Xenia Compliance

Xenia Compliance We help financial services organisations with their AFS licensing compliance and AML/CTF matters.

Would your business survive a $187,800 penalty for late reporting?That’s exactly what Revolut Payments Australia Pty Ltd...
02/09/2025

Would your business survive a $187,800 penalty for late reporting?

That’s exactly what Revolut Payments Australia Pty Ltd just paid after self-disclosing late international funds transfer reporting under the AML/CTF Act.

Even though Revolut took corrective action and paid promptly, AUSTRAC CEO Brendan Thomas made it clear:
“Failures to report need to have regulatory consequences, even where reporting entities detect, disclose, and report the failures.”

Why it matters:
• Remittance services and payment platforms remain high-risk channels for money laundering.
• Timely IFTI reports are critical — they give law enforcement the intelligence they need to detect and disrupt criminal activity while it’s happening.
• AUSTRAC’s 2024 national risk assessment highlights consistent, high risks across remittance services, including their misuse for serious crimes like child exploitation.

Self-reporting and cooperation help, but they don’t shield you from consequences. Strong systems and timely reporting are non-negotiable.

https://lnkd.in/gD3gq3YX

When dishonesty becomes career-ending.ASIC has permanently banned Brett Trevillian after his conviction for creating and...
01/09/2025

When dishonesty becomes career-ending.

ASIC has permanently banned Brett Trevillian after his conviction for creating and distributing forged performance reports to solicit investments.

Forgery and misrepresentation don’t just breach trust. They also trigger permanent bans under the Corporations Act and the National Consumer Credit Protection Act (NCCP).

Here are some reminders:
• Fraud and dishonesty will lead to criminal conviction + ASIC ban.
• Controls around marketing materials and client reporting are critical.
• Integrity is non-negotiable — once lost, your licence and career are too.

📌 The banning is now recorded on ASIC’s banned and disqualified register.

https://lnkd.in/gSpdVC2P

ASIC Bans Compliance Manager for 5 YearsASIC has banned Robert John Tohill, former compliance manager and responsible ma...
27/08/2025

ASIC Bans Compliance Manager for 5 Years

ASIC has banned Robert John Tohill, former compliance manager and responsible manager of MWL Financial Services, from providing or managing financial services for a period of five years.

The decision follows serious failures, including:
• Approving Statements of Advice that contained false/misleading performance claims.
• Failing to disclose MWL’s arrangements with lead generators.
• Overseeing compliance manuals and conflict policies that were inadequate.
• Falling short of his critical gatekeeper responsibilities.

This case is part of ASIC’s broader enforcement action around the Shield Master Fund, where over $480 million was invested by at least 5,800 consumers, many through superannuation rollovers influenced by lead generators and advisers.

👉 The ban highlights the importance of robust governance, transparent disclosures, and the vital role of compliance managers as gatekeepers in protecting consumers and the financial system.

📌 The banning is now recorded on ASIC’s banned and disqualified register.
📌 Mr Tohill has the right to seek a review of the decision.

https://lnkd.in/gK3-RwEK

𝗙𝗮𝗸𝗲 𝗯𝗼𝗻𝗱𝘀, 𝗿𝗲𝗮𝗹 𝘃𝗶𝗰𝘁𝗶𝗺𝘀 — 𝗮𝗻𝗱 𝗮 𝗿𝗲𝗺𝗶𝗻𝗱𝗲𝗿 𝘄𝗵𝘆 𝘁𝗿𝗮𝗻𝘀𝗮𝗰𝘁𝗶𝗼𝗻 𝗺𝗼𝗻𝗶𝘁𝗼𝗿𝗶𝗻𝗴 𝗮𝗹𝗼𝗻𝗲 𝗶𝘀𝗻’𝘁 𝗲𝗻𝗼𝘂𝗴𝗵ASIC has charged four individuals...
07/08/2025

