AUSTRAC Releases Guide on Profiling Crypto Transactions

~5 min read | Published on 2022-04-21, tagged General-News using 1119 words.

Australian Transaction Reports and Analysis Centre (AUSTRAC) released a guide on “preventing the criminal abuse of digital currencies.” Digital currency exchanges can use the lists of indicators in the guide to profile their customers.
The guide “provides financial indicators to help businesses, including digital currency exchange providers, recognize and report criminal activity through digital currencies,” according to the AUSTRAC website. The guide lists money laundering, the purchase and sale of illicit products via darknet marketplaces, terrorism financing, scams, tax evasion, and ransomware as serious crimes enabled by cryptocurrency.
In the money laundering section of the guide, AUSTRAC noted that criminals use mixing services and privacy coins to launder money.
“Although conversion services and privacy coins operate outside of the traditional banking sector, blockchain analysis tools can be used to identify digital currency addresses connected to conversion services, creating an opportunity for financial service providers to identify transactions coming from or going to these services.”

The report suggests that businesses avoid “de-banking” suspicious customers.

The most interesting part of the guide is the section on behavioral and financial indicators. Each listed indicator should trigger enhanced customer due diligence. If the digital currency exchange suspects a customer or transaction is linked to criminal activity, they must submit a Suspicious Matter Report to AUSTRAC.General Indicators Identification, verification, and profile information Behavioral Indicators
  • Customer is reluctant or declines to provide identification or personal information.
  • Customer attempts to provide as little identity information as possible, including incomplete or insufficient identification information.
  • Customer provides stolen, forged or fake documentation.
  • Customer verification information is a photograph of data on a computer screen rather than the original document.
  • Company beneficial ownership is difficult to establish.
  • Customer provides documentation with identifiable alterations or of a low quality during on-boarding or when conducting ECDD.
  • Customer on-boarding documentation is unable to be verified or does not match the details of the account.
  • Customer acts on behalf of someone else (without disclosing the fact) or impersonates someone else.
  • Customer appears to be using a virtual private network (VPN) or encrypted email in an attempt to hide their identity.
  • Customer is known to law enforcement, via publicly available information.
  • Customer frequently changes their identification information, including email addresses, internet protocol (IP) addresses, or financial information.
  • Customer is difficult to contact, responds only via email or web chat, and at unusual hours.
  • Customer uses a mail account provider known for high privacy features.
  • Law enforcement or regulator interaction indicates that a customer is linked to illicit activity.
  • Customer has adverse media or open source reports.

  • Source of funds and wealth Financial indicators

  • Customer has unexplained wealth or the source of their funds does not match their profile.
  • Customer purchases large amounts of digital currency not substantiated by available wealth or consistent with their profile.
  • Structuring (or perceived structuring) of government issued currency deposits or digital currency withdrawals via cryptocurrency ATMs or retail locations.

  • Behavioral Indicators

  • Customer provides inconsistent explanations as to the source of funds or source of wealth that are used for the purchase of digital currencies.
  • Customer provides documents that appear to have been altered or of low quality during on-boarding or when conducting ECDD processes.
  • Customer requests higher limits inconsistent with their occupation or profile.
  • Customer is reluctant or declines to provide source of funds or wealth.

  • Account activity

    Financial indicators

  • Use of chain-hopping in an apparent attempt to obfuscate source or destination of funds.
  • Multiple customers send funds to the same external wallet address (that is not a service).
  • Publicly available information such as sanctions lists or analytical tools indicate a customer’s wallets, or wallets the customer is transacting with, are associated or linked to illicit activity.
  • Unusual transactions such as customer moving earnings through mixers, multiple conversions or layering through multiple exchanges prior to cashing out.
  • Customers that regularly make significant profits or losses by transacting with the same subset of wallet addresses.Behavioral Indicators
  • Multiple customer accounts are opened with either the same email address, phone number, IP address, residential address, postal address or on-boarding documents.
  • Customer accesses their accounts from a high number of different electronic devices or IP addresses.
  • Customer lacks knowledge or provides inaccurate information about the transaction, the source of funds, or the wallet address where they want to send the digital currency.
  • Customer seems anxious or impatient with the time taken to make a large transaction.
  • Customer is evasive as to the reason for the transfer.
  • Customer wants to increase transaction limits shortly after opening an account.
  • Customer creates or attempts to create separate accounts under different names to circumvent restrictions on trading or withdrawal limits imposed.
  • Customer attempts to coerce or persuade staff to ignore reporting obligations or break normal protocol to conduct a transaction.
  • Customer consistently conducts transactions under actual or perceived reporting thresholds.
  • Customer gambles with digital currency or has transactions to/from gambling websites.
  • Customer uses privacy enhanced digital currencies which do not appear to be used for investment purposes.
  • Customer IP addresses do not match the state or country the customer resides in.

  • Crime-Specific Indicators

    Financial indicators [/b]

  • Blockchain analysis tools link a customer’s transactions to darknet clusters, child exploitation clusters, mixers or high risk exchanges.
  • Customer’s wallet addresses show exposure to high-risk conversion services or darknet marketplaces.
  • Use of, or donations to darknet explorers, including a platform enabling anonymized internet access indicating access to, and possible illicit purchases on the darknet marketplaces.

