The Australian Transaction Reports and Analysis Centre has ordered an external audit of the global payment platform Airwallex following concerns regarding serious non-compliance with financial crime regulations. AUSTRAC Chief Executive Officer Brendan Thomas announced the regulatory action on January 22, 2026, citing potential failures in the company’s ability to manage its anti-money laundering and counter-terrorism financing obligations. The audit, conducted under section 162 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, seeks to protect the Australian financial system from criminal exploitation, including fraud, drug trafficking, and child sexual exploitation. Airwallex must now appoint an approved external auditor at its own expense to investigate its transaction monitoring and customer due diligence programs.
Table of Contents
Airwallex AML compliance audit
The decision by the federal regulator to mandate an independent review follows an assessment that Airwallex may have failed to maintain a robust AML/CTF program. AUSTRAC expressed specific concern that the transaction monitoring systems used by the platform were not sufficiently attuned to the high-volume, multi-jurisdictional risks inherent in global payment services. In the official notice, the regulator highlighted that the company had not demonstrated an acceptable understanding of its customer base or the associated reporting requirements for suspicious activity. By invoking section 162, the regulator is signaling that the suspected breaches are significant enough to warrant a comprehensive, third-party forensic examination of the firm’s internal controls and governance structures.
The scope of the audit is designed to determine whether Airwallex has consistently identified, mitigated, and managed the risks of money laundering and terrorism financing. This includes a deep dive into how the business identifies suspicious matters and whether its senior management has provided effective oversight of compliance obligations. Under the terms of the enforcement notice, the appointed auditor must report back to the regulator within 180 days. The findings of this report will be instrumental in determining whether further regulatory action, such as civil penalty proceedings or enforceable undertakings, will be pursued by the Commonwealth.
Regulatory oversight of global payment platforms
As financial technology companies expand their global footprint, the complexity of monitoring cross-border fund transfers increases exponentially. AUSTRAC has emphasized that AML/CTF compliance is not merely a back-office administrative task but a core requirement for any entity operating within the Australian financial sector. The regulator’s focus on Airwallex stems from the platform’s role in facilitating transfers across multiple jurisdictions, which can be exploited by criminal networks for moving illicit proceeds. The failure to properly calibrate monitoring tools to detect fraud, scams, or the movement of funds related to illicit tobacco and drug trafficking represents a systemic risk to financial integrity.
The current enforcement action serves as a reminder to the broader fintech sector that rapid growth must be matched by equivalent investment in compliance resourcing. AUSTRAC has indicated that boards and senior executives must be actively involved in overseeing risk assessments. The regulator expects reporting entities to have clearly authorized staff and sufficient resources to ensure that reporting is both timely and accurate. When a business fails to demonstrate that it knows exactly who its customers are or cannot justify its transaction monitoring methodology, it leaves the door open for regulatory intervention.
Statutory requirements and audit timelines
The legal framework for this audit is provided by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, which gives the regulator the power to compel a reporting entity to hire an external auditor when non-compliance is suspected. The auditor will specifically examine whether the Airwallex Designated Business Group has been operating an ongoing customer due diligence program that meets the statutory standard. This includes the verification of customer identities and the monitoring of their financial behavior over time. The audit must also verify whether the business has been meeting its suspicious matter reporting obligations, which are critical for providing intelligence to law enforcement agencies.
The 180-day window for the audit report provides a structured timeline for the company to address the regulator’s concerns. During this period, the external auditor will have access to the firm’s records, systems, and personnel to verify the effectiveness of the compliance environment. The costs of this intensive review are borne entirely by the regulated entity, serving as a significant financial and operational burden. This mechanism is intended to ensure that the business takes immediate steps to uplift its systems while providing the regulator with an unfiltered view of the actual state of compliance within the organization.
Strategic implications for financial crime prevention
The intervention by the financial intelligence agency underscores a tightening of the regulatory environment in Australia, particularly for digital-first payment providers. As the findings of the external audit emerge, they will provide a roadmap for the necessary remediation required to bring the platform into full alignment with Australian law. This case highlights the necessity for payment platforms to transition from a checkbox approach to a risk-based approach that truly reflects the nature of their global operations. The outcome of this audit will not only affect the future of the specific business involved but will also set a precedent for how other global fintech firms must manage their exposure to financial crime.
Ultimately, the goal of such regulatory measures is to disrupt the flow of illicit money through legitimate channels. By forcing an external audit, the regulator ensures that systemic weaknesses are identified before they can be further exploited by criminal syndicates. The emphasis on accountability at the board level reinforces the idea that compliance is a fundamental component of corporate governance. For the industry at large, the message is clear: the ability to move money across borders carries with it a non-negotiable responsibility to protect the financial system from being used as a tool for crime.
Key Points
- Airwallex is subject to an AUSTRAC-ordered external audit under section 162 of the AML/CTF Act following concerns over compliance failures.
- The audit focuses on the platform’s transaction monitoring, customer due diligence, and suspicious matter reporting obligations.
- AUSTRAC CEO Brendan Thomas stated the action was necessary due to suspicions of serious non-compliance in a high-risk global payment environment.
- The independent auditor must deliver a final report within 180 days, with the findings determining if further civil penalties or legal actions will follow.
Related Links
- Anti-Money Laundering and Counter-Terrorism Financing Act 2006
- AUSTRAC guidance on external audits under section 162
- FATF Guidance for a Risk-Based Approach for Money or Value Transfer Services
- Consequences of non-compliance with AML/CTF laws in Australia
Other FinCrime Central Articles About NeoBanks Fined For Compliance Failures
- N26 AML Flaws Prompt Sanctions and €9.2 Million Bafin Penalty
- Revolut Hit With $187,800 Fine Over Late AML Reporting Failures
- Qonto’s Olinda Hit With €390,000 Penalty for AML Failures
Source: AUSTRAC
Some of FinCrime Central’s articles may have been enriched or edited with the help of AI tools. It may contain unintentional errors.
Want to promote your brand, or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.
