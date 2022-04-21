The prudential regulator has set out in a letter its initial risk management expectation for individuals that engage in activities associated with crypto assets, as well as a policy roadmap for the future.

In particular, APRA expects that all regulated entities will conduct appropriate due diligence and a comprehensive risk assessment before engaging in activities associated with crypto-assets, and ensure that they understand, and have actions in place to mitigate, any risks that they may be taking on.

In addition, APRA stated that the principles and requirements of Prudential Standard CPS 231 Outsourcing or Prudential Standard SPS 231 Outsourcing should be considered when relying on a third party in conducting activities involving crypto assets.

"Entities also need to ensure they comply with all conduct and disclosure regulation administered by ASIC," it said.

"This will require robust conduct risk management and consideration of distribution practices and product design, as well as consideration of disclosure."

Moving forward, APRA is developing the longer-term prudential framework for crypto-assets and related activities in Australia in consultation with other regulators internationally, to ensure consistency in approach.

The letter comes as AUSTRAC released two new financial crime guides to help businesses stop ransomware attack payments and the criminal abuse of digital currencies.

According to the Australian Cyber Security Centre (ACSC), cyber-enabled crime is an increasing threat to Australians., with over 500 ransomware attacks reported in the 2020-21 financial year.

AUSTRAC chief executive Nicole Rose said businesses must understand how to distinguish between criminal activity and customers using digital currencies for legitimate purposes, and the importance of reporting suspicious activity to AUSTRAC.

"Financial service providers need to be alert to the signs of criminal use of digital currencies, including their use in ransomware attacks," Rose said.

The guides contain practical information and indicators to help businesses identify and report if a payment could be related to ransomware attacks, or someone could be using digital currencies to commit serious crimes such as money laundering, scams, or terrorism financing.

Blockchain Australia chief executive Steve Vallas added: "The use of digital currencies for criminal purposes has no place in our sector."

"Open dialogue, pro-active guidance and strong relationships between Government and industry are necessary to ensure businesses can identify and report behaviour that puts Australians at risk of harm."