🇦🇺Australia

Detailed overview

Australia: VASP Registration, Financial Services Licensing, and Digital Assets Framework

Australia regulates digital-asset activity through overlapping AML/CTF, financial-services, market-infrastructure, and forthcoming digital-asset-platform rules. It does not have one single generic “crypto licence.” The current AML/CTF entry route is registration with AUSTRAC where the business provides a registrable virtual asset service. The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 defines a “virtual asset” broadly as a digital representation of value that functions as a medium of exchange, store of economic value, unit of account, or investment, is not issued by or on behalf of a government body, and can be transferred, stored or traded electronically.

Registrable virtual asset services include virtual asset safekeeping, exchanging virtual assets for money or money for virtual assets, exchanging one virtual asset for another, providing a designated service in connection with the offer or sale of a virtual asset while participating in that offer or sale, and certain transfer services involving virtual assets. A person must not provide a registrable virtual asset service unless registered on the VASP Register; breach can attract criminal and civil penalty exposure.

VASP registration is not merely a formality. AUSTRAC may consider money-laundering, terrorism-financing and serious-crime risk, compliance history, legal and beneficial ownership and control, and other prescribed matters; registrations may be subject to conditions and generally require renewal after three years. AUSTRAC states that providers of newly regulated virtual asset services must apply to enrol and register by 2026-07-29, while providers already registered as digital currency exchanges were automatically registered as VASPs from 2026-03-31.

VASPs must also operate an AML/CTF compliance framework, including money-laundering, terrorism-financing and proliferation-financing risk assessment, AML/CTF policies, customer due diligence, reporting, recordkeeping and Travel Rule controls. For virtual asset transfers, the ordering institution must determine the wallet type, pass prescribed payer, payee and tracing information, and must not send transfer messages to an entity that should be licensed or registered under FATF-equivalent law but is not.

Separately, ASIC administers Australia’s financial-services framework under the Corporations Act 2001. A digital asset, wallet, tokenised product, stablecoin, wrapped token, derivative, investment token or custody arrangement may already be a “financial product” if it falls within the existing statutory definitions, including financial investment, financial risk management, non-cash payment facility, security, managed investment scheme interest or derivative. A person carrying on a financial services business in Australia generally requires an Australian financial services licence unless an exemption applies, and operating a financial market generally requires an Australian market licence unless exempt. ASIC has stated that stablecoins, wrapped tokens, tokenised securities and digital asset wallets are among digital asset products it considers financial products, and that relevant providers should apply for an AFSL by 2026-06-30 before ASIC’s no-action position expires.

Australia has also enacted the Corporations Amendment (Digital Assets Framework) Act 2026. The Act creates a future financial-services regime for digital asset platforms and tokenised custody platforms, bringing them into the financial product and AFSL framework and requiring ASIC standards for asset holding, transactional and settlement functions, platform rules and disclosure. ASIC states that the Digital Assets Framework Act received Royal Assent on 2026-04-08 and will commence on 2027-04-09, with a staged roadmap for consultation, draft guidance, licence applications and full implementation.

Regulators: AUSTRAC for AML/CTF enrolment, VASP registration, AML/CTF programs, reporting and Travel Rule compliance; ASIC for financial products, AFSL, market licensing, custody, disclosure and the new digital assets framework; Treasury and Parliament for legislative reform.

Question presented and assumptions

Question presented: What Australia legal/regulatory entry should be added to the Licentium jurisdiction hub for cryptoasset / digital-asset licensing and market-entry purposes?

Assumptions: The intended hub entry is for firms providing virtual-asset exchange, brokerage, custody, hosted wallets, transfer, OTC, P2P marketplace, token sale support, token listing, stablecoin, wrapped token, tokenised securities, staking, yield, asset management, market-making, payment or digital-asset platform services to Australian clients or from Australia. No specific facts are supplied about Australian incorporation, local staff, Australian customers, Australian-dollar rails, customer asset custody, wallet control, token legal rights, issuer obligations, redemption rights, financial-product status, retail distribution, offshore targeting, platform matching, market operation or stablecoin reserve structure.

Jurisdiction profile

Australia’s official Commonwealth legislation repository is the Federal Register of Legislation. The Federal Register describes itself as the authorised whole-of-government website for Commonwealth legislation and related documents, including full text and lifecycle details, managed by the Office of Parliamentary Counsel under the Legislation Act 2003. The Federal Register was therefore used for Commonwealth statutes and legislative instruments.

