Cross-Border Transfers, AUSTRAC and the Travel Rule — What Charities Need to Know
AUSTRAC obligations don't stop at banks. If your charity moves money across borders, the Travel Rule, IFTI reporting and beneficiary identification all apply — and the cost of getting them wrong is rising.
Most charities assume AUSTRAC obligations apply only to financial institutions. They don't. Any organisation that arranges for money or value to be transferred internationally — whether by SWIFT, by remitter, by hawala-style network or by crypto — has obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.
What triggers AUSTRAC obligations
You don't have to be a registered remitter to attract obligations. You do have to:
- Identify the originator and beneficiary of every transfer.
- Maintain records for seven years.
- Report international funds transfer instructions (IFTIs) where applicable.
- Have an AML/CTF program proportionate to your risk.
For most humanitarian charities, the practical implications are:
- A documented AML/CTF policy approved by the board.
- KYC on the partner at the receiving end of every cross-border transfer.
- Sanctions screening on the partner and the named recipients at the time of transfer (not just at onboarding).
- A clear record of the purpose of each transfer.
The Travel Rule in plain English
The Travel Rule requires that originator and beneficiary information "travels" with the transfer. For a SWIFT wire this is largely automatic. For partner-disbursed cash distributions in the field, it is not — and that's where charities trip.
If a partner receives a $50,000 transfer from you and disburses it as $200 cash distributions to 250 beneficiaries, your records need to support a reconstruction of who got what, when. Photo evidence and a beneficiary register satisfies this.
High-risk corridors
Some corridors require enhanced due diligence:
- Countries on the FATF grey or black list.
- Countries with active sanctions regimes.
- Countries with documented terrorism-financing risk.
DFAT's Consolidated List is the starting point. Aid Synergy's Risk Hub auto-screens new partners and transfers against the consolidated list at the time of action.
Beneficiary identification in practice
You don't need a passport scan from every beneficiary. You do need a defensible beneficiary identification standard, sized to the risk:
- Low risk — name, location, vulnerability category, photo at distribution.
- Medium risk — add a national ID number where culturally and legally appropriate.
- High risk — add biometric or witness-attested identification.
Codify the standard in your policy, apply it consistently, and your AUSTRAC posture moves from defensive to mature.
What changes in the next two years
AUSTRAC's Tranche 2 reforms are extending obligations to a wider set of "designated services". Charities operating in remittance-heavy corridors should expect heightened scrutiny, not less. The fix is not panic — it is to have your house in order before the auditor arrives.
Related Resources
More from the Aid Synergy briefing.
Risk, Safeguarding and AML for Australian Charities
Child-safe and PSEAH obligations, how to screen partners against DFAT and UN sanctions, and what good whistleblower and complaints handling actually looks like.
ACNC Registration and Eligibility Explained for New Australian Charities
Plain-English answers on whether you need to register with the ACNC, how DGR status differs, which subtype to pick, and what changes if you work overseas.
The Six ACNC Governance Standards, Explained Without the Jargon
What each of the six Governance Standards actually requires, who counts as a Responsible Person, and which policies you genuinely need to have on the shelf.
About the Author
Aid Synergy Team is dedicated to supporting humanitarian organisations through practical technology, compliance expertise, and operational insight.