AUSTRAC Orders Independent Audit of MHITS as Pressure Mounts on Payment Platforms

Key Takeaways

• Audit Mandate: AUSTRAC has ordered MHITS Limited to appoint an external auditor to assess its AML/CTF compliance.
• Supervisory Momentum: The action builds on a broader campaign that previously targeted multiple payment platforms.
• High-Risk Activity Exposure: Regulators identified failures to detect and manage transactions linked to child sexual exploitation.
• Rising Detection Rates: Reports of suspected exploitation-related activity have increased by 264%, indicating improved reporting.

Deep Dive

Australia’s financial intelligence agency, AUSTRAC, has ordered payment platform MHITS to appoint an external auditor to review its anti-money laundering and counter-terrorism financing (AML/CTF) controls, in a move that shows growing unease with how parts of the payments sector are managing financial crime risk.

The directive did not come out of the blue. It follows AUSTRAC’s broader supervisory campaign into payment platforms last year, where the regulator pushed firms to confront weaknesses in their compliance frameworks. That effort resulted in audit orders for WorldRemit and Airwallex, alongside letters of concern sent to several other providers.

What is emerging is less a one-off intervention and more a pattern. AUSTRAC is steadily tightening its grip on a sector that has expanded quickly across borders, but not always with controls that keep pace.

Where the Risks Are Showing

At the center of the regulator’s concern is a familiar but deeply troubling issue. According to AUSTRAC, its review identified transactions linked to the purchase of child sexual exploitation material flowing through online payment platforms, often without being properly flagged, reported, or stopped.

Brendan Thomas, CEO of AUSTRAC, was direct about what the agency found.

“Our supervisory campaign found payments that are high risk for child sexual exploitation were flowing through online payment platforms, but many businesses were failing to identify and manage the risks, report SMRs or exit high-risk customers despite the clear warning signs,” he said.

That gap between risk exposure and response sits at the heart of AUSTRAC’s latest action.

A Closer Look at MHITS Limited

For MHITS Limited, the audit will focus on whether its transaction monitoring program is calibrated to the risks it actually faces. As a platform facilitating cross-border payments, the expectation is not just basic compliance, but systems capable of identifying patterns, escalating concerns, and acting on them.

AUSTRAC has made clear it is not convinced those expectations are currently being met.

“Strong risk management and compliance systems and timely reporting of suspicious matters are essential to disrupting criminal activities and that is what we expect to see in this sector,” Thomas said.

The audit itself will be conducted by an external party, at MHITS Limited’s expense, with a report due within 180 days. The scope will be set by AUSTRAC, and the findings will help determine whether further regulatory action is warranted.

A Sector-Wide Warning, Not Just a Single Case

While the audit is directed at one firm, the message is aimed much more broadly. AUSTRAC has already put the payments sector on notice, urging firms to address what it described as serious compliance failures, particularly in managing risks tied to offshore payments.

There are early signs of change. The regulator pointed to a 264 percent increase in reports of suspected child sexual exploitation activity, suggesting detection and reporting are improving. But the scale of that increase also underscores how much risk had previously gone unreported or unmanaged.

Thomas framed the expectation in blunt terms.

“I have a simple message for businesses operating in the cross-border payments space: you are on the frontline when it comes to moving funds linked to these horrific crimes, and your actions matter.”

It is a reminder that for regulators, AML/CTF compliance is no longer just about frameworks and policies. It is about outcomes.

‍The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.