The core binding sources for this session are the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, the Anti-Money Laundering and Counter-Terrorism Financing Rules 2025, the Corporations Act 2001, and the Corporations Amendment (Digital Assets Framework) Act 2026. The Federal Register page for the AML/CTF Act identifies it as in force, administered by Home Affairs, and shows the latest compilation as C2026C00119, Compilation No. 60, dated 2026-03-31. The Federal Register page for the AML/CTF Rules identifies the instrument as in force, administered by Home Affairs, and shows the latest compilation as F2026C00274, Compilation No. 1, dated 2026-03-31. The Federal Register page for the Corporations Act identifies it as in force, administered by the Attorney-General’s Department and Treasury, and shows the latest compilation as C2026C00058, Compilation No. 145, dated 2025-12-19.

Administrative materials relied on here are official AUSTRAC, ASIC, Treasury and Parliament materials. AUSTRAC guidance is used for AUSTRAC’s current administrative position on VASP enrolment, VASP registration, transitional deadlines and designated-service interpretation. ASIC materials are used for ASIC’s current no-action position, digital asset financial-product position, and implementation roadmap for the Digital Assets Framework Act. Treasury materials are used only for official policy background where expressly identified as non-binding implementation context. Acts and legislative instruments control over regulator guidance.

No case law is relied on in this session. Australian case law would be checked through official court repositories for a litigation-sensitive question, but no judicial proposition is necessary for this website-ready jurisdiction entry.

Executive summary

• Australia is an overlapping-regime jurisdiction, not a single “crypto licence” jurisdiction. The main current regimes are AUSTRAC VASP registration under AML/CTF law and ASIC financial-services / market licensing where the digital asset or related facility is a financial product.
• A “virtual asset” is defined broadly as a digital representation of value that functions as a medium of exchange, store of economic value, unit of account or investment, is not issued by or on behalf of a government body, and can be transferred, stored or traded electronically.
• Registrable virtual asset services include virtual asset safekeeping, virtual asset / money exchange, virtual asset / virtual asset exchange, designated services connected with the offer or sale of virtual assets, and certain virtual-asset transfer services.
• A person must not provide a registrable virtual asset service unless registered on the VASP Register; contravention can attract criminal penalties and civil penalties.
• AUSTRAC may refuse, condition, suspend or cancel registration based on money-laundering, terrorism-financing and serious-crime risk and other prescribed matters, including compliance history, beneficial ownership and control.
• AUSTRAC states that new providers of newly regulated virtual asset services must apply to enrol and register by 2026-07-29, while previously registered digital currency exchanges were automatically registered as VASPs from 2026-03-31.
• VASPs must maintain AML/CTF risk assessments, AML/CTF policies, customer due diligence, transfer information controls and Travel Rule systems; virtual asset transfers require prescribed payer, payee and tracing information.
• Digital assets may already be financial products under the Corporations Act where they satisfy the definitions of financial investment, financial risk management, non-cash payment facility, security, managed investment scheme interest, derivative or other financial product.
• A person carrying on a financial services business in Australia generally requires an AFSL unless exempt; a person operating a financial market generally requires an Australian market licence unless exempt.
• The Corporations Amendment (Digital Assets Framework) Act 2026 creates a future AFSL-based framework for digital asset platforms and tokenised custody platforms; ASIC states that the framework commences on 2027-04-09 and will be implemented through staged consultation, standards, guidance and licence applications.

Analysis by issue

Current AUSTRAC VASP registration perimeter

Conclusion: A business providing virtual asset exchange, virtual asset safekeeping, virtual asset transfer, or offer / sale participation services in Australia should be analysed for AUSTRAC VASP registration.

Rule: The AML/CTF Act defines a virtual asset as a digital representation of value that functions as a medium of exchange, store of economic value, unit of account or investment, is not issued by or on behalf of a government body, and can be transferred, stored or traded electronically. The Act identifies registrable virtual asset services by reference to designated services including “providing a virtual asset safekeeping service,” exchanging virtual assets for money or money for virtual assets, exchanging one virtual asset for another, providing a designated service in connection with the offer or sale of a virtual asset while participating in that offer or sale, and specified transfer services involving virtual assets.

Section 76A provides that a person must not provide a registrable virtual asset service if the person is not registered on the VASP Register. Breach may be an offence and the relevant subsections are also civil penalty provisions. AUSTRAC’s official VASP guidance states that a person is likely to be a VASP where the business exchanges virtual assets for money, exchanges money for virtual assets, exchanges virtual assets for other virtual assets, safekeeps virtual assets, orders or receives virtual asset transfers, makes virtual assets available, or provides financial services connected with an offer or sale of a virtual asset.

