New AFSL Requirement for Australian Crypto Exchanges & Digital Asset Platforms

Introduction 

The regulatory environment for Australian crypto businesses is undergoing a fundamental change, moving from a fragmented, activity-based system to a more formal, integrated financial services framework. For years, many crypto exchanges and platforms operated with only Australian Transaction Reports and Analysis Centre (AUSTRAC) registration for anti-money laundering purposes. With the passage of the Corporations Amendment (Digital Assets Framework) Act 2026 (Cth), this approach is no longer sufficient, as the legislation integrates many digital asset businesses into the Australian Financial Services Licence (AFSL) regime.

For founders of crypto exchanges, OTC desks, and other digital asset platforms, this shift means that operating legally now requires navigating the full scope of financial services law—a complex task best handled by specialised AFSL lawyers—under the dual oversight of the Australian Securities and Investments Commission (ASIC) and AUSTRAC. This article explains the new AFSL requirement for digital asset platforms, the roles of both regulators, and what the 2026 legislation means for your business’s compliance obligations.

Interactive Tool: Check If Your Crypto Business Needs an AFSL & Meets Deadlines

Core Legal Framework for Australian Crypto Businesses

The Corporations Act 2001 (Cth) & The Financial Product Test

The primary legislation governing financial services in Australia is the Corporations Act 2001 (Cth). Regulatory obligations, including the requirement to hold an AFSL, are triggered when a crypto-asset or a related service is classified as a “financial product” under this Act, making understanding financial products a critical first step.

A crypto-asset is not automatically a financial product, as its classification depends on the rights, benefits, and features associated with it. To provide clarity, ASIC uses a “bundle of rights” test, as outlined in its Information Sheet 225 (INFO 225). Ultimately, this test assesses the substance of an offering rather than its technological label, examining the totality of rights and expectations it creates for the user.

ASIC’s INFO 225 provides numerous worked examples to illustrate how this test applies to various digital asset scenarios. The legal status of a crypto-asset turns on its specific structure and the rights it confers, which can lead to it being classified as one of several types of financial products, including:

• an interest in a managed investment scheme (MIS);
• a security;
• a derivative; or
• a non-cash payment facility.

ASIC’s Role: Financial Services & Investor Protection

ASIC is responsible for regulating financial products and protecting investors. Its jurisdiction extends to any crypto-asset or service that meets the definition of a financial product under the Corporations Act 2001 (Cth).

ASIC’s oversight in the digital asset sector covers several key areas, as follows:

• financial products that involve crypto-assets;
• trading platforms that facilitate dealing in these financial products;
• misleading or deceptive conduct related to financial services; and
• disclosure obligations for financial products.

Furthermore, there is an increasing expectation that crypto firms align their operations with the standards required of AFSL holders. This is the case even before the new Digital Asset Platform (DAP) regime formally commences. Adhering to these standards ensures that consumers receive the protections afforded under financial services law and allows ASIC to take action where poor practices lead to harm.

AUSTRAC’s Role: AML & CTF Regulation

The second regulatory pillar for crypto businesses in Australia is AUSTRAC. This body enforces the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).

Any business that provides a Digital Currency Exchange (DCE) service must register with AUSTRAC and implement a compliant Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) program. In addition, these obligations apply independently of any requirements set by ASIC.

This means that AUSTRAC registration is a baseline requirement for all DCEs, regardless of whether the digital assets they handle are considered financial products. Consequently, many crypto businesses operate under a dual-compliance framework, needing to satisfy both AUSTRAC’s AML/CTF requirements and ASIC’s financial services regulations.

Transitioning to the New DAP AFSL Regime

The Digital Asset Platform (DAP) Regime Explained

The Corporations Amendment (Digital Assets Framework) Act 2026 (Cth) introduces two new categories of financial products, bringing many crypto platforms under a formal licensing framework. These new categories specifically target facilities where an operator holds or possesses digital assets on behalf of clients.

The two main classifications are as follows:

• Digital Asset Platforms: Under Section 761GC, a DAP is a facility where an operator possesses one or more digital tokens for or on behalf of another person. This definition is broad enough to cover most crypto exchanges, brokers, and some wallet providers that hold or control client crypto assets.
• Tokenised Custody Platforms (TCPs): Defined in Section 761GD, a TCP is a facility where an operator holds assets other than money, creates a single digital token for each underlying asset, and holds that asset for the person who possesses the token. This right to redeem or direct the delivery of the underlying asset is conferred by possessing the digital token.