𝗙𝗮𝗸𝗲 𝗯𝗼𝗻𝗱𝘀, 𝗿𝗲𝗮𝗹 𝘃𝗶𝗰𝘁𝗶𝗺𝘀 — 𝗮𝗻𝗱 𝗮 𝗿𝗲𝗺𝗶𝗻𝗱𝗲𝗿 𝘄𝗵𝘆 𝘁𝗿𝗮𝗻𝘀𝗮𝗰𝘁𝗶𝗼𝗻 𝗺𝗼𝗻𝗶𝘁𝗼𝗿𝗶𝗻𝗴 𝗮𝗹𝗼𝗻𝗲 𝗶𝘀𝗻’𝘁 𝗲𝗻𝗼𝘂𝗴𝗵

ASIC has charged four individuals in Victoria with laundering proceeds from a fake bond investment scam. While they weren’t the scammers themselves, they played a key role: helping move victim funds through local bank accounts and exchanges.

Here’s why this matters:
1. Illicit funds flowed through both bank accounts and crypto exchanges. That’s a blind spot if teams aren’t looking at both sides.
2. Fake prospectuses, polished websites, cloned brands. The was convincing — many victims thought they were investing in well-known financial services organisations.
3. The laundering activity was hidden in plain sight. Large deposits followed by quick transfers offshore or into digital assets — something strong monitoring could have flagged.

What’s clear is that compliance can’t be siloed. If controls stop at onboarding, or if monitoring systems aren’t built to detect suspicious flows across traditional and digital rails, these scams will keep slipping through.

And as ASIC rightly points out, scammers are evolving. So must we.

Talk to us if you need help reviewing your AML program.

https://lnkd.in/gjBHHseE

“Use It or Lose It”: AUSTRAC Targets Inactive RemittersAUSTRAC has issued a clear message: if your remittance business i...
06/08/2025

“Use It or Lose It”: AUSTRAC Targets Inactive Remitters

AUSTRAC has issued a clear message: if your remittance business is inactive, withdraw your registration, or it may be cancelled automatically. With over 900 independent remitters on the register, many appear dormant, and that vulnerability is drawing unwanted attention.

Why This Matters:
• Inactive services look like opportunity: Criminals could buy dormant remitters and exploit them to move illicit funds.
• Registration implies legitimacy—but not compliance: Listing alone doesn’t guarantee lawful operation.
• AUSTRAC is watching: Inactive entities risk summary cancellation if they don’t deregister voluntarily.

AUSTRAC recently ran a similar compliance check in the digital currency exchange sector: 22 businesses withdrew, and over 100 faced cancellation.

✅ What Remitters Should Do Now:
1. Check your registration status on the Remittance Sector Register.
2. Withdraw if you’re inactive—it’s safer than awaiting cancellation.
3. Maintain accurate records and updates—AUSTRAC requires current ownership and activity status.
4. Consumers: Always confirm a provider’s registration before use.

This move strengthens AUSTRAC’s AML/CTF regime by keeping the register lean and transparent—only businesses actually operating should appear.

https://lnkd.in/g8F24CSD

When Tech Ambitions Turn into Trouble: ASIC Charges Former AdviserDonald James Cuthbertson, former director of Professio...
30/07/2025

When Tech Ambitions Turn into Trouble: ASIC Charges Former Adviser

Donald James Cuthbertson, former director of Professional Wealth Management (PWM), is facing serious charges following an ASIC investigation into alleged dishonest conduct that cost investors at least $850,000.

The allegations:
🔸 Misleading investors about PWM’s share valuation, dividends, and plans to list on the ASX
🔸 Representing a robotic trading venture that ASIC claims was based on false pretenses
🔸 Dishonest conduct across six counts — plus a proxy offence
Cuthbertson had previously been permanently banned by ASIC and lost his AFSL in 2023. Now, the matter has been escalated to the Commonwealth DPP and will return to court on 23 September 2025.

