Blockchain &amp; Crypto-Assets 2026

Piper Alderman has a fintech practice recognised internationally for its depth of regulatory expertise, commercial capability and leadership in emerging technology. The firm’s team advises across the full spectrum of financial services regulation and compliance, complex commercial arrangements, lending and securities matters and regulatory investigations and disputes. Piper Alderman is widely acknowledged in the market as one of Australia’s leading firms for fintech, regtech and digital asset innovation. Its lawyers advise both established financial institutions and high-growth fintechs on the full suite of regulatory issues, including AFS and ACL licensing, AML/CTF and sanctions obligations, consumer credit, payments compliance, digital assets and artificial intelligence. The firm would like to thank Tahlia Kelly for her contribution.

1. Overview of Blockchain and Crypto-Assets

1.1 Blockchain

1.1.1 Evolution of Uses of Blockchain

Developments

Australia’s blockchain market has shifted from activity largely focused on start-ups and exchange-based ecosystems to a framework that seeks to integrate blockchain products and services into traditional financial market infrastructure. This evolution has been driven by significant developments in the treatment of digital assets and by increasing alignment among government, regulators and industry on the value of digital finance and tokenisation.

In particular, the last 12 months saw the passage of the Corporations Amendment (Digital Assets Framework) Act 2026 (Cth) (DAF Act), which introduced a tailored framework for digital asset platforms and custody providers and aligns blockchain-based activities more closely with existing financial services law. The result is a growing convergence between blockchain systems and traditional finance.

Australian Use Cases

Current use cases in the Australian market are concentrated in areas such as stablecoin payment rails, tokenisation and decentralised finance (DeFi):

Stablecoin payments make up a growing proportion of the blockchain transaction volume in Australia, primarily targeting rapid cross-border transactions;
Project Acacia, a joint initiative between the Reserve Bank of Australia (RBA) and the Digital Finance Cooperative Research Centre, which seeks to explore how digital money can support wholesale financial markets through tokenised assets and digital settlement models; it involves more than 20 real-world use cases testing assets such as bonds and carbon credits, using settlement instruments like stablecoins, bank deposit tokens and a pilot wholesale central bank digital currency (CBDC). The final report for Project Acacia was released in May 2026 and outlined the key benefits and challenges tokenisation presents for the Australian market; and
Australia has a vibrant developer ecosystem and has incubated or contributed to the establishment and development of many well-known DeFi projects, including trading, bridge, staking and gaming applications.

Near-Term Outlook

The near future sees a growing industry focus on custody infrastructure and platform design as firms prepare to operate within Australia’s new regulatory perimeter. The next 12 months will be driven by regulatory implementation and operational scaling, with many digital asset businesses assessing whether they require an Australian financial services licence (AFSL) or a variation and lodging applications to rely on the Australian Securities and Investments Commission (ASIC) transitional no-action relief for certain unlicensed digital asset services where an application is submitted by 30 June 2026. The new regulatory framework will require a significant uplift in governance, licensing and custody arrangements, while recently implemented reforms to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act) will further increase compliance obligations for digital asset service providers.

Intellectual Property

Australia’s IP framework is generally technology-neutral, allowing existing regimes to apply to computer software and underlying code and patent protection may be available for technical innovations in blockchain systems where the patentability criteria are satisfied. However, there are currently no bespoke legislative provisions specifically directed at blockchain technology.

1.1.2 Regulatory Sandbox

There is no specific regulatory sandbox for blockchain-based projects in Australia, albeit the Australian government launched consultations to reform the Enhanced Regulatory Sandbox (ERS) to more effectively promote fintech innovation.

The ERS permits a business to test certain innovative financial services or credit activities without needing to obtain an AFSL or an Australian credit licence (or vary an existing licence) for up to two years. However, before participating, businesses must satisfy eligibility requirements, including demonstrating that the service is innovative and that it delivers a net public benefit and remain subject to ongoing conduct and reporting obligations while operating in the sandbox.

The consultation paper recognises that the current sandbox design:

has seen limited participation;
faces strict entry requirements;
lacks a clear path to full licensing; and
imposes significant restrictions on the range of services eligible for testing.

As a result, the Government is considering reforms, including expanding the scope of eligible activities and improving the transition from sandbox testing to full authorisation, while maintaining the core objective of allowing innovative businesses to test services before obtaining a licence.

1.1.3 Regulation of Blockchain Technology

Approach of the Australian Government and Regulatory Bodies

Australia adopts a facilitative but risk-focused approach to blockchain-related industries, seeking to encourage innovation while maintaining strong safeguards for consumer protection and market integrity. Government policy, led by the Treasury and ASIC, aims to position Australia as a leader in the global digital asset ecosystem. This objective is reflected in Treasury’s policy statements on developing a digital asset industry and ASIC’s strategic focus on mitigating financial, conduct and illicit finance risks.

This balance is reflected in recent reforms, including the passage of the DAF Act, which applies tailored financial services regulation to digital asset businesses and the AML/CTF Act reforms designed to strengthen the detection and disruption of financial crime.

In practice, this has resulted in a distinction between blockchain infrastructure applications and higher risk, client facing services. Both the DAF Act and AML/CTF Act provide relief for infrastructure or back end blockchain use, whereas consumer facing or value-transfer activities attract more prescriptive oversight and enforcement. There is no general prohibition on blockchain applications; rather, regulation targets specific activities and services.

Australia adopts a technology-neutral approach, whereby existing legal frameworks govern the underlying activity. If a blockchain-enabled solution involves a financial product or service (such as custody, settlement or trading), entities must comply with applicable licensing, conduct and disclosure obligations under the Corporations Act 2001 (Cth) (Corporations Act). Similarly, AML/CTF obligations arise where activities constitute designated services under the AML/CTF Act. The use of distributed ledger technology does not displace regulatory accountability. Firms remain responsible for compliance and must maintain appropriate governance, oversight and risk management.

Data Privacy

Data privacy is primarily governed by the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles, which apply equally to blockchain-based products and services. Australia does not currently recognise a discrete “right to be forgotten”; instead, obligations focus on taking reasonable steps to protect personal information and to destroy or de-identify it when no longer required, alongside providing mechanisms for correction. These requirements can create tension with blockchain’s immutability. As a result organisations typically need to take care when assessing their design, particularly regarding the storage and management of personal information, to ensure compliance with Privacy Act obligations.

1.1.4 Smart Contracts

Whether a smart contract is legally enforceable in Australia continues to depend on the form of the particular arrangement. There remains no bespoke legal framework governing the enforceability of smart contracts; instead, each contract is assessed by reference to the traditional elements of contract formation to determine whether it is binding. Specifically, there must be an intention to create legal relations, consideration, offer and acceptance. General unfair contract terms provisions, such as duress, undue influence or unconscionable conduct, can render a smart contract void, notwithstanding its self-executing digital nature.

Smart contracts that adopt a “the code is the contract” model raise particular concerns. In these cases, the operative terms exist solely as machine-readable code. This raises practical difficulties in establishing a counterparty’s identity and capacity to enter into the contract. Australian courts have yet to address a smart contract dispute and there remains limited judicial guidance on whether they will adopt reasoning akin to the United States Court of Appeals decision in Van Loon v OFAC, where a smart contract can be ownerless and may be entered into unilaterally and is operator-less.

1.1.5 Industry and Trade Bodies

The Digital Economy Council of Australia (DECA) is a representative organisation for participants in the blockchain and cryptocurrency sector. DECA represents blockchain businesses and market participants more broadly and administers the Australian Digital Currency Industry Code of Conduct, which operates as an audited, self regulatory framework. Under this framework, Australian digital asset exchanges that obtain certification can demonstrate adherence to defined best practice standards in the operation of their businesses. These standards address, among other items:

legal compliance;
the reputation, fitness and propriety of owners and operators;
AML/CTF safeguards and reporting; and
consumer protection measures, including transparent pricing, dispute resolution processes and data security.