AFSL Requirements for Crypto Exchanges & Custody Platforms

Operators of DAPs and TCPs will be required to obtain an AFSL from ASIC. Furthermore, the Corporations Amendment (Digital Assets Framework) Act 2026 (Cth) amends Section 764A(1) of the Corporations Act 2001 (Cth) to explicitly list a digital asset platform and a tokenised custody platform as financial products.

This AFSL requirement means that crypto exchanges and custody platforms will be subject to the same compliance standards as traditional financial service providers. These obligations include meeting standards for:

• asset holding;
• disclosures; and
• governance.

Ultimately, this change marks a significant regulatory shift, moving many digital asset businesses from a baseline anti-money laundering registration to a full financial services licensing regime.

Navigating The 18-Month Transition & The June 2026 Deadline

The new Digital Assets Framework provides a structured timeline for implementation. The Corporations Amendment (Digital Assets Framework) Act 2026 (Cth) received Royal Assent on 8 April 2026 and will commence 12 months later, on 9 April 2027.

Following this commencement, there is a six-month window for existing operators to lodge an AFSL application to access transitional relief. As a result, this creates an 18-month overall implementation timeline. Operators who lodge an application within this six-month window can continue to operate until ASIC makes a decision on their licence.

Separately, a more immediate deadline applies to businesses already dealing in crypto-assets that are considered financial products under existing law, as clarified in ASIC’s INFO 225. ASIC has granted a sector-wide no-action position for these firms, which provides temporary relief from enforcement action.

To benefit from this position, affected businesses must lodge a complete AFSL application with ASIC on or before 30 June 2026. Missing this deadline means a business loses this protection and could face immediate enforcement action from ASIC for any unlicensed conduct.

ASIC’s Financial Product Test & Key Classifications

Applying The Financial Product Test With INFO 225

ASIC uses its guidance in INFO 225 to determine if a crypto asset is a financial product under the Corporations Act 2001 (Cth). Ultimately, the classification does not depend on the technology or name used but on the substance of the offering and the bundle of rights and benefits it provides.

Furthermore, ASIC’s bundle of rights test assesses the features of a digital asset to see if it functions like a traditional financial product. To assist with this, INFO 225 provides 18 worked examples to illustrate how this test applies to various crypto products and services. As a result, this guidance makes it clear that many widely traded digital assets are considered financial products, triggering the AFSL requirement, including:

• Stablecoins; and
• Wrapped tokens.

Staking-as-a-Service As A Managed Investment Scheme

ASIC’s guidance in INFO 225 explicitly notes that managed staking arrangements are likely to be classified as a MIS, a complex area of funds and investment management law. An MIS is a type of financial product that generally involves people contributing assets to be pooled in a common enterprise to produce financial benefits, where the contributors do not have day-to-day control over the operation. Therefore, if your staking-as-a-service offering involves pooling customer crypto assets to generate returns, it will likely require an AFSL and may need to be registered as a scheme.

By contrast, Australian Securities and Investments Commission v Web3 Ventures Pty Ltd [2024] FCA 64 provides an important distinction. The Full Federal Court found that Block Earner’s fixed-yield “Earner” product was not an MIS. The court reasoned that customers had a contractual right to the repayment of their crypto assets plus a fixed interest rate, making them creditors rather than members of a collective investment.

In addition, users did not acquire rights to benefits produced by the scheme, and there was no intention for contributions to be pooled to produce financial benefits for the members. Ultimately, this highlights that arrangements structured as a loan with a fixed return may not be an MIS, unlike schemes where returns are variable and tied to the performance of the pooled assets.

Crypto Custody Standards & Regulatory Guide 133

When crypto assets are classified as financial products, holding them on behalf of clients triggers stringent custody standards under ASIC’s Regulatory Guide 133 (RG 133). These obligations are designed to safeguard digital assets and ensure robust operational controls.

Accordingly, good practice for an asset holder of crypto-assets includes several key measures as follows:

• Specialist Expertise: The custodian must have specialist expertise and infrastructure for crypto-asset custody, including secure systems for receiving, validating, and executing client instructions.
• Robust Security: The operator must implement strong cyber and physical security practices, covering internal governance, risk management, and business continuity.
• Asset Segregation: Crypto-assets must be segregated on the blockchain. This involves maintaining unique public and private keys for client assets to prevent them from being mixed with the firm’s own holdings or other clients’ assets.
• Private Key Management: Private keys must be generated and stored in a way that minimises the risk of loss or unauthorised access. This includes using “cold storage” (physically isolated hardware) for the majority of assets and limiting the use of “hot storage” (internet-connected systems).
• Secure Signing Processes: The custodian should adopt signing approaches that reduce single points of failure, such as using multi-signature or sharding-based methods.
• Independent Verification: Security practices and the control environment should be independently verified against appropriate standards, such as ISO/IEC 27001:2022 or by obtaining a System and Organisation Controls (SOC) report.

