Crypto License in Australia

Crypto License in Australia 2026: AUSTRAC, ASIC & the Digital Assets Framework

Register a Virtual Asset Service Provider, apply for an AFSL under the Digital Assets Framework and meet the 30 September 2026 lodgement deadline, with one fintech-licensing partner from incorporation to ongoing AUSTRAC reporting.

Fintech Simple has guided crypto exchanges, custodians and tokenisation platforms through more than 500 licensing engagements since 2016. Our Australia desk handles AUSTRAC VASP enrolment, ASIC AFSL applications and the Corporations Amendment (Digital Assets Framework) Act 2026 transition. We turn the dual-regulator regime into one execution plan covering the 30 September 2026 AFSL cut-off and the 1 July 2026 Travel Rule commencement.

What Is a Crypto License in Australia?

Regulators

AUSTRAC + ASIC

Minimum capital

No statutory minimum (RG 166 for AFSL)

Timeline (DCE/VASP)

6 weeks – 6 months

2026 AFSL deadline

30 September 2026

An Australia crypto license is not a single permit. It is a combination of registrations and licences issued by two federal regulators. AUSTRAC, the Australian Transaction Reports and Analysis Centre, runs the AML/CTF regime and the Digital Currency Exchange (DCE) / Virtual Asset Service Provider (VASP) registration. ASIC, the Australian Securities and Investments Commission, issues the Australian Financial Services Licence (AFSL) that authorises dealing in financial products. A crypto license in Australia means satisfying both regulators where their regimes apply, not choosing one over the other.

AUSTRAC VASP registration is mandatory for any business that exchanges fiat for digital currency, exchanges one digital currency for another, or provides custody, transfer or related virtual-asset services in or from Australia. It governs customer due diligence, transaction reporting, the Travel Rule (which commences 1 July 2026 with no de-minimis threshold) and 7-year record-keeping. ASIC AFSL licensing applies on top whenever the underlying activity touches a financial product; once the Corporations Amendment (Digital Assets Framework) Act 2026 commences, AFSL requirements are also proposed to extend to Digital Asset Platform operators that exceed the new statutory thresholds.

2026 is the pivot year. The Corporations Amendment (Digital Assets Framework) Act 2026 received Royal Assent on 8 April 2026 and commences 9 April 2027. It creates two new statutory categories, Digital Asset Platforms (DAP) and Tokenised Custody Platforms (TCP), and ties them directly to AFSL authorisation. The de-minimis exemption requires both of the following to be true: no single customer holds more than A$5,000 with the platform, and the platform’s annual transaction volume stays below A$10 million. Cross either threshold and an AFSL becomes mandatory.

The immediate operational deadline is 30 September 2026: existing digital-asset businesses must lodge a complete AFSL application by that date to keep the protection of ASIC’s class no-action letter while the framework beds in. ASIC’s digital-assets guidance and the AUSTRAC DCE register are the live reference points throughout that transition.

Registration plus licence, not either/or

Read the regime as “registration + licence”. AUSTRAC DCE/VASP registration is the AML/CTF baseline, and an ASIC AFSL is required where crypto activities amount to providing financial services in relation to financial products — with the proposed Digital Assets Framework reforms extending AFSL triggers to platform thresholds once they come into force.

Cost of an Australian Crypto License

We offer three fixed-scope packages, each mapped to a track under the DAF Act 2026: Basic for sub-de-minimis operators, Standard for businesses crossing the DAF thresholds, and Full for tokenised custody and real-world-asset structures. Pricing is quote-based because product, client mix and authorisation footprint differ on every application. Tell us your model and we’ll scope a fixed fee within 48 hours.

BasicRequest quote
StandardRequest quote
FullRequest quote
Regulatory pathway Track 1 — sub-de-minimis Track 2 — above DAF thresholds Track 3 — tokenised custody / RWA
AFSL application support
AFCA membership setup
Travel Rule operational rollout Light
TCP / RWA token structuring
Banking introductions
DAF Act 2026 transition support
Dedicated Australia counsel
BasicRequest quote
  • Pty Ltd incorporation, ACN & ABN
  • AUSTRAC VASP enrolment
  • AML/CTF program drafting
  • Travel Rule rollout (light)
  • AFSL application support
  • AFCA membership setup
  • TCP / RWA token structuring
  • Banking introductions
StandardRequest quote
  • Everything in Basic
  • ASIC AFSL lodgement & application support
  • AFCA membership setup
  • Full Travel Rule operational rollout
  • DAF Act 2026 transition support
  • Banking introductions
  • Dedicated Australia counsel
  • TCP / RWA token structuring
FullRequest quote
  • Everything in Standard
  • TCP / RWA token structuring
  • Tokenised custody scheme design
  • Multi-authorisation AFSL strategy
  • Custody & segregation governance
  • Full DAF Act 2026 transition support

Costed separately because they vary by scope: AFSL compliance documentation typically runs AUD 20,000–100,000, and up to AUD 200,000 for complex multi-authorisation applications; ASIC annual fees are payable directly to the regulator; the AUSTRAC industry contribution levy only applies if your entity has earnings of at least AUD 100M or generates a large volume of transaction reports; DAP/TCP custody build (technology, segregation, audit) is a Full-tier add-on scoped after the architecture review; and an optional ready-made entity acquisition can shorten the corporate setup phase. Each line item is itemised in your quote.