1.2 Crypto-Assets

1.2.1 Property Considerations

Judicial Consideration

Australian courts have increasingly treated crypto-assets as a form of property at common law. In Re Blockchain Tech Pty Ltd [2024] VSC 690, the Supreme Court of Victoria confirmed that bitcoin satisfies the recognised indicia of property. Subsequent criminal and insolvency proceedings have proceeded on the same basis, treating crypto-assets as capable of proprietary classification.

While this position is increasingly accepted, it remains subject to further appellate consideration. The High Court of Australia has granted special leave to consider whether Bitcoin constitutes “property” under Australian law following the decision of Poulton v Conrad [2025] TASFC 7. That appeal raises fundamental questions as to whether crypto-assets are best characterised as property, mere information or as a form of control-based entitlement. The outcome is expected to clarify how traditional property concepts (including possession and choses in action) apply to decentralised digital assets.

In practice, enforcement of proprietary rights in crypto-assets differs from that of tangible property. Control of crypto-assets, typically through private keys or custodial arrangements, is central to both possession and recoverability. Courts have adapted existing procedural mechanisms accordingly, including permitting substituted service via digital means in fraud and recovery actions (see Siegers v Nest Services Ltd & Ors [2026] VCC 15). However, the underlying analysis remains grounded in orthodox equitable and proprietary remedies.

Scope of Possession

The DAF Act has sought to clarify the perimeters of “possession” for the purposes of financial services licensing. It defines possession by reference to factual control: a person possesses a digital token if they can transfer it, exclude others from transferring it and demonstrate that capability. This approach deliberately contrasts with the definition of “possession” in the remainder of the Corporations Act, replacing traditional legal concepts of possession with a control-based test aligned with blockchain systems, linking possession to the practical ability to control the token rather than to formal legal ownership.

Transfer and Collateral Arrangements

Transfer of ownership of crypto-assets is primarily determined by the operation of the relevant blockchain protocol. Transfers are effected through transactions authorised by private keys and recorded on the distributed ledger. As a result, control of the relevant private key is typically a key indicator of factual control over the asset.

There is currently no specific legislative framework in Australia addressing the use of crypto-assets in collateral arrangements. There are a number of areas of legal uncertainty in Australia regarding the use of digital assets as collateral or security. These include:

whether crypto-assets constitute “property”;
how ownership and control of crypto-assets should be identified and evidenced;
the taxation consequences of using crypto-assets as collateral; and
the extent to which the Personal Property Securities Act 2009 (Cth) applies to security arrangements involving crypto-assets.

To date, there has been limited case law or regulatory guidance addressing these issues directly. However, given the judicial recognition of bitcoin as a form of property, crypto-assets are likely capable of forming the subject matter of a valid security or collateral arrangement, although the practical application of existing security law frameworks remains uncertain.

1.2.2 Access to Banking

There are no explicit restrictions on the banking partners that digital asset businesses may use for general banking and payment services, nor formal prohibitions on access to those services (subject to standard risk based AML/CTF assessments by financial institutions); however, industry participants in Australia have reported ongoing de banking challenges. Financial institutions have, in some cases, restricted or withdrawn services from crypto businesses despite strong growth in user adoption, creating a structural disadvantage for local exchanges.

Looking ahead, the DAF Act will introduce Digital Asset Platform and Tokenised Custody Platform licensing authorisations from 8 April 2027. It is hoped that the resulting increase in regulatory clarity will assist in strengthening relationships within the banking sector.

1.2.3 ESG/Sustainable Finance

The Australian government has not enacted any specific laws or regulations addressing the environmental impacts of blockchain technology, including proof-of-work systems. However, a number of companies are continuing to explore the use of blockchain in environmental applications, such as biodiversity credit initiatives, to support the achievement of environmental objectives.

If a digital asset business falls within Chapter 2M of the Corporations Act, it will be subject to mandatory climate related financial disclosure requirements.

1.2.4 Tax

Significant tax uncertainties remain in Australia, including, but not limited to:

capital versus revenue account characterisations for individual investors/traders;
the applicability of Fringe Benefits Tax (FBT) to projects that allocate tokens to their employees (akin to an employee share scheme);
the legal and tax implications of a business operating through a Decentralised Autonomous Organisation (DAO);
whether certain on-chain interactions (eg, staking) constitute taxable events;
the tax implications of a blockchain hard fork;
the applicability of indirect taxes (eg, Goods and Services Tax (GST)) in the context of decentralised and anonymous transactions;
what crypto-asset dealings may or may not constitute a Capital Gains Tax (CGT) disposal or event;
the application of potential CGT exemptions, including the personal use asset exemption;
the calculation of CGT asset cost bases;
the taxation implications of crypto-asset exchange failures and creditor claims denominated in crypto-assets; and
what constitutes sufficient records in the eyes of the Australian Taxation Office (ATO) (eg, decentralised ledger records).

Additionally, there remains some controversy in Australia over whether an interest in bitcoin (and possibly other cryptocurrencies) is considered property for Australian common law purposes. Most recently, the Commissioner of Taxation on 7 May 2026 filed to intervene in a civil proceeding in Australia’s highest court (the High Court of Australia), Poulton v Conrad H1/2026. The Commissioner is seeking to intervene to contend that an interest in Bitcoin is property for the purposes of Australian common law and thereby taxable by the Commissioner under Australia’s capital gains taxation regime or as an item of trading stock.

1.2.5 Insolvency

There are no specific resolution or insolvency regimes tailored to blockchain-based businesses in Australia. However, several businesses have been subject to conventional insolvency proceedings. For example, the Australian arm of FTX entered administration in 2022 and subsequently went into liquidation, with creditors expected to be repaid in full. Another exchange, Digital Surge (which was affected by the collapse of FTX), also entered administration in late 2022, but was successfully restructured through a deed of company arrangement (DOCA), allowing it to exit administration and resume operations.

1.2.6 Industry and Trade Bodies

As in 1.1.5 Industry and Trade Bodies regarding blockchain industry bodies, DECA is the primary representative organisation for participants in the crypto-asset sector. DECA performs an advocacy and industry coordination role, including engaging with government and regulators on the development of Australia’s digital asset framework. It also administers the Australian Digital Currency Industry Code of Conduct, a voluntary, audited self regulatory scheme.

2. Regulation

2.1 Regulators and International Alignment

The principal regulators relevant to blockchain and crypto-asset businesses in Australia are the ASIC, the Australian Transaction Reports and Analysis Centre (AUSTRAC) and the ATO, as outlined below.

ASIC regulates crypto-asset activities where a token or arrangement falls within the definition of a “financial product” or where a business provides a financial service under the Corporations Act, including enforcement against misleading and deceptive conduct. ASIC’s remit is extended by delegated authority from the Australian Competition and Consumer Commission (ACCC) in relation to conduct involving misleading and deceptive conduct in the marketing or sale of crypto-assets that are not “financial products”. ASIC has adopted a more assertive supervisory posture, identifying crypto-assets as an enforcement priority following market instability, with a focus on investor protection and application of existing financial services laws.
AUSTRAC regulates blockchain and crypto businesses that provide “designated services” with a geographical link to Australia, focusing on AML/CTF reporting, supervision and financial crime detection. AUSTRAC’s approach is risk-based and aligned with financial crime mitigation, requiring reporting entities to implement AML/CTF programmes tailored to the nature of the services provided.
The ATO regulates tax treatment, including capital gains tax, trading stock characterisation and fringe benefits tax issues and has adopted a cautious approach, favouring guidance over legislative reform, following the Board of Taxation review published in 2025.