This case is another reminder:
✔️ Ambitious fintech narratives must be backed by verifiable data
✔️ Governance gaps in emerging tech firms can expose investors to serious harm
✔️ ASIC is not hesitating to escalate matters with criminal implications

For risk and compliance teams: review your promotional, fundraising, and licensing oversight practices. In a high-innovation sector, misrepresentation can trigger both bans and courtrooms.

https://lnkd.in/ez9eMusQ

𝗪𝗵𝗲𝗻 𝗦𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲𝗱 𝗗𝗲𝗽𝗼𝘀𝗶𝘁𝘀 𝗧𝘂𝗿𝗻 𝗶𝗻𝘁𝗼 $𝟭𝟱𝗠 𝗔𝘀𝘀𝗲𝘁 𝗦𝗲𝗶𝘇𝘂𝗿𝗲𝘀: 𝗥𝗲𝗮𝗹-𝗪𝗼𝗿𝗹𝗱 𝗟𝗲𝘀𝘀𝗼𝗻𝘀 𝗳𝗼𝗿 𝗔𝗠𝗟 𝗥𝗶𝘀𝗸 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁A Russian couple depos...
29/07/2025

𝗪𝗵𝗲𝗻 𝗦𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲𝗱 𝗗𝗲𝗽𝗼𝘀𝗶𝘁𝘀 𝗧𝘂𝗿𝗻 𝗶𝗻𝘁𝗼 $𝟭𝟱𝗠 𝗔𝘀𝘀𝗲𝘁 𝗦𝗲𝗶𝘇𝘂𝗿𝗲𝘀: 𝗥𝗲𝗮𝗹-𝗪𝗼𝗿𝗹𝗱 𝗟𝗲𝘀𝘀𝗼𝗻𝘀 𝗳𝗼𝗿 𝗔𝗠𝗟 𝗥𝗶𝘀𝗸 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁

A Russian couple deposited $4M into ATMs across 576 transactions. What followed was a multi-agency investigation, $15.6M in seized assets—including crypto—and a looming Supreme Court trial.

AUSTRAC flagged the activity. AFP stepped in. And the evidence trail included:
• Structured ATM cash deposits below $10K thresholds
• Luxury real estate purchases
• $514K in cryptocurrency holdings
• $1.95M in cash, found in a suitcase

The defence claimed fear of political persecution in Russia.
But the court’s response? Circumstantial or not, the pattern spoke volumes.

Why this matters for regulated sectors:
• Real estate, conveyancers, and crypto firms will fall under Tranche 2 obligations.
• Crypto firms already facing scrutiny must ensure due diligence on fiat–crypto conversion points.
• Excuses don't equal evidence. Lack of documentation = risk exposure.
• Deposit patterns, geographic activity, and luxury asset purchases are high on the regulator radar.

AML Red Flags:
✅ Structured cash deposits
✅ Multi-state activity
✅ Rapid debt repayments
✅ High-value purchases post-deposit
✅ Assets exceeding declared income

If your business is handling high-risk clients, cash-heavy transactions, or crypto flows, this case is your reminder to review:
• Risk assessments
• Customer source-of-funds checks
• Monitoring alerts linked to structuring
• Escalation protocols when things don’t add up

Compliance is about not becoming a front for laundering operations.

Full story via ABC News: https://lnkd.in/gWidDC43

𝗡𝗙𝗧𝘀, 𝗗𝗲𝗙𝗶, 𝗮𝗻𝗱 𝘁𝗵𝗲 𝗗𝗮𝗿𝗸𝗲𝗿 𝗦𝗶𝗱𝗲 𝗼𝗳 𝗖𝗿𝘆𝗽𝘁𝗼: 𝗪𝗵𝗮𝘁 𝗬𝗼𝘂𝗿 𝗖𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 𝗣𝗿𝗼𝗴𝗿𝗮𝗺 𝗠𝗮𝘆 𝗕𝗲 𝗠𝗶𝘀𝘀𝗶𝗻𝗴As NFTs morph from quirky collecti...
28/07/2025

𝗡𝗙𝗧𝘀, 𝗗𝗲𝗙𝗶, 𝗮𝗻𝗱 𝘁𝗵𝗲 𝗗𝗮𝗿𝗸𝗲𝗿 𝗦𝗶𝗱𝗲 𝗼𝗳 𝗖𝗿𝘆𝗽𝘁𝗼: 𝗪𝗵𝗮𝘁 𝗬𝗼𝘂𝗿 𝗖𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 𝗣𝗿𝗼𝗴𝗿𝗮𝗺 𝗠𝗮𝘆 𝗕𝗲 𝗠𝗶𝘀𝘀𝗶𝗻𝗴

As NFTs morph from quirky collectibles into instruments for identity, real estate, and finance — and DeFi platforms push faster, borderless access to credit and yield — a new set of financial crime risks is fast emerging.

