Crystal Intelligence hosted this webinar to discuss the current and future state of the crypto industry in Australia.It examined regulation, crypto’s intersection with gambling in Australia,the rise and risksof crypto ATMs, and how industry governance compares with the EU’s Markets in Crypto-Assets Regulations (MiCA)and other jurisdictions.
Crypto businesses entering Australia, regulators, compliance teams, and law enforcement will all gain valuable insights from the expert panel.
Jessica Chuah, Crystal Intelligence VP of Growth for the APAC region, moderated the panel.
The panelists were:
Irina Gorbach, Crystal IntelligenceCompliance Advisory Manager, withover 15 years of experience in crypto, banking, and gambling.
Penny Wong, a Sydney-based Chief Information Security Officer in emerging Tech & Cybersecurity at CypherNetWork, who handles all aspects of emerging tech, particularly payments, cybersecurity, AI and blockchain.
Dr John-Paul Monck, Ph.D., from Australia, who works in traditional financial services, including law and accounting. He has also worked as a banker and regulator. He owns a boutiquelaw form that handles clients in both traditional and emerging markets.
Crypto ATM adoption in Australia
Jessica highlighted Australia’s nearly 2000 crypto ATMs across Sydney, Melbourne, Brisbane, and Perth—contrasted withHong Kong’s 100just a year ago—and warned of risks from criminals and poor regulation.
Polls held during the webinar also provided insights for and about our audience:
Poll #1: Unsurprisingly, almost 50% of our audience came from financial services (26%) and crypto/blockchain companies (22%).
Poll#2: An overwhelming 87% of the audience did not use crypto ATMs, and 39% did not plan to.
AUSTRAC oversight and compliance
Jessica’s first topic for the panel was how crypto is regulated in Australia. She mentioned that in Hong Kong, this function is handled by the customs and excise department, while JP explained that there is no central regulator in Australia.
Once the Australian Tax Office (ATO) originally classified crypto as a taxable asset, other government agenciestook action.
The Australian Transactional Reports and Analysis Centre (AUSTRAC)is the AML regulator, while the Australian Prudential Regulation Authority (APRA) is the prudential regulator. The Reserve Bank runs the central bank function, and the Australian Securities Investment Commission (ASIC) regulates corporate securities. You need an Australian Financial Services License (AFSL) to advise or deal with digital assets.
JP pointed out that you must also qualify for an AFSL licensewhen offering advice services about crypto and be registered with AUSTRAC if you offer any financial services.When dealing with currency from non-fiat sources, you’relikely handling complex remittances and much suspicious activity. Details on crypto ATM usage are unclear, and it was agreed that the field requires examination, which AUSTRAC and the AFSL are understandably investigating.
Pennyshared that Hong Kong’s ATMs are run mainly by one syndicate. Australia should research who operates its nearly 2000 crypto ATMs due to the sheer number of financial crime opportunities they represent.
Penny added that crypto ATMs appeared almost overnight without fanfare. Given 6.5–15% fees versus 0.1–1% online, she found it strange that anyone uses them. To understand their viability despite high costs, she also suggested that more research into crypto ATM user demographics is needed.
Jessica mentioned that in Cambodia, by comparison, the conversion fee is a standard 10% on all types of transactions.
AML risks in the gambling sector
Commenting on crypto usage on licensed and unlicensed online gambling, JP noted Australia’s major casino operators face increasing AML scrutiny over KYC and cash use, with interstate variations on regulatory requirements. In contrast, online gambling operates only through websites. Reporting must be transparent if crypto is accepted, as tighter AUD regulation likely increases crypto inflows, drawing AUSTRAC’s attention, as they can track these patterns by triangulating multiple data sources.
Jessica responded that in some Asian countries, such as Malaysia and Indonesia, the moment a gambling risk is identified, it is escalated to the Criminal Investigation Bureau immediately.
The relationship between crypto businesses and regulators in Australia
JP described Australia’s more accommodating regulators. If no suspicious transaction reports (STRs) are filed for months, they’ll call to check activity and ask why. This encourages compliance officers to report even minor suspicions, helping regulators piece together reports and spot potential criminal activity.
He estimated that Australian owners aim to run legitimate businesses, confident that they follow regulations and that their clients aren’t involved in crime or drugs. If your firm appears on laundering sites, sudden inflows will be noticeable. Reporting to regulators offers assistance, not hostility.
JP praised Australia’s cooperative regulators, contrasting their approach with the accusatory methods used elsewhere.
Penny then compared regulations between traditional ATMs and crypto ATMs. She moved from Web 2 payments to Web 3, where rules remainrelatively more lax in Australia, especially for KYC. Asset management differs, with funds easily shifted from cold wallets, requiring stricter checks. She cited the Bybit heist, where thieves stole $1.5B in minutes.
Jessica explained that businessmen in many parts of Asia are less keen to reveal too much to the regulators, as their goal is to make money. Collaboration with the regulators means added compliance costs and greater access to their information for regulators.
Penny described how she had salvaged about 50 digital projects, stressing that infosec security and compliance deficiencies are the most common challenges she identifies. She noted that reaching out to regulators in Australia early on is likely to open their doors to your projects, making them less likely to come down hard on you.
AUSTRAC’s crackdown on inactive exchanges from a MiCA perspective
Jessica asked Irina about AUSTRAC’s April 2025 crackdown on inactive digital currency exchanges and ATM impacts.
Irina responded by noting that in Australia, crypto ATMs fall under AUSTRAC’s Digital Currency Exchange (DCE)framework. They must register, implement robust customer due diligence (KYC), monitortransactions, and file suspicious matter reports (SMRs).
