Introduction

The convergence of digital currencies and cross-border remittance offers a powerful opportunity for businesses in Australia, providing efficient and innovative payment rails. However, this model places operators at the intersection of two complex and distinct regulatory frameworks, creating a significant dual compliance burden from the Australian Securities and Investments Commission (ASIC) and the Australian Transaction Reports and Analysis Centre (AUSTRAC).

Navigating this landscape requires a unified approach, as many crypto businesses mistakenly assume that registering with AUSTRAC is sufficient for full compliance. In reality, many services also trigger Australian Financial Services Licence (AFSL) obligations under the Corporations Act 2001 (Cth), making a comprehensive guide to understanding financial products essential for compliance. This guide provides a clear framework for managing these interlocking duties, helping your business or organisation address both consumer protection and anti-money laundering obligations cohesively

Interactive Tool: See If You Need an AFSL & AUSTRAC Registration

Understanding the Dual Regulatory Burden for Your Crypto Business

ASIC’s Role in Consumer Protection & Financial Licensing

ASIC is the country’s corporate, markets, and financial services regulator. Operating under the Corporations Act 2001 (Cth), its primary responsibilities include consumer protection, maintaining market integrity, and ensuring financial service providers act “efficiently, honestly and fairly.”

ASIC’s jurisdiction over the crypto industry is activated only when a digital asset or the service being provided is classified as a “financial product.” This classification depends on the asset’s specific features and the rights it confers, not its technological label.

Consequently, if a crypto-asset functions like a traditional financial product, it falls under ASIC’s regulatory oversight. This classification often triggers the need for an AFSL.

Examples of crypto-assets or services that may be classified as financial products include:

• Non-Cash Payment (NCP) Facilities: Stablecoins or other crypto assets used to make payments can fall into this category.
• Interests in a Managed Investment Scheme: This can occur when investor funds are pooled in a common enterprise, raising the question of whether you need an AFSL to offer a Managed Investment Scheme.
• Securities: A token may be a security if it provides rights similar to shares, such as ownership or a share in profits.
• Derivatives: This applies if a crypto asset’s value is derived from an underlying asset, such as a “wrapped token.”

AUSTRAC’s Role in Preventing Financial Crime

AUSTRAC serves as the nation’s financial intelligence unit. Its mandate is anchored in the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), with a primary purpose to combat:

• Money laundering within the financial system.
• Terrorism financing (ML/TF) operations.
• Various other serious financial crimes.

Unlike ASIC, AUSTRAC’s focus is not on consumer protection but on gathering financial intelligence to prevent the criminal abuse of the financial system. Furthermore, any business or organisation providing “designated services,” such as those requiring legal advice for a Digital Currency Exchange (DCE), is considered a reporting entity and must be registered with AUSTRAC.

Core obligations for these reporting entities are procedural and investigative in nature. These essential requirements include:

• Registering with AUSTRAC before providing any designated services.
• Developing and implementing a comprehensive Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) program tailored to the business’s specific risks.
• Conducting customer due diligence, commonly known as Know Your Customer (KYC) procedures.
• Reporting suspicious matters, transactions involving A$10,000 or more, and all international funds transfers to AUSTRAC.

Determining Your AFSL Obligations for Crypto Remittance

Is Your Service a Non-Cash Payment Facility

A primary trigger for requiring an AFSL is whether your crypto remittance service functions as a Non-Cash Payment (NCP) facility. Under the Corporations Act 2001 (Cth), if your platform facilitates payments without using physical currency, it may be classified as an NCP facility.

Consequently, your service is likely operating an NCP facility if it allows customers to perform actions such as:

• Holding stored balances of fiat currency or crypto assets.
• Transferring value to third parties.
• Initiating payment instructions using the platform.

The Federal Court’s decision in the ASIC v BPS Financial (Qoin) case serves as a key precedent, confirming that the legal classification of a crypto wallet enabling payments to others is that of an NCP facility. Additionally, ASIC’s guidance in Information Sheet 225 (INFO 225) further clarifies that even if cryptocurrency is only used “behind the scenes” to settle a transaction, the functional outcome for the user is making a payment, which brings the service under the NCP definition.

