Bills Digest No. 74, 2023-24

Crimes and Other Legislation Amendment (Omnibus No. 1) Bill 2024

Attorney General's

Author

Owen Griffiths

Go to a section

Key points

  • clarify that search warrants may authorise the seizure of ‘digital assets’ including cryptocurrency (Schedule 1)
  • expand the definition of ‘financial institution’ to ensure that existing information gathering and freezing orders will apply to digital currency exchanges and accounts (Schedule 2)
  • increase the Commonwealth penalty unit from $313 to $330 (effective 1 July 2024) (Schedule 3)
  • clarify the functions of the Communications Access Coordinator in the Attorney-General’s Department and create the position of Communications Security Coordinator in the Department of Home Affairs (Schedule 4)
  • enhance the ability of oversight bodies in New South Wales, South Australia, Victoria and Western Australia to receive intercepted information and interception warrant information under the Telecommunications (Interception and Access) Act 1979 (Schedule 5).
  • The Parliamentary Joint Committee on Intelligence and Security is conducting an inquiry into the Bill. Submissions closed on 9 May 2024. No reporting date has been set.
  • The Senate Standing Committee for the Scrutiny of Bills has raised a number of concerns with Schedules 1, 3 and 4 of the Bill.
  • The Parliamentary Joint Committee on Human Rights has also raised concerns with the Bill.
Introductory Info

 

Date introduced: 27 March 2024
House: House of Representatives
Portfolio: Attorney-General
Commencement: Schedules 2, 4, 5 commence on the day after Royal Assent. Schedule 1 commences 1 month after Royal Assent and Schedule 3 commences on 1 July 2024.

Purpose of the Bill

The purpose of the Crimes and Other Legislation Amendment (Omnibus No. 1) Bill 2024 (the Bill) is to amend the Crimes Act 1914, the Proceeds of Crime Act 2002 (POCA), the National Anti-Corruption Commission Act 2022 (NACC Act), the Telecommunications (Interception and Access) Act 1979 (TIA Act) and the Telecommunications Act 1997. These amendments are intended to ‘support the proper administration of government, law enforcement and oversight processes’.[1]

Structure of the Bill

The Bill’s amendments are contained in 5 schedules:

  • Schedule 1—Seizing digital assets
  • Schedule 2—Digital currency exchanges
  • Schedule 3—Penalty unit
  • Schedule 4—Communications Access Coordinator and Communications Security Coordinator
  • Schedule 5—Information sharing between integrity agencies and oversight bodies.

Background

Some of the measures contained in Schedules 1 and 2 regarding the seizure of digital assets and the treatment of digital currency exchanges were previously part of the Crimes Legislation Amendment (Ransomware Action Plan) Bill 2022, introduced by the Morrison Government, which lapsed at the dissolution of the 46th Parliament.[2]

As omnibus amending legislation, the Bill makes changes to a range of areas. Relevant background information for the amendments in each of the schedules is included in the ‘Key issues and provisions’ section below.

Committee consideration

Parliamentary Joint Committee on Intelligence and Security

The Parliamentary Joint Committee on Intelligence and Security (PJCIS) commenced an inquiry into the Bill on 11 April 2024. Written submissions were requested by 9 May 2024 and 7 submissions have been received. Submissions were received from the Australian Federal Police (AFP) and some of the affected government departments, integrity agencies and oversight bodies have been supportive. A minor amendment to the Bill was suggested (discussed in the ‘Key issues and provisions’ section below).[3] The PJCIS has not set a reporting date for the inquiry.

Senate Standing Committee for the Scrutiny of Bills

The Senate Standing Committee for the Scrutiny of Bills (Scrutiny of Bills Committee) has raised a number of issues with the Bill and sought further advice from the Minister concerning three aspects:

  • the privacy implications of the new search warrant powers in relation to digital assets in proposed section 3FA of the Crimes Act and proposed section 228A of the POCA in Schedule 1
  • the limited information provided regarding the calculation of the proposed increase in the Commonwealth penalty unit in Schedule 3
  • the broad delegation of the powers of the Communications Access Coordinator and Communications Security Coordinator through legislative instruments in Schedule 4.[4]

The Scrutiny of Bills Committee’s concerns are discussed in the ‘Key issues and provisions’ section below.

Policy position of non-government parties/independents

At this stage non-government parties and independent members and senators do not appear to have expressed policy positions on the Bill.

Position of major interest groups

Major interest groups do not appear to have commented on the Bill at this time. As noted above, the submissions received by the PJCIS inquiry have been broadly supportive.

Financial implications

The Explanatory Memorandum notes that the increase in the Commonwealth penalty unit will ‘increase the revenue returned to the Consolidated Revenue Fund for pecuniary penalties imposed for the commission of Commonwealth criminal offences’.[5]

Statement of Compatibility with Human Rights

As required under Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011 (Cth), the Government has assessed the Bill’s compatibility with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of that Act. The Government considers that the Bill is compatible.[6]

Parliamentary Joint Committee on Human Rights

The Parliamentary Joint Committee on Human Rights (PJCHR) assessed that the proposed extensions of the search and seizure measures for digital assets contained in Schedules 1 and 2 engage and limit the rights to privacy and to a fair trial. It observed that both the Crimes Act and the POCA were introduced prior to the establishment of the PJCHR. The PJCHR recommended that foundational human rights assessments be made of both pieces of legislation and ‘the statement of compatibility be updated to provide an assessment of the compatibility of this measure with the right to a fair trial, and provide additional information in relation to the right to privacy’.[7]

Similarly, the PJCHR noted that expanding the capacity of integrity agencies and oversight bodies to receive intercepted information and interception warrant information under the TIA Act in Schedule 5 engages and limits the right to privacy and may engage and limit the right to a fair trial. It recommended a foundational human rights assessment of the TIA Act and that the statement of compatibility with human rights be updated to provide ‘a more fulsome analysis’ of the compatibility of the measure with the rights to privacy and a fair trial.[8]

