Anti-Money Laundering (AML), Counter Terrorism Financing (CTF)
Last Updated: 15 January 2025
In Australia and New Zealand, cryptocurrency exchanges must be registered with local authorities and comply with strict Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) laws.
To meet these obligations, we maintain an AML/CTF Program. This program outlines how we prevent criminals from using our platform to move or disguise funds linked to serious crimes like drug trafficking, modern slavery, fraud, and theft.
It's regularly audited to ensure it complies with the AML/CTF Act 2006 in Australia and the AML/CFT Act 2009 in New Zealand.
The ability to send cryptocurrency instantly and anonymously offers greater financial freedom for genuine users. Unfortunately, it also appeals to criminals. Because of this, we apply stricter controls than many traditional financial service providers.
As a result, CoinByte may request information about you or your transactions that your bank wouldn't. These requests help us prevent criminal activity and assist in protecting your account and funds from takeovers, fraud, theft, and scams.
It's important to understand that these programs operate without bias. If you are selected to complete further verification, it does not indicate suspicion, accusation, or that you have done anything wrong.
What is KYC?
KYC stands for Know Your Customer. We use this process to verify your identity and ensure your information is accurate and current.
CoinByte will require you to complete our KYC verification levels throughout the life of your account.
The KYC verification involves different steps, such as submitting documents, filling out forms, or taking a short phone or video call. If your personal information changes or becomes outdated, we may ask you to complete a KYC check again.
You can reduce the chance of repeated requests by ensuring the information you provide is correct and current.
What kind of information does KYC involve?
Information required during KYC verification may include, but is not limited to, your:
- Full name
- Residential address
- Date of birth
- Occupation or business activity
- biometric identifiers, e.g., Fingerprints, facial recognition data, voiceprints, or other biometric identifiers used for identity verification.
- The nature of your business with CoinByte, including:
- The purpose of specific transactions
- The income or assets available to you
- The source and origin of funds for your deposits
- The source of your wealth, and
- Your financial position
We understand that this information is highly sensitive. If we request it, it is used solely by our compliance team to meet the requirements of our AML program and relevant legislation. We do not use it for marketing or share it with third parties.
Why has my bank never requested this much information?
While banks are subject to the same AML/CTF laws as cryptocurrency exchanges, their systems allow them to operate with lower risk.
Bank transfers include account names, numbers, and other traceable information, making it harder for scammers or criminals to misuse them. Funds sent through a bank can often be tracked and sometimes recovered.
Cryptocurrency is decentralised and anonymous. Once funds are sent, they're typically irreversible and much harder to trace. That's why we carry out more detailed checks upfront to prevent misuse before it happens.
Why has this verification only just become required?
We're legally required to monitor customer transactions as part of our AML/CTF Program, and an automated system is in place to do so. When something triggers this system, we may ask you to complete a KYC check.
Unfortunately, many legitimate transactions can look like suspicious ones, so often our more active customers may be asked to complete additional verification from time to time.
Customers often don't realise they're involved in a scam until we reach out during the verification process. While we understand KYC checks can take time, they are vital in protecting your account and the broader community from financial crime.
We regularly review and update our risk indicators to stay ahead of scammers. Your security remains our priority with every transaction you make on CoinByte.
These checks aren't personal, and they don't mean you've done anything wrong. They're an essential part of how we keep you, your funds, and the CoinByte platform secure.
Ongoing Monitoring
We use a combination of automated and manual transaction monitoring to detect and prevent suspicious activity. Our monitoring framework includes:
-
Identity verification and fraud prevention: Using independent third-party providers to verify documents, perform biometric checks, detect duplicate accounts, and profile transactions.
-
Blockchain transaction monitoring: Monitoring wallet addresses, detecting exposure to high-risk entities (e.g., mixers, darknet services, sanctioned entities), and analysing transaction patterns.
-
Sanctions and PEP screening: Screening all clients against government and international sanctions lists, as well as databases of Politically Exposed Persons (PEPs).
Transactions that trigger alerts are reviewed by our Compliance Officer. Where required, accounts may be frozen or restricted, and a Suspicious Matter Report (SMR) is lodged with AUSTRAC in compliance with regulatory obligations.
Ongoing Due Diligence
CoinByte applies a risk-based approach to ongoing due diligence:
-
Low-risk clients: periodic KYC review at least annually.
-
Medium-risk clients: periodic KYC review every 6 months.
-
High-risk clients: not onboarded; if identified post-onboarding, account will be subject to immediate review and potential suspension.
Enhanced Due Diligence (ECDD)
ECDD is applied when specific risk triggers are identified, such as:
-
High-value or unusual transactions
-
Politically Exposed Persons (PEPs) or adverse media hits
-
Clients linked to high-risk industries or jurisdictions
-
Source of funds/wealth concerns
-
Repeated transaction anomalies
Data Retention and Security
All KYC/AML records are retained for at least 7 years in line with AUSTRAC requirements.
Personal data is encrypted at rest and in transit.
Access is restricted to authorised personnel, protected with multi-factor authentication.
Systems undergo regular penetration testing and vulnerability assessments.
Customer Rights
Customers may request access to, or correction of, their personal information by contacting [email protected].