Are You Dealing in Foreign Exchange

Your crypto remittance business may also require an AFSL if its activities are characterised as “dealing in foreign exchange.” This classification often depends on how you handle exchange rates for your customers.

Specifically, ASIC may view your service as dealing in a financial product or even a derivative if you:

• Guarantee a specific exchange rate for a cross-border transfer.
• Offer a customer a locked-in rate, promising that their 1,000 AUD will result in a specific amount of foreign currency for the recipient.

By taking on market risk through these guaranteed rates, this activity moves beyond simple payment facilitation and into the realm of financial product dealing.

Furthermore, ASIC’s guidance clarifies that certain foreign exchange arrangements are regulated as financial products, necessitating a specific AFSL authorisation for dealing in foreign exchange. This is particularly true for:

• Arrangements that contain an underlying derivative element.
• Transactions that carry inherent deferred settlement risk.

Navigating Your AUSTRAC Registration Requirements

The Digital Currency Exchange Provider Registration

Any business or organisation that provides DCE services must be registered with AUSTRAC, Australia’s financial intelligence agency.

Specifically, a business is considered a DCE provider if it exchanges:

• Fiat currency, such as the Australian dollar, for a digital currency.
• A digital currency for a fiat currency.

This registration is a mandatory obligation under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) to combat money laundering and terrorism financing.

Upcoming reforms are set to expand this definition significantly. From 31 March 2026, the regulatory framework will cover a wider range of activities consistent with the Financial Action Task Force (FATF) definition of a Virtual Asset Service Provider (VASP).

Consequently, these new laws will extend the obligation to register with AUSTRAC to businesses that provide services such as:

• Exchanges between one or more forms of virtual assets (crypto-to-crypto exchanges).
• Transfers of virtual assets on behalf of a customer.
• Safekeeping or administration of virtual assets (custody services).
• Financial services related to an issuer’s offer or sale of a virtual asset.

The Remittance Service Provider Registration

A business is classified as a remittance service provider if it accepts instructions for money transfer & cross-border payments to a recipient in another country.. This service is regulated by AUSTRAC to prevent financial crime, and providers must be registered on the Remittance Sector Register before commencing operations.

Importantly, using cryptocurrency as the mechanism for the money transfer does not change this classification.

If the commercial purpose of the service is to facilitate cross-border value transfer for a customer, it is considered a remittance service.

Therefore, the fact that digital currencies are used as the intermediate asset does not negate the obligation to register as a remittance service provider.

Why Your Crypto Business Likely Needs Dual Registration

Most crypto remittance business models perform two distinct “designated services” under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).

These services typically include:

• Converting a customer’s fiat currency into a digital currency, which is a DCE function.
• Accepting the customer’s instruction to transfer that value internationally, which is a remittance function.

Because these activities trigger two separate obligations, crypto businesses that facilitate cross-border payments are typically required to register with AUSTRAC in both categories.

Failing to register for both the DCE and remittance services is a strict liability offence and can expose the business or organisation to significant civil penalties and enforcement action from AUSTRAC.

Managing Your International Transfer Reporting Obligations

Reporting IFTI-DRA for Digital Currency Transfers

One of the most technically demanding obligations for a crypto remittance business or organisation is reporting international transfers to AUSTRAC. This process is managed through the International Funds Transfer Instruction (IFTI) regime.

Specifically for digital currency movements, the required report is the International Funds Transfer Instruction – Designated Remittance Arrangement (IFTI-DRA). This applies directly to transfers made through non-bank remittance networks.

A key aspect of this obligation is that every instruction to transfer crypto value into or out of Australia must be reported to AUSTRAC within 10 business days. Unlike other reporting thresholds, the IFTI-DRA requirement has a zero-dollar threshold, meaning every cross-border crypto transfer is reportable, regardless of its value.

Your systems must be designed to automatically capture and report the specific data fields required for an IFTI-DRA involving digital currencies. These include:

• Ordering customer details, such as their full legal name, address, and customer ID.
• Beneficiary details, including their name and account or wallet identifier.
• Transaction metadata, which covers the amount and type of digital currency, its value in AUD at the time of transfer, the blockchain transaction ID, and wallet addresses for both the originator and destination.
• Counterparty details, providing information about any intermediary or beneficiary VASPs involved in the transfer chain.