In relation to the proposed increase of the Commonwealth penalty unit (Schedule 3), the PJCHR noted that civil penalties may be treated as ‘criminal’ for the purposes of international human rights law in some circumstances, including because of their potential severity. It recommended that ‘the statement of compatibility with human rights be updated to reflect the potential engagement and limitation of criminal process rights’.[9]

Key issues and provisions

Adapting criminal enforcement powers to digital assets including cryptocurrency

Australian law enforcement authorities have been challenged by the increasing use of digital assets including cryptocurrencies as well as their trading on digital currency exchanges. The Explanatory Memorandum states:

Law enforcement agencies have identified an increase in criminals’ use of digital assets (including cryptocurrency) to facilitate their offending and as a means to hold and distribute the benefits derived from their offending. Investigations involving digital assets have been associated with a variety of crime types including the purchase of drugs, child exploitation material and firearms through dark web markets; ransomware and cyber related offences; and money laundering and financing of terrorist organisations. [10]

The AFP’s submission to the PJCIS review of the Bill observed:

... [T]he legitimate benefits of digital currencies in global transactions are being exploited by criminal actors. Digital currencies provide a channel for individuals with nefarious intent to transfer value (digital assets) anonymously. Digital currencies feature in a growing range of crimes, particularly financial fraud and scams, ransomware, trafficking in illicit commodities, as well as money laundering and terrorist financing. The AFP frequently encounters the use of digital assets, including cryptocurrencies, to hold and distribute the benefits of illicit activities across an increasing number of crime types.[11]

Similarly, in a recent submission to the Joint Parliamentary Committee on Law Enforcement’s inquiry into cybercrime the Victorian Police noted:

There are now over 26,000 cryptocurrencies that are or have been actively traded at some point and represent a combined market cap of approximately AUD $2.13 trillion; Bitcoin, Ethereum, Monero and Tether are popular examples. They are especially attractive to offenders, including [serious and organised crime] groups in Victoria, to hide the movement and storage of proceeds of crime and facilitate a range of offending, such as trafficking of drugs and [child abuse material].[12]

In Victoria, the Confiscation Act 1997 (Vic) was amended in 2022 to ‘... enhance law enforcement's powers to address organised crime's growing use of cryptocurrencies, clarify and strengthen investigation and enforcement powers, including powers to gather information, restrain property and enforce confiscation outcomes’.[13] However, other Australian jurisdictions do not appear to have made broad reforms in this area.[14] The Australian Banking Association’s submission to the Joint Committee’s inquiry observed:

... the growth of cryptocurrency and digital assets has greatly expanded the capacity for downstream financial crime to be executed off the back of cyber and fraud crimes. The jurisdictional authority and capability to respond to this ecosystem meanwhile is dispersed across state police, the AFP, and federal agencies, creating ambiguity and friction in responding to the entire value chain of cybercrime ... While states have been proactive in establishing specialised cyber-policing units, generally speaking most cybercrime capabilities rest with the AFP. Variation in legislation and law enforcement powers across states furthers this challenge – e.g. Victoria Police have powers to seize cryptocurrency and digital assets, while other jurisdictions are more limited.[15]

Overseas jurisdictions are also moving to address the capacity of authorities to deal with digital assets. In the United Kingdom, the recently passed Economic Crime and Corporate Transparency Act 2023 (UK) amended the Proceeds of Crime Act 2002 (UK) to include measures to allow law enforcement to apply to seize, freeze and recover ‘cryptoassets’ that are connected to illicit or criminal activity.[16] Interestingly, the provisions include a process for the destruction of seized ‘cryptoassets’ in some circumstances including where there were ‘reasonable grounds to believe that the realisation of the cryptoassets would be contrary to the public interest’ (section 67AA).

In the United States, authorities have utilised asset forfeiture powers as a tool in crypto-related enforcement proceedings.[17] In 2022, the US Department of Justice issued a report on The role of law enforcement in detecting, investigating, and prosecuting criminal activity related to digital assets. One of the regulatory reforms in the report proposed lifting the USD$500,000 cap on administrative forfeiture actions for ‘cryptocurrency and other digital assets’.[18]

Schedule 1—Seizing digital assets

Crimes Act amendments

Item 1 will insert definitions for digital asset and seize in subsection 3C(1) of the Crimes Act, which defines terms in Part IAA—Search, information gathering, arrest and related powers (other than powers under delayed notification search warrants).

Digital asset

The first part of the proposed definition of digital asset is:

(a) a digital representation of value or rights (including rights to property), the ownership of which is evidenced cryptographically and that is held and transferred electronically by:

(i) a type of distributed ledger technology; or

(ii) another distributed cryptographically verifiable data structure.

The Explanatory Memorandum states the first part of this broad definition ‘captures a range of digital assets that could hold value and be capable of restraint or forfeiture under the POCA, including “coins”, “stablecoins” and “tokens”’ and encompasses terms currently used in the digital asset industry. It notes the proposed definition reflects the Australian Securities and Investment Commission’s financial services licensing regime terminology in relation to ‘crypto-assets’.[19]

In its submission to the PJCIS, the Attorney-General’s Department characterised the definition as ‘flexible enough to encompass both the terms that are currently used in the crypto-asset industry like coins, stablecoins and tokens, and those that may emerge as the technology evolves’.[20]

The difficulties with precisely defining the term ‘digital asset’ were highlighted during the Senate Economics Legislation Committee’s inquiry into the Digital Assets (Market Regulation) Bill 2023 (the Bragg Bill) (a private senators’ bill introduced by Liberal Senator Andrew Bragg). The Bragg Bill defined a ‘digital asset’ as:

… digital asset means a digital representation of value or rights which may be transferred and stored electronically, using distributed ledger technology or similar technology.

In its report, the Senate Economics Legislation Committee noted broad support from submitters to the inquiry concerning the ‘vital’ need for clear definitions concerning the regulation of digital assets. However, there appeared to be a lack of consensus amongst submitters concerning what those definitions should be. The report stated:

… [s]ubmitters noted a range of potential issues with the bill’s propose[d] definition of digital assets, and related concepts, including the impact the definitions could have on the efficient operation of regulation.[21]

In its conclusion the Committee recommended the Bragg Bill not be passed and ‘the Australian Government continue to consult with industry on the development of fit-for-purpose digital assets regulation in Australia’.[22] In particular, it referred to Treasury’s Token Mapping consultation and regulatory reform process.