Our Australia Licensing Team

With 500+ license approvals across 40+ jurisdictions since 2016, the Australia desk runs fit-and-proper preparation, RG 166 capital-adequacy evidence, and AML/CTF program drafting. The team below leads the AUSTRAC VASP, ASIC AFSL, and DAF Act 2026 DAP/TCP workstreams.

Patrik Asevičius
Patrik Asevičius Lawyer & Regulatory Advisor
Ilja Nikiforov
Ilja Nikiforov Co-Founder, Head of Legal
Dmitry Malyshev
Dmitry Malyshev Lawyer & Partnerships Lead

2026 Regulatory Framework: AUSTRAC, ASIC & the Digital Assets Framework

AUSTRAC and ASIC operate under separate statutes, and the regime now sits on five primary instruments. The remits below set out who supervises what; the legislation list at the end gives the underlying Acts and their commencement dates.

AUSTRAC and the VASP Regime

AUSTRAC, the Australian Transaction Reports and Analysis Centre, is the AML/CTF regulator and financial-intelligence unit. Under the AML/CTF Act 2006, any person providing a designated service with a geographical link to Australia must enrol with AUSTRAC before commencing; entities providing virtual-asset designated services (such as DCE/VASPs) must also be registered before providing the service. Mandatory Digital Currency Exchange (DCE) registration commenced on 3 April 2018 following Royal Assent of the AML/CTF Amendment Act 2017. From 31 March 2026 existing DCE providers were auto-rolled into the new VASP framework under the AML/CTF Transitional Rules 2026, and new VASP enrolment opened. AUSTRAC’s remit covers customer due diligence, transaction-monitoring, suspicious-matter and threshold-transaction reporting (TTRs above A$10,000), record-keeping for seven years, and, from 1 July 2026, the Travel Rule on every virtual-asset transfer with no de-minimis threshold.

ASIC and the AFSL Regime

The Australian Securities and Investments Commission (ASIC) licences financial-services conduct through the AFSL. Historically, ASIC’s regulation of crypto was primarily engaged where the arrangement was a financial product (derivatives, MIS interests, certain stablecoins), although ASIC also used general consumer-law and market-integrity powers in adjacent cases. Under the Corporations Amendment (Digital Assets Framework) Act 2026, ASIC’s perimeter expands to capture Digital Asset Platforms (DAPs) and Tokenised Custody Platforms (TCPs); the draft de-minimis thresholds discussed in advisory commentary are A$5,000 per customer and A$10M annual volume, with the precise statutory mechanics set by rules under the Act. ASIC’s Service Charter targets are 150 days for 70% of complete applications and 240 days for 90% — roughly 5–8 months in practice, although actual timeframes vary by file. AFCA membership is a precondition to lodging.

Key Legislation

  • AML/CTF Act 2006 — the principal Australian AML/CTF statute. Sets the reporting-entity framework, designated-services list, CDD obligations and AUSTRAC’s enforcement powers. An entity providing a virtual-asset designated service under the AML/CTF Act 2006 is a reporting entity for that service (the Act itself does not use the term “VASP”).
  • AML/CTF Amendment Act 2024 — received Royal Assent on 10 December 2024. Introduces new virtual-asset designated services and extends the Travel Rule to VASPs, commencing 1 July 2026. AUSTRAC’s AML/CTF Transitional Rules 2026 govern the migration.
  • Corporations Amendment (Digital Assets Framework) Act 2026 — received Royal Assent 8 April 2026; commences 9 April 2027. Creates the DAP and TCP statutory categories in the Corporations Act and makes the AFSL mandatory once de-minimis thresholds are exceeded. ASIC’s 18-month implementation roadmap runs from Royal Assent, with full compliance required by roughly October 2027.
  • ASIC INFO 225 — updated 29 October 2025 to cover digital-asset businesses; on the same date ASIC issued a separate class no-action letter. Operators must lodge a complete AFSL application by 30 September 2026 to rely on the no-action position.
  • Financial Transaction Reports Act 1988REPEALED on 7 January 2025, 28 days after Royal Assent of the AML/CTF Amendment Act 2024. Its obligations are now subsumed into the AML/CTF Act 2006; legacy FTR records remain subject to confidentiality and retention rules.

Three Australian Crypto Licensing Tracks

Mapping your business model against the DAF Act 2026 produces three practical paths. AUSTRAC DCE/VASP registration is mandatory across all three. What separates them is whether the AFSL trigger fires (Track 2) and whether you issue tokenised real-world-asset products (Track 3).

DimensionTrack 1 — DCE/VASP onlyTrack 2 — VASP + AFSLTrack 3 — TCP / RWA
Who it’s for Small exchanges, OTC desks, brokers serving low-value retail Mainstream exchanges, custodians, staking and yield platforms Tokenised RWA issuers, asset-backed token custodians
Triggers Both thresholds below: A$5,000 per customer and <A$10M annual transaction volume Either threshold exceeded: >A$5,000 per customer or ≥A$10M annual volume Issuing tokens representing custodied real-world assets — new statutory category
AUSTRAC registration Required (DCE/VASP) Required (DCE/VASP) Required (DCE/VASP)
AFSL Not required Required — lodge by 30 September 2026 Required as a Tokenised Custody Platform
Timeline 6 weeks – 6 months 6 – 12 months end-to-end 6 – 12 months + DAF transition (full compliance ~October 2027)
Typical cost band Low five figures USD AUD 20,000 – 100,000 (AFSL docs); up to AUD 200,000 complex AUD 50,000 – 200,000+ (custody-grade AFSL + token issuance)

“VASP-lite” is not a real license

You will see “VASP-lite” used in blog posts and pitch decks to describe Track 1. It is market shorthand, not official AUSTRAC or ASIC terminology. There is no “lite” registration form, no separate fee schedule, and no statutory carve-out by that name. What exists is a single AUSTRAC DCE/VASP registration plus a de-minimis exemption from the AFSL requirement when both thresholds (A$5,000/customer and <A$10M/year) are met. Treat the term as a red flag if a consultant uses it without explaining the underlying thresholds.