According to ComplyAdvantage, the next wave of crypto compliance challenges will include:
• NFT-enabled laundering: Real estate-backed tokens, wash trading, and fake art drops (remember the Banksy scam?) mirror traditional laundering typologies — but now at blockchain speed.
• DeFi & unhosted wallet exposure: With no intermediaries or KYC, cross-border DeFi protocols are increasingly exploited for layering, terrorist financing, and sanctions evasion.
• Ransomware & sanctions risk convergence: Ransom payments often get funneled through mixers or privacy coins like Monero — and crypto firms risk breaching sanctions unintentionally.
• Darknet + Fraud Expansion: Hydra’s takedown was a warning shot. Meanwhile, “rug pulls” and phishing scams drove $14B to illicit wallets in 2021 — nearly double the year before.

Emerging red flags:
• Wallets dominated by privacy coins
• Rapid transactions across multiple wallets
• NFT transfers tied to unverified sources or peer-to-peer platforms

What’s at stake? Regulatory backlash, license loss, and loss of public trust. But forward-looking firms can position compliance as a strategic differentiator by:
✅ Mapping crypto-native threats in their risk assessments
✅ Calibrating tools to track typologies like mixing, dusting, and off-chain transactions
✅ Monitoring NFT, DeFi, and sanctions vectors — even if local laws haven’t caught up
✅ Engaging regulators and contributing to emerging frameworks

Compliance is about building a crypto future that survives the next wave of regulation.

https://lnkd.in/gepTNmE8

𝗿𝘆𝗽𝘁𝗼 𝗔𝗧𝗠 𝗢𝘄𝗻𝗲𝗿𝘀: 𝗖𝗼𝘂𝗹𝗱 𝗬𝗼𝘂 𝗣𝗿𝗼𝘁𝗲𝗰𝘁 𝗦𝗼𝗺𝗲𝗼𝗻𝗲’𝘀 𝗚𝗿𝗮𝗻? (𝗔𝗨𝗦𝗧𝗥𝗔𝗖’𝘀 𝗟𝗼𝗼𝗸𝗶𝗻𝗴 𝗮𝘁 𝗬𝗼𝘂)AUSTRAC is now placing stricter conditions...
27/07/2025

𝗿𝘆𝗽𝘁𝗼 𝗔𝗧𝗠 𝗢𝘄𝗻𝗲𝗿𝘀: 𝗖𝗼𝘂𝗹𝗱 𝗬𝗼𝘂 𝗣𝗿𝗼𝘁𝗲𝗰𝘁 𝗦𝗼𝗺𝗲𝗼𝗻𝗲’𝘀 𝗚𝗿𝗮𝗻? (𝗔𝗨𝗦𝗧𝗥𝗔𝗖’𝘀 𝗟𝗼𝗼𝗸𝗶𝗻𝗴 𝗮𝘁 𝗬𝗼𝘂)

AUSTRAC is now placing stricter conditions on hashtag ATM providers after uncovering wide-ranging AML/CTF vulnerabilities. The sector handles nearly 150,000 transactions per year, moving around AU$275 million, and is increasingly linked to scam activity, particularly among older users aged 60-70.

AUSTRAC’s new conditions include:
• A$5,000 limit per cash deposit or withdrawal
• Enhanced customer due diligence (ECDD)
• Mandatory scam warnings at all machines

These measures follow the refusal to renew the registration of at least one provider (Harro’s Empires) due to high exploitation risk.

𝗕𝗮𝗰𝗸𝗴𝗿𝗼𝘂𝗻𝗱
AUSTRAC’s taskforce found that 72% of transaction value in eight major crypto ATM networks involved users over 50; those aged 60–70 made up 29%. Many were scam victims unknowingly acting as money mules. In one case, a user in their 70s deposited over AU$430,000, all linked to romance and investment fraud.

So what’s next for the sector?