Notably, the Victorian definition of ‘digital asset’ inserted into the Confiscation Act 1997 (Vic) in 2022 is different from the proposed definitions in the Bill and the Bragg Bill. It provides:

… digital asset means a digital representation of value, or contractual rights, that may be transferred, stored or traded electronically.[23]

Other jurisdictions are also considering the appropriate definition of digital assets. For example, the UK Law Reform Commission, following a consultation process on digital assets, has proposed legislation ‘to confirm the existence of a “third category” of personal property rights, capable of accommodating certain digital assets including crypto-tokens’.[24]

Seize

The definition of seize inserted by the Bill clarifies that ‘for a digital asset, has a meaning affected by subsection 3FA(8)’. Proposed subsection 3FA(8) (inserted by item 6) outlines additional ways that a digital asset may be seized. It provides that ‘seizing’ a digital asset includes transferring a digital asset from an existing digital wallet (or some other thing) to a digital wallet (or some other thing) controlled by the Australian Federal Police, or a police service or force of a state or territory. Further, it includes transferring a digital asset from a digital wallet (or some other thing) ‘recreated or recovered’ using things found in the course of a search authorised by a warrant.

The term ‘digital wallet’ is not defined in the Bill. A US Congressional Research Service paper in 2022 observed that, in relation to cryptocurrencies, digital wallets can be divided into three types:

Custodial wallets are “hosted” or maintained by third-party institutions (such as a crypto exchange). They are funded by bank accounts, and most can be used to buy, sell, or trade certain digital assets. Platforms that host custodial wallets execute digital asset transactions on the account holder’s behalf and log them on the custodian’s books (or “off chain”) rather than on the distributed ledger blockchain of the coin. Non-custodial wallets are not hosted by third-party institutions. They maintain the keys necessary to access and sign the assets for transmission to blockchains and represent the asset’s location on the network. Loss of private keys renders cryptocurrency irretrievable. A non-custodial wallet user can transact in crypto without relying on a custodian. Cold-storage wallets are pieces of hardware that allow end users to store cryptocurrencies offline, a practice that shields them from hacking. Cold-storage wallets can be connected to the internet to perform transactions.[25]

The Explanatory Memorandum indicates that the amendments in the Bill are envisaged as applying to situations where digital wallets are encountered during the execution of search warrants.[26]

Regulation making powers

The second part of the definition of digital asset provides it may be extended to ‘a right or thing prescribed by the regulations, but does not include any right or thing that, under the regulations, is taken not to be a digital asset for the purposes of this Part’. The Explanatory Memorandum states:

It is likely that the first part of the definition may need to be adapted in future if the fundamental characteristics of digital assets changes. A regulation-making power is justified in this context because digital assets are highly technical, ever-evolving and uncertain. The regulation-making power will ensure the legislation is future-proofed and able to adapt to technological developments and innovations.[27]

Similarly, the amendments for seizing a digital asset would also include ‘transferring the digital asset in circumstances prescribed by regulation’ (proposed paragraph 3FA(8)(c)). The Explanatory Memorandum states:

A regulation-making power is justified in this context because the platforms and technology that enable digital assets is not oversighted by any one central body so it is not uniform across digital assets platforms and the number and types of participants providing services in digital currency payments systems continue to increase. Further, digital assets are a developing capability within law enforcement. The regulation-making power will ensure the legislation is future-proofed and able to adapt to technological developments and innovations.[28]

When similar amendments were previously before the Parliament as part of the Crimes Legislation Amendment (Ransomware Action Plan) Bill 2022, the Scrutiny of Bills Committee questioned whether ‘it was necessary and appropriate to leave key elements of the definitions of “digital asset” and “seizing” a digital asset to delegated legislation’. It observed that the definitions relate to the exercise of coercive power and that it has ‘generally not accepted a desire for administrative flexibility to be a sufficient justification, of itself, for the inclusion of significant matters in delegated legislation’.[29] The Scrutiny of Bills Committee reiterated that its ‘consistent scrutiny view is that significant matters, such as key elements of definitions central to the operation of a legislative scheme, should be included in the primary legislation unless a sound justification for the use of delegated legislation is provided’.[30]

Regulations made under the Crimes Act are disallowable by either House of Parliament under the disallowance procedures under section 42 of the Legislation Act 2003.

Notably, the Victorian definition of ‘digital asset’ inserted into the Confiscation Act 1997 (Vic) in 2022 did not include the capacity to broaden its scope through regulation.[31]

Extending search warrant powers to digital assets

Item 6 inserts proposed section 3FA—The things authorised by a search warrant—additional things for digital assets.

Currently in the Crimes Act, section 3E outlines when a search warrant may be issued in relation to a premises or a person.[32] Section 3F addresses the things which are authorised by a search warrant for the executing officer or constable assisting.[33] Proposed section 3FA would extend these search warrant powers in respect of digital assets.

Proposed subsection 3FA(1) establishes there is authority to seize digital assets under a warrant to search premises where the executing officer or constable assisting:

  • ‘finds one or more things that suggest the existence of the digital asset’
  • reasonably suspects it to be evidential material in relation to an offence to which the warrant relates, another indictable offence or ‘evidential material’ or ‘tainted property’ under the POCA[34]and
  • reasonably suspects that seizing the digital asset is necessary to prevent its ‘concealment, loss or destruction or use in committing an offence’.

Proposed subsection 3FA(2) establishes similar authority to seize digital assets under a warrant in relation to a person.

The threshold of ‘reasonably suspects’ for the seizure of digital assets is lower than the existing threshold ‘believes on reasonable grounds’ in section 3F for seizure of other things under a search warrant. The Explanatory Memorandum argues the lower threshold for seizure of digital assets reflects the ‘unique challenges that the discovery of digital assets creates when located during the exercise of search warrant powers’:

Digital assets have become more common in the community, so the mere holding of large amounts of a digital asset is unlikely on its own to be as suspicious as holding large amounts of cash. There will need to be a level of analysis to develop some understanding of the source of those funds ... [I]n the case of digital assets, the risk of not taking immediate action to seize is high. If law enforcement does not seize a digital asset at the time of its discovery, it will be very easy for a criminal or associate to remotely and almost instantly move the asset elsewhere that is out of reach of law enforcement via an online transaction.