Track 1 — AUSTRAC DCE/VASP Registration Only

Track 1 covers operators who stay below both de-minimis thresholds: no customer holds more than A$5,000 of digital assets with you, and annual transaction volume stays under A$10M. Exceeding either number flips you into Track 2. There is no “average” calculation, no grace period, and no rounding. AUSTRAC DCE/VASP registration remains mandatory: you submit the application, pass fit-and-proper checks, and operate under the AML/CTF Act 2006 with full Travel Rule obligations from 1 July 2026.

This track suits brokers, OTC desks, and niche retail platforms that can credibly cap individual balances and turnover. The trade-off is hard ceilings on commercial growth. The first customer who deposits A$5,001, or the first month that pushes annual volume over A$10M, moves the business into Track 2 retroactively, so prepare the AFSL pathway before you reach either limit.

Track 2 — AUSTRAC VASP + ASIC AFSL

Track 2 is the mainstream exchange path under the Digital Assets Framework. Once either threshold is breached, the business operates a Digital Asset Platform (DAP) as defined in the Corporations Act and must hold an Australian Financial Services Licence from ASIC alongside its AUSTRAC registration. The deadline matters: existing operators must lodge a complete AFSL application by 30 September 2026 to retain ASIC’s class no-action protection during DAF transition. Miss that date and you lose the safe-harbour while the application is processed.

AFCA membership is a precondition for digital-asset AFSL applicants serving retail clients: you must join the Australian Financial Complaints Authority before lodgement, not after. ASIC’s Service Charter targets 150 days for 70% of complete applications and 240 days for 90%, so realistic end-to-end is 6 to 12 months. See the 30 September 2026 deadline breakdown and AUSTRAC’s VASP registration page for the concurrent workstreams.

Track 3 — Tokenised Custody Platforms (TCP) and RWA Issuers

Track 3 is the new statutory category created by the DAF Act 2026: Tokenised Custody Platforms (TCPs) that issue tokens representing custodied real-world assets such as tokenised gold, tokenised equities, or tokenised fund units. TCP sits alongside DAP as a parallel regulated entity type in the Corporations Act. If your model is “customer deposits an asset, we issue a token that represents it”, you are a TCP, not a DAP, and the AFSL authorisations you need differ accordingly. Custodial/depository service authority brings RG 166 Net Tangible Asset requirements scaling up to AUD 10M.

Operationally, TCP applicants face the same 30 September 2026 lodgement deadline for no-action coverage, the same AUSTRAC DCE/VASP registration, and the same DAF timeline: the DAF Act commences 9 April 2027, with full compliance expected by approximately October 2027 at the end of ASIC’s 18-month implementation roadmap measured from Royal Assent. Choose this track only if your token genuinely represents a custodied off-chain asset. Mislabelling a DAP as a TCP triggers the wrong authorisation set and forces a re-application.

Key 2026 Compliance Deadlines

30 September 2026 AFSL lodgement deadline

If you operate a Digital Asset Platform serving Australian retail clients, you must lodge a complete AFSL application by 30 September 2026, or formally notify ASIC of your intention to apply, to rely on the class no-action position issued on 29 October 2025 (extended in June 2026 to 30 September 2026). Miss this cut-off and you lose the regulatory breathing room that lets you keep operating while ASIC processes the application. AFCA membership must be in place before lodgement; sign up via AFCA’s digital asset businesses page first.

The DAF transition unfolds in seven milestones: the AML/CTF Transitional Rules and the AML/CTF Compliance Officer notification landed in the first half of 2026, the AUSTRAC Travel Rule commenced on 1 July 2026, the AFSL lodgement cut-off falls on 30 September 2026, and the sequence continues through DAF Act 2026 commencement on 9 April 2027 to the end of ASIC’s 18-month implementation roadmap.

DateEvent
31 March 2026 AML/CTF Transitional Rules commenced; existing DCE providers auto-rolled to the new VASP framework; new VASP enrolment opened.
30 May 2026 AML/CTF Compliance Officer notification deadline for existing reporting entities.
1 July 2026 Travel Rule commenced with no value threshold; new TTR/SMR forms went live.
29 July 2026 New VASP enrolment/registration deadline (28 days after Travel Rule commencement).
30 September 2026 AFSL lodgement deadline to rely on ASIC’s class no-action position for digital-asset businesses (extended from 30 June 2026 by ASIC in June 2026).
9 April 2027 Corporations Amendment (Digital Assets Framework) Act 2026 commences; DAP and TCP regimes become live law.
October 2027 (approx.) Full DAF compliance required at the end of ASIC’s 18-month implementation roadmap measured from Royal Assent (8 April 2026).

AFCA precondition. Digital-asset businesses serving retail clients cannot lodge an AFSL application without first being members of the Australian Financial Complaints Authority, and must remain members for at least one year after they stop providing those services. If your AFCA membership is still pending on 30 September 2026, the no-action protection is unavailable to you regardless of how complete the rest of your AFSL pack looks.