From a best-practice perspective, crypto providers must go beyond check-the-box compliance:

• Build a risk-based AML program that includes off-chain transaction oversight and tailored risk assessments.
• Invest in tech-driven compliance, especially for transaction monitoring and customer screening.
• Bridge the talent gap with experienced hashtag officers from diverse backgrounds to avoid internal “groupthink.”
• Engage proactively with regulators — compliance must scale with the business, not trail behind it.

With global regulators pushing ahead — from the MAS in Singapore to the FCA in the UK and FinCEN in the US — it is safe to say that crypto hashtag non-compliance is no longer tolerated, and enforcement action is real.

Your controls must match your growth, or you may find yourself in AUSTRAC’s crosshairs.

Complacency will cost more than compliance.

https://lnkd.in/g4J7_avC

PayPal’s Enforceable Undertaking is now closed — but the lessons are wide open.AUSTRAC has confirmed PayPal completed a ...
24/07/2025

PayPal’s Enforceable Undertaking is now closed — but the lessons are wide open.

AUSTRAC has confirmed PayPal completed a two-year remediation program to fix weaknesses in how it handled international funds transfer instructions (IFTIs). The EU was imposed after an external audit revealed their AML/CTF controls weren’t fit for the scale and risk profile of their business.

It’s a win for turnaround, but a clear warning to others.

Here’s what this means for all reporting entities:
• Don’t wait for an audit to fix your controls.
• AML/CTF isn’t “set and forget.” Risk evolves. So must your systems.
• If your business has grown rapidly, your controls must scale too.

If your systems and risk management don't match your business, you might be helping move criminal funds — without even knowing it.

“When you slip up, it means a win for the criminals.”
– Brendan Thomas, AUSTRAC CEO

If you’re unsure whether your controls are keeping pace with your business, talk to us.

https://lnkd.in/gGHiBwaJ

𝗔𝗨𝗦𝗧𝗥𝗔𝗖 𝗚𝘂𝗶𝗱𝗮𝗻𝗰𝗲 𝗼𝗻 𝗦𝗲𝗿𝘃𝗶𝗻𝗴 𝗖𝘂𝘀𝘁𝗼𝗺𝗲𝗿𝘀 𝗪𝗶𝘁𝗵𝗼𝘂𝘁 𝗦𝘁𝗮𝗻𝗱𝗮𝗿𝗱 𝗜𝗗In April 2025, AUSTRAC released guidance to help financial serv...
23/07/2025

𝗔𝗨𝗦𝗧𝗥𝗔𝗖 𝗚𝘂𝗶𝗱𝗮𝗻𝗰𝗲 𝗼𝗻 𝗦𝗲𝗿𝘃𝗶𝗻𝗴 𝗖𝘂𝘀𝘁𝗼𝗺𝗲𝗿𝘀 𝗪𝗶𝘁𝗵𝗼𝘂𝘁 𝗦𝘁𝗮𝗻𝗱𝗮𝗿𝗱 𝗜𝗗

In April 2025, AUSTRAC released guidance to help financial services support customers who don’t have standard forms of ID.

Yesterday, we shared a brief overview of what that means.

Today, we go deeper to unpack how to support access without compromising AML/CTF obligations.

𝙒𝙝𝙮 𝙞𝙩 𝙢𝙖𝙩𝙩𝙚𝙧𝙨
• Not everyone can produce standard ID—some because of trauma, systemic exclusion, or where they live. Denying them access to basic financial services can cause real harm—and drive them to unsafe alternatives.
• This update offers clear, practical tools to support access while managing AML/CTF risks responsibly.

𝙒𝙝𝙤 𝙣𝙚𝙚𝙙𝙨 𝙛𝙡𝙚𝙭𝙞𝙗𝙞𝙡𝙞𝙩𝙮
Think:
• People affected by domestic violence
• Aboriginal & Torres Strait Islander peoples
• Individuals exiting prison
• Refugees, asylum seekers, recent migrants
• Trans and gender-diverse clients with unmatched IDs
• Elderly, homeless, or those without birth records
• People impacted by natural disasters or digital exclusion

For AUSTRAC, these customers must not be left behind.

