Digital Currency Exchange: Licensing Requirements in Australia
by Dario Sabljak | 22 January 2026
Establishing a digital currency exchange (DCE) in Australia has evolved from a relatively simple registration process into a multi-layered regulatory commitment. As of 2026, the landscape is governed by two primary bodies including the Australian Transaction Reports and Analysis Centre (AUSTRAC) and the Australian Securities & Investments Commission (ASIC).
This article outlines the dual-track licensing requirements and the step-by-step process for establishing a compliant exchange.
The Dual-Regulator Framework
Australia operates under a high-compliance model. Depending on your exchange’s volume and the specific assets you list, you may need one or both of the following:
| Requirement | Regulator | Trigger |
| DCE Registration | AUSTRAC | Mandatory for all businesses exchanging crypto for fiat (or vice versa). |
| AFSL | ASIC |
Mandatory if your annual transactions volume exceeds >$10M/year OR your DCE holds more than $5M in total assets OR holds >$1.5k for any single retail client, OR your DCE offers services that constitute a financial service relating to a financial product under the Corporations Act 2001 (Cth) (Corporations Act). |
The Digital Assets Framework (2025/2026 Reforms)
In October 2025, ASIC released a transformative update to Information Sheet 225 (INFO 225). This, combined with the Corporations Amendment (Digital Assets Framework) Bill 2025 introduced in late 2025, has fundamentally reshaped the path to launching a DCE in Australia.
The regime introduces two critical new categories under the Corporations Act:
-
Digital Asset Platforms (DAP): Operators of trading platforms where digital assets are exchanged.
-
Tokenised Custody Platforms (TCP): Entities providing custodial services for digital assets.
With INFO 225, ASIC has provided 18 examples showing how ASIC applies existing financial product definitions to a range of digital asset scenarios. These examples cover exchange tokens, yield-bearing and non-interest-bearing stablecoins, tokenised securities, tokenised bonds, derivatives referencing digital assets and non-cash payment facilities such as digital wallets.
Examples ASIC considers likely to be financial products:
- Staking and yield products: Services that allow users to earn returns through pooled or managed staking are generally treated as managed investment schemes or financial investments. ASIC’s view is that where users contribute assets that are used collectively to generate a return, the arrangement falls within the existing regime.
- Yield-bearing stablecoins and asset-linked tokens: Stablecoins or other digital assets that offer a financial return or are backed by pooled assets are likely to be securities or interests in a managed investment scheme.
- Wrapped tokens: ASIC continues to treat wrapped tokens as derivatives where the value of the wrapped token depends on, or tracks, another digital asset.
- Custodial wallets and payment facilities: Wallet providers that hold or control client assets, or facilitate payments between users, are likely to be providing a non-cash payment facility and therefore a financial service.
Examples less likely to be financial products:
- Bitcoin and similar native tokens: ASIC reiterates that Bitcoin is unlikely to be a financial product because it is not issued by an identifiable entity, does not create any enforceable rights or returns, and operates as a decentralised network token. Some comparable non-yield, widely traded tokens may also fall outside the framework, depending on how they are used.
- Game coins: Tokens issued and used within a closed gaming environment, where they function purely as a medium of exchange for in-game items or services, are generally not financial products. Their purpose is transactional rather than investment-based.
- Tokenised tickets: Tokens representing access to an event, such as a movie or concert, are unlikely to be financial products where they operate solely as digital proof of purchase or admission, even if their resale value increases.
Further, ASIC confirms that digital assets must be individually assessed to determine whether they constitute financial products. This means DCEs will need to undertake a comprehensive legal analysis of each digital asset they issue or support.
Phase 1: AUSTRAC Registration (The AML/CTF Track)
Before you can process a single trade, you must be registered on the Digital Currency Exchange Register.
Key Requirements:
-
Local Presence: You must have an Australian-registered company and at least one resident director.
-
Police Checks: All “Key Personnel” (directors, shareholders with >25% interest, and compliance officers) must provide a National Police Check issued within the last 6 months.
-
AML/CTF Program: You must develop a written program divided into:
-
Part A: Risk-based systems to identify, mitigate, and manage money laundering/terrorism financing (ML/TF) risks.
-
Part B: Customer Due Diligence (KYC) procedures for identifying and verifying customers.
