, General Manager of Binance Australia and New Zealand, said that Binance acknowledged AUSTRAC's decision, adding that the move "is one of their regulatory review measures, not an enforcement action." AUSTRAC CEO Brendan Thomas pointed out that the 2024 National Risk Assessment emphasized that crypto assets are increasingly vulnerable to abuse by criminals, and the action against Binance is the result of participating in key industry supervision. "This is a global company operating across borders in a high-risk environment. We expect it to conduct strict customer identification, due diligence and effective transaction monitoring," and "all crypto operators need to ensure that they comply with Australian laws and curb related criminal risks." In Australia, entities providing encryption services must register as reporting entities with the Australian Transaction Reports and Analysis Centre (AUSTRAC) and comply with Australia's Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) laws. An important part of AML/CTF compliance is to ensure that the company's AML/CTF program (mainly policies and procedures) is subject to independent review. The independent review report must describe how the company fulfills its AML/CTF obligations, including management oversight procedures, corporate money laundering and terrorist financing risk assessments, recordkeeping procedures, AUSTRAC reporting obligations, and ongoing customer due diligence. It must also assess the effectiveness of the AML/CTF program. Australia's AML/CTF regulatory framework is primarily based on the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, as amended. The Act stipulates that relevant entities should conduct independent reviews "regularly," taking into account the nature and scale of their business, the complexity of the services provided, and the level of money laundering and terrorist financing risk faced by the business. According to AUSTRAC's public press release, Binance was requested to undergo an external audit due to concerns raised by AUSTRAC regarding the adequacy of its anti-money laundering and counter-terrorism financing controls. These concerns stem from a number of factors, including Binance's high employee turnover, a lack of local resources and senior management oversight, and the limited scope of Binance's latest independent review relative to its size, business, and risk assessment. These issues collectively led to compliance deficiencies in Binance Australia's AML/CTF obligations.

Since the beginning of this year, AUSTRAC has been strengthening its control over cryptocurrency exchanges and has taken a series of regulatory or enforcement actions against entities suspected of failing to comply with certain requirements. In May, AUSTRAC fined Melbourne-based exchange Cointree $75,120 for delays in submitting suspicious matter reports related to potential money laundering, and this delay hindered the timely implementation of enforcement actions. Previously, AUSTRAC had also taken regulatory action against 13 remittance service providers and cryptocurrency exchanges, and issued compliance warnings to more than 50 institutions. Furthermore, regarding the latest policy changes, the latest amendments to Australia's Anti-Money Laundering and Counter-Terrorism Financing Act 2006 were passed by Parliament in November 2024. Key compliance obligations will take effect on March 31 or July 1, 2026 (depending on the applicable entity). The updated legislation aims to align Australia's anti-money laundering and counter-terrorism financing measures with global standards set by the Financial Action Task Force (FATF) and accordingly expands AUSTRAC's investigative and enforcement powers. The legislation also expands its regulatory scope to include more crypto-asset-related services to address the unique risks of this sector. Starting in March 2026, AUSTRAC will require crypto businesses to obtain user data and report financial transaction information. In July 2025, AUSTRAC also released its 2025-2026 regulatory priorities, emphasizing that "this year marks a shift in regulatory paradigm—from one focused on compliance to one focused on substantive risks and harms," ​​with a particular focus on the high-risk sector of the crypto industry. Against this backdrop, AUSTRAC's anti-money laundering audit order against Binance Australia is one of the latest measures implemented to curb illegal financial activities in the crypto industry and a reflection of the tightening global government regulation of cryptocurrency exchanges. In fact, as governments around the world increase their regulatory oversight, the crypto industry's understanding of compliance is also shifting. For many crypto companies, compliance is increasingly seen as an inherent competitive advantage, and audit compliance is a key aspect of this. In light of Binance Australia's anti-money laundering audit, related crypto companies may wish to pay more attention to the following two aspects in the future: First, localized governance. As AUSTRAC CEO Thomas stated in a statement, "Large global operators may appear well-resourced and able to comply with complex regulatory requirements, but if they do not understand local money laundering and terrorist financing risks, they will not be able to meet their obligations to conduct such activities in Australia." Although Binance holds regulatory approvals or licenses in approximately 20 jurisdictions, these licenses are not uniform across all jurisdictions, so it must adapt to the regulatory requirements of each country. Regulators favor crypto companies with strong local teams and extensive local resources, which will also provide them with a better understanding of local market risks and regulations, which is critical for achieving compliance. Secondly, audit compliance. AUSTRAC has required Binance's Australian auditors to strengthen audits, and regulators in other countries may also introduce similar regulations, making "external audit orders" a regular regulatory tool in the crypto sector to ensure that crypto companies effectively assume their audit compliance responsibilities. From another perspective, focusing on audit compliance is not just about avoiding penalties, but about building a sustainable business model and strengthening the ability to cope with regulatory challenges.

From Australia to the world, countries are striving to build a comprehensive and effective crypto regulatory system, and this is accompanied by ongoing regulatory uncertainty. Some of these uncertainties have translated into compliance risks faced by crypto market participants.

For crypto companies, they can consider: (1) improving the independent review mechanism, pre-planning the response process for triggering external audits, and doing a good job of retaining relevant records. Ensure that their own AML/CTF plans have undergone sufficient independent review and conduct appropriate testing in the key processes and control measures of the independent review. The frequency and scope of the independent review can be matched with factors such as business scale and risk level to be more in line with actual needs; (2) supplement local resources and strengthen localized governance. Appropriately expand the local team, dynamically fine-tune the corporate system in combination with the regulatory guidelines and law enforcement trends of each jurisdiction, and enhance consistency with the regulatory expectations of local departments. In short, AUSTRAC's launch of an anti-money laundering audit of Binance Australia suggests that the crypto industry still has room for improvement in audit compliance and localized governance, which is closely related to cultivating trust and achieving sustainable innovation and development in the crypto ecosystem.