Introduction
Launching a crypto exchange in Australia requires navigating a complex and rapidly formalising regulatory environment, a process often guided by expert AFSL lawyers. Crypto businesses face a dual compliance pathway, needing to satisfy both the anti-money laundering regime for digital assets overseen by the Australian Transaction Reports and Analysis Centre (AUSTRAC) and the financial services laws administered by the Australian Securities and Investments Commission (ASIC).
For entrepreneurs, understanding these foundational requirements is crucial for building a legitimate and successful digital currency exchange. This guide provides clear, practical answers to the five most common questions founders face, covering essential topics from whether you need to hold an Australian Financial Services Licence (AFSL) and comply with anti-money laundering laws to choosing the right business structure and managing ongoing duties.
Q1: Do I Need an Australian Financial Services Licence (AFSL)?
Evolving AFSL Requirements for Crypto Exchanges
Whether a crypto exchange needs an AFSL has become increasingly straightforward. Historically, the requirement depended on whether the specific crypto assets being traded were classified as “financial products” under the Corporations Act 2001 (Cth).
However, Australia’s regulatory landscape is undergoing a significant transformation, moving from a primary focus on AUSTRAC’s anti-money laundering rules to a dual-regulator model that includes ASIC. This shift is driven by proposed 2025 legislation, the Treasury Laws Amendment (Regulating Digital Asset, and Tokenised Custody, Platforms) Bill 2025 Exposure Draft.
This draft bill signals a decisive move towards a platform-centric framework. The new regime for digital assets means that for most custodial crypto exchanges, holding an AFSL will no longer be a matter of interpretation but a mandatory requirement for providing financial services.
Understanding Digital Asset Platforms & Tokenised Custody Platforms
The proposed legislation introduces two new categories of financial products, shifting the regulatory focus from the individual tokens to the custodial function of the platform itself. Understanding these definitions is critical, as operating either type of platform will be considered dealing in a financial product, thereby triggering the need to hold an AFSL.
The new categories are:
| Platform Type | Definition |
|---|---|
| Digital Asset Platform (DAP) | A facility where an operator holds one or more digital tokens on behalf of a client, capturing most centralised crypto exchanges. |
| Tokenised Custody Platform (TCP) | A facility where an operator takes an underlying asset, creates a digital token representing a right to that asset, and holds the asset in trust. |
By defining the platform’s service as the financial product, the new rules effectively close a regulatory gap. This ensures that any business providing custodial services for digital assets is subject to the same licensing and consumer protection standards as traditional financial service providers.
AFSL Exemptions for Crypto Businesses
While the new regime for digital assets makes an AFSL a likely necessity for many crypto businesses, the draft Bill includes specific and limited exemptions. These are designed to support smaller platforms and noncustodial services that pose a lower risk to consumers.
Key exemptions from the AFSL requirement include:
| Exemption Type | Description |
|---|---|
| The Low-Value Exemption | Applies if the total value of assets for any single client is under $5,000 and the platform’s total transaction value in the past year is less than $10 million. |
| Exclusion for Non-Custodial Services | Excludes automated or self-executing software arrangements, such as self-hosted wallets or smart contracts, where the operator does not take possession of client assets. |
Get Your Free Initial Consultation
Consult with one of our experienced ACL & AFSL Lawyers today.
Q2: How Do AML & CTF Laws Apply to Crypto Exchanges?
Mandatory AUSTRAC Registration for Digital Currency Exchanges
Compliance with Australia’s Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) laws is a non-negotiable requirement for any crypto exchange business. AUSTRAC is the financial intelligence agency responsible for regulating these activities.
Before commencing operations, all Digital Currency Exchange (DCE) providers must:
- Enrol as a reporting entity
- Register their exchange services with AUSTRAC
It’s important to note that operating a digital currency exchange without being registered is a criminal offence that can lead to severe civil and criminal penalties. The registration process requires submitting details about the business structure and its personnel. Additionally, AUSTRAC can refuse, suspend, or cancel a registration if a business is deemed to pose an unacceptable risk of money laundering or terrorism financing.
Developing Your AML & CTF Program
The foundation of your compliance obligations is the development and implementation of a robust, risk-based AML/CTF Program. This program cannot be a generic template; it must be meticulously tailored to the specific money laundering and terrorism financing risks your crypto trading platform faces, considering your customer base, transaction methods, and geographical reach.