Key Crypto Enforcement Actions & Warnings

Misclassifying Retail & Wholesale Clients: The Binance Case

Recent ASIC investigations and enforcement actions against Binance Australia Derivatives provide a clear warning about the risks of misclassifying clients. The Federal Court ordered the firm to pay a $10 million penalty for improperly classifying retail investors as wholesale clients, which occurred between July 2022 and April 2023.

This misclassification, which underscores the critical difference between wholesale vs retail clients, affected 524 retail investors, representing over 85% of the platform’s Australian client base. These clients were given access to high-risk cryptocurrency derivatives without the consumer protections required for retail investors under the Corporations Act 2001 (Cth). As a result, the financial consequences for these clients were substantial, resulting in over $12 million in combined trading losses and fees.

The court’s decision highlighted systemic failures in the company’s onboarding processes, including:

• Unlimited-attempt quiz: allowing retail clients to repeatedly try to meet the wholesale investor qualification test.
• Lack of oversight: from senior compliance staff over client classification.
• Inadequate training: failing to provide documented training to compliance staff on the firm’s Wholesale Clients Policy.

As a result of these actions, Binance Australia Derivatives ceased its derivatives business and surrendered its AFSL.

Operating Without a Proper Licensing Structure: The Qoin Case

Australian Securities and Investments Commission v BPS Financial Pty Ltd (Penalty) [2026] FCA 18 demonstrates that relying on an authorised representative arrangement is not a guaranteed shield from liability for operating without an AFSL. In January 2026, the Federal Court ordered BPS Financial to pay a $14 million penalty for operating an unlicensed financial services business in relation to its Qoin Wallet product.

BPS Financial operated without holding its own AFSL while undertaking significant activities, including:

• issuing more than 93,000 wallets; and
• raising over $40 million from token sales. The company operated under an authorised representative arrangement with a third-party AFSL holder. However, the court found this structure was insufficient.

The Full Federal Court, in ASIC v BPS Financial Pty Ltd (Penalty) , determined that BPS was, in substance, acting on its own behalf and not as a genuine representative of the licensee. This finding shows that ASIC and the courts will examine the reality of a business’s operations, not just the formal agreements in place. Furthermore, in addition to the financial penalty, the court imposed a 10-year injunction restraining BPS from engaging in unlicensed financial services activity.

Unregistered Managed Investment Schemes: The NGS Crypto Case

The consequences of operating an unlicensed investment scheme can extend beyond financial penalties to the complete shutdown of the business. In Australian Securities and Investments Commission v NGS Crypto Pty Ltd (No 5)[2025] FCA 1611, the Federal Court ordered the winding up of NGS Crypto Pty Ltd and NGS Digital Pty Ltd for operating:

• an unlicensed financial services business; and
• an unregistered MIS.

The companies promoted a “blockchain mining” investment scheme that raised approximately $59 million from over 450 Australian investors. Many of these investors used their self-managed superannuation funds (SMSFs) based on encouragement from NGS Crypto. The scheme promised fixed-rate returns from crypto mining activities, but investors had no day-to-day control over the operations.

In ASIC v NGS Crypto Pty Ltd (No 5), the Court found that the NGS companies engaged in a “blatant contravention of the Corporations Act 2001 (Cth)” and showed a complete disregard for Australian financial services laws. By ordering the companies to be wound up, the court took a structural remedy to:

• protect investors from further harm; and
• facilitate an orderly return of any recoverable assets. Ultimately, this case serves as a stark warning that ASIC will seek to shut down non-compliant operations to protect investors.

Conclusion

The Australian regulatory landscape for digital asset platforms has fundamentally shifted, with the new Digital Assets Framework mandating an AFSL for crypto exchanges and custody platforms. This change requires dual compliance with both ASIC and AUSTRAC, as recent enforcement actions demonstrate the significant penalties for operating outside this integrated financial services regime.

To navigate this transition and ensure your crypto business is built on a compliant foundation, contact AFSL House’s lawyers experienced in AFSL applications today. Our team specialises in guiding digital asset platforms through the licensing process and developing tailored compliance frameworks to secure your operations in Australia’s regulated landscape.

Frequently Asked Questions