  • Terrorism Financing (totally real) Financial indicators

  • Public information or blockchain analysis tools indicate a customer has transacted with websites or wallet addresses considered to be high risk for terrorism activities or proliferation financing.
  • Transactions with sanctioned wallet addresses or people of interest listed on government websites, such as the Office of Foreign Assets Control (OFAC) or the Department of Foreign Affairs and Trade (DFAT).
  • Transactions to crowdfunding or online fundraising campaigns linked to ideologically or religiously motivated violent extremism focused forums.
  • Transfers to/from international exchanges with less stringent ‘know your customer’ processes, including those owned or hosted in high risk jurisdictions.
  • Customer account receives multiple small deposits, which are immediately transferred to private wallets.Behavioral Indicators

  • Social media (or online profiles/handles) indicate the customer holds ideologically or religiously motivated violent extremism ideologies or sympathies.

    Tax Evasion Financial indicators

  • Use of services that do not make commercial or economic sense. For example, a business moving earnings through mixers or an individual converting a digital currency multiple times prior to cashing out, incurring additional conversion fees.

  • Behavioral Indicators

  • Customer makes enquires about avoiding tax reporting obligations.
  • Customer asks if personal or transaction information will be shared with the Australian Taxation Office.
  • Customer requests to hide or delete transaction activity held.
  • Customer sends or receives government issued currency to a wide range of related personal or business accounts at different institutions.

  • Preventing the Criminal Abuse of Digital Currencies Financial Crime Guide

    Comments (28)


    is this for localbitcoins


    Little china doing big things over there. I'm guilty of half of these indicators and behaviors when transacting legally.


    I'm such a gamer I broke all of these indicators B3


    BTC everything is public - the ledger makes is real easy to figure our who is who for LEO and provides the entire transaction history.


    shhhhhhhhhhhhhhhhhhhhhhhhhh it spoils the fun USSS-FBI-DHS-IRS-USPSIS not to mention the for-profit contractor, "security researchers" who were pinched and/or Brett Johnson snitch, and of course the local Judge who ordered LE to pick you up in your sleepy predominantly white suburban town, as your neighbors say, "We always knew that soiboi Joe Rogan Apple Fanboy Gamer cuck was up to no good. *pounds another tallboy, pops some Percs, and takes a drag on a Cig* "Nobody wants to work anymore!" All y'all are cucks and you know it


    Ya but Monero doesn’t…


    Is this supposed to be a stupid joke or what


    ROFL.. the fuck are these clowns even talking about.. 80\% of these is normal behavior for anyone with half a brain to protect his privacy


    that's the authoritative Australian government for you.


    Whatever with all 0f the peanut gallery comments, DNL?


    @97a8f4bf This is bait but the literal use of "...N-word voice..." in your comment (which appears to be in reply to yourself in the comment written in an attempt at some kind of boomer mockery). The comment seems to be an attempt to make your idea of normal whites look bad (as a """white""" yourself). I think the use of "N-word" is an attempt to mock whites without offending a black who might not think you are a black, Puerto Rican, Cuban, etc. This presupposes that you are not just a 12-year-old responding to a person (25d0bc57) who is not twelve but exclusively comments word salads that other 12-year-old kids would enjoy.


    @69e08549 Yeah my response and reaction was out of line and overtly hostile. Sorry for that. It is well known that I do not remove comments for the inclusion of any specific words FWIW. Certainly true that there is the eventual possibility for censorship on my end via ISPs, DNS resolvers, domain registrars, etc. but I don't care what words people use here.


    @9c60a3da Well believe it or not some countries like the one I am in they censor all the internet activities including TOR and it is matter of time until they get me for such comments. They sentence ppl for words or comments about ethnicities or countries even mentioning facts and statistics can get one into trouble it doesn't matter. I will try to improve my comments before posting.


    @259dbbdb Fair enough. No hard feelings on my end. I was tired and already aggravated when I wrote that. Looking at it now after getting some sleep I wouldn't have said anything at all. Good luck out there.


    I wonder what kind of reaction this elicited from some of the industries more esteemed CSO's? Would it be too intuitive to assume this memorandum made the rounds intended for the vary career professionals who taught them inasmuch? The funny thing for me is it reads like C+P from any (random gateways) CNP 3PPS best practices ad-libbing KPI's


    Link doesn't work




    is abacus run by worldmarket admin?


    I'd be very careful with them i dont really put my money in markets with drama


    WAIT abacus are those exit scammers from worldmarket? do you have prove i will stick to asap until i know for sure


    @62cfc278 People are saying the same about asap, that it can't be trusted. What do you think about HeinekenExpress own market?


    cops doing cop shit. encrypted mails, vpn, different devices and ips. like wtf. it's like all the other cop reforms. targeting any behaviour that makes it harder for them to do said cop shit. no matter it's legal (yet) or not


    They analyzed the dnm bible and dread for that. These websites may help users but at the same time they may for instance unintentionally compromise stealth shipping methods and cryptocoins use/withdrawal. To keep this at minimum these forums should be invitation-only.


    Sure, but it limits the freedom of use of the guides. People should be using monero anyways which renders useless the ledger analysis.


    Plus more than half the indicators here shown coincide with legal use of normal privacy concerned users who care about not being robbed/scammed, basically sounds like bs excuses to monitor whoever they want, what they want, whenever they want and however they want.


    The invitation only scheme is still not safe. In fact, it is most vulnaruble to psyops.


    I need to do something about the comment sections as they are basically worthless now. The barrier of entry is too low. Even the people posting in good faith have zero forum etiquette.


    just put a strong captcha..