DAF transition runway. ASIC’s 18-month implementation roadmap runs from Royal Assent on 8 April 2026, so full compliance with the DAP and TCP regimes is required by approximately October 2027. Once the DAF Act 2026 commences on 9 April 2027, a six-month transition period runs to approximately 9 October 2027, during which a lodged AFSL application freezes obligations until ASIC decides. The runway is statutory, not discretionary.

Requirements for an Australian Crypto License

Setting up a compliant Australian crypto operation involves five workstreams that must run in parallel: incorporating the right corporate vehicle, meeting financial-resources tests under ASIC RG 166, building an AML/CTF program that satisfies AUSTRAC DCE/VASP enrolment, clearing personnel background checks, and locking in AFCA membership before the 30 September 2026 cut-off.

Corporate Setup

The standard vehicle is an Australian proprietary limited company (Pty Ltd) incorporated under the Corporations Act 2001. ASIC issues an Australian Company Number (ACN) on incorporation, and an Australian Business Number (ABN) is required to operate.

  • Resident director — at least one director must ordinarily reside in Australia under s 201A of the Corporations Act 2001. Every director must be 18 or older, consent in writing, and not be disqualified under Part 2D.6.
  • ACN + ABN — ACN is issued automatically by ASIC on incorporation; the ABN is required for tax, GST and operational purposes and is expected by AUSTRAC for virtual asset designated services.
  • Registered Australian address — a real Australian street address able to receive legal documents. A virtual office with genuine hot-desk access proportionate to team size is acceptable; a PO Box is not.

Capital Requirements

This is the biggest area where market commentary misleads applicants. The AFSL capital requirements that actually bind a digital-asset business come from RG 166, not from the share-capital line on the company's constitution.

The AUD 50,000 capital myth, debunked

There is no statutory minimum share capital of AUD 50,000 for an Australian crypto exchange. A proprietary company can be incorporated with as little as A$1 of issued capital. The AUD 50,000 figure that circulates in competitor content is commercial commentary, not a regulatory floor. The real financial-resources test comes from ASIC RG 166, which imposes category-specific Net Tangible Assets (NTA), Surplus Liquid Funds (SLF) and cash thresholds on AFSL holders.

RG 166 tests AFSL applicants on two layers: a qualitative “adequate resources” test under s 912A(1)(d), plus prescribed quantitative minimums that scale with the authorisations sought. For digital-asset platforms holding client money or providing custody, the prescribed minimums look like this:

RG 166 control Threshold When it applies
Surplus Liquid Funds AUD 50,000 If holding client money or property ≥ AUD 100,000
Net Tangible Assets — custody/depository Up to AUD 10M Custodial or depository services (scales with assets under custody)
NTA in cash or cash equivalents At least 50% of NTA All affected AFSL licensees under RG 166
Minimum cash floor AUD 150,000 Absolute minimum bank balance, regardless of NTA calc

The practical takeaway: budget for an operating bank balance of at least AUD 150,000 in cash from day one, and size NTA against the custody and client-money flows you actually intend to run.

AML/CTF Program

Every DCE/VASP applicant must lodge a board-approved AML/CTF program with AUSTRAC. From 31 March 2026, the legacy Part A / Part B split was removed. AUSTRAC now expects a single, integrated, risk-based program proportionate to the nature, size and complexity of the business, with these minimum components in place before enrolment:

  • Fit-and-proper compliance officer — a designated AML/CTF Compliance Officer who satisfies the fit-and-proper test and is responsible for implementing the program, notified to AUSTRAC.
  • ML/TF/PF risk assessment — documented assessment of money laundering, terrorism financing and proliferation financing risks across customers, products, channels and jurisdictions.
  • KYC/CDD procedures — identification, verification and ongoing customer due diligence aligned with the AML/CTF Act 2006.
  • Transaction monitoring — rules-based and behavioural monitoring feeding into Suspicious Matter Reports and Threshold Transaction Reports.
  • Internal audit — independent review of the AML/CTF program, conducted at a frequency proportionate to risk.
  • Board-approved policy — the AML/CTF program itself must be adopted and signed off by the company's board.

Personnel and Background Checks

AUSTRAC reviews the suitability of directors, beneficial owners and the AML/CTF Compliance Officer as part of DCE/VASP enrolment. The single most-misquoted requirement here is the age of police checks.

  • National Police Certificates — must be issued within 6 months prior to the application date, not 12. Older certificates are rejected and force a re-application loop.
  • Coverage — checks are required for each director, the AML/CTF Compliance Officer, and beneficial owners holding 25% or more.
  • Foreign-resident officers — equivalent overseas police certificates, with certified translations where applicable, also within the 6-month window.

AFCA Membership

Membership of the Australian Financial Complaints Authority is mandatory for any digital-asset AFSL applicant serving retail clients. The AFCA application must be accepted, not merely submitted, before the AFSL is lodged.

  • Who must join — retail-facing digital-asset operators. Wholesale-only operators serving sophisticated investors are not required to enrol.
  • Sequencing — AFCA acceptance is a precondition to relying on ASIC’s class no-action position by 30 September 2026; treat onboarding as an early workstream, not a closing step.
  • Run-off cover — members must remain in AFCA for at least 1 year after ceasing the retail digital-asset service to handle any tail complaints.

Beat the 30 September 2026 AFSL Lodgement Deadline

We handle AUSTRAC VASP enrolment, AFCA membership and the complete AFSL application. Book your slot before the no-action window closes.