Upcoming reforms under the Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 (Cth) will eventually replace the IFTI framework with a new International Value Transfer Service (IVTS) regime. This new system will streamline reporting and explicitly cover transfers of virtual assets, placing the reporting obligation on the entity closest to the Australian customer.

Implementing the FATF Travel Rule for Data Exchange

Beyond reporting to AUSTRAC, your business must also comply with the FATF Travel Rule, which is part of Australia’s anti-money laundering and counter-terrorism financing framework.

This rule requires your business or organisation to exchange specific originator and beneficiary information with the counterparty VASP when conducting a crypto transfer. Consequently, this data must “travel with” the transaction to ensure transparency and prevent illicit use.

Under Australian rules and regulations, which will be fully effective from 31 March 2026, this obligation requires you to:

• Transmit payer and payee information by securely sending the sender’s and receiver’s personally identifiable information to the beneficiary institution alongside the on-chain transaction.
• Use secure protocols, as this data exchange cannot be done over insecure channels like email, requiring the use of secure messaging frameworks such as the Travel Rule Protocol (TRP).
• Conduct counterparty due diligence before sending crypto to a foreign exchange by performing “Know Your VASP” checks to verify that the counterparty has adequate anti-money laundering controls.

A significant operational challenge is the “Sunrise Issue,” which occurs when your business sends digital currencies to a VASP in a jurisdiction where the Travel Rule is not yet enforced. Even if the foreign counterparty is not compliant, the obligation remains on the Australian business to attempt to send the required data, document its efforts, and manage the associated risks.

Proving Your Financial & Operational Resilience

Meeting ASIC’s Liquidity & Settlement Risk Standards

Holding an AFSL legally requires your business or organisation to maintain ‘adequate resources’ to provide your services, which is one of the core financial requirement obligations as an AFS licensee. This is a standard strictly enforced by ASIC.

For crypto remittance, this obligation centres on managing settlement risk, which is significantly amplified by the unique characteristics of digital currencies. Consequently, several factors can create operational challenges, including:

• Rapid exchange rate movements that impact value.
• On-chain network congestion causing delays.
• Counterparty risks associated with offshore exchanges.

Regulators expect you to demonstrate robust operational resilience and the ability to settle cross-border flows without causing consumer harm or delays. To meet these standards, your business must implement and provide evidence of several key controls:

• Stress testing: You must model scenarios for spikes in outflows, blockchain congestion, and the failure of a counterparty to ensure your systems can withstand market pressure.
• Intraday liquidity forecasting: Your business needs real-time monitoring and dashboards showing your liquidity positions by currency and corridor to manage intraday obligations.
• Pre-funding and credit lines: Maintaining pre-funded fiat pools or committed credit lines with licensed banks and liquidity providers is essential for ensuring you can meet settlement obligations as they fall due.
• Automated reconciliation: Systems should automatically reconcile on-chain transaction confirmations with off-chain settlement records to maintain accurate and timely financial oversight.

A common challenge in crypto remittance is the “settlement mismatch,” where digital currencies move instantly, but traditional banking rails experience delays. Your AFSL risk management framework must explicitly detail how you manage this gap, often through a dedicated liquidity pool funded by corporate equity rather than client funds.

Satisfying Capital Requirements like NTA

In addition to liquidity management, AFSL holders must meet specific capital adequacy requirements to ensure solvency.

The primary requirement is maintaining a minimum level of Net Tangible Assets (NTA). For businesses with custodial models where client crypto assets or funds are held, this requirement can be substantial, and depending on the nature of the service, it can be:

• As high as $5 million.
• Even up to $10 million in certain circumstances.

A critical point for any crypto business or organisation is that ASIC generally does not count volatile digital assets held on the company’s balance sheet toward the NTA requirement. Due to their price volatility, cryptocurrencies are not considered sufficiently stable to be classified as “Tangible Assets” or “Liquid Assets” for solvency purposes.