Many operators hadn’t reported in years, with some tied to dormant networks vulnerable to illicit use or shell sales. Anonymous, unmonitored usage is non-compliant under Australian law, and she praised this zero-tolerance stance.
In Europe, the tone is even sharper. InGermany, BaFin closed all illegal ATMs under fake or expiredregistrations in 2024. In the UK, theFinancial Conduct Authority (FCA) declared all crypto ATMs illegal unless registered in 2022, which led to the shutdown of machines across the country. In Europe,every ATM must be traceable,licensed and accountable before it is installed, and data is acquired through various digital tools.Meanwhile, in Canada, authorities use wallet-level analytics to detect ATM activities.
A common case is when a victim—either through fake romance ‘partners’ calling for funds or fake family emergencies—is instructed to deposit cash into a specific crypto ATM. The criminal then routes the fundsto a high-risk exchange or money on the hub. Regulators can analyze what happens to the crypto from each transaction, whether it flows to casinos, mixers or other structured transactions. This is just starting in Australia, with work being done to match real-world operators to wallet activity.
Europe’s MiCA approach to crypto regulation
Europe’s (Markets in Crypto-Assets Regulations) MiCA seeks a harmonized framework, uniting national laws into one EU license rulebook. It covers crypto ATMs, whose operators fall under the VASP definition and must secure licensing in an EU state. They must enforce AML programs, report suspicious activity, and apply the travel rule, even for cash-linked transfers.
The key lesson from MiCA is regulatory precision. There is no ambiguity about whether an ATM is a financial service. In Australia, enforcement still tends to follow incidents rather than prevent them from happening.
MiCA also introduced risk-based customer segmentation. Unverified users cannot exceed certain crypto-to-fiat thresholds. European ATM operators must install ID verification modules, set transaction caps, use wallet screening, and link each transfer to a verified IBA or account. They must also prove wallet ownership and transaction legitimacy to deposit crypto into licensed betting platforms.
MiCA vs. Australian regulation
Jessica asked JP what he learned from Irina’s discussion and its relevance for Australia. JP answered that Australia often adopts European regulations and should consider MiCA. However, Australia differs geographically, with cash entering or leaving the country only via planes or ships. Still, its analytics environment is similar, making EU rules potentially effective.
He added that clear regulations build trust and would make Australians view crypto as a viable alternative, increasing uptake. Penny agreed that the EU framework is progressive, promoting privacy controls so that wallets act as proof of clean fundsinstead of passports or personal details. She hopes Australia adopts EU MiCA regulations.
Enforcement and fighting crypto-related financial crime
Irina described how the EU uses blockchain intelligence to detect the illicit use of ATMs and gambling-related cash flows. The risk score for crypto ATMs is 50%, i.e., medium risk, but it is fully customizable according to your risk appetite. The regulators can move from passive supervision to data-driven, advanced risk detection. i.e., they can monitor wallet clusters to identifycrypto ATMs and their cash-in points.
The moneylaundering cycle can either start at the crypto ATMs or the ATMs can be the endpoint of the illegal transaction.Irina believes that crypto ATM risk should be ranked high rather than medium, although it depends on thejurisdiction. Even if the funds come from a legitimate ATM, regulators can analyze where the crypto goes once deposited.
Combined task forces to counter crypto ATM risks
JP described a recent response in Australia to the crypto ATM gambling risk, where the Australian Federal Police (AFP) and AUSTRAC created a combined task force. Several cases have been solved involving ATMs financing drug purchases, etc. There are also romance or pig butchering scams, which have led to AUSTRAC refusing to register some crypto ATM providers. They have puta limit of $5,000 per transaction and have posted scam warning messaging about some providers.
Jess commented that only a few providers are likely running Australia’s nearly 2000crypto ATMs and failing to meet the regulations. With more intense regulatory scrutiny, these will probably be identified.
The need for client education on crypto adoption
Penny spoke about the need for education about the crypto payment environment, where innovation almost always outpaces regulation. She believes the best way to understand it is to experience it, i.e., to open a wallet specifically to seewhat happens when you are scammed.
The panel then discussed the probably most urgentcompliance problem in Australia today. JP believes that with tighter compliance,probably half of the existing crypto ATMs will be removed, once there is more clarity around their registration and what they are being used for.
Irina believed you must make your compliance rules visible and transparent to all financial sector segments, including potential crypto ATM users. If your ATM looks anonymous, untraceable or inactive,the authorities will assume the worst and act accordingly.
Penny repeated her view that ATMs are absurd because of their high fees, but if you can prove the funds are clean,the source is proven, and the wallet checks are done, then there is a place for them.
Final comments on crypto risk and regulation in Australia
Jessica wrapped up the session with a final comment about the different environment she operates in for Crystal, with multiple different APEC countries, where there is less information and even less sharing, so she really enjoyed the opportunity to get together with others around the world in the joint fight against crypto crime.
Conclusions and final thoughts
- The webinar’s discussion on technology, risk, regulation, and governance produced several key takeaways: Australia is behind the EU in crypto regulations, and consistency and transparency in regulation should be prioritized.
- A new regulatory framework is needed to adapt traditional finance governance lessons to crypto finance.
- AI and blockchain convergence accelerate financial risks, meaning regulators must be proactive rather than reactive.
- Australia’s VASPs should create AML/KYC frameworks to align with Australia’s new crypto regulations.
- Policymakers must ensure the adaptation and transfer of governance and compliance from traditional financial markets into the crypto environment.
- Urgent steps need to be taken to strengthen the regulatory control of crypto ATMs, as they could be used as a cover for illicit gambling and other illegal activities.
Learn more about crypto regulation and risk in our country guide or check out the full webinar.