Application: A spot exchange, OTC desk, brokerage platform, P2P exchange platform, hosted wallet, custodian, safekeeping provider, transfer service, token-sale intermediary, or virtual asset payment / transfer provider should be reviewed under the VASP perimeter. AUSTRAC guidance on “making arrangements” indicates that P2P platforms, matched-principal models, execution facilities and other intermediaries can be captured for exchange services. AUSTRAC also states that virtual asset safekeeping can include controlling or managing virtual assets or private keys for a customer, including multi-signature arrangements, while excluding ancillary cloud storage and a software developer that solely develops a software app and does not engage in safekeeping.

Limitations / counterarguments: A pure software provider, non-custodial protocol developer, incidental cold-wallet safe storage by a professional service provider, or non-business personal trading activity may fall outside the VASP registration perimeter, but the result depends on control, business activity, customer relationship, transfer authority, consideration, and Australian nexus. AUSTRAC guidance is official administrative material, but courts ultimately interpret the legislation.

VASP registration process, conditions and transitional arrangements

Conclusion: VASP registration is a substantive AML/CTF gatekeeping process with AUSTRAC discretion, conditions, renewal and cancellation risk. Transitional deadlines are central for firms newly captured by the 2026 reforms.

Rule: The AML/CTF Act requires an application for VASP registration to be made in writing, in the approved form, and to include information required by the AML/CTF Rules. A deemed refusal can occur if no decision is made within 90 days from the latest relevant date, subject to a possible extension of up to 30 days in complex or special circumstances. AUSTRAC’s CEO must decide to register if satisfied that it is appropriate, taking into account significant money-laundering, terrorism-financing and serious-crime risk and other Rules matters, including charges or convictions, compliance or non-compliance with AML/CTF or other laws, and legal and beneficial ownership and control.

AUSTRAC may impose registration conditions, including conditions about the value, volume or kinds of virtual assets exchanged and notification requirements. Registration may cease on cancellation, removal, expiry after three years unless renewed under the Rules, death or dissolution, and AUSTRAC may cancel or condition registration for significant risk or breach.

AUSTRAC’s transitional guidance states that providers of newly regulated virtual asset services must apply to enrol and register by 2026-07-29 if they were providing those services before 2026-07-01 and wish to continue under transitional arrangements. It also states that businesses already registered as digital currency exchange providers were automatically registered as VASPs from 2026-03-31. AUSTRAC also states that some new AML/CTF obligations for newly regulated virtual asset services are deferred to 2026-07-01, while item 50A virtual asset / money exchange services are subject to new obligations from 2026-03-31.

Application: A business entering Australia should not treat AUSTRAC registration as a simple notification. The registration package should address ownership and control, directors and senior managers, business model, countries of operation, virtual asset types, customer categories, transaction flows, AML/CTF risk assessment, AML/CTF policies, compliance officer, transaction monitoring, reporting, sanctions screening, Travel Rule systems, and recordkeeping. Existing Australian digital currency exchange registrations should be checked and updated, while newly regulated custody, transfer, offer / sale and virtual asset service models should be assessed against the 2026-07-29 enrolment / registration date.

Limitations / counterarguments: Transitional timing depends on whether the service is a previously registered digital currency exchange service, a newly regulated virtual asset service, item 50A activity, or another designated service. AUSTRAC’s administrative guidance should be checked again immediately before publication or filing because it implements a recently amended AML/CTF regime.

AML/CTF program, customer due diligence and Travel Rule

Conclusion: A registered VASP must be ready to operate as an AML/CTF reporting entity, not just a registered crypto business.

Rule: The AML/CTF Act requires an AML/CTF program consisting of a money-laundering, terrorism-financing and proliferation-financing risk assessment and AML/CTF policies. The risk assessment must identify and assess ML/TF/PF risks and be appropriate to the nature, size and complexity of the reporting entity. It must consider designated services, customers, delivery channels, new technologies, countries dealt with, AUSTRAC information and matters required by the Rules. AML/CTF policies must appropriately manage and mitigate identified risks and ensure compliance with AML/CTF obligations.

For virtual asset transfers, section 66A requires the ordering institution to determine whether the payee’s wallet is with a licensed or registered custodial institution, an unregistered custodial institution, or is self-hosted. The ordering institution must pass prescribed information to the beneficiary institution and must not provide the service if the transfer message is sent to an entity that is required under FATF-effective law to be licensed or registered but is not. The AML/CTF Rules require the ordering institution to collect payer information and the payee’s full name, verify payer information, and pass payer, payee and tracing information unless an exception applies. The Rules define payer information to include the payer’s full name and customer ID, unique identifier, date and place of birth or address, and tracing information to include source account or wallet address, destination wallet address, destination tag or memo, and unique transaction reference.