To seize a digital asset there will need to be reasonable grounds for the suspicion held by the relevant officer. This means there will still need to be other information available to the relevant officer which objectively indicates a connection between the digital asset and criminal activity before seizure is able to occur.[35]

Proposed subsections 3FA(3), (4) and (5) provide broad scope for law enforcement within the authority of warrants to use electronic equipment to seize digital assets and access data to determine the existence of digital assets to be seized. However, proposed subsection 3FA(6) provides that this does not extend to interfering with communications in transit, lawful use by other persons of a computer (unless necessary to do things specified in the warrant) or causing material loss or damage to other persons lawfully using a computer.

Proposed subsection 3FA(7) clarifies that for a warrant in relation to premises, law enforcement are authorised to operate electronic equipment:

  • at the premises or
  • if the electronic equipment is moved to another place for examination or processing, at that other place

for the purpose of seizing digital assets under a warrant.

Proposed subsections 3FA(11) and (12) provide that the powers to use electronic equipment to seize digital assets and access data to determine the existence of digital assets to be seized in relation to warrants may be done remotely. The Explanatory Memorandum states:

Allowing seizure to be affected remotely recognises that digital assets are a developing capability within law enforcement, and relevant technical specialists are not always able to physically attend all warrant premises. These provisions would allow the provision of remote assistance to an officer who is at the warrant premises, or in the presence of the subject of a person warrant, during the execution of the warrant, and seizure by an officer located at law enforcement agencies’ offices or elsewhere ... To be clear, the execution of a premises or person search warrant must still be carried out by physical attendance of the executing officer and constables assisting at the search warrant.[36]

Items 7–26 make a number of amendments to key sections of the Crimes Act dealing with use of equipment or computer systems to insert wording which deals with the seizure of digital assets. For example, existing subsection 3K(1) provides for warrant executing officers to bring ‘any equipment reasonably necessary for the examination or processing of a thing ... in order to determine whether it is a thing that may be seized under the warrant’. Item 7 adds ‘or a thing that suggests the existence of a digital asset that may be seized under a warrant’.

The use of the word ‘suggests’ in the amendments highlights the lower threshold for the application of the search warrant powers in relation to the seizure of digital assets.

The Scrutiny of Bills Committee expressed concern that the new search and seizure powers could extend to the data of third parties:

It is unclear to the committee why, in this instance, it is necessary and appropriate for the authority of existing search warrants to be expanded by the bill to authorise access to account-based data for third parties who may have, at any time, used a computer being considered for seizure under the warrant.

The committee notes with further concern that such third-party information may be copied and altered in line with the conditions set out in the relevant provisions of the bill... The committee has previously discussed the potential for inappropriately framed warrant regimes to trespass on personal rights and liberties. Relevantly, the committee has expressed concern about warrant regimes that: do not adequately guard against the seizure of material unrelated to an investigation; do not adequately protect third parties; authorise covert access to material and thereby deny individuals the opportunity to protect privileged information or to challenge the grounds on which access has been granted; and are not subject to adequate judicial oversight.[37]

It considered that the ‘explanatory memorandum should contain detailed information in relation to any constraints or privacy safeguards that exist for any personal information seized under warrant, especially that of third parties’.[38]

Proceeds of Crime Act amendments

Items 27–42 make corresponding amendments to the POCA in relation to seizing digital assets.

Additional things authorised by search warrants for digital assets

In particular, item 30 inserts proposed section 228A which reflects proposed section 3FA of the Crimes Act. The Explanatory Memorandum states it will:

  • establish the circumstances in which digital assets can be seized,
  • establish the thresholds required for the seizure of digital assets and the matters the executing officer or person assisting must be satisfied of prior to effecting the seizure,
  • clarify that a warrant also authorises the executing officer or person assisting to use electronic equipment to seize digital assets or access data to determine the existence of a digital asset that may be seized,
  • provide limitations on the addition, deletion or alteration of data where it is likely to interfere with communications in transit or the lawful use by other persons of a computer, unless it is necessary to do things specified in the warrant,
  • set out a non-exhaustive list of ways digital assets can be seized,
  •  clarify the time limit for seizing digital assets and certain other powers, and
  • clarify that a digital asset can be seized at the premises that are the subject [of] the search warrant, or at any other place.[39]

Definitions

Item 42 inserts definitions for carrier, communication in transit, digital asset, seize and telecommunications facility into section 338 (which contains the Dictionary for the POCA).

The definitions of carrier, communication in transit and telecommunications facility draw on existing definitions in the Telecommunications Act.

The definitions for digital asset and seize replicate the definitions to be included by the Bill in the Crimes Act. The definition of digital asset includes ‘a right or thing prescribed by the regulations ...’ and proposed paragraph 228A(6)(c) provides that ‘seize’ ‘for a digital asset’ includes ‘transferring the digital asset in circumstances prescribed by regulations made for the purposes of this paragraph’. Accordingly, these provisions also raise the same regulatory powers issues discussed above.

National Anti-Corruption Commission Act amendments

Schedule 1, Part 2 contains amendments to the NACC Act to reflect the insertion of proposed section 3FA into the Crimes Act. The Explanatory Memorandum advises that the amendments are intended to allow the National Anti‑Corruption Commission to also seize digital assets relevant to an offence which is an indictable offence or corruption issue which the NACC is investigating.[40]

Schedule 2—Digital currency exchanges

The POCA provides a legislative scheme to trace, restrain and confiscate the proceeds of certain classes of crime against Commonwealth law. In some circumstances it can also be used to confiscate the proceeds of crime against foreign law or the proceeds of crime against state law (if those proceeds have been used in a way that contravenes Commonwealth law).