Australia has also taken steps to align its AML/CTF framework with international standards. Recent reforms include the adoption of the virtual asset service provider (VASP) concept, a shift toward regulating “virtual assets”, the introduction of the travel rule and the extension of international value transfer service obligations. These amendments reflect a move toward greater alignment with Financial Action Task Force (FATF) expectations and global risk based supervisory models.

In relation to the International Organisation of Securities Commissions (IOSCO), Australia’s approach has been to align substantively with the principles underpinning IOSCO’s 2023 policy recommendations. Specifically, applying the Australian financial services regime to crypto-asset activities, particularly with respect to licensing, disclosure, consumer protection and the custody of client assets.

2.2 Crypto-Asset Regulatory Frameworks

Australia has not adopted a formal classification system for crypto-assets. Instead, whether a crypto-asset or crypto-related service is regulated under Australian financial services law turns on an assessment of its legal characteristics.

Regulators’ Approach to Classification

Regulators take a case-by-case approach focusing on whether a particular crypto-asset or activity falls within existing legal concepts. The central question is whether the asset constitutes a “financial product” under the Corporations Act, which broadly captures facilities through which a person makes a financial investment, manages financial risk or makes non–cash payments. Certain things, such as securities, derivatives and interests in a managed investment scheme, are specifically deemed financial products.

ASIC has indicated that this assessment depends on the rights and features of the specific token or arrangement and that many crypto-asset activities may fall within the financial product regime. Where a crypto-asset does not satisfy that definition, it may be treated as a form of property or goods, with regulatory consequences determined accordingly.

DAF Act Classification

The reforms under the DAF Act adopt an activity-based approach to classification, focusing on the function performed rather than the inherent characteristics of a crypto-asset. This means regulatory outcomes are determined by how a product or service operates in practice, particularly where custody, trading or tokenisation activities are involved. However, token-by-token analysis remains critical, as the classification of individual tokens continues to inform whether additional licensing obligations apply.

At the centre of the framework are two new regulated financial products: digital asset platforms (DAPs) and tokenised custody platforms (TCPs). These concepts extend the Australian financial services licensing (AFSL) regime to capture custodial and tokenisation activities involving digital assets. A DAP broadly covers arrangements in which an operator holds or controls digital assets on behalf of clients, whereas a TCP applies to structures in which real-world assets are tokenised and held for the benefit of token holders. These categories operate as a regulatory “wrapper”, requiring licensing regardless of whether the underlying assets are themselves financial products.

Regulatory Frameworks

Crypto-assets are primarily regulated through the following legal frameworks rather than a bespoke regime. In particular:

the Corporations Act, which incorporates the DAF Act and applies where crypto-assets or related activities involve financial products or financial services;
the AML/CTF Act applies to businesses providing “designated services”, including certain crypto-asset exchanges and, increasingly, broader virtual asset activities; and
general consumer protection laws, including the Australian Consumer Law, apply to all crypto-asset businesses regardless of token classification.

Regulated Activities

The following crypto-asset activities, amongst others, are regulated in Australia (but legal advice is required depending on structure and function):

financial services involving crypto-assets, including issuing, dealing, advising or operating a facility involving crypto-assets that are financial products;
custody and platform services, where an operator holds or controls crypto-assets on behalf of clients;
exchange and transfer services, including fiat-to-crypto exchanges and broader “virtual asset service provider” (VASP) activities; and
payment–related services, including stablecoin issuance or arrangements.

There are no blanket prohibitions on crypto-asset activities in Australia. However, activities may be effectively restricted where:

a business operates without required licences or registrations (eg, AFSL or AUSTRAC registration);
conduct involves misleading or deceptive representations, fraud or market misconduct; or
products expose retail investors to risks without satisfying disclosure and licensing obligations.

Retail Versus Wholesale Customers

Australia imposes a distinction between retail and wholesale customers:

where a crypto-asset is a financial product, retail client protections apply (eg, disclosure obligations, best interests duty, design and distribution obligations);
wholesale client tests under the Corporations Act determine whether a client is treated as retail or wholesale.

Regulatory Transitions

Australia is undergoing a significant regulatory transition. Key developments have been outlined below.

Reforms under the AML/CTF Act came into force on 31 March 2026, with a series of targeted transitional measures to ease implementation for existing reporting entities.
ASIC’s no action position, a transitional measure under which ASIC will not take enforcement action for certain unlicensed digital asset services where a business lodges an AFSL (or variation) application by 30 June 2026, complies with specified conditions while that application is assessed.
The commencement of the DAF Act on 8 April 2027. This will introduce:

licensing for DAPs and TCPs;
tailored custody, disclosure and operational standards; and
integration of crypto-asset intermediaries into the AFSL framework.

Consultations on draft payments legislation modernisation are underway, with the aim to bring in a broader range of Payment Service Providers (PSP) within the AFSL framework, enhanced prudential oversight powers for the Australia Prudential Regulation Authority (APRA) in respect of major stored value facility (SVF) providers and the introduction of a broad rule making power to support the implementation of a mandatory, revised “ePayments Code”.

These reforms are intended to close regulatory gaps, improve consumer protection and align Australia more closely with international standards, while maintaining its technology neutral regulatory approach.

2.3 Regulated Firms and Legal Wrappers

The use of a legal wrapper, such as a fund, can materially change the analysis in 2.2 Crypto-Asset Regulatory Frameworks.

While direct investment in crypto-assets may fall outside the financial product regime (depending on the asset’s characteristics), investment via a pooled vehicle (such as a fund that carries out purchases of crypto-assets) typically will constitute an interest in a managed investment scheme (MIS) or another financial product. ASIC’s updated Information Sheet 225 (INFO 225) confirms that digital asset arrangements involving pooled investment and reliance on a promoter are commonly characterised as facilities for making a financial investment or MIS interests.

As a result, the investor’s interest becomes the regulated financial product, bringing the arrangement within the Corporations Act. The responsible entity must hold an AFSL and comply with licensing, governance and operational obligations. Custody requirements are governed primarily by Regulatory Guide 133, which sets minimum standards for asset holding, including crypto-assets that are financial products. Funds must also meet disclosure and conduct obligations, including issuing a:

product disclosure statement (PDS); and
target market determination (TMD), if offered to retail clients.

2.4 Token Issuance

Historically, Australia has had very few crypto-asset issuance (ICOs and TGEs) owing to the risks of breaching existing financial services laws. There is no bespoke regime governing token issuance. Instead, ASIC applies a technology neutral, substance based approach, under which the key issue is whether the token constitutes a “financial product” under the Corporations Act.

If a token confers rights analogous to shares, derivatives or interests in a managed investment scheme (ie, profit rights or pooled investment), it will be treated as a financial product. In that case, the token issuer and any intermediaries must hold an AFSL and comply with licensing, disclosure and conduct obligations.

The clarification of ASIC’s position on the boundaries of financial services law, as specified in INFO 225, potentially opens the door to regulated token sales under the AFSL framework, asset tokenisation and non-financial products subject to compliance with consumer laws.

Australia does not require a formal White Paper for token offerings. However, disclosure obligations depend on classification. If the token is a financial product, issuers must provide a regulated disclosure document (typically a TMD, PDS and FSG) for retail offers and ensure that the disclosures are accurate and not misleading. While White Papers are commonly used, they do not replace formal disclosure obligations.

2.5 Market Abuse

Australia has a well-developed market abuse framework under the Corporations Act, which applies to misconduct involving “financial products” and is enforced by ASIC. This includes insider trading and market manipulation.