Step-by-Step Process to Obtain an Australian Crypto License

Australian crypto licensing runs as two parallel workstreams: an AUSTRAC DCE/VASP registration under the AML/CTF Act 2006, and an ASIC AFSL once the DAF thresholds are crossed. The six steps below keep both workstreams synchronised and hit the 30 September 2026 AFSL lodgement deadline that preserves ASIC’s class no-action protection.

End-to-end timing: DCE/VASP-only projects close in 6 weeks to 6 months; combined DCE + AFSL projects close in 6 to 12 months, in line with the ASIC Service Charter targets and concurrent AUSTRAC VASP enrolment.

Step 1 Weeks 1–2

Service-model analysis & track selection

What we do: We identify the designated services your platform provides under the AML/CTF Act 2006 and test the business against the A$5,000-per-customer and A$10M-annual-volume thresholds. Based on the result we map the business to one of three tracks (DCE/VASP-only, DAP + AFSL, or TCP) and lock in a critical-path plan against the 30 September 2026 lodgement window.

  • Regulatory mapping — designated-services classification under the AML/CTF Act and DAF taxonomy (DAP / TCP / DCE-only).
  • Threshold analysis memo — per-customer and annual-volume modelling against the A$5,000 / A$10M de-minimis test.
  • AFSL / DCE recommendation — written track recommendation with rationale and risk flags.
  • Project plan — Gantt with key dates including the 30 September 2026 AFSL cut-off and 1 July 2026 Travel Rule commencement.
Step 2 Weeks 1–2

Australian company incorporation, ACN & ABN

What we do: We incorporate a proprietary limited (Pty Ltd) company with ASIC, which issues the ACN automatically on registration. We then register the ABN, appoint a resident director under s 201A of the Corporations Act 2001, and secure an Australian registered street address (virtual office with hot-desk access is acceptable; a PO Box is not).

  • ACN & ABN — Australian Company Number issued on incorporation; ABN registered for tax, GST and AUSTRAC enrolment.
  • Resident director appointment — at least one director ordinarily resident in Australia, satisfying s 201A Corporations Act 2001.
  • Registered office — Australian street address capable of receiving legal documents.
  • Share register — constitution, share register and officeholder consents lodged with ASIC.
Step 3 6 weeks – 3 months

AML/CTF program & operational documentation

What we do: We draft a risk-based AML/CTF program tailored to your business model, covering KYC/CDD procedures, transaction-monitoring rules, an internal-audit plan and the appointment of an AML Compliance Officer (AMLCO). Since 31 March 2026 AUSTRAC requires a single integrated AML/CTF program: an enterprise-wide ML/TF/PF risk assessment plus board-approved policies, procedures, systems and controls, replacing the legacy Part A / Part B split.

  • Risk assessment — ML/TF risk register covering customers, products, channels and geographies.
  • Integrated AML/CTF program — board-approved single risk-based framework covering ML/TF/PF risk assessment, governance, CDD and transaction-monitoring (post-31 March 2026 unified structure).
  • AMLCO appointment — formal appointment with AUSTRAC notification (deadline: 29 July 2026 for new VASP entrants).
  • Training materials — staff induction modules and an annual refresher curriculum.
Step 4 90-day statutory clock; resets on further-info requests

AUSTRAC VASP enrolment & registration

What we do: We submit the VASP enrolment via AUSTRAC Online with full supporting evidence of the AML/CTF program in operation, then manage every further-information request promptly. The 90-day statutory clock resets each time AUSTRAC requests more information, so response speed directly drives registration date.

  • AUSTRAC enrolment — complete enrolment via AUSTRAC Online with National Police Certificates issued within the prior 6 months.
  • VASP registration number — statutory registration issued on assessment completion.
  • Public register listing — entry on the AUSTRAC public register of registered VASPs.
Step 5 5–8 months typical; 6–9 months complex

ASIC AFSL application (if above DAF thresholds)

What we do: We confirm AFCA membership before lodging, a precondition for relying on the class no-action position, then prepare the AFSL application aligned with ASIC INFO 225 and the financial-resource requirements in RG 166. We lodge by 30 September 2026 to retain ASIC’s class no-action protection and manage every ASIC review query through to grant.

  • AFCA membership — Australian Financial Complaints Authority membership secured before AFSL lodgement.
  • AFSL application bundle — core proofs aligned with INFO 225 and RG 166, including the AUD 150,000 NTA cash floor evidence where applicable.
  • AFSL grant — ASIC review and grant under the Service Charter (150 days for 70% of complete applications; 240 days for 90%).
Step 6 ~4 weeks for banking post-enrolment; ongoing

Banking, operational launch & ongoing compliance

What we do: Once AUSTRAC enrolment is in place, the credential most Tier-2/Tier-3 and crypto-friendly digital banks require, we open operational accounts and stand up the recurring compliance workflow: Threshold Transaction Reports (TTRs), Suspicious Matter Reports (SMRs), International Funds Transfer Instructions (IFTIs), the AUSTRAC Travel Rule (commencing 1 July 2026, no value threshold), and the 14-day AUSTRAC change-of-details obligation.

  • Bank account — Tier-2 / Tier-3 or crypto-friendly digital-bank account opened in roughly four weeks post-enrolment.
  • Transaction reporting workflows — TTR (A$10,000), SMR and IFTI pipelines on AUSTRAC’s 1 July 2026 forms.
  • Travel Rule pipeline — originator/beneficiary data capture on every virtual-asset transfer (no de-minimis threshold).
  • Compliance calendar — 14-day AUSTRAC change-of-details, 7-year record retention and annual AML/CTF program review.