The Explanatory Memorandum states that the amendments in Schedule 2 will extend the investigative and asset freezing powers of law enforcement authorities (that currently only apply to financial institutions) to ensure they may be exercised in relation to certain digital currency exchanges. It states ‘... the amendments would ensure law enforcement can identify digital currencies associated with criminal offending and freeze the relevant accounts to prevent the dissipation of funds (and potential reinvestment in future criminal activity) before any restraint action can be taken under the POCA’.[41]

Under a POCA freezing order, authorised officers can apply to a magistrate to order that a financial institution limit withdrawals from an account for up to three working days. Items 1–8 make various amendments to change the terminology in relation to freezing orders made under the POCA. This changes references to financial institutions not allowing withdrawals from accounts to add ‘or transactions’ or a ‘transaction involving’. The Explanatory Memorandum states:

The use of the word ‘transaction’ is intended to capture the broader range of dealings that can occur in relation to digital currencies in comparison to fiat currencies. The term ‘transaction’ should be interpreted broadly to include any dealings with digital currencies held in an account, including dealing with it as a gift, exchanging it for fiat currency, or transferring it from a digital currency exchange to a private wallet. This will ensure law enforcement agencies have the capabilities required to prevent account holders taking actions that could result in a reduction in the account’s balance. For example, some digital currency exchanges offer the ability to trade one type of digital currency for another, which could result in a change of the value of the digital currency connected to a specified account.[42]

The Explanatory Memorandum notes that the existing requirements for making a freezing order in subsection 15B(1) will continue to apply.[43]

While the amendments in Schedule 2 are intended to expand the scope of the POCA regime to include digital currency exchanges, the changes appear to extend to all accounts at financial institutions. This is highlighted by item 9 which will amend the definition of ‘account’ in the POCA’s Dictionary in section 338. The words ‘or transactions’ will be added:

account means any facility or arrangement through which a financial institution accepts deposits or allows withdrawals or transactions ...

Items 10–11 further amend the definition of account though inserting proposed paragraphs (ea)and (h). Proposed paragraph (ea) clarifies the definition of account extends to ‘an account relating to digital currency’ and includes: an account representing an amount of digital currency; and an account provided as part of a digital currency exchange. Proposed paragraph (h) will clarify that it is immaterial in the case of a digital currency related account whether the balance of the account is expressed as an amount of digital currency, Australian currency or any other currency.

Item 12 inserts new definitions for digital currency and digital currency exchange to the POCA’s Dictionary which utilise the existing definitions and terminology in the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act).

In section 5 of the AML/CTF Act the term ‘digital currency’ is defined as a ‘digital representation of value’ that:

(i) functions as a medium of exchange, a store of economic value, or a unit of account; and

(ii) is not issued by or under the authority of a government body; and

(iii) is interchangeable with money (including through the crediting of an account) and may be used as consideration for the supply of goods or services; and

(iv) is generally available to members of the public without any restriction on its use as consideration.

The definition also allows for a ‘means of exchange or digital process or crediting’ to be declared or excluded by the rules made under the AML/CTF Act.

The definition of digital currency exchange means a ‘registrable digital currency exchange’ within the meaning for the AML/CTF Act. This means a ‘designated service’ covered by item 50A in section 6 of the AML/CFT Act which is not of a kind specified in the AML/CTF Rules. Item 50A in section 6 covers financial services ‘exchanging digital currency for money (whether Australian or not) or exchanging money (whether Australian or not) for digital currency, where the exchange is provided in the course of carrying on a digital currency exchange business’.

This appears to limit the coverage of the definition of digital currency exchange to where fiat money[44] is involved in transactions and transfers. It may not cover an exchange where digital currency was being traded for another type of digital currency. However, the AML/CTF Act provides that the regulations may amend an item of a table of ‘designated services’ in section 6, which could extend the coverage of this definition.[45]

Item 13 extends the definition of ‘financial institution’ in the POCA’s Dictionary by inserting proposed paragraph (i) ‘a corporation to which paragraph 51(xx) of the Constitution applies that provides a digital currency exchange’. This reflects the Commonwealth’s constitutional legislative power in relation to corporations. Section 51(xx) provides that the Commonwealth Parliament may ‘make laws for the peace, order, and good government of the Commonwealth with respect to: ... (xx) foreign corporations, and trading or financial corporations formed within the limits of the Commonwealth’.

The Explanatory Memorandum notes the change to this definition ‘expands the scope of the proceeds of crime regime so that orders that can currently be sought for and notices provided to financial institutions can also be sought or given to a digital currency exchange’.[46] Further, this will expand the scope of the information gathering regime by participating states and self‑governing territories in Schedule 1 of the POCA and other legislative regimes which rely on the definition of ‘financial institution’ in the POCA such as the Mutual Assistance in Criminal Matters Act 1987.[47]

Schedule 3—Penalty unit

The Commonwealth penalty unit was introduced in 1992.[48] This reform followed a review which recommended that Commonwealth penalties which utilised a dollar amount be replaced with a penalty unit system in relation to fines, as ‘the erosion of the value of money sooner or later causes the amount specified to be unrealistic’.[49] In 2015 amendments provided for an automatic Consumer Price Index adjustment to the Commonwealth penalty unit every three years.[50]

Subsection 4AA(1) of the Crimes Act sets out that, in the law of the Commonwealth or a Territory Ordinance (unless a contrary intention appears), the amount of a penalty unit is $275 (subject to the indexation process in subsection 4AA(3)). This amount was previously increased from $210 to $275 by the Crimes Amendment (Penalty Unit) Act 2022. Subsection 4AA(3) provides that indexation increases occur on 1 July 2023 and each third 1 July (every three years). Following this indexation process, on 1 July 2023, the penalty unit amount increased to $313.[51]

Item 1 will increase the penalty unit amount from $313 to $330.

Item 2 will reset the next indexation of the penalty unit under subsection 4AA(3) to 1 July 2026 and each third July after that date.

Item 3 provides that the amendments (and therefore the increased penalty amounts) will apply to offences committed on or after commencement of Schedule 3 on 1 July 2024.