Insider trading is prohibited under Section 1043A and covers:

trading while in possession of inside information;
procuring another person to trade; and
communicating (or “tipping”) such information to others.

“Inside information” is information that is not generally available and that would have a material effect on the price or value of a financial product if disclosed. The regime also prohibits broader market misconduct, including creating false or misleading trading activity, manipulating prices and making misleading statements to induce trading.

As a result, traditional securities markets have a clear prohibition on market abuse. Where crypto-assets fall within the financial product regime under the Corporations Act, similar offences apply to insider trading conduct.

It is expected that DAF Act reforms will require licensees to comply with new surveillance and reporting obligations regarding market conduct involving even non-financial products.

2.6 Non-Compliance

Australian regulators have demonstrated an increasingly active and deterrence focused enforcement approach toward non compliance.

Recent Regulatory Enforcement Actions

The Australian Securities and Investments Commission’s recent enforcement activity reflects its increased scrutiny of crypto-asset offerings that mimic “financial products” and services. The regulator has repeatedly warned that “simply because a product hinges on a crypto-asset does not mean it falls outside financial services law”. This stance became evident in ASIC’s proceedings against Qoin, Block Earner and Finder Wallet, which each concerned the alleged offer of unlicensed financial services involving crypto-assets.

A notable example is Australian Securities and Investments Commission v BPS Financial Pty Ltd (Penalty) [2026] FCA 18, where the Federal Court imposed AUD14 million in penalties for unlicensed conduct and misleading statements in relation to a digital wallet product, alongside a ten year ban on operating a financial services business without a licence and mandatory corrective disclosures.

AUSTRAC has previously taken action to refuse, cancel or suspend a Digital Currency Exchange (DCE) registration in a number of cases, which it published on its website. In 2025, AUSTRAC ran a “use it or lose it” campaign targeting inactive DCEs, resulting in the cancellation or voluntary withdrawal of 62 registrations. In more recent times, AUSTRAC has imposed stricter compliance requirements on cryptocurrency ATMs and enhanced supervision of AML compliance and the reporting of suspicious matters.

Cross-Border Enforcement

Regulators address cross border activity through a territorial approach, under which Australian law applies where services are provided to Australian investors. ASIC and AUSTRAC have expressly warned that offshore firms cannot avoid compliance by structuring operations outside Australia while targeting the local market, subject to applicable regulatory exemptions.

Outlook of Regulator Attitude

Looking forward, the regulatory stance is likely to become more interventionist as the new reforms come into force. Ongoing reforms and the expiration of transition relief (eg, June 2026 deadlines) indicate a shift toward full-compliance expectations and intensified enforcement across the sector.

3. Licensing and Set-Up Requirements

3.1 Licensing Requirements

Triggers for Requiring a Licence

In Australia, there is no standalone crypto licensing test; the trigger is whether a person carries on a “financial services” business under the Corporations Act.

Under ASIC’s INFO 225 framework, licensing is typically required where a crypto business:

issues or deals in tokens that are financial products (eg, derivatives, managed investment schemes, securities or non–cash payment facilities);
provides financial services, such as advising, dealing, custodial services or making a market; or
operates a wallet or platform that facilitates payments or investment features.

Separately, ASIC’s Information Sheet 219 sets out an assessment tool to help businesses identify whether an AFSL may be required for blockchain-based services. This tool includes a set of factors to be considered by the business, such as:

which blockchain platform is being used;
how it will be run;
how it works under the law;
how the blockchain is using the data; and
how the blockchain affects others.

Recent reforms under the DAF Act bring exchanges, custodians and platform operators (DAPs/TCPs) squarely within the AFSL regime. Although the DAF Act establishes new financial product categories, tokens must be assessed on a case-by-case basis to determine whether additional licensing authorisations are required to carry on the business.

Territorial Limits

The regime applies where an entity is “carrying on a financial services business in Australia”, regardless of where it is incorporated.

Foreign entities may require a licence if they:

provide services to Australian clients on a systematic and ongoing basis;
have a sufficient connection to Australia (eg, local agent, infrastructure); or
engage in “inducing conduct” (marketing or soliciting Australian investors).

Whether this threshold is met is fact–specific and includes factors such as continuity of activity and the presence of Australian operations.

Transitional/Grandfathering Arrangements

Australia is currently operating a transitional regime to comply with new AFSL reforms, specifically ASIC’s no action position, a transitional measure under which ASIC will not take enforcement action for certain unlicensed digital asset services where a business lodges an AFSL (or variation) application by 30 June 2026 and complies with specified conditions while that application is assessed. The position extends to certain market operators and clearing and settlement facilities.

Separately, ASIC has outlined a transition pathway under the DAF Act, with staged implementation periods (including an anticipated transition window of approximately 18 months) to allow businesses to become fully licensed.

3.2 Set-Up Requirements

Application Process

Lodgement of an Australian Financial Services Licence (AFSL) application with the Australian Securities and Investments Commission (ASIC), specifying the financial services and product authorisations sought.
Submission of detailed supporting materials, including:

business plan and proposed activities;
compliance and risk management frameworks; and
organisational competence and governance arrangements.

ASIC assesses whether the applicant can provide services “efficiently, honestly and fairly” and comply with ongoing obligations under the Corporations Act.

Substance Requirements

Demonstration of organisational competence, typically through:

appointment of Responsible Managers with relevant financial services expertise (and, for crypto businesses, understanding of underlying technology);
clear governance structures, internal controls and reporting lines; and
documented compliance policies and procedures.

Evidence of a genuine, ongoing business, including operational capability and systems.

Local Presence/Personnel

ASIC will expect the appointment of responsible managers who understand the local regulatory regime.

Overseas persons or experience may be accepted provided that sufficient organisational competence is established.

Outsourcing and intra-group support are permitted; however, full responsibility for compliance and supervision rests with the licence holder.

Prudential and Operational Requirements

Licensees must maintain:

adequate financial, technological and human resources;
effective risk management systems and internal controls;
appropriate custody and client asset protection arrangements; and
dispute resolution systems and disclosure processes.

Crypto-Specific Considerations

Under the DAF Act, exchanges, custodians and platform operators must obtain an AFSL and meet additional requirements (eg, asset–holding standards, governance and disclosure obligations).

3.3 Change of Control

Digital asset firms in Australia are subject to general laws governing changes in control, including the Competition and Consumer Act 2010 (Cth) and the Foreign Acquisitions and Takeovers Act 1975 (Cth). Where a firm holds an AFSL, any controllers, officers and responsible managers must satisfy ASIC’s “fit and proper person” requirements.

In addition, reporting entities under the AML/CTF Act must notify AUSTRAC of changes to key personnel, including beneficial owners and senior officers. From 31 March 2026, there is an additional requirement that the firm’s money laundering reporting officer be ordinarily resident in Australia.

3.4 Passporting

Australian financial services licences do not benefit from a broad passporting regime and cannot be used to automatically access other jurisdictions. Unlike the EU model, there is no multilateral framework that confers cross-border rights on Australian licensees.

Instead, access to foreign markets is determined by the laws of the destination jurisdiction, which will generally require:

a local authorisation; or
reliance on limited exemptions (if available).

Reforms to Australia’s foreign financial service provider regime, which will be implemented in 2027, are expected to provide a clearer pathway for overseas licensees from peer jurisdictions to enter the Australian market.

4. Cross-Border Services

4.1 Marketing

The sale of blockchain and crypto-asset services in Australia is subject to the territorial scope of Australian financial services and consumer protection laws, rather than any bespoke cross border licensing regime. Where a crypto-asset constitutes a “financial product” or where a person provides financial services in relation to it to clients in Australia, the provider must generally hold an AFSL or rely on an exemption. ASIC has made clear that Australian law applies where digital assets are marketed, sold or services are provided to Australian users, including from offshore and that reliance on offshore or decentralised structures does not displace these obligations.