A compliant AML/CTF program must include several core components:
| Program Component | Description |
|---|---|
| Customer Identification and Verification | Mandatory Know Your Customer (KYC) procedures to verify the identity of all clients to prevent fraud and financial crime. |
| Ongoing Customer Due Diligence | Processes for the continuous monitoring of customer activity to detect and flag suspicious behaviour over time. |
| Transaction Monitoring | Systems to monitor transactions for unusual patterns or activities that could indicate money laundering or other financial crimes. |
| Governance and Training | Appointing a compliance officer, establishing risk management processes, and ensuring ongoing employee training on AML/CTF duties. |
| Independent Review | The AML/CTF Program must be subject to regular independent audits to ensure its ongoing effectiveness and compliance |
Ongoing AUSTRAC Reporting Duties
Operating a registered digital currency exchange involves continuous monitoring and reporting to AUSTRAC. These duties are a fundamental part of your ongoing compliance and help protect the integrity of Australia’s financial markets.
Your key reporting obligations include:
| Reporting Obligation | Details |
|---|---|
| Suspicious Matter Reports (SMRs) | Must be submitted within three business days of suspecting criminal activity, or within 24 hours if it relates to terrorism financing. |
| Threshold Transaction Reports (TTRs) | Required for any transaction involving physical cash of $10,000 AUD or more (or foreign currency equivalent). |
| Annual Compliance Reports | An annual report submitted to AUSTRAC detailing adherence to the AML/CTF Program and the effectiveness of risk management systems. |
| Record Keeping | All records related to customer identification and transactions must be retained for a period of seven years. |
Speak with an ACL & AFSL Lawyer Today
Request a Consultation to Get Started.
Q3: What Are the Rules for Initial Coin Offerings (ICOs)?
Classifying Digital Assets: Financial vs. Non-Financial Products
The legal status of a crypto asset in Australia is determined by its specific structure, features, and the rights it confers upon its holder. According to ASIC guidance, a digital token is likely to be classified as a financial product under the Corporations Act 2001 (Cth) if it functions similarly to traditional financial instruments.
This assessment is technology-neutral, meaning the underlying blockchain technology does not change the legal character of the asset.
A token may be deemed a financial product if it meets the definition of:
| Financial Product Category | Description |
|---|---|
| An interest in a managed investment scheme | Often applies when funds are pooled from multiple investors for a common enterprise to produce financial benefits. |
| A security | Includes tokens that represent a share in a company, providing rights to ownership, voting, or profits. |
| A derivative | Applies to tokens whose value is derived from or varies by reference to another asset, such as a commodity or another digital asset. |
ASIC’s Information Sheet 225 (INFO 225) clarifies that each crypto asset must be assessed on its merits. For instance, while Bitcoin is generally not considered a financial product, a token that provides staking rewards or is part of a lending protocol could easily fall under the financial product definition.
ICOs as Managed Investment Schemes
An Initial Coin Offering (ICO) is frequently at risk of being classified as a Managed Investment Scheme (MIS) under Australian law. This classification is not based on the name of the offering, but on its substance and how it operates in practice.
An ICO is likely an MIS if it satisfies three key elements:
- Investors contribute money or money’s worth to acquire an interest in the scheme.
- These contributions are pooled or used in a common enterprise to produce financial benefits for the investors.
- The investors do not have day-to-day control over the operation of the scheme, with profits depending on the efforts of the promoter or another party.
Consider a scenario where a company launches an ICO to fund the development of a new blockchain. If investors contribute funds with the expectation of receiving tokens that will increase in value due to the company’s development efforts, this arrangement would likely be considered an MIS.
Operating an MIS requires the issuer to hold an AFSL and meet specific registration and disclosure obligations.
Navigating Disclosure & Marketing Rules
If a token issued through an ICO is classified as a financial product, the issuer must comply with strict disclosure and marketing rules. For tokens that are securities, a prospectus is generally required for any offer to retail investors. For other types of financial products, such as an interest in an MIS, a Product Disclosure Statement (PDS) must be provided.
These documents must contain all the information that a retail client would reasonably need to make an informed decision about the investment, including details about:
- Risks
- Benefits
- Fees
The new regime for Digital Asset Platforms proposes a tailored ‘DAP/TCP Guide’ for the platform itself, but the underlying tokens, if they are financial products, still trigger these traditional disclosure requirements.
Furthermore, all marketing and promotional materials for any crypto token, regardless of its classification, must comply with the Australian Consumer Law (ACL). The ACL prohibits misleading or deceptive conduct in trade or commerce. This means that all statements made in white papers, on websites, or through social media must be accurate and must not create a false impression about the project’s potential or regulatory status.
Get Your Free Initial Consultation
Consult with one of our experienced ACL & AFSL Lawyers today.
Q4: Choosing a Business Structure for a Crypto Exchange
Recommended Structure: The Proprietary Company (Pty Ltd)
When establishing a crypto exchange in Australia, selecting the appropriate business structure is a critical decision for liability protection and operational effectiveness. While options like a sole trader or partnership exist, they are generally not advisable for a crypto business due to the unlimited personal liability they impose on the owners. This means personal assets could be at risk to cover business debts.
