Cross-Border Transfers, AUSTRAC and the Travel Rule — What Charities Need to Know
AUSTRAC obligations don't stop at banks. If your charity moves money across borders, the Travel Rule, IFTI reporting and beneficiary identification all apply — and the cost of getting them wrong is rising.
Cross-Border Transfers, AUSTRAC and the Travel Rule — What Charities Need to Know
Most charities assume AUSTRAC obligations apply only to financial institutions. They don't. Any organisation that arranges for money or value to be transferred internationally — whether by SWIFT, by remitter, by hawala-style network or by crypto — has obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.
What triggers AUSTRAC obligations
You don't have to be a registered remitter to attract obligations. You do have to:
- Identify the originator and beneficiary of every transfer.
- Maintain records for seven years.
- Report international funds transfer instructions (IFTIs) where applicable.
- Have an AML/CTF program proportionate to your risk.
For most humanitarian charities, the practical implications are:
- A documented AML/CTF policy approved by the board.
- KYC on the partner at the receiving end of every cross-border transfer.
- Sanctions screening on the partner and the named recipients at the time of transfer (not just at onboarding).
- A clear record of the purpose of each transfer.
The Travel Rule in plain English
The Travel Rule requires that originator and beneficiary information "travels" with the transfer. For a SWIFT wire this is largely automatic. For partner-disbursed cash distributions in the field, it is not — and that's where charities trip.
If a partner receives a $50,000 transfer from you and disburses it as $200 cash distributions to 250 beneficiaries, your records need to support a reconstruction of who got what, when. Photo evidence and a beneficiary register satisfies this.
High-risk corridors
Some corridors require enhanced due diligence:
- Countries on the FATF grey or black list.
- Countries with active sanctions regimes.
- Countries with documented terrorism-financing risk.
DFAT's Consolidated List is the starting point. Aid Synergy's Risk Hub auto-screens new partners and transfers against the consolidated list at the time of action.
Beneficiary identification in practice
You don't need a passport scan from every beneficiary. You do need a defensible beneficiary identification standard, sized to the risk:
- Low risk — name, location, vulnerability category, photo at distribution.
- Medium risk — add a national ID number where culturally and legally appropriate.
- High risk — add biometric or witness-attested identification.
Codify the standard in your policy, apply it consistently, and your AUSTRAC posture moves from defensive to mature.
What changes in the next two years
AUSTRAC's Tranche 2 reforms are extending obligations to a wider set of "designated services". Charities operating in remittance-heavy corridors should expect heightened scrutiny, not less. The fix is not panic — it is to have your house in order before the auditor arrives.