In justifying the increase, the Explanatory Memorandum states:

Maintaining the value of the penalty unit over time ensures that financial penalties for Commonwealth offences reflect community expectations and continue to remain effective in deterring unlawful behaviour. The value of the penalty unit has increased five times by legislative amendment and twice by automatic indexation since it was first instituted in 1992, increasing from $100 to $313 (currently). These increases represent an increase of 213%, [while] average incomes have increased by 282% during the same period.[52]

As noted above, the Explanatory Memorandum acknowledges that there will be an increase in the revenue returned to the Consolidated Revenue Fund for pecuniary penalties imposed for the commission of Commonwealth criminal offences.[53] The Mid-Year Economic and Fiscal Outlook 2023–24 (MYEFO) indicated this measure is ‘estimated to increase receipts by $4.5 million over five years from 2022–23’.[54] The increase to the penalty unit has been identified as part of a number of ‘policy and revenue tweaks in the fine print’ arising from the MYEFO to increase the Commonwealth Government’s ‘budget bottom line by hundreds of millions’ of dollars.[55]

The Attorney-General’s Department submission to the PJCIS inquiry noted that fines are the most common sentencing disposition imposed by courts in Commonwealth matters ‘occurring in 31% of sentencing matters in the 2021–22 financial year’. However, it highlighted that while the Commonwealth penalty unit has increased 213% from 1992, average incomes had increased by 282% during the same period.[56] The Attorney-General also emphasised that an increase in the value of the penalty unit does not curb a court’s discretion to impose an appropriate penalty but rather ‘increases the maximum penalty that the court can impose as punishment for the most serious offending’.[57]

As indicated above, the Scrutiny of Bills Committee has expressed its concern that ‘the Parliament is being asked to approve a wholesale increase to all civil and criminal penalties contained within Commonwealth legislation that are expressed in penalty units with very limited justification as to why this significant increase is necessary or appropriate’. It stated:

... [T]he committee notes that the explanatory materials to the bill do not explain how the amount of the increase was determined, or why it is considered necessary to introduce an increase to the Commonwealth penalty unit of approximately 5 per cent in addition to the usual indexation process. The explanatory memorandum also contains no evidence that the proposed increase better reflects community expectations or is necessary to ensure that penalties remain an effective deterrence measure.[58]

The Scrutiny of Bills Committee has requested the Attorney-General’s advice on these issues.

Schedule 4—Communications Access Coordinator and Communications Security Coordinator

Communications Access Coordinator (CAC)

The TIA Act regulates access to telecommunications content and data in Australia and permits access to communications content and data for law enforcement and national security purposes. Carriage services providers and licensed telecommunications carriers are required to set up systems to allow the interception of communications by law enforcement and security agencies.

The role of ‘agency co-ordinator’ was introduced in 1997 and was intended to centralise agency dealings with telecommunications carriers.[59] The functions of the role encompassed consideration of interception capability plans, applications for exemptions and nomination of 'delivery points' for intercepted communications.[60] The ‘agency co-ordinator’ title was replaced by the Communications Access Coordinator (CAC) in the Telecommunications (Interception and Access) Amendment Act 2007 as the first point of contact for both the telecommunications industry and agencies in relation to telecommunications information.[61]

Items 61 and 62 update the definition of the CAC in the TIA Act. Item 61 essentially clarifies the definition in existing subsection 6R(1) by providing the CAC is defined as either the Secretary of the Attorney-General’s Department (rather than ‘the Department’, as currently) or a person or body covered by an instrument made under subsection 6R(2). Item 62 substitutes subsection 6R(2) and inserts proposed subsections 6R(2A), (2B) and (2C). These provide that the Attorney-General may, by legislative instrument, specify one or more persons or bodies, or classes of persons or bodies as the CAC (proposed subsection 6(2)). However, the Attorney-General may only specify a person or class of persons who are Australian Public Service (APS) employees in the Attorney-General’s Department (proposed subsection 6R(2A)).

Proposed subsection 6R(2B) provides that an instrument must specify the functions and powers of the CAC that the person or body, or class of persons or bodies may perform or exercise under the TIA Act or any other Act. Proposed subsection 6R(2C) further provides that they may ‘only perform the functions or exercise the powers specified in that instrument’. The Explanatory Memorandum states:

The Attorney-General’s instruments will provide clarity on the level at which certain functions will be carried out. These instruments will be subject to parliamentary scrutiny including possible disallowance. ...

[T]he Attorney-General must specify in the instrument what functions or powers persons, classes of persons, or bodies are permitted to perform or exercise. This will ensure the instruments provide clarity and transparency in relation to decision-makers performing functions of the Communications Access Coordinator in the Attorney-General’s Department.[62]

A large number of the amendments to both the Telecommunications Act and the TIA Act update the references to the term ‘Communications Access Co-ordinator’ to the ‘Communications Access Coordinator’ ‘... to reflect modern spelling’.[63] Many other amendments make changes to reflect that more than one person or body, or class of persons or bodies may carry out particular functions of the CAC or the Communication Security Coordinator (where relevant).

Communications Security Coordinator (CSC)

The Bill will create the position of CSC and transfer some of the national security responsibilities of the CAC under Part 14 of the Telecommunications Act to the CSC. The Explanatory Memorandum states that the Bill ‘does not propose any new functions but rather aligns the performance of existing functions under Part 14 of the Telecommunications Act with the responsibilities of the Attorney-General’s Department and the Department of Home Affairs’.[64]

Item 3 of Schedule 4 will insert proposed section 7A into the Telecommunications Act which will provide for the CSC position. The CSC will be the Home Affairs Secretary or another person or body, or class of persons or bodies (who must be APS employees in the Home Affairs Department), specified through a legislative instrument by the Home Affairs Minister. If a legislative instrument is made it must specify the functions and powers of the CSC that the specified person or class of persons may perform or exercise. The Explanatory Memorandum notes these legislative instruments will be ‘subject to review and may be disallowed’.[65]

In its consideration of the Bill, the Scrutiny of Bills Committee raised its concerns regarding the potential for the broad delegation of administrative powers and functions for the CSC in proposed section 7A (and the corresponding provisions for the CAC) through legislative instrument. It stated:

[T]he committee reiterates its long-standing scrutiny position that delegated legislation is not subject to the full range of parliamentary scrutiny inherent in the legislative process, including the ability of the Parliament to amend the proposal as to which functions of the Communications Service [sic] Coordinator or Communications Access Coordinator will be performed by particular persons, classes of persons, or bodies. The committee emphasises that it is for the Parliament to decide the appropriate persons to whom powers and functions under legislation may be delegated and not the Executive. The committee notes that it appears Communications Access Coordinators, for example, have substantial responsibilities under the Telecommunications Act ... This indicates to the committee that these are positions which may be more appropriately limited for delegation to SES-level employees and above in the relevant Departments.[66]

‘Part 14—National interest matters’ of the Telecommunications Act outlines a number of responsibilities for telecommunication carriers, carriage service providers and the Australian Communications and Media Authority. Currently, a number of these responsibilities refer to the role of the CAC. Relevant provisions and how they will be impacted by the Bill are set out in Table 1, below.

Table 1: Responsibilities under Part 14 of the Telecommunications Act 1997
Schedule 4 item no. Provision What it does currently Who will be responsible under the Bill?
Items 15 to 18 Section 314A Carriers and carriage service providers must notify the CAC of proposed changes which are likely to have a material adverse effect on their capacity to comply with their obligations Transfers to the CSC (Home Affairs)
Items 19 to 29 Section 314B CAC may request further information to assess changes proposed under section 314A Transfers to the CSC (Home Affairs)
Items 30 to 31 Section 314C Carriers and carriage service providers may give the CAC a security capability plan Transfers to the CSC (Home Affairs)
Items 32 to 42 Section 314D CAC may request further information to assess changes proposed under section 314C Transfers to the CSC (Home Affairs)
Items 43 to 48 Section 315J Annual report on aspects of the operation of Part 14 information under sections 314A to 314D Transfers to the CSC (Home Affairs)
Item 49 Section 317ZC The CAC is an authorised applicant and may apply to a court for a civil penalty provision under Part 4 of the Regulatory Powers (Standard Provisions) Act 2014 Remains with the CAC (Attorney-General’s)
Item 50 Section 317ZD The CAC is an authorised person and may accept enforceable undertakings under Part 6 of the Regulatory Powers (Standard Provisions) Act 2014 Remains with the CAC (Attorney-General’s)
Item 50 Section 317ZE The CAC is an authorised person and may apply to a court for an injunction under Part 7 of the Regulatory Powers (Standard Provisions) Act 2014 Remains with the CAC (Attorney-General’s)
Items 51 to 56 Section 317ZF Certain information may be shared with or by the CAC Remains with the CAC (Attorney-General’s)
Item 57 Section 317ZL Notices may be served at an address nominated to the CAC Remains with the CAC (Attorney-General’s)

Source: Telecommunications Act 1997 and Schedule 4 to the Crimes and Other Legislation Amendment (Omnibus No. 1) Bill 2024.

Schedule 5—Information sharing between integrity agencies and oversight bodies

Under the regime in the TIA Act, interception agencies, which include some state-based integrity agencies, can apply for warrants for the interception of communications. Dealing with lawfully intercepted information and interception warrant by agencies is controlled under the TIA Act.

The amendments to the TIA Act in Schedule 5 extend the capacity of specific oversight bodies to deal with intercepted information and interception warrant information to carry out their functions. These bodies are:

A large number of the amendments in Schedule 5 seek to distinguish state integrity and related oversight bodies from similarly named agencies in other jurisdictions. The Explanatory Memorandum notes this will ‘clarify the jurisdiction of each integrity agency and oversight body by repealing and replacing their definitions with their jurisdiction in the title’.[68]

Permitted purposes

Under the TIA Act dealing with lawfully intercepted information and interception warrant information by agencies is usually restricted to ‘permitted purposes’ (section 67). The definition of ‘permitted purpose’ in section 5 outlines the purposes of each agency. The Bill amends the ‘permitted purposes’ of several oversight bodies to recognise the routine oversight, audit and assurance functions.

For example, item 70 changes the ‘permitted purposes’ of the Victorian Inspectorate in its oversight role regarding the Independent Broad-based Anti-corruption Commission (IBAC). Currently the permitted purposes of the Victorian Inspectorate in subsection 5(1) of the TIA Act are:

(fa) in the case of the Victorian Inspectorate:

 (i) an investigation under the Victorian Inspectorate Act into the conduct of the IBAC or IBAC personnel (within the meaning of that Act); or

 (ii) a report or recommendation on such an investigation; ...

This would be substituted with an expanded list of permitted purposes:

(i) monitoring the compliance of the IBAC (Vic.) and IBAC personnel (within the meaning of the Victorian Inspectorate Act) with the IBAC Act (Vic.) and other laws; or

(ii) overseeing the performance by the IBAC (Vic.) of its functions under the Public Interest Disclosures Act 2012 (Vic.); or

(iii) assessing the effectiveness and appropriateness of the policies and procedures of the IBAC (Vic.) which relate to the legality and propriety of IBAC (Vic.)’s activities; or

(iv) receiving complaints in accordance with the Victorian Inspectorate Act about the conduct of the IBAC (Vic.) and IBAC personnel (within the meaning of that Act); or

(v) investigating and assessing the conduct of the IBAC (Vic.) and IBAC personnel (within the meaning of the Victorian Inspectorate Act) in the performance or exercise or purported performance or purported exercise of their duties, functions and powers; or

(vi) reporting or making recommendations on an investigation covered by subparagraph (v) of this paragraph; or

(vii) monitoring the interaction between the IBAC (Vic.) and other integrity bodies to ensure compliance with relevant laws; or ...

This amendment more closely reflects the functions of the Victorian Inspectorate contained in section 11 of the Victorian Inspectorate Act 2011 (Vic). The Explanatory Memorandum states:

The purpose of this amendment is to recognise the routine oversight, audit and assurance functions of the Victorian Inspectorate to allow integrity agencies to disclose interception information and interception warrant information to the Victorian Inspectorate for the purposes of carrying out these functions.