Application: A VASP should implement customer identification, beneficial-owner checks, sanctions screening, risk-rating, blockchain analytics where appropriate, wallet-type determination, counterparty VASP due diligence, Travel Rule message generation / receipt, source-of-funds checks, suspicious matter reporting, threshold transaction reporting where relevant, recordkeeping and board-level AML governance. If the business supports self-hosted wallet withdrawals or deposits, it should prepare separate controls for wallet attribution, transfer-risk assessment and delayed obligations for certain reporting classes.

Limitations / counterarguments: AUSTRAC’s transitional guidance states that reporting international value transfer services involving virtual assets can be delayed until 2029-03-31 in certain cases, and reporting transfers involving unverified self-hosted wallets is also not required until 2029-03-31, although suspicious matter reporting and other obligations continue. Detailed operational controls should be checked against the current AML/CTF Rules and AUSTRAC guidance at the filing date.

Australian nexus and offshore operators

Conclusion: Offshore structuring does not reliably remove Australian regulatory risk where the activity has an Australian geographical or financial-services nexus.

Rule: The AML/CTF Act states that, unless a contrary intention appears, the Act extends to acts, omissions, matters and things outside Australia. AUSTRAC guidance states that a person providing a designated service with a geographical link to Australia must enrol, and if the service is a remittance or VASP service the person must both enrol and register.

Under the Corporations Act, a financial services business is taken to be carried on in Australia if conduct is intended or is likely to induce people in Australia to use the financial services. For financial markets, the Corporations Act includes material connection factors such as Australian operations, Australian-dollar products, products with underlying Australian assets or indices, Australian-resident participants, and targeting Australian investors.

Application: A foreign exchange, custodian, wallet, broker, token issuer, DAP, stablecoin issuer, liquidity venue or OTC desk should be reviewed where it accepts Australian users, markets into Australia, uses Australian-dollar rails, has Australian staff or group entities, offers products with Australian underlying assets, provides services from Australia, or operates infrastructure with Australian participants. Website geo-blocking, app-store availability, Australian-language marketing, affiliates, influencers, Australian support channels and Australian banking relationships are relevant facts.

Limitations / counterarguments: The AML/CTF geographical-link test and the Corporations Act jurisdictional tests are not identical. A firm may be outside one regime but inside another. Offshore DeFi, non-custodial software, validator, staking and cross-border liquidity models require fact-specific analysis of who provides the service, who controls assets, who contracts with customers, and where inducement or operational conduct occurs.

Existing Corporations Act financial-product and AFSL overlay

Conclusion: Before the Digital Assets Framework Act fully commences, many digital asset structures can already require ASIC licensing if the token, wallet, arrangement or service is a financial product under existing Corporations Act categories.

Rule: The Corporations Act defines a financial product as a facility through which, or through the acquisition of which, a person makes a financial investment, manages financial risk or makes non-cash payments. The Act also includes specific financial products such as securities, interests or rights in managed investment schemes, derivatives, certain deposit-taking facilities, certain foreign-exchange contracts, margin lending facilities and other declared products.

A person provides a financial service if the person provides financial product advice, deals in a financial product, makes a market for a financial product, operates a registered scheme or provides a custodial or depository service. “Dealing” includes issuing, applying for, acquiring, varying, disposing of and arranging for others to do those things in relation to a financial product. A person carrying on a financial services business in Australia generally must hold an AFSL covering the provision of the financial services unless an exemption applies.

A financial market is a facility through which offers to acquire or dispose of financial products are regularly made or accepted, or through which offers or invitations are regularly made to acquire or dispose of financial products. A person must not operate a financial market in Australia, or hold out that they operate one, unless they have an Australian market licence or an exemption applies.

ASIC’s current official position is that providers of financial services involving digital asset financial products should decide whether they need an AFSL and apply by 2026-06-30 before ASIC’s no-action position expires. ASIC states that stablecoins, wrapped tokens, tokenised securities and digital asset wallets are among digital asset products it considers financial products.

Application: A token that gives holders investment exposure, profit rights, redemption rights, payment functionality, derivatives exposure, rights in pooled assets, rights against an issuer, rights to an underlying asset, or risk-management functionality may require a Corporations Act analysis. A platform giving advice, arranging acquisitions, listing, issuing, dealing, market-making, custody or depository services in relation to such tokens may need an AFSL. If the platform regularly matches offers for financial products, an Australian market licence may also be relevant. A stablecoin, wrapped token, wallet or tokenised security should not be treated as unregulated merely because it uses blockchain infrastructure.