Accordingly, a foreign provider selling crypto-asset services into Australia may be required to:

obtain an AFSL authorising the relevant activities (eg, dealing, advising or operating a financial product);
comply with retail disclosure obligations, including the preparation of a PDS, TMD and FSG; and
comply with ongoing conduct obligations (including acting efficiently, honestly and fairly) and other regulatory requirements under the Corporations Act.

Marketing Restrictions

In relation to marketing, Australia does not impose crypto-specific advertising rules comparable to those in some other jurisdictions. However:

where a crypto-asset is a financial product, marketing is subject to financial product–specific restrictions, including prohibitions on hawking and requirements that disclosures are clear, accurate and not misleading;
where a crypto-asset is not a financial product, its promotion remains subject to general consumer law, including the prohibition on misleading and deceptive conduct; and
ASIC has emphasised that many digital asset offerings will fall within existing financial services laws, meaning that marketing must be consistent with those frameworks.

Consistent with this, ASIC enforcement activity in the crypto-asset space has frequently focused on marketing representations and “fin-fluencers”, including claims regarding returns, risk, licensing status and product characteristics.

Reverse Solicitation Exemption

The reverse solicitation exemption allows a foreign financial service provider to provide financial services to an Australian client without holding an AFSL where the service is provided at the client’s own initiative, rather than being the result of marketing or inducement into Australia.

It is narrowly construed, as any prior marketing, promotion or conduct within the jurisdiction will generally preclude reliance on the exemption, meaning the provider will instead be taken to be carrying on a financial services business in Australia and will be required to obtain a licence.

4.2 White Labelling

External firms can enter the Australian market using white-label models via the corporate authorised representative (CAR) framework.

However, there are important limitations:

the CAR must act strictly “on behalf of” the licensee and within the scope of the licence;
the licensee retains full legal responsibility and must supervise and monitor the CAR’s conduct; and
the CAR cannot hold itself out as licensed and must clearly disclose its representative status.

Courts have emphasised that firms cannot use CAR structures to avoid licensing requirements, particularly where they operate independently or issue products in their own name.

An alternative intermediary authorisation may apply to issuance models offered in partnership with a financial services licensee.

5. Decentralised Finance

5.1 Ability to Use DeFi

DeFi

DeFi is permitted in Australia, but it is regulated through existing financial services and AML/CTF laws applied on a technology neutral basis.

DeFi is not treated as a separate category; instead, activities are regulated by function, meaning lending, staking or liquidity pooling may trigger Australian Financial Services Licensing requirements if they constitute financial products or services.

CeFi

CeFi firms may utilise DeFi, but firms must assess and address its scope of:

licensing risk (AFSL triggers);
AML/CTF obligations, now expanded to virtual asset services;
sanctions compliance; and
custody and client asset protection risks.

5.2 DeFi Structures

DeFi is not prohibited in Australia, but there is no specific legal framework; thus, projects typically operate through traditional entities alongside on-chain arrangements. However, a difficulty arises in relation to DeFi where a protocol operates autonomously and does not fit neatly or at all, within the existing regulatory framework. It is also unclear how regulators may attempt to impose liability or accountability on DAOs or their participants. The Senate Committee has proposed legal recognition of DAOs, but the proposal has not been taken up by the Australian government to date and there is no case law to date addressing the legal capacity or liability of DAOs.

5.3 Liability

Australian regulators and courts have not yet approached the concept of accountability or liability in relation to DeFi.

ASIC would likely focus on identifiable intermediaries, promoters and operators and apply existing financial services laws where conduct targets Australian users.

6. Payments and Stablecoins

6.1 Payments

Crypto-asset payments are permitted in Australia. Where crypto is used through a platform or wallet, it may constitute a “non cash payment facility” (NCPF), a financial product under the Corporations Act.

Providers of such facilities (eg, payment platforms, wallets) generally must hold an AFSL and comply with conduct and disclosure obligations.

Separately, crypto payment intermediaries are typically subject to AML/CTF regulation, including AUSTRAC registration, customer due diligence and transaction monitoring.

6.2 Stablecoins

6.2.1 Fiat Currency and Algorithmic Stablecoins

Under ASIC’s INFO 225, the regulator adopts a functional, product based distinction between fiat backed stablecoins and algorithmic stablecoins.

Fiat Backed Stablecoins (or “Yield-Bearing Stablecoin”)

ASIC’s position is that fiat backed stablecoins are generally NCPFs and therefore financial products under the Corporations Act. This reflects their payment function (ie, facilitating transfers and settlement).

Algorithmic Stablecoins (or Digital Assets Where the Price References a “Real-World” Asset)

ASIC indicates that algorithmic stablecoins are likely to be “derivatives”. This is because their value depends on a mechanism (eg, supply adjustment algorithm or linked token system) rather than a redeemable claim on fiat reserves.

6.2.2 Stablecoin Regulation

Australia does not have a bespoke legal regime that specifically regulates stablecoins. Fiat backed stablecoins are currently regulated under existing financial services laws, depending on their features and use cases.

In practice, a fiat backed stablecoin used for payments will generally be characterised as an NCPF and therefore a financial product under the Corporations Act.

As a result, issuers and intermediaries will typically be required to hold an AFSL and comply with disclosure, conduct and licensing obligations.

ASIC has taken steps to licence three stablecoin issuers under the AFSL regime as NCPFs.

Proposed Payments Reforms Regarding Stablecoins

Australia’s proposed payments reforms introduce a new stored value facility (SVF) regime that directly captures certain stablecoin arrangements. The framework replaces the existing NCPF approach with a function based model that regulates payment activity based on what a provider does.

Under the reforms:

fiat-backed “payment stablecoins” are treated as tokenised SVFs, where the regulated product is the underlying facility, not the token itself;
issuers must provide redemption rights, reserve backing and regular disclosures; and
large issuers may be regulated as “major SVFs” by APRA, introducing prudential oversight.

Overall, stablecoins are repositioned as payment instruments akin to electronic cash, rather than traditional financial products.

Stablecoin Relief

ASIC has provided transitional relief for “eligible stablecoins”, subject to strict prudential criteria, including:

the stablecoin is issued by an eligible stablecoin issuer (typically, a stablecoin issuer that holds an AFSL licence or an exempt foreign issuer);
there are redemption rights associated with the stablecoin (ie, it can be unconditionally redeemed for the underlying currency);
the stablecoin issuer must maintain cash or cash equivalent reserves that are equal or greater than the total underlying amount of stablecoins on issue; and
the stablecoins have no right to or receive a financial return, other than redemption rights.

Relief is available to certain intermediaries (eg, exchanges or distributors) in limited circumstances, but:

eligibility is narrow and tightly defined; and
many widely used global stablecoins may fall outside the scope due to non cash reserves or mixed backing models.

6.2.3 Backing Assets

If a digital asset business wishes to rely upon the stablecoin relief mentioned above, backing assets must be:

cash or cash equivalent reserves that are equal to or greater than the total underlying amount of stablecoins on issue; and
stablecoins that have no right to receive a financial return other than redemption rights.

6.2.4 Special Considerations

Once the payment reforms are settled and come into place, systemically significant stablecoins (ie, large payment stablecoins) will be subject to enhanced requirements under the “major SVF” regime.

