Lab For
Crypto

Digital Onboarding Infrastructure for Crypto Exchanges

Crypto exchanges operating as Digital Services Providers face stringent AML/CTF obligations under AUSTRAC regulation. LAB delivers automated identity verification and risk screening infrastructure for digital asset platforms, enabling high-volume retail onboarding with real-time verification results that protect conversion rates while meeting enhanced due diligence requirements.

arrow_forward_ios
Request a demo

Identity Verification Infrastructure for Digital Services Providers

Meet AUSTRAC obligations for digital currency exchanges with LAB Verify and LAB Engage, accessed through LAB Portal or integrated via API into your existing platforms.

High-Volume Retail Onboarding for Digital Assets

  • Multi-provider verification engine orchestrates identity verification across government databases, biometric matching, and document verification services optimised for retail conversion.
  • Real-time verification outcomes enable instant account activation, reducing customer drop-off during onboarding without compromising compliance obligations.
  • Automated risk-based assessment adapts verification depth to customer risk profile, transaction patterns, and jurisdiction requirements.
  • Integration capabilities enable verification workflows to operate within existing exchange platforms and customer onboarding journeys.

Enhanced Due Diligence for Digital Asset Transactions

  • Individual identity verification confirms customer identities through document verification, biometric matching, and government database checks meeting AUSTRAC DSP requirements.
  • Source of funds and wealth verification captures financial background information required for enhanced due diligence on high-risk customers and transactions.
  • PEP and sanctions screening checks customers against DFAT, UN, and OFAC lists to identify politically exposed persons and sanctioned individuals before account activation.
  • Continuous monitoring and periodic review capabilities support ongoing customer due diligence requirements for digital currency exchange operations.

Portal & API Access Options

  • LAB Portal provides operations teams with case management interface to review exceptions, manage high-risk accounts, and access comprehensive audit trails for AUSTRAC compliance.
  • API integration enables exchanges with technical capability to embed verification workflows directly into customer registration and trading platform interfaces.
  • Real-time verification results with detailed pass/fail outcomes and evidence storage meet Digital Services Provider record-keeping obligations.
  • Fraud signal monitoring identifies VPN usage, device risk, and suspicious patterns to protect platform integrity and meet AML/CTF obligations.

Managed AML/CTF Operations

  • LAB Service combines LAB Verify technology with our partner network's AML/CTF expertise to deliver managed verification and compliance operations for digital asset platforms.
  • Flexible resourcing models scale from exception handling support through to complete verification process outsourcing during growth phases.
  • Regulatory advisory services provide guidance navigating Digital Services Provider obligations and evolving AUSTRAC expectations for crypto exchanges.
  • Transaction monitoring support assists with suspicious matter reporting, enhanced due diligence reviews, and ongoing customer risk assessment.

Frequently Asked Questions

Yes. Crypto exchanges are reporting entities under the AML/CTF Act 2006, and the exchange of digital currency for money (and vice versa) has been a regulated designated service since 2018. The reform does not make exchanges newly regulated; instead, it expands the regime by adopting the broader terms "virtual asset" and "virtual asset service provider" (VASP) and capturing additional designated services from 31 March 2026. This is earlier than the 1 July 2026 start date that applies to tranche 2 sectors such as lawyers and accountants.

From 31 March 2026 the new virtual asset designated services in Table 1 of the Act capture: exchanging a virtual asset for money or money for a virtual asset, or making arrangements for that exchange (item 50A); exchanging a virtual asset for another virtual asset (item 50B); providing a virtual asset safekeeping service such as controlling private keys (item 46A); accepting instructions to transfer virtual assets or making transferred virtual assets available to customers (items 29 to 30); and providing financial services in connection with the offer or sale of a virtual asset where the business participates in that offer or sale (item 50C). "Making arrangements" means a VASP can be captured without performing every element of the exchange, for example by operating a peer-to-peer exchange platform.

A virtual asset is a digital representation of value that can be transferred, stored or traded electronically and is not issued by or under the authority of a government body, and that functions as a medium of exchange, a store of value, a unit of account or an investment, or that enables governance voting. This captures cryptocurrencies such as Bitcoin, Ether and Monero, stablecoins such as USDC, USDT and AUDD, and NFTs that store or represent economic value. It excludes Central Bank Digital Currencies (defined as money), in-game currencies, loyalty points, and purely collectible NFTs.

Yes. A virtual asset service provider must both enrol and apply for registration with AUSTRAC, and from 31 March 2026 you must not provide virtual asset designated services until AUSTRAC has confirmed your registration. AUSTRAC scrutinises applications, can take up to 90 days to decide (the clock resets if it requests more information), and assesses operational readiness, the AML/CTF experience of key personnel, and the criminal and compliance history of beneficial owners. Registration runs for 3 years, and material changes to beneficial owners or key personnel must be notified within 14 days.

Initial customer due diligence (CDD) must be completed before the exchange provides a designated service to the customer, which means before opening an account and before transferring or making virtual assets or money available to them. The exchange must identify and verify the customer (and any beneficial owner or person they act for), confirm whether they are a politically exposed person or subject to sanctions, and assign an ML/TF risk rating that sets the depth of verification. Real-time identity verification (document, biometric and government-database checks) lets exchanges meet these obligations while protecting retail conversion.

Enhanced customer due diligence (ECDD) is mandatory whenever a customer's ML/TF risk is high and in specific circumstances, including foreign politically exposed persons, customers connected to FATF high-risk jurisdictions, unusually large or complex transactions, or where a suspicious matter report obligation arises. The Rules also impose a specific VASP measure: you must apply enhanced CDD to any customer who deposits or receives physical currency in exchange for virtual assets, including through a crypto ATM, and collect and verify their source of funds. ECDD also includes establishing source of wealth and stepping up monitoring.

Connected to the Platforms You Already Use

Integration capabilities with exchange platforms enable compliance workflows to operate within existing customer onboarding and trading infrastructure.

No items found.
arrow_forward_ios
See all integrations

Related News

arrow_forward_ios
View all news
No items found.
Case Studies

Real Results in Action

Discover how leading firms in your sector have transformed their compliance operations and streamlined their workflows with LAB Group's tailored solutions. Explore real-world implementations that demonstrate measurable improvements in efficiency, risk management, and regulatory adherence.

arrow_forward_ios
All case studies

Case Study
Learn more

Customer Support

We have a support desk available for you to submit cases in our LAB Community with the option for technical support. This is a central location for resources, Frequently Asked Questions, Guides and a place to monitor the progress of your support cases. Go to the LAB Community here to view our Knowledge Base, Request Access, or Submit a Case.

Yes. We have different levels of access available for managing and monitoring applications within LAB’s Application Manager ensuring staff get the correct authorised access and permissions.

Transform your 
customer journey 
with LAB Group.

Join leading institutions that have modernized their compliance infrastructure and elevated their customer experience. Schedule a demo with our team to explore how LAB Group can transform your operations.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.