Ongoing Compliance Obligations

AUSTRAC VASP registration is the entry point, not the finish line. From 1 July 2026, every Australian virtual-asset business operates under an expanded AML/CTF regime: a no-threshold Travel Rule, new AUSTRAC report formats, statutory record-retention windows, and a formally appointed AML/CTF Compliance Officer reporting to the board.

Travel Rule (from 1 July 2026)

The AUSTRAC Travel Rule commenced on 1 July 2026 under the AML/CTF Amendment Act 2024. From that date, every virtual-asset transfer your VASP makes or receives must carry prescribed originator and beneficiary information, and you must perform counterparty due diligence on the receiving VASP before releasing funds. See AUSTRAC — Travel Rule overview for the binding scope.

No de-minimis threshold — every transfer in scope

Australia’s Travel Rule has no value threshold. Every virtual-asset transfer triggers the originator/beneficiary information requirement. Contrast this with the FATF’s optional USD 1,000 de-minimis recommendation and the EU Transfer of Funds Regulation (Regulation (EU) 2023/1113), which applies an EUR 1,000 threshold to self-hosted-wallet interactions while imposing no threshold for CASP-to-CASP transfers. A USD 10 stablecoin transfer is in scope on the same terms as a USD 10 million OTC trade. Build your travel-rule messaging integration on that assumption.

Your VASP must (a) collect and transmit the legally required data fields on outbound transfers, (b) screen inbound transfers for completeness and sanctions exposure, and (c) maintain a counterparty VASP due-diligence file you can produce on AUSTRAC request. Plan integrations against a travel-rule messaging protocol (TRP, IVMS 101, or equivalent) before go-live.

AUSTRAC Reporting Obligations

VASPs file three principal report types with AUSTRAC, each with its own trigger and timing. These obligations apply in addition to ASIC reporting if you also hold an AFSL.

  • TTR — Threshold Transaction Reports — physical-currency transactions of A$10,000 or more (or foreign-currency equivalent). See AUSTRAC — Threshold transaction reports.
  • SMR — Suspicious Matter Reportsno value threshold; filed whenever you form a reasonable suspicion that a transaction relates to a money-laundering, terrorism-financing or proceeds-of-crime concern.
  • IFTI — International Funds Transfer Instructions — required for instructions to transfer money or property into or out of Australia, in either direction.

From 1 July 2026, AUSTRAC releases new TTR and SMR forms; legacy XML and web-form formats are deprecated on the same date. New VASPs and existing reporting entities must use the new forms from day one, so budget engineering time to switch over before the cut-off. Full details: AUSTRAC — Changes to transaction reporting.

Record Keeping

Australia runs three separate retention clocks, and your records-management policy needs to track all three: AML/CTF records, ATO tax records, and AUSTRAC change-of-details notifications.

Record categoryRetention / deadlineSource
AML/CTF records — transaction records, CDD files, AML/CTF program documents 7 years AUSTRAC — Record keeping
Tax records (some CGT records longer) 5 years ATO — Record-keeping for business
AUSTRAC change-of-details — notify changes to enrolment particulars Within 14 days AUSTRAC — Update your details

Design archival around the longest applicable clock (7 years for AML/CTF) and treat the 5-year ATO window as a subset. Some CGT cost-base records must be retained beyond 5 years, so consult your tax adviser before deleting any acquisition or disposal documentation.

AML/CTF Compliance Officer

Every VASP must formally appoint an AML/CTF Compliance Officer, document the appointment in its AML/CTF program, and notify AUSTRAC. The Compliance Officer reports to the board on AML/CTF performance and produces the annual compliance report that AUSTRAC may inspect on request.

  • Formal appointment — named individual recorded in the AML/CTF program with defined authority and reporting lines.
  • Board reporting — periodic written reports on AML/CTF risk, incidents, and program performance to the board or governing body.
  • Annual compliance report — submitted to AUSTRAC each reporting cycle covering the entity’s AML/CTF activity for the year.
  • Notification deadlines — existing reporting entities were required to notify AUSTRAC by 30 May 2026 (already passed); new VASP entrants notify within their enrolment timeline.

Taxation of Crypto Businesses in Australia

Crypto tax in Australia is administered by the Australian Taxation Office (ATO) and turns on three pillars: corporate income tax, GST treatment of digital currency, and capital gains tax (CGT) on disposal. The headline rates for licensed Digital Asset Platforms and DCE/VASP operators are below; the eligibility tests, the input-taxed status of crypto exchanges, and the treatment of staking and mining are where most operators underestimate compliance. All figures apply to FY 2025–26.

Corporate Income Tax

Australia operates a two-tier corporate income tax. The lower 25% base-rate-entity rate applies only where the company satisfies both conditions: (a) aggregated turnover under AUD 50 million, and (b) no more than 80% of assessable income classified as base-rate-entity passive income (BREPI: interest, dividends, royalties, net capital gains, etc.). Companies failing either test pay the standard 30%. Turnover alone is not the test: a small crypto holding company that earns most of its income from passive token yields can be pushed to the 30% bracket even with sub-AUD 50M revenue. See the ATO company tax rate changes guidance for the BREPI mechanics.

Goods and Services Tax (GST)

Australia’s headline GST rate is 10%. Since 1 July 2017, crypto-to-fiat and crypto-to-crypto exchanges have been treated as input-taxed financial supplies. The exchange does not charge GST to the user, and customer-facing transactions are effectively GST-free. The trade-off is that exchanges cannot claim full input tax credits on their acquisitions related to those supplies, which affects how operators recover GST on infrastructure, software, and professional services. Full guidance at the ATO — GST and digital currency exchanges.