The most common and recommended structure is a Proprietary Limited (Pty Ltd) company. This model is essential for a serious crypto exchange business because it provides a robust corporate foundation with several key advantages:
| Advantage | Explanation |
|---|---|
| Limited Liability | As a separate legal entity, a company protects the personal assets of shareholders and directors from business debts and legal actions. |
| Regulatory Credibility | Establishes the necessary corporate credibility required for engagement with regulators like ASIC and AUSTRAC, and is standard for an AFSL application. |
| Capital Raising | Provides a clear framework for issuing shares, making it easier to raise capital from investors to fund business growth. |
Key Legal & Policy Documents for Your Exchange
Operating a compliant crypto exchange requires a comprehensive suite of legal and policy documents. These documents are not mere formalities; rather, they serve as primary risk control mechanisms that define the legal relationship with your customers and help fulfil regulatory duties.
The essential legal toolkit for your Australian crypto exchange includes:
| Legal Document | Purpose and Key Inclusions |
|---|---|
| Terms and Conditions | The core contract with users, outlining custody arrangements, rights and obligations, risk allocation, and the right to collect KYC data and terminate high-risk users. |
| Privacy Policy | A mandatory document detailing how the exchange collects, stores, secures, and uses customer data in compliance with the Australian Privacy Principles. |
| Liquidity Provider Agreements | Legally binding agreements to govern relationships with external counterparties used to source liquidity for various digital currencies. |
Furthermore, all exchanges must comply with the ACL, which prohibits misleading or deceptive conduct in all marketing, disclosures, and representations.
Speak with an ACL & AFSL Lawyer Today
Request a Consultation to Get Started.
Q5: Key Ongoing Compliance Duties for a Crypto Platform
Continuous ASIC Compliance for Your AFSL
Once you hold an AFSL, your crypto business must meet a range of continuous compliance duties under the supervision of ASIC. These obligations are designed to ensure market integrity and protect consumers.
Key ongoing duties for AFSL holders include:
| Ongoing Duty | Requirement |
|---|---|
| Organisational Competence | Ensure managers and representatives maintain the necessary competence, knowledge, skills, and training to oversee the financial services provided. |
| Adequate Financial Resources | Maintain sufficient financial resources and robust risk management systems to operate soundly and protect client assets. |
| Conflict of Interest Management | Implement and maintain clear procedures for identifying, managing, and disclosing any potential conflicts of interest. |
| Dispute Resolution | Maintain effective internal dispute resolution (IDR) systems and membership in an external scheme like the Australian Financial Complaints Authority (AFCA). |
| Breach Reporting | A legal duty to report significant compliance breaches to ASIC in a timely manner. |
Maintaining Your AUSTRAC AML & CTF Program
Your AML/CTF Program is not a static document; it is a dynamic framework that requires constant attention and maintenance. AUSTRAC expects your program to evolve with your business and the changing risk landscape. This means compliance is a perpetual operational responsibility.
To maintain your program effectively, you must:
| Action | Description |
|---|---|
| Conduct Regular Reviews | The ML/TF risk assessment and compliance program must be regularly reviewed, audited, and updated to remain effective against emerging risks. |
| Perform Ongoing Monitoring | Maintain sophisticated systems for the continuous monitoring of transactions to detect suspicious patterns and activities. |
| Submit Reports | Fulfil critical ongoing reporting duties, including SMRs, TTRs for cash transactions, and annual compliance reports to AUSTRAC. |
Understanding Tax Obligations for Australian Crypto Businesses
Operating a crypto business in Australia involves specific tax obligations that must be carefully managed. The Australian Taxation Office (ATO) treats cryptocurrencies as property for tax purposes, not as currency. This classification has significant implications for how transactions are recorded and taxed.
Your exchange must keep meticulous records of all transactions to ensure compliance. Depending on the nature of your activities, your business may be liable for:
| Tax Type | Description |
|---|---|
| Business Income Tax | Profits are treated as assessable income and taxed at the corporate rate if the exchange is considered to be carrying on a business of trading crypto. |
| Capital Gains Tax (CGT) | Any profit from the disposal of a crypto asset held as an investment may be subject to capital gains tax. |
Speak with an ACL & AFSL Lawyer Today
Request a Consultation to Get Started.
Conclusion
Launching a crypto exchange in Australia requires navigating a dual regulatory pathway, satisfying both AUSTRAC’s anti-money laundering laws and ASIC’s financial services regime, which now makes holding an AFSL a likely necessity for most crypto businesses. Founders must also address critical operational pillars, including selecting the correct business structure, understanding the rules for token issuance, and managing continuous compliance duties to build a legitimate digital currency exchange.
To ensure your crypto business is built on a strong regulatory and legal foundation, contact the expert AFSL application lawyers at AFSL House for trusted expertise and guidance on developing tailored compliance frameworks.