Limitations / counterarguments: ASIC’s no-action position is an enforcement posture, not a statutory exemption from the law. Conversely, not every cryptoasset is a financial product. The conclusion depends on token rights, custody model, redemption structure, issuer promises, yield, pooling, marketing, user reliance, payment functionality, secondary market design and whether an exemption or relief instrument applies.

Digital Assets Framework Act 2026: digital asset platforms and tokenised custody platforms

Conclusion: Australia has enacted a future AFSL-based digital assets framework that will materially change licensing for custodial digital asset platforms and tokenised custody platforms from April 2027, subject to transitional arrangements and ASIC standards.

Rule: The Digital Assets Framework Act defines a “digital token” by reference to an electronic record capable of factual control, including the ability to transfer control, exclude others and demonstrate control. It defines a “digital asset platform” as a facility where the operator possesses one or more digital tokens as underlying assets for or on behalf of another person, including as trustee or bailee, or is obliged to deal with the token in accordance with another person’s instructions. It defines a “tokenised custody platform” as a facility where the operator identifies assets other than money, creates a single digital token for each asset, and possession of the token confers a right to redeem or direct delivery while the operator holds the underlying asset for or on behalf of the token possessor.

The Act inserts digital asset platforms and tokenised custody platforms into the list of financial products, unless the facility is a managed investment scheme. For licensees issuing such platforms, the Act requires compliance with asset-holding standards, transactional and settlement standards, and adequate platform rules. ASIC may make asset-holding standards dealing with safeguarding, recordkeeping, reconciliation, reporting and use of client assets, including trust treatment of money and omnibus-wallet arrangements where internal accounting identifies client assets. ASIC may also make transactional and settlement standards for facilitation, matched-principal trading or execution, and handling, prioritising and executing client instructions. Platform rules must include transparent and non-discriminatory eligibility criteria, client obligations, settlement method, risk disclosures, asset types, deposit and redemption arrangements, and rules that have contractual effect.

The Act contains a transition period. It defines the transition period as the six months beginning on commencement, and provides that during the transition period the amendments do not apply in specified circumstances where the responsible person lacks an AFSL condition but applies for the relevant licence or variation. ASIC states that the Act received Royal Assent on 2026-04-08, commences on 2027-04-09, and will be implemented through staged consultation, guidance, licensing applications and full implementation.

Application: A custodial exchange, hosted wallet, broker-custodian, matched-principal platform, token custody product or platform holding digital tokens for clients should plan for AFSL authorisations, asset-holding standards, platform rules, retail disclosure, complaints handling, financial requirements and ASIC supervision. A one-token-one-underlying-asset custody model should be screened for tokenised custody platform status. Firms already seeking AFSL coverage for digital asset financial products before 2026-06-30 may later need DAP or TCP authorisations once the new framework commences.

Limitations / counterarguments: ASIC standards, regulatory guidance, licence conditions and final transition mechanics remain implementation-sensitive. The Act provides the statutory architecture, but the operational compliance burden will depend heavily on ASIC’s final standards and the specific platform design.

Stablecoins, wrapped tokens and payment / stored-value functionality

Conclusion: Stablecoins and wrapped tokens require separate Australian analysis because they may already be financial products, may be registrable virtual asset services when exchanged, safeguarded or transferred, and may be affected by payment / stored-value reforms and the new digital asset platform framework.

Rule: ASIC states that stablecoins, wrapped tokens, tokenised securities and digital asset wallets are among the digital asset products it considers financial products, and it has warned providers to apply for licensing by 2026-06-30 before its no-action position expires. Treasury’s official digital asset policy statement describes payment stablecoins as intended to be treated as a type of stored-value facility under payments licensing reforms, and states that reforms would revise licensing for facilities that hold monetary value for payments.

Application: A fiat-backed stablecoin issuer, distributor, exchange, wallet, broker, custodian or payment platform should analyse the product under the Corporations Act financial-product definitions, AML/CTF VASP rules, AUSTRAC Travel Rule, non-cash payment facility provisions, stored-value / payment reforms, and the DAF Act platform rules if customer assets are held through a DAP or TCP. Key facts include redemption rights, reserve assets, issuer obligations, whether holders have a claim against the issuer or reserve, whether the token is used for payments, whether yield is paid, whether the product is wrapped or redeemable for another asset, and whether Australian retail clients are targeted.

Limitations / counterarguments: Treasury policy materials are not binding law. The final legal position for payment stablecoins depends on enacted and commenced legislation, regulations, ASIC instruments, licence conditions and product terms. Stablecoins may also be structured differently: some may be financial products, some may be stored-value or payment products, and some may be virtual assets without being financial products, depending on their rights and use.