Capital Gains Tax

CGT applies on the disposal of crypto held on capital account, including sale for fiat, swaps for other crypto, gifts, and use to purchase goods or services. Resident individuals (and trusts) who hold crypto on capital account for at least 12 months are entitled to the 50% CGT discount on the resulting gain. A scheduled reform takes effect from 1 July 2027, replacing the flat 50% discount with a CPI-plus-30% model; the existing 50% discount remains in force for the FY 2025–26 income year. See ATO — Crypto asset investments.

Personal Income Tax Brackets FY 2025–26

Founders, directors, and Australian-resident employees of a crypto business are taxed at progressive personal rates. The brackets for FY 2025–26 (resident individuals) are:

Taxable incomeTax on this income
A$0 – 18,2000%
A$18,201 – 45,00016% on excess
A$45,001 – 135,000A$4,288 + 30% on excess
A$135,001 – 190,000A$31,288 + 37% on excess
A$190,001+A$51,638 + 45% on excess

A Medicare levy of 2% applies in addition to the brackets above (low-income thresholds and exemptions apply). Source: ATO — Tax rates for Australian residents.

Mining and Staking Income

The ATO distinguishes sharply between three activities:

  • Staking rewards — treated as ordinary income at the market value of the tokens on receipt, regardless of whether the holder later disposes of them.
  • Crypto mining as a business — mined tokens are ordinary (business) income; trading stock rules apply, and operating expenses are deductible.
  • Hobby miningnot ordinary income. Mined coins are taxed under CGT on disposal with a cost base of zero, so the full sale proceeds are the capital gain.

Misclassifying hobby activity as a business (or vice versa) is a common audit trigger. See ATO — Staking rewards and airdrops.

AUSTRAC Industry Contribution Levy

The AUSTRAC industry contribution levy is a sector-funding charge payable by reporting entities that either have earnings of AUD 100 million or more in the most recent financial year, or file a large volume or value of transaction reports. Meeting either condition is enough to trigger the levy. AUSTRAC estimates that only around 5% of reporting entities meet the threshold in any given year, so most early-stage DCE/VASP operators are out of scope at launch but should plan for the levy as transaction volume scales. Full mechanics at AUSTRAC — Industry contribution levy.

Why Crypto License Applications Fail in Australia

Most AUSTRAC and AFSL refusals trace back to a small set of recurring, fixable mistakes, not edge-case legal issues. Each failure below has a straightforward remediation if addressed before lodgement rather than after a deficiency notice.

  • Generic AML/CTF program — copy-paste templates that ignore the applicant’s actual products, customer base, and geographic exposure are the single biggest cause of AUSTRAC further-information requests. The program must be tailored to a documented ML/TF risk assessment for the specific business. See AUSTRAC VASP enrolment guidance.
  • Nominee resident director — a s 201A appointment without genuine oversight invites scrutiny. Lock in a substantive resident director (with consent, ID, and a clean Part 2D.6 record) before you incorporate.
  • PO Box-only registered address — AUSTRAC requires an Australian street address that can receive legal documents. A pure PO Box fails; a virtual office with genuine hot-desk access proportionate to the team is acceptable.
  • Stale National Police Certificates — AUSTRAC rejects certificates older than 6 months at submission. Order fresh checks for every beneficial owner and key person, and time your lodgement around their issue dates.
  • Under-resourced compliance officer — a part-time or shared AML/CTF Compliance Officer without authority, budget, or capacity is treated as a red flag. Appoint a dedicated, appropriately senior officer with documented reporting lines to the board.
  • No AFCA membership before lodgement — for retail-facing AFSL applicants, AFCA membership is a precondition for relying on ASIC’s class no-action position. Join AFCA before lodging the AFSL.
  • Weak source-of-funds and beneficial-ownership evidence — vague ownership charts or unverified wealth narratives stall files. Provide audited financials, bank statements, share registers, and a clean UBO chain back to natural persons.
  • Slow responses to AUSTRAC RFIs — the 90-day statutory clock resets on each further-information request, so delays compound. Triage AUSTRAC requests within 48 hours and respond in full.

Banking for Australian Crypto Operators

Sequence your banking strategy around AUSTRAC. Securing your DCE/VASP registration first is what unlocks KYB credibility. Without it, even crypto-friendly banks decline you at the relationship-manager screen. Once registration is confirmed, approach Tier-2 and Tier-3 banks alongside crypto-friendly digital banks that have built risk frameworks for virtual-asset businesses.

Plan for roughly 4 weeks from a clean AUSTRAC enrolment to a funded operating account. Onboarding with the major-four banks (CBA, Westpac, NAB, ANZ) for digital-asset businesses remains case-by-case and conservative. Some applicants succeed, but timelines stretch and account conditions are often restrictive. For most early-stage AUSTRAC-registered VASPs, Tier-2 / Tier-3 banks and crypto-friendly Australian banks offer the more reliable route.

What banks look for in a digital-asset banking application:

  • AUSTRAC registration confirmation — your current DCE/VASP registration certificate, with the enrolment ID visible on the AUSTRAC reporting-entity roll.
  • Completed AML/CTF program — a board-approved single integrated AML/CTF program covering the post-31 March 2026 reform requirements and the 1 July 2026 Travel Rule.
  • Appointed compliance officer — a named AML/CTF Compliance Officer ordinarily resident in Australia, with CV and police certificate (issued within the last 6 months).
  • Source-of-funds documentation — audited statements, shareholder declarations, and capital-injection bank statements traced to verified UBOs.
  • Business rationale and projected volumes — a 12–24 month forecast covering customer segments, expected transaction count, average ticket size, and corridor mix.

