Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Australia’s public VASP register and Travel Rule: what changes now?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9059
Topic starter  

TL;DR: Australia has made its VASP register public and, from July 1, Travel Rule obligations apply to newly regulated virtual asset services, requiring sender and recipient information plus seven-year retention, according to SumSub. The shift makes registration status, transfer-chain data, and offboarding discipline central to virtual asset governance rather than back-office compliance.

NHIMG editorial — based on content published by SumSub: Australia launches public VASP register as Travel Rule to take effect

By the numbers:

  • A separate reporting requirement for transfers involving unverified self-hosted wallets remains deferred until March 31, 2029.

Questions worth separating out

Q: How should organisations govern virtual asset providers under the Travel Rule?

A: Treat provider legitimacy as an access control problem, not only a compliance check.

Q: Why does the Travel Rule matter for identity governance?

A: Because it extends identity control from account creation into transaction execution.

Q: What breaks when transfer records are not retained long enough?

A: Audits, investigations, and registration reviews lose the evidence needed to reconstruct who was involved and what controls were applied.

Practitioner guidance

  • Build provider-status checks into onboarding Verify AUSTRAC registration before enabling exchange, custody, or transfer relationships, and re-check status on a scheduled basis.
  • Map Travel Rule fields to transfer workflows Define where payer and recipient details are collected, validated, transformed, and passed through intermediaries so the required information survives each handoff without manual re-entry.
  • Align record retention with regulated evidence needs Preserve registration evidence, transfer metadata, and verification artefacts for the full seven-year period, with access controls that support audit, investigation, and legal hold requirements.

What's in the full analysis

SumSub's full news post covers the operational detail this post intentionally leaves for the source:

  • The precise categories of virtual asset services that now need registration before offering covered services.
  • The transfer-chain information collection and verification steps that providers must complete under the Travel Rule.
  • The deferred reporting requirement for unverified self-hosted wallets and the March 31, 2029 date.
  • The licensing changes affecting digital asset and tokenized custody platforms in Australia.

👉 Read SumSub's coverage of Australia's public VASP register and Travel Rule changes →

Australia’s public VASP register and Travel Rule: what changes now?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8498
 

Public VASP registration is a counterparty-governance control, not a publicity exercise. Making provider status visible changes how organisations decide who can sit in a regulated transfer chain. The control value lies in pre-transfer verification, ongoing legitimacy checks, and faster identification of providers that should be offboarded or blocked. Practitioners should treat the register as part of access governance for value movement, not as a static compliance directory.

A few things that frame the scale:

A question worth separating out:

Q: Who is accountable when a virtual asset provider is no longer registered?

A: The organisation relying on that provider remains accountable for checking status, stopping new exposure, and preserving evidence of its governance decisions. Public registration reduces ambiguity, but it does not remove responsibility for counterparty diligence, offboarding, or transfer oversight. The burden shifts from discovery to action.

👉 Read our full editorial: Australia’s public VASP register changes crypto compliance governance



   
ReplyQuote
Share: