The mooted IPO of Australian fintech unicorn Airwallex is in doubt after AUSTRAC raised “serious concerns” about its compliance with anti-money laundering and counter terrorism financing (AML/CTF) laws and gave it 180 days to report back.

AML/CTF laws require all financial services organisations to verify and maintain records of their customers’ identities – a process known as Know Your Customer (KYC) – to prevent money laundering and other illicit fund transfers.

Although Airwallex completed an independent audit in 2024, the new order follows reports that AUSTRAC chief executive Brendan Thomas became concerned six months ago that the platform was being used by money mules to help fund child sexual abuse.

The new order, which was made under s162 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, compels Airwallex Designated Business Group (DBP) to undertake an extensive audit of its identity verification mechanisms at its expense.

Government regulator AUSTRAC “[has] reasonable grounds to suspect that Airwallex… has contravened and/or is contravening” s36, s41, s81, and s82 of the AML/CTF Act, the official order says, noting that non-compliance risks a $19,800 fine per offence and 12 months’ jail.

Thomas said such action is taken “where we suspect serious non-compliance,” adding that the risks stem from Airwallex being “a global payment platform that facilitates the transfer of funds to multiple jurisdictions.”

AUSTRAC is concerned Airwallex’s transaction monitoring “has not been attuned to the full range of risks it faces,” Thomas said, and that the company “hasn’t demonstrated an acceptable understanding of who its customers are and what reporting may be required.”

Bad timing for an Australian unicorn

Melbourne-based Airwallex, a business fintech that was founded in 2015 and rapidly grew to unicorn status before raising billions from private investors, “is committed to the highest standards of regulatory compliance,” the company said in a statement.

“We welcome this audit as a transparent opportunity to independently validate our AML/CTF program,” it added, claiming “zero tolerance for financial crime or illicit activity of any kind on our network.”

Yet the timing of the audit couldn’t be worse for the company, which completed a $475 million ($US330 million) Series G fundraising in December – giving it a valuation of $11.5 billion ($US8 billion) and was widely expected to progress to an IPO this year.

CEO Jack Zhang told CNBC in 2024 that Airwallex was targeting a public listing in 2026. However, he has since tempered expectations amid reports the AUSTRAC action has derailed near-term IPO plans.

An IPO would tap the growing momentum of the company, which boosted revenues 85 per cent and transaction volumes 71 per cent last year – with $1.73 billion ($US1.2 billion) in revenues and transaction volumes of $384 billion ($US266 billion).

AUSTRAC’s move comes as Airwallex announced the acquisition of Korean payments firm Paynuri – a move that Airwallex APAC general manager Arnold Chan called “a pivotal milestone for Airwallex as we expand the global reach of our financial platform.”

Adverse findings from the AUSTRAC audit could also potentially create issues for its partnerships with the McLaren Formula One team and, as announced more recently, the Arsenal football club.

Cognisant of the stakes, the company has recently been burnishing its public image – with recent reports that it was offering money to influencers to praise Zhang’s “thought leadership” and had engaged lawyers to remove numerous past “critical” news reports.

New rules put AUSTRAC on the warpath

Airwallex is only the latest company facing scrutiny from AUSTRAC, which is ramping up enforcement as it prepares for stricter AML/CTF rules to take effect on 31 March – years after high-profile actions in 2020 targeted the likes of PayPal and Afterpay.

Westpac paid a $1.3 billion fine the same year after an IT system caused 23 million breaches of the AML/CTF laws, effectively making it complicit in child exploitation payments.

An enforceable undertaking against PayPal was cancelled last year after PayPal spent two years fixing issues identified in its audit, but AUSTRAC has ramped up scrutiny of a fast-changing fintech sector reshaped by crypto and instant global payments.

“Effective anti-money laundering controls start at the top,” AUSTRAC’s Thomas said, urging boards and senior executives to be “actively overseeing how money laundering and terrorism financing risks are identified, assessed and managed.”

“AML/CTF is not a back-office function,” he said, but “requires clear accountability, properly authorised staff who can submit reports and sufficient resourcing to support timely and accurate reporting.”