Key considerations include:

a size threshold (approximately AUD200 million in stored value), above which issuers are classified as major SVFs and become subject to prudential oversight;
dual regulation, with ASIC retaining conduct oversight and APRA assuming prudential supervision;
capital and liquidity requirements, including holding sufficient capital relative to liabilities to support redemption;
governance and risk management obligations, including operational resilience and third party risk controls; and
mandatory registration and ongoing supervision by APRA, including compliance with prudential standards.

7. Tokenisation and Real-World Assets

7.1 Treatment

The tokenisation of traditional financial assets has been a topic of considerable interest in Australia; notwithstanding, the regulatory position has evolved following the enactment of the DAF Act.

In substance, Australia continues to adopt a technology neutral approach, such that tokenised assets are regulated by reference to the underlying rights and features, rather than the fact that they are issued on a blockchain. Accordingly, where a tokenised asset constitutes a “financial product” (eg, a security, derivative or interest in a managed investment scheme), it remains subject to the same regulatory treatment as its non tokenised equivalent under the Corporations Act.

The DAF Act introduces a bespoke regime for intermediaries involved in tokenised markets, including TCPs, which facilitate the tokenisation of real world assets. Additional licence authorisations may be required to issue, offer or distribute tokenised assets.

TCPs are treated as financial products in their own right and must hold an AFSL and comply with conduct, custody, disclosure and asset holding obligations. Critically, TCP operators must ensure that tokenised real world assets (other than money) are held on a one to one basis and redeemable by the token holder.

Piper Alderman

Level 23
Governor Macquarie Tower
1 Farrer Place
Sydney NSW 2000
Australia

+61 02 9253 9999

piperalderman@piperalderman.com.au www.piperalderman.com.au

Trends and Developments

Authors

Piper Alderman has a FinTech practice recognised internationally for its depth of regulatory expertise, commercial capability and leadership in emerging technology. The firm’s team advises across the full spectrum of financial services regulation and compliance, complex commercial arrangements, lending and securities matters and regulatory investigations and disputes. Piper Alderman is widely acknowledged in the market as one of Australia’s leading firms for FinTech, RegTech and digital asset innovation. Its lawyers advise both established financial institutions and high growth fintechs on the full suite of regulatory issues, including AFS and ACL licensing, AML/CTF and sanctions obligations, consumer credit, payments compliance, digital assets and artificial intelligence. The firm would like to thank Tahlia Kelly for her contribution.

Introduction

Australia has entered a pivotal phase in the regulation of digital assets, with 2026 marking the transition from fragmented, interpretative oversight to a structured and activity-based regime for digital asset businesses. Longstanding reliance on case-by-case characterisation under the Corporations Act 2001 (Cth) (Corporations Act) is being complemented by legislative reform that targets digital asset intermediation, custody and financial crime risk.

Two developments define this shift. First, amendments to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act), which commenced on 31 March 2026, introduce a Financial Action Task Force (FATF)-aligned virtual asset service provider (VASP) regime. Secondly, the Corporations Amendment (Digital Assets Framework) Bill 2025 (Cth) (DAF Act), which received royal assent in April 2026 and commences from 8 April 2027, embeds digital asset-specific licensing concepts within the Australian financial services licensing (AFSL) framework.

These reforms sit alongside broader regulatory activity, including ASIC enforcement, targeted stablecoin relief and the High Court of Australia’s judicial consideration of crypto-assets, as well as proposed payments reforms. Together, they reflect a policy direction that integrates digital asset activities into the existing financial services architecture, while retaining targeted exemptions for decentralised infrastructure and ancillary use cases.

The Current Regulatory Environment

The following laws may apply to blockchain and crypto-assets:

the Corporations Act, including a requirement to hold an Australian Financial Services Licence (AFSL) where a crypto-asset is a financial product;
the AML/CTF Act;
the National Consumer Credit Protection Act 2009 (Cth);
the Australian Securities and Investments Commission Act 2001 (Cth);
the Payment Systems (Regulation) Act 1998 (Cth) (the “PSRA”); and
the Australian Consumer Law.

Current AFSL regime

Whether a digital asset or crypto-related service is regulated under Australian financial services law turns on an assessment of its legal characteristics. This requires a case-by-case assessment of whether a digital asset falls within an existing financial product category under Chapter 7 of the Corporations Act.

In practice, this involves analysing whether a token or arrangement constitutes a managed investment scheme, a security, a derivative, a non-cash payment facility or a facility for making a financial investment (each of which is a separate financial product or service).

This assessment is inherently fact-specific. Given the breadth of the relevant statutory definitions, there is considerable uncertainty as to whether a digital asset issued or offered in Australia or to Australians, will be characterised by ASIC as a financial product. Regulatory outcomes are therefore often driven by the design, functionality and marketing of an asset, rather than its label or underlying technology.

Issuers, exchanges and intermediaries are required to assess each token and product design individually. Activities such as issuing, dealing, advising or providing custodial services in relation to a financial product trigger the requirement to hold an AFSL, with significant civil and criminal penalties for non–compliance.

Current Taxation Regime

Australia’s taxation framework does not specifically address blockchain or digital assets. Instead, general tax laws apply to cryptocurrency transactions, including:

the Income Tax Assessment Act 1997 (Cth) and the Income Tax Assessment Act 1936 (Cth);
a New Tax System (Goods and Services Tax) Act 1999 (Cth);
the Fringe Benefits Tax Assessment Act 1986 (Cth); and
State-based payroll tax, stamp duty and land tax regimes.

In the absence of bespoke legislation, the Australian Taxation Office (ATO) has issued a range of rulings and non–binding guidance. This includes:

Taxation Determination TD 2014/25: “Income tax: is bitcoin a ‘foreign currency’ for the purposes of Division 775 of the Income Tax Assessment Act 1997?”;
Taxation Determination TD 2014/26: “Income tax: is bitcoin a ‘CGT asset’ for the purposes of subsection 108-5(1) of the Income Tax Assessment Act 1997?”;
Taxation Determination TD 2014/27: “Income tax: is bitcoin trading stock for the purposes of subsection 70-10(1) of the Income Tax Assessment Act 1997?”;
Taxation Determination TD 2014/28: “Fringe benefits tax: is the provision of bitcoin by an employer to an employee in respect of their employment a property fringe benefit for the purposes of subsection 136(1) of the Fringe Benefits Tax Assessment Act 1986?”;
non-binding web guidance for Australian small businesses on how to deal with crypto-assets;
non-binding web guidance for individuals engaging in a broad range of crypto-asset activities, including specific guidance involving gift cards and gambling;
non-binding web guidance on goods and services tax (GST) on certain digital currency interactions; and
various edited versions of private advice by the ATO regarding the treatment of taxpayer-specific digital asset interactions.

Enforcement activity has increased in recent years, with the ATO undertaking targeted risk reviews and audits and using private rulings and test cases to clarify the application of existing tax laws to digital assets. Most recently, on 7 May 2026, the Commissioner of Taxation filed to intervene in a civil proceeding in Australia’s highest court (the High Court of Australia), Poulton v Conrad H1/2026. The Commissioner is seeking to intervene to contend that an interest in bitcoin is property for the purposes of Australian common law and thereby taxable by the Commissioner under Australia’s capital gains taxation regime or as an item of trading stock.

The New DAF Act Regime

The DAF Act adopts an activity-based framework embedded within Chapter 7 of the Corporations Act. This focuses on the functional activity performed rather than the characteristics of one or other assets. However, as we discuss below, a case-by-case assessment of tokens remains important in determining whether additional licence authorisations are required to carry on the business.

At the centre of the DAF framework are two new financial products:

digital asset platforms (DAPs); and
tokenised custody platforms (TCPs).