Fintech Simple introduces AUSTRAC-registered clients to crypto-friendly Australian banks we have onboarded exchanges with before, with documentation packs pre-aligned to each bank’s digital-asset risk appetite.

Book a Free Australia Licensing Consultation

One call, one execution plan covering AUSTRAC VASP enrolment, AFSL lodgement, AML/CTF documentation and banking introductions, all on a fixed-fee timeline.

Frequently Asked Questions about the Australian Crypto License

Do I need an AFSL or just AUSTRAC VASP registration?

It depends on volume. Under the DAF Act 2026, an AFSL is triggered if either A$5,000 per customer or A$10M annual transaction volume is exceeded; both thresholds must remain below for the de-minimis exemption to apply. AUSTRAC DCE/VASP registration is required either way, irrespective of size.

Is there a minimum capital requirement for a crypto license in Australia?

No. The widely repeated AUD 50,000 figure is a myth. There is no statutory minimum, and a Pty Ltd company can incorporate with as little as A$1. AFSL holders, however, face RG 166 prescribed thresholds: a AUD 150,000 minimum cash floor and Net Tangible Assets scaling up to AUD 10M for custodial or depository services.

How long does it take to get a crypto license in Australia?

For DCE/VASP-only registration with AUSTRAC, expect 6 weeks to 6 months. A combined DCE + AFSL pathway typically takes 6 to 12 months. Full Digital Assets Framework compliance follows ASIC’s 18-month implementation roadmap measured from Royal Assent (8 April 2026), concluding around October 2027. From DAF Act commencement on 9 April 2027, a six-month transition period runs to approximately 9 October 2027 during which a lodged AFSL application freezes obligations until ASIC decides.

What is the 30 September 2026 AFSL lodgement deadline?

30 September 2026 is the cut-off to lodge a complete AFSL application, or to notify ASIC of an intention to apply, to rely on ASIC’s class no-action position for digital-asset businesses. AFCA (Australian Financial Complaints Authority) membership must be in place before lodgement. Without it, the no-action protection is invalid.

What is the Travel Rule and when does it start?

The AUSTRAC Travel Rule commences on 1 July 2026 under the AML/CTF Amendment Act 2024. It applies to every virtual-asset transfer regardless of value, with no de-minimis threshold (unlike FATF’s optional USD 1,000 recommendation, which Australia has chosen not to adopt). Originator and beneficiary information must travel with every transfer, triggering KYC and counterparty due-diligence obligations on each transaction.

Do I need a resident director?

Yes. Section 201A of the Corporations Act 2001 (Cth) requires every Australian proprietary company to have at least one director who ordinarily resides in Australia. Directors must be 18 or older, consent to appointment in writing, and not be disqualified under Part 2D.6. Foreign-resident co-directors are permitted alongside the Australian resident.

Is a virtual office acceptable?

Yes, provided the address is a real Australian street address capable of receiving legal documents and offers hot-desk availability proportionate to the size of operations. A PO Box on its own is not acceptable for AUSTRAC DCE enrolment or ASIC registration. Pure shell setups without genuine workspace access also fail the substance test.

How much does an Australian crypto license cost?

There is no fixed published figure for the full package. Professional AFSL documentation typically costs AUD 20,000 to 100,000, rising up to AUD 200,000 for complex multi-authorisation applications. ASIC application fees, AFCA membership, NTA cash buffers and ongoing compliance sit on top. Request a tailored quote from Fintech Simple based on your specific business model.

What taxes apply to a crypto business in Australia?

Corporate income tax is 25% for base-rate entities (aggregated turnover under AUD 50M and no more than 80% base-rate-entity passive income), otherwise 30%. GST’s 10% headline rate applies, but crypto-to-fiat and crypto-to-crypto exchanges are input-taxed financial supplies. Capital gains held 12 months or longer attract the 50% CGT discount, scheduled for reform on 1 July 2027.

What records do I have to keep and for how long?

AUSTRAC requires AML/CTF records (transaction logs, customer due-diligence files, and AML/CTF program documents) to be retained for 7 years. The ATO requires business tax records to be kept for 5 years from the later of preparation, obtaining, or transaction completion. Any change of registered details must be notified to AUSTRAC within 14 days.

Can a foreign founder own an Australian crypto company?

Yes. Shareholders can be 100% foreign, and there is no nationality restriction on beneficial ownership of an Australian Pty Ltd company. Two conditions apply: the resident-director rule under s 201A Corporations Act 2001 must still be satisfied, and Foreign Investment Review Board (FIRB) approval may be required depending on deal size, sector sensitivity, and investor type.

What happens if I miss the 30 September 2026 AFSL deadline?

You lose ASIC’s class no-action protection for digital-asset businesses and become exposed to AFSL enforcement action once the DAF Act 2026 commences on 9 April 2027. Operating a Digital Asset Platform or Tokenised Custody Platform above the de-minimis thresholds without an AFSL would then constitute unlicensed financial-services conduct under the Corporations Act.

Your Privacy

By clicking "Accept", you consent to the use of cookies and similar technologies on your device to improve site navigation, analyze usage, provide specific functionalities, and support our marketing initiatives. Cookies that are strictly necessary will always be active with this link.