Refreshed alternative ID options include
📄 Referee statements (with specific structure and who qualifies)
📄 Government correspondence, corrective services IDs
📄 Recently expired ID + photo match
📄 Community IDs (especially from ATSI orgs)
📄 Self-attestation—as a last resort only

What you must do
✅ Document your alternative ID process before using it
✅ Record the customer’s situation + verification steps
✅ Apply appropriate controls (e.g., transaction limits, source of funds checks)
✅ Train frontline staff to use discretion with confidence
✅ Monitor procedures and review for gaps over time

What not to do
🚫 Don’t require proof of trauma or violence
🚫 Don’t misgender or “deadname” gender-diverse clients
🚫 Don’t assume all non-standard ID is low risk—apply judgment

𝙁𝙞𝙣𝙖𝙡 𝙩𝙖𝙠𝙚𝙖𝙬𝙖𝙮
Financial inclusion is a regulatory expectation.
AUSTRAC wants flexible, compassionate, risk-aware procedures to become the norm, not the exception.

https://lnkd.in/g7KGp_db

𝗔𝗨𝗦𝗧𝗥𝗔𝗖 𝗔𝗹𝗲𝗿𝘁𝘀: 𝗛𝗼𝘄 𝘁𝗼 𝗩𝗲𝗿𝗶𝗳𝘆 𝗖𝘂𝘀𝘁𝗼𝗺𝗲𝗿𝘀 𝗪𝗶𝘁𝗵𝗼𝘂𝘁 𝗦𝘁𝗮𝗻𝗱𝗮𝗿𝗱 𝗜𝗗𝘀AUSTRAC’s updated guidance (April 2025) makes it clearer how...
22/07/2025

𝗔𝗨𝗦𝗧𝗥𝗔𝗖 𝗔𝗹𝗲𝗿𝘁𝘀: 𝗛𝗼𝘄 𝘁𝗼 𝗩𝗲𝗿𝗶𝗳𝘆 𝗖𝘂𝘀𝘁𝗼𝗺𝗲𝗿𝘀 𝗪𝗶𝘁𝗵𝗼𝘂𝘁 𝗦𝘁𝗮𝗻𝗱𝗮𝗿𝗱 𝗜𝗗𝘀

AUSTRAC’s updated guidance (April 2025) makes it clearer how to onboard customers who can’t provide standard ID, whether they’re from diverse backgrounds, facing vulnerabilities, or in tough situations.

What You Need to Know
1. Documented Alternate ID Procedures
Establish written policies before using non-standard ID—this ensures consistency each time you apply them.
2. Risk-Based Approach
Understand and record the money laundering and terrorism financing (ML/TF) risk when accepting alternative IDs. It’s valid even for non-low-risk clients, as long as you have proper safeguards.
3. Expanded ID Options
— Recently expired ID now acceptable
— Referee statements—even video format—in certain cases
— Tailored examples for vulnerable groups (e.g. Aboriginal & Torres Strait Islander, domestic violence survivors, trans/gender-diverse individuals)
4. Financial Inclusion Emphasis
The update underscores why we need inclusive ID practices—and how to implement them without raising compliance red flags.
5. Proper Record-Keeping
Track what alternative documents were used, assessment steps, and identity confirmation—essential for audit readiness.

Why It Matters
• Boosts inclusion: Removes ID barriers for vulnerable clients
• Reduces friction: Empowers frontline staff to onboard more smoothly
• Enhances compliance: Aligns with AML/CTF laws while promoting fairness

Take Action Now
• Review and formalise your alternative ID procedures
• Train your team on updated guidance and risk steps
• Update customer onboarding policies and records systems

This update is an opportunity to serve all clients better while staying compliant.

https://lnkd.in/gCrKBMtz

Address

The Commons, Mezzanine 388 George Street
Sydney, NSW
2000

Opening Hours

Monday 8am - 5pm
Tuesday 8am - 5pm
Wednesday 8am - 5pm
Thursday 8am - 5pm
Friday 8am - 5pm

Telephone

+61280062681

Website

Alerts

Be the first to know and let us send you an email when Xenia Compliance posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Xenia Compliance:

Shortcuts

Share

Category