The amendment would capture the breadth of oversight functions of the Victorian Inspectorate to enable it to properly scrutinise and audit interception activities, comply with obligations under the Act, and fulfil statutory functions through access to interception information and interception warrant information.[69]

Similar amendments are made to the permitted purposes of other oversight bodies:

  • the Inspector of the Independent Commission against Corruption (NSW) and the Inspector of the Law Enforcement Conduct Commission (NSW) (item 65)
  • Parliamentary Inspector of the Corruption and Crime Commission (WA) (item 75)
  • Inspector of the Independent Commission Against Corruption (SA) (item 76).

Prescribed investigations

Another defined term in subsection 5(1) is ‘prescribed investigation’. Each of the oversight bodies has a paragraph which outlines the meaning of this term for it. For example, in the case of the Victorian Inspectorate a ‘prescribed investigation’ means ‘an investigation that the Victorian Inspectorate is conducting in the performance of its functions under the Victorian Inspectorate Act’. In his submission to the PJCIS, the Parliamentary Inspector of the Corruption and Crime Commission (WA), Mr Matthew Zilko, noted that the wording of the paragraph relating to his organisation in this definition differs from the other oversight bodies. He stated:

... the current wording in subsection 5(1)(j), which presently provides that ‘prescribed investigation’, in reference to my office, ‘means dealing with a matter of misconduct in the performance of the Parliamentary Inspector’s functions’.

The above language, which limits investigations to those dealing with ‘a matter of misconduct’, is narrower than that used in the definitions which apply to all of the other oversight bodies referred to in section 5(1) of the TIA Act. As my functions and powers are closely analogous to those possessed by those other bodies, I can only assume that this discrepancy represents a drafting oversight.

The practical outcome is that the definition of ‘prescribed investigation’ in relation to my office risks being interpreted as referring only to investigations that involve matters of misconduct on the part of the Commission, its officers, or my officers. This would exclude my other statutory functions from this category.[70]

He suggested that item 94 (which currently makes a minor name clarification change) be amended to ‘adopt the same formulation currently used in respect of oversight bodies in other States ...’.[71]

Expanded information sharing

Section 68 of the TIA Act addresses how the chief officers of agencies can communicate, or authorise the communication of, lawfully intercepted information and interception warrant information (including to other agencies). The Explanatory Memorandum notes the amendments in Schedule 5 will ‘expand the scope of purposes for which the integrity agencies and oversight bodies are able to share interception information and interception warrant information ... to include sharing for the purposes of their oversight functions’.[72]

For example, currently paragraph 68(k) provides that information may be shared in relation to the Western Australian Parliamentary Inspector of the Corruption and Crime Commission:

(k) if the information relates, or appears to relate, to a matter that may give rise to the dealing by the Parliamentary Inspector of the Corruption and Crime Commission with a matter of misconduct (within the meaning of the Corruption and Crime Commission Act)—to the Parliamentary Inspector of the Corruption and Crime Commission.

Item 152 would expand information sharing by reference to the extended ‘permitted purposes’ of this oversight body as amended by the Bill:

(k) if the information relates, or appears to relate, to a matter referred to in paragraph (h) of the definition of permitted purpose in subsection 5(1)—to the Parliamentary Inspector of the Corruption and Crime Commission (WA).

Similar amendments to section 68 of the TIA Act would be made for each of the oversight bodies which will have expanded information sharing under the provisions of the Bill.[73]

Eligible purposes

The Telecommunications Legislation Amendment (International Production Orders) Act 2021 amended the TIA Act to provide for a scheme to facilitate cooperation in law enforcement matters between Australia and foreign countries. Under Schedule 1 of the TIA Act certain agencies can apply for international production orders (IPO) for the purposes of enforcement of criminal law, monitoring of a person subject to a supervisory order and national security.[74] Information obtained from an IPO and related to an IPO is ‘protected information’ and using, recording or disclosing it is controlled. However, there are exceptions for agencies, including oversight bodies, in relation to IPOs relating to interception where protected information may be used, recorded, disclosed or admitted into evidence for ‘an eligible purpose’.[75]

The provisions of the Bill amend the ‘eligible purposes’ of relevant oversight bodies which will expand their capacity to utilise information from IPOs in conducting their functions. Amendments will be made to each of the following oversight bodies:

  • the Inspector of the Independent Commission against Corruption (NSW) and the Inspector of the Law Enforcement Conduct Commission (NSW) (item 182)
  • Victorian Inspectorate (item 187)
  • Parliamentary Inspector of the Crime and Corruption Commission (WA) (item 192).

Item 193 will insert a provision for the Inspector of the Independent Commission Against Corruption (SA):

(q) each of the following is an eligible purpose of the Inspector of the Independent Commission Against Corruption (SA):

(i) conducting annual reviews examining the operations of the Office for Public Integrity (SA) established by section 17 of the Independent Commission Against Corruption Act (SA), and the Independent Commission Against Corruption (SA), during each financial year;

(ii) conducting reviews relating to relevant complaints (within the meaning of Schedule 4 to the Independent Commission Against Corruption Act (SA)) received by the Inspector of the Independent Commission Against Corruption (SA);

(iii) conducting other reviews on the Inspector of the Independent Commission Against Corruption (SA)’s own motion or at the request of the Attorney-General of South Australia or the Committee (within the meaning of Schedule 4 to the Independent Commission Against Corruption Act (SA));

(iv) performing any other functions conferred on the Inspector of the Independent Commission Against Corruption (SA) by other laws of South Australia.

Concluding comments

The inclusion of a definition of digital assets in Schedule 1 appears to pre-empt other policy development processes such as the Treasury’s Token Mapping process in relation to the financial services sector.[76] However, it is clear there is a need for law enforcement authorities to have the capacity to deal with criminal use of cryptocurrencies and other digital assets. The inserted provisions in the Crimes Act and the POCA in relation to digital assets may need to be amended in the future to ensure consistency when there is further clarity regarding regulatory reform of the cryptocurrency sector in Australia.