AUSTRAC also urged financial institutions to debank clients who may be engaging in suspicious crypto use activity, warning that a mistake could be costly to Australia’s economy.
AUSTRAC, the Australian financial compliance enforcement agency, has released two new guides to assist entities in detecting when customers are using cryptocurrency for illegal purposes or when they are being forced to pay the creators of ransomware.
However, it warned that debanking customers based solely on suspicion of such activity were a harmful practice with serious consequences.
AUSTRAC stated in an announcement earlier today that the growing acceptance, value, and adoption of crypto and blockchain technology has been accompanied by an increase in cybercrime.
“Cyber-enabled crime is becoming a growing threat to Australians.” The Australian Cyber Security Centre (ACSC) reported 500 ransomware attacks in the 2020-21 fiscal year, a nearly 15% increase over the previous year,” AUSTRAC stated.
The ransomware and “criminal abuse of digital currencies” guides are not only intended to assist in spotting bad actors but also to make it easier to report suspicious activity to AUSTRAC, which businesses must do after reporting the incident to the police.
The new guidelines were welcomed by Blockchain Australia CEO Steve Vallas, who stated that “the use of digital currencies for criminal purposes has no place in our sector.”
“Open dialogue, pro-active guidance, and strong relationships between Government and industry are necessary to ensure businesses can identify and report behavior that puts Australians at risk of harm.”
AUSTRAC highlighted several indicators in the ransomware guide that a customer may be rushing to pay a ransom. Impatience with transaction speed, sudden large transactions from newly onboarded businesses, and transfers of one’s entire holdings with no subsequent account activity were all on the list.
While the indicators may appear obvious, AUSTRAC noted that most “victims are often reluctant to report” because they want to get their businesses out of the hands of attackers and back up and running as soon as possible.
“Wherever possible,” the guide advises, “encourage your customers to report ransomware incidents to the ACSC’s ReportCyber service and law enforcement.”
AUSTRAC listed activities such as tax evasion, money laundering, scams, and the purchase of illegal products on the darknet in the illicit crypto user-focused guide. The regulator focused the most on money laundering, outlining its key components, which include “placement, layering, and integration.”
Following the purchase of digital assets with fiat (placement), the criminal will attempt to convert the assets across different accounts and platforms (layering) to “distance the funds from the source.”
Decentralized finance (DeFi) platforms, mixers, and privacy coins were mentioned as possible solutions. Finally, the bad actor will reintroduce the capital into traditional financial services or products using the final variant of the funds (integration).
According to the guide, “the conversion to and from the government-issued currency is the point where a criminal is most exposed and identifiable.”
Notably, the guide urged traditional financial institutions to avoid debanking customers, citing that this has been a major issue in the local crypto sector and could have serious consequences if a lawful person is mistakenly identified as a criminal.
“Debanking legitimate and legal businesses can hurt both individuals and businesses.” It may also increase the risks of money laundering and terrorism financing, as well as hurt Australia’s economy,” the guide warns.