Together, these concepts extend the AFSL regime to cover two types of custodial activity in relation to digital assets and impose additional obligations in relation to trading and settlement of digital assets. The DAF Act does not seek to regulate the entirety of “crypto” or all blockchain activity. It includes targeted exemptions for public digital asset infrastructure, custodial staking (under licence) and certain ancillary activities.

New Concepts Under the DAF Act

DAPs

The definition of a DAP under the newly introduced Section 761GC of the Corporations Act covers circumstances in which the operator acts as a trustee or bailee or is obliged to ensure that digital assets are handled in accordance with a person’s instructions.

A person becomes a client of a platform when they enter into the facility by accepting its terms on opening an account. This definition is broad enough to cover platforms that:

solely provide custody of digital tokens; or
enable operators or third parties to act on behalf of clients (eg, using, transferring or staking tokens), with the operator holding the underlying assets in a manner analogous to physical custody.

TCPs

A TCP is defined in the new Section 761GD of the Corporations Act as a facility in which an operator identifies specific real-world assets (other than money) and creates a unique digital token for each asset. Possession of the token gives the holder the right to redeem or direct delivery of the underlying asset, where the operator holds that asset as trustee or bailee or is otherwise obliged to act on the token holder’s instructions. The operator may also be authorised to manage or take actions in relation to the asset on the holder’s behalf.

A person becomes a client of the platform by accepting its terms and opening an account, regardless of how the token was initially acquired. The definition is therefore capable of capturing a wide range of tokenisation and custody models, from simple holding arrangements to more active management structures.

Importantly, the legislation expressly clarifies that a TCP cannot itself be a DAP, which is a point of structural clarification sought by industry during consultation.

Licence authorisations under the DAF Act

Consistent with ASIC’s guidance in Information Sheet 225: Digital assets: Financial products and services (INFO 225), it is likely that additional AFSL authorisations will be required to operate a DAP or TCP where dealing in or providing advice about, an underlying digital asset or cryptocurrency that is a financial product. Token-by-token assessments will not go away. Instead, the DAP or TCP authorisation serves as a platform wrapper, required wherever an operator holds a token or tokenised asset on behalf of a client. Depending on the nature of that asset or arrangement, the platform operator may require additional authorisations in order to operate their business. For example, a securities authorisation is still required to deal in a tokenised stock. However, even if the platform deals only in non-financial products (eg, Bitcoin), an AFSL is still required to offer custody or asset tokenisation.

Digital Tokens

Under Section 761GB of the Corporations Act, the definition covers an electronic record that one or more persons can control. Control is generally taken to mean factual control rather than legal control. A person is considered to have control, whether alone or jointly with one or more other persons, if they can transfer the record, exclude others from doing so and demonstrate that ability. Regulations may also prescribe or exclude certain electronic records.

The definition of “possession” in Section 86 of the Corporations Act has been significantly varied to demonstrate its specific meaning in relation to digital tokens. Where a person factually controls an electronic record, the person possesses the digital token in question, unless the exception in that provision applies. The exemption may exclude some (but not all) non-custodial arrangements. For example, some 2-of-2 private key arrangements may still be compromised when the user does not have unilateral control over the assets. The general meaning of possession is otherwise preserved in the Corporations Act for things other than digital tokens.

An addendum to the explanatory memorandum published with the legislation clarifies that mere possession is insufficient; digital tokens must be possessed on behalf of another person. The addendum further indicates that a third party serving solely as a technology service provider is not intended to be caught,, even if it holds a private key shard under a multi-party computation arrangement.

Key-Carve-Outs and Exclusions

The legislation introduces targeted exemptions for certain blockchain infrastructure and related activities. Specifically, the exemptions cover custodial staking arrangements, public digital token infrastructure, wrapped tokens, “incidental” and “low-value” activities.

Custodial staking arrangement

Custodial staking arrangements, under Section 9F of the Corporations Act, are exempt from classification as financial products where:

the beneficiary and the operator agree to an arrangement using a DAP;
the operator is allowed to use the beneficiary’s digital tokens for consensus activities (as opposed to staking generally); and
any rewards earned from consensus activities (rather than staking), after fees, are passed onto the beneficiary.

Consensus activities are defined within the scope of “public digital token infrastructure” as protocols that permit any person to contribute to the integrity, functionality and reliability of the infrastructure by conducting activities involving the transmission, processing and recording of electronic records.

The arrangement must also confer concrete benefits on the beneficiary, such as earlier redemption, participation despite insufficient holdings, protection against operational losses or lower transaction costs.

Public digital token infrastructure

Public digital token infrastructure, under Section 9E of the Corporations Act, will be exempt from classification as a financial product or clearing and settlement facility if it meets the following conditions:

it is used for the transmission, processing or recording of electronic records that are digital tokens or in relation to digital tokens;
the protocol is open source and operates in a non-discretionary manner;
anyone can contribute to the system’s integrity, functionality and reliability by contributing data without needing permission; and
the protocol does not rely on any participant having a role so critical that the transmission, processing or recording of electronic records cannot occur without that participant.

Wrapped tokens

A narrow exemption under Section 765E of the Corporations Act permits persons to disregard redemption rights when considering whether something is a financial product, in limited circumstances. Given the breadth of ASIC’s approach to applying the concept of a derivative to wrapped tokens, as evidenced in INFO 225, this exemption may have limited application.

The exemption applies where:

a wrapped token is created in relation to a related asset (which could be a digital asset or a real-world asset under a tokenised custody platform);
the token is issued under a tokenised custody platform or held through either decentralised wrapping software or public digital token infrastructure; and
the holder of the wrapped token has a right to redeem or direct delivery of the related asset.

The exemption does not apply to financial products in which the rights or interests attached to the wrapped token are not equivalent to those in the underlying asset.

Decentralised wrapping software, in relation to a wrapped token, has been defined in this section as software through which the asset associated with the wrapped token is held and the software would be considered a tokenised custody platform if the actions it performs were instead carried out by an operator within the meaning of subsection 761GD(1) of the Corporations Act. Those actions include creating the wrapped token and holding the related asset for or on behalf of, the person who possesses the wrapped token.

“Incidental” and “low-value” exemption

The “incidental” exemption, under Section 911A(2)(jb) of the Corporations Act, excludes businesses whose interaction with DAPs or TCPs is ancillary to a primarily non–financial business, such as merchants accepting digital asset payments or offering access to third-party tokenisation platforms as a minor component of their operations.

In addition, the Bill introduces a “low-value” exemption under Section 911A(2)(ja) of the Corporations Act for platforms with annual transaction volumes below AUD 10 million, reflecting a policy intent to avoid unduly burdening early-stage start-ups and scaling businesses.

AML/CTF Reforms: VASP Transition

In parallel, the amended AML/CTF Act replaces the legacy DCE regime with a Financial Action Task Force-aligned VASP framework administered by AUSTRAC, significantly expanding the range of regulated virtual asset activities.

Although the two regimes are designed to operate in tandem (while regulating separate concepts – ie, financial services vs money laundering and terrorism financing), the DAF Bill introduces “digital assets” under the Corporations Act, while the reformed AML/CTF Act uses the FATF-aligned concept of “virtual assets”. It is worth noting that these are distinct statutory definitions that will not always map neatly onto one another.

Expansion of designated services

The amended AML/CTF Act introduces a new suite of virtual asset-designated services, set out in Table 1, Section 6. These services are deliberately framed to capture platform-based intermediation and custody risks, rather than focusing solely on fiat on and off ramps.