-
- AML/CTF Risk Assessment: You must develop a comprehensive AML/CTF Risk Assessment that is directly tailored to your DCE.
- Enrolment and Registration: You must complete the process of enrolling and registering with AUSTRAC as a DCE.
-
Travel Rule Compliance: Effective 31 March 2026, you must transmit originator and beneficiary information for all digital asset transfers (the “Travel Rule”).
Phase 2: Australian Financial Services License (AFSL)
If your DCE meets the $10M volume, $5M storage or $1.5k single client tests, or your DCE offers services that constitute a financial service relating to a financial product under the Corporations Act, you must obtain an AFSL.
Mandatory Standards:
-
Financial Resources: You must demonstrate “Net Tangible Assets” (NTA).
-
Professional Indemnity (PI) Insurance: You must hold insurance that covers your specific crypto activities.
-
Responsible Managers (RMs): You must appoint at least a reasonable amount of RMs who have the “educational qualifications and experience” to manage a financial services business. ASIC often requires at least 3 years of experience in the last 5 years in a similar regulated environment.
-
Custody Rules: You must prove that client assets are segregated from company operating funds, typically requiring SOC2-compliant or similar institutional-grade custody solutions.
Step-by-Step Implementation Guide
Step 1: Corporate Structuring
-
Incorporate an Australian Proprietary Limited (Pty Ltd) company.
-
Apply for an Australian Business Number (ABN) and Tax File Number (TFN).
-
Appoint at least one local resident director.
Step 2: Documentation & Policy Development
-
Draft your AML/CTF Program (tailored to crypto risks).
-
Conduct a formal ML/TF Risk Assessment.
-
Prepare your Business Plan (including flow of funds and IT security architecture).
Step 3: AUSTRAC Registration Submission
-
Create an AUSTRAC Online account.
-
Submit the Business Profile Form (ABPF).
Step 4: Legal Advice
- Have a legal expert individually assess each digital asset you issue or support to determine whether any crypto assets constitute financial products.
- Receive formal legal advice to assist in determining whether your proposed DCE meets the regulatory standards for requiring an AFSL.
Step 5: AFSL Application
- Identify an appropriate Responsible Manager.
- Complete the required Application Documents such as proof documents and fit and proper person checks.
-
Apply for an AFSL with the appropriate authorisations (e.g., “provide custodial or depository services,” “deal in a financial product”).
Ongoing Compliance Obligations
Once you are registered with AUSTRAC and have an AFSL, the work shifts to maintenance:
-
Threshold Transaction Reports (TTRs): Reporting any cash transaction over $10,000.
-
Suspicious Matter Reports (SMRs): Reporting any activity that gives rise to a suspicion of crime.
-
Annual Compliance Report: A yearly self-assessment submitted to AUSTRAC.
-
Independent Evaluations: Your AML/CTF program must be audited by an independent third party periodically.
- AFSL Compliance: Maintaining compliance with your obligations as an AFS Licensee.
How We Can Help
With the new changes to the regulatory landscape significantly impacting DCEs in Australia, navigating the complex licensing regulations required by DCEs can be a rigorous and burdensome task.
Adria Group provides end-to-end compliance consulting and legal support to bridge the gap between your digital asset vision and Australia’s rigorous 2026 regulatory standards. We can support you with comprehensive licensing management, handling the dual-track complexities of AUSTRAC registration and the newly expanded AFSL requirements to ensure your platform is built on a compliant architecture. Once licensing has been granted by both AUSTRAC and ASIC, we offer ongoing compliance support to assist you in continuously meeting your regulatory obligations and implement stringent and practical compliance measures and processes.
Contact us today for a free consultation on 1800 955 816 or [email protected].
Useful Reading
- Corporations Act 2001 – Federal Register of Legislation
- Digital assets: Financial products and services | ASIC
- Corporations Amendment (Digital Assets Framework) Bill 2025 – Parliament of Australia
- Digital currency exchange providers | AUSTRAC
- Anti-Money Laundering and Counter-Terrorism Financing Act 2006 – Federal Register of Legislation
- Digital currency (cryptocurrency) | AUSTRAC
- Digital currency exchange providers | AUSTRAC
- CP 381 Updates to INFO 225: Digital assets: Financial products and services | ASIC