This means your business must hold a buffer of fiat currency, such as Australian dollars, or other cash equivalents in an account with an Australian Authorised Deposit-taking Institution (ADI). Furthermore, if your business holds more than $100,000 in client money, you may also trigger the Surplus Liquid Funds (SLF) test, which requires you to hold at least $50,000 in unencumbered liquid assets, separate from client funds.

Conclusion

Operating a crypto remittance business in Australia requires navigating the dual regulatory burdens of obtaining an AFSL from ASIC and registering with AUSTRAC. This complex landscape demands a unified compliance approach to manage critical obligations, from international transfer reporting and the FATF Travel Rule to proving financial and operational resilience.

To navigate this evolving financial system and ensure your platform is compliant, contact AFSL House’s specialist crypto lawyers to assist with your AFSL application today. Our expert AFSL lawyers provide specialised services designed to turn these complex regulatory challenges into strategic opportunities, securing your platform’s future in Australia’s modernising payment ecosystem.

Frequently Asked Questions (FAQ)

What is the main difference between an Australian Financial Services Licence & Australian Transaction Reports and Analysis Centre registration for crypto remittance?

The main difference is the regulatory focus, making it vital to understand the distinction between AUSTRAC registration vs AFSL; AUSTRAC registration is mandatory for AML/CTF compliance, while an AFSL is required by ASIC for consumer protection if the service is classified as a ‘financial product.

Do I need an Australian Financial Services Licence if I only use stablecoins for my remittance service?

Yes, using stablecoins pegged to a fiat currency to facilitate payments for customers is highly likely to be considered an NCP facility. This classification means your service is providing a financial product, which requires you to hold an AFSL from ASIC.

Is every international crypto transfer reportable to the Australian Transaction Reports and Analysis Centre?

Yes, every instruction to transfer crypto value into or out of Australia must be reported to AUSTRAC within 10 business days under the IFTI-DRA rules. This reporting obligation has a zero-dollar threshold, meaning all cross-border crypto transfers are reportable, regardless of their value.

What is the Travel Rule & does it apply to all crypto transfers?

The Travel Rule, which stems from FATF Recommendation 16, requires service providers to exchange sender and receiver information during a crypto transfer to prevent illicit use. In Australia, this rule applies to all virtual asset transfers, although the specific data requirements may vary depending on the transaction’s value.

Can I use my company’s cryptocurrency holdings to meet the Australian Securities and Investments Commission’s capital requirements?

No, you generally cannot use your company’s cryptocurrency holdings to meet ASIC’s capital requirements due to their price volatility. ASIC typically does not count digital assets as “Tangible Assets” or “Liquid Assets,” meaning your business must hold these financial buffers in fiat currency or other cash equivalents.

What happens if my overseas crypto exchange partner is not ready for the Travel Rule?

If your overseas partner is in a jurisdiction where the Travel Rule is not yet enforced, known as the “Sunrise Issue,” the compliance obligation remains with your Australian business. You must still attempt to send the required data, document your efforts, and manage the associated AML/CTF risks.

Do I need to register as both a Digital Currency Exchange & a Remittance Provider with the Australian Transaction Reports and Analysis Centre?

Yes, dual registration with AUSTRAC is typically required because most cross-border crypto remittance business models perform two distinct “designated services.” These services include exchanging currency, which is a DCE function, and transferring value internationally, which is a remittance function.

What are the key compliance deadlines I need to know for 2026?

The key compliance deadlines for 2026 include the expansion of AUSTRAC’s VASP regime on March 31, 2026, and the end of ASIC’s transitional no-action position for AFSL applications on June 30, 2026. Additionally, new obligations for “Tranche 2” entities, such as lawyers and accountants, are set to commence on July 1, 2026.

What is an International Funds Transfer Instruction – Designated Remittance Arrangement & how is it different from a normal International Funds Transfer Instruction?

An IFTI-DRA, or International Funds Transfer Instruction – Designated Remittance Arrangement, is the specific report required for international transfers made through non-bank remittance networks, which covers most crypto remittance services. It is different from an IFTI-E, which is used for transfers conducted between traditional financial institutions like banks.