The new virtual asset-designated services include:

Item 50A – exchanging virtual assets for money (fiat on/off ramps) or making arrangements for such exchange;
Item 50B – exchanging virtual assets for other virtual assets (ie, crypto-to-crypto) or making arrangements for such exchange;
Item 46A – providing virtual asset safekeeping services, which includes controlling or managing virtual assets or private keys, including the ability to hold, trade, transfer or spend the virtual asset according to the owner’s instructions;
Items 29-31 – accepting instructions to transfer virtual assets on behalf of customers or making transferred virtual assets available to customers as an ordering, intermediary or beneficiary institution; and
Item 50C – financial services in connection with the offer or sale of a virtual asset where the business is participating in that offer or sale.

Governance and core compliance uplift

VASPs are subject to the full suite of AML/CTF obligations applicable to reporting entities, including:

the new obligation to maintain a risk assessment;
initial and ongoing customer due diligence (CDD);
transaction monitoring;
suspicious matter reporting (SMRs); and
threshold transaction reporting (TTRs).

The reforms also place increased emphasis on risk–based governance, requiring boards and senior management to actively supervise financial crime risk, rather than treating AML compliance as a downstream operational function.

Travel rule

A central element of the reforms is the extension of the “travel rule” to VASPs through new Section 66A of the AML/CTF Act. Under this rule, a VASP facilitating a virtual asset transfer must collect, verify and transmit identifying information about both the payer and the payee. Ordering and beneficiary institutions (items 29-30) are also required to conduct counterparty due diligence to determine whether an originating or recipient wallet is:

custodial or self–hosted; and
controlled by a regulated VASP, an unregulated VASP, an illegally operating VASP or an individual using a self–hosted wallet.

There are limited statutory carve–outs. Sections 66A(9) and (10) of the AML/CTF Act permit the omission of travel rule information where an Australian entity has reasonable grounds to believe that the counterparty:

cannot securely comply with the travel rule; or
cannot safeguard the confidentiality of the transmitted data.

Travel rule compliance commences from 1 July 2026. Transitional arrangements also apply as AUSTRAC phases out international funds transfer instructions (IFTIs) in favour of the new international value transfer service (IVTS) reporting regime (see further below).

Transfers to self-hosted wallets

Additional due diligence and reporting obligations will apply to VASPs that facilitate transfers to unverified self-hosted wallets, as these wallets are considered higher risk from a money laundering/terrorism financing perspective. Where such a service is provided, the VASP will be required to submit a report to AUSTRAC within 10 business days from 31 March 2029. Further guidance is expected from AUSTRAC in the coming months.

New reporting details for SMRs and TTRs

There are new details on the required contents of SMR and TTR reports. Where the matter involves virtual assets, reports must now include:

the type of virtual assets, including details of the backing asset (if any);
the quantity of virtual asset units;
the value in AUD;
the applicable exchange rate in determining the value;
the unique transaction reference number, including a transaction hash; and
the wallet address, including destination tag or memo details.

Certain relief under transitional rules

The AML/CTF reforms include a series of targeted transitional measures to ease implementation for existing reporting entities:

a three-year transition for changes to initial CDD requirements to 30 March 2029 (with ongoing CDD obligations applying immediately);
transition from IFTI to IVTS reporting by 31 March 2029, subject to limited extensions;
deferred reporting obligations for certain self–hosted wallet transfers until 31 March 2029; and
temporary relief from selected AML/CTF obligations for certain registrable VASP services (excluding fiat on and off ramps) until 1 July 2026.

Broader Financial Infrastructure and Payments Reform

The Australian government is undertaking a significant, multi–year overhaul of payments legislation to modernise the outdated regulatory framework and better capture emerging digital business models.

The reforms centre on the Treasury’s Tranche 1 exposure draft legislation, which proposes replacing the existing non-cash payment and purchased payment facility frameworks. The reforms expand the regulatory perimeter by bringing a broader range of payment service providers into the AFSL regime, introducing new regulated products (including stored value facilities and stablecoins), enhancing APRA oversight and mandating an updated ePayments Code.

Following the implementation of Australia’s reformed financial market infrastructure regime under the Treasury Laws Amendment (Financial Market Infrastructure and Other Measures) Act 2024 (Cth), ASIC has released Consultation Paper 50 (CS 50) proposing targeted updates to key Regulatory Guides to reflect the new framework and its expanded powers. The proposed changes update RG 172, RG 249 and RG 268 to:

align the guidance with the revised legislative regime;
clarify new statutory concepts (such as the material connection test for overseas entities and enhanced governance requirements); and
adopt a more streamlined, market-neutral approach to supervision.

Stablecoin relief instrument

ASIC has introduced a tailored relief instrument, under ASIC Corporations (Stablecoin and Wrapped Token Relief) Instrument 2025/867, which provides licensing and disclosure exemptions for distributors of certain stablecoins and wrapped tokens that meet strict eligibility criteria. This criterion includes:

equal to or greater than the backing of the stablecoin by cash or cash equivalents; and
reserve reporting requirements.

While the instrument signals a more permissive regulatory approach, its narrowly defined criteria significantly limit its practical scope, potentially excluding some widely used stablecoins. The relief instrument is set to expire on 1 January 2029.

Regulator and judicial enforcement focus

ASIC’s recent enforcement activity reflects continued scrutiny of crypto-asset offerings that allegedly replicate the economic substance of traditional financial products and services. Over the past 12 months, two of ASIC’s key cases involving crypto-asset businesses have seen significant developments, as outlined below.

ASIC BPS Financial Pty Ltd: In the long-running ASIC proceedings concerning the Qoin Wallet product, the Federal Court imposed AUD14 million in civil penalties on BPS Financial and a ten-year restriction on providing financial services without an AFSL. The case confirms ASIC’s willingness to pursue significant penalties where crypto businesses engage in unlicensed financial services and misleading conduct and signals that digital asset products will be regulated under existing financial services laws.
ASIC v Web3 Ventures Pty Ltd: The High Court has granted ASIC special leave to appeal a Full Federal Court decision that found Block Earner did not require an AFSL to offer its fixed–yield crypto product. ASIC is seeking clarification on the scope of the statutory definition of “financial product”, including whether loan and fixed interest arrangements fall within the regulatory perimeter.

The High Court has also granted special leave to rule on whether bitcoin can be property, following the Full Court of the Supreme Court of Tasmania's decision in Poulton v Conrad, which, in obiter, endorsed the establishment of a third category of property for crypto-assets. The decision suggested that control via private keys may be sufficient to establish possession of intangible property.

Conclusion and Practical Implications

The DAF Act and the amended AML/CTF Act are designed to operate as complementary pillars of the new digital asset regulatory architecture, with ASIC overseeing conduct and consumer protection through the AFSL regime and AUSTRAC overseeing financial crime risk through the VASP regime. Most digital asset exchanges and custodians will likely sit squarely within both regimes, meaning that licensing analysis under the Corporations Act and registration analysis under the AML/CTF Act must be undertaken in parallel rather than sequentially. The two regimes share common themes, such as governance accountability, risk-based oversight and the centrality of custody and intermediation, but impose distinct obligations that will need to be reflected across the compliance framework.

As most cryptocurrency exchanges and custodians are now categorically within the mainstream financial services regulatory perimeter, they are subject to AFSL requirements and general obligations such as acting efficiently, honestly and fairly. Both the DAF Act and the amended AML/CTF Act also impose specific obligations on digital asset businesses. In practice, firms will need to assess whether an AFSL is required, update AUSTRAC registrations to reflect new designated services, uplift AML/CTF and licensing frameworks, implement enhanced disclosure processes and potentially reconsider product offerings and distribution models.

Piper Alderman

Level 23
Governor Macquarie Tower
1 Farrer Place
Sydney NSW 2000
Australia

+61 02 9253 9999

piperalderman@piperalderman.com.au piperalderman.com.au

Law and Practice

Authors

Trends and Developments

Authors