A Practical Regulatory Framework for DCEs, Remittance Providers and Crypto Platforms

AUSTRAC registration for digital currency exchanges (DCEs) and remittance businesses in Australia does not, of itself, determine the full regulatory position.

These businesses are increasingly subject to existing financial services regulation, particularly where their activities involve custody of client assets, payment functionality, or transaction execution.

ASIC’s guidance (including Information Sheet 225 (INFO 225)) confirms that regulatory treatment depends on the substance of the arrangement, rather than the label attached to a digital asset.

At the same time, regulatory developments indicate a clear shift toward a framework focused on control of assets and platform-based activity.

In practice, many DCEs, remittance providers and digital asset platforms may already fall within the scope of financial services law or be expected to operate in a manner consistent with those regulatory standards.

This article provides a structured overview of the current regulatory position and the practical implications for digital asset businesses.

1. Substance over form

ASIC’s INFO 225 makes clear that digital assets do not fall within a single regulatory category. Instead, classification depends on the rights, features and overall structure of the arrangement.

This requires an assessment of:

• the nature of the asset and rights attached to it
• how those rights are exercised in practice
• the role of the platform operator
• how value is created, transferred or managed

Importantly, the analysis extends beyond the digital asset itself to the broader arrangement or facility within which it operates. A token that is not, in isolation, a financial product may still form part of a regulated structure.

This reflects a long-standing principle in Australian financial services law: substance prevails over form, particularly where new technologies are used to replicate traditional financial functions.

2. Key regulatory triggers

Under current law, digital asset businesses may fall within the financial services regime where their activities involve one or more of the following functions.

(a) Non-cash payment facilities

Where a platform enables value to be transferred without the use of physical cash, it may constitute a non-cash payment facility under the Corporations Act.

This is a broad concept. A payment is “non-cash” where it is made otherwise than by physical currency, and a facility through which a person can make payments to more than one recipient will generally be a financial product.

This is particularly relevant to:

• crypto payment platforms
• merchant settlement services (e.g. crypto to AUD conversion)
• stablecoin-based payment flows
• remittance models involving digital assets

ASIC’s guidance confirms that the definition is sufficiently broad to capture digital asset-based payment systems, including where value is transferred using tokens rather than fiat currency.

Application to digital asset wallets

Digital asset wallets may constitute non-cash payment facilities where they are used to make payments to third parties.

This may arise in both:

• custodial wallet models, where the provider controls private keys; and
• non-custodial wallet software, where users retain control of their own keys

In each case, the relevant question is whether the wallet provides a facility through which payments can be made, rather than who controls the keys.

Features such as a “pay anyone” function or the ability to transfer tokens to external addresses are strong indicators that the wallet may fall within this category.

Application to stablecoins and payment tokens

Certain digital assets themselves may also constitute non-cash payment facilities.

This is particularly the case where a token is:

• designed to be used as a means of payment
• promoted as “digital cash” or a store of value
• widely used to transfer value between users or merchants
• redeemable (or expected to be redeemable) for fiat currency

Stablecoins that are linked to fiat currency and used for payments are a key example. In these cases, the transfer of the token itself may constitute the mechanism through which a payment is made.

Importantly, the fact that a token is:

• non-interest bearing; or
• backed by reserves

does not prevent it from being characterised as a non-cash payment facility where its primary function is to facilitate payments.

Key legal point

The critical question is not the form of the asset, but the function of the arrangement.

In practical terms:

if a platform or token is used to transfer value between multiple parties, it may fall within the non-cash payment facility framework, regardless of whether it is described as a “crypto product” or a “technology service”.

Regulatory implications

Where a non-cash payment facility exists:

• the facility may constitute a financial product
• providing services in relation to that facility may require an AFSL
• additional obligations may apply, including conduct, disclosure and compliance requirements

Certain exclusions (such as the single payee exemption or incidental financial product exclusion) may apply in limited circumstances, but these are fact-specific and should be assessed carefully.

(b) Managed investment schemes

Digital assets, or arrangements involving digital assets, may constitute interests in a managed investment scheme (MIS).

Broadly, a managed investment scheme involves:

• persons contributing money or assets to acquire rights or interests
• contributions being pooled or used in a common enterprise
• participants not having day-to-day control over the operation of the arrangement

Application to digital asset structures

In the digital asset context, an MIS may arise where:

• investors contribute fiat or digital assets
• those assets are pooled, deployed or managed by an operator
• participants receive returns, benefits or exposure to performance
• the operator exercises control over how the arrangement operates

This analysis applies regardless of how the arrangement is described. Labels such as “utility token”, “staking”, or “yield product” do not prevent the arrangement from falling within MIS concepts where the underlying features are present.

Common examples

Examples of arrangements that may fall within MIS concepts include:

• yield-generating or interest-bearing token products
• staking or yield aggregation platforms
• tokenised asset structures involving pooled ownership
• arrangements where token holders share in revenue, profits or platform performance

In some cases, arrangements framed as access to a platform or service may still constitute an MIS where there is a clear expectation of financial return.

Regulatory implications

Where a digital asset arrangement constitutes a managed investment scheme:

• the operator may be required to hold an AFSL authorising it to operate the scheme
• retail schemes must generally be registered and subject to additional requirements, including:
  • compliance plans
  • custody arrangements
  • disclosure obligations

For wholesale-only arrangements, licensing may still be required, together with appropriate investor classification processes.

Key legal point

Where a digital asset arrangement involves pooled contributions and passive investor participation, it is likely to fall within managed investment scheme concepts, regardless of how it is described.

Common examples

Examples of derivative-like structures in digital asset markets include:

• contracts for difference (CFDs) referencing digital assets
• futures, options or forwards on digital assets
• perpetual futures and leveraged trading products
• tokens whose value is derived from or tracks another asset or benchmark

Certain structured or algorithmic tokens may also fall within derivative concepts where they create exposure to an underlying reference.

Regulatory implications

Where a digital asset arrangement constitutes a derivative:

• issuing the product will generally require an AFSL with appropriate authorisations
• providing services such as dealing, arranging or advising will also require licensing

In addition:

• over-the-counter derivative transactions may be subject to reporting obligations
• each counterparty may be treated as issuing a derivative in bilateral arrangements

Key legal point

Where the value of a digital asset or arrangement is derived from, or linked to, another asset or reference, it may fall within the definition of a derivative.

(d) Securities

In some cases, digital assets may constitute securities, including shares, options or debentures.

This will depend on the rights attached to the digital asset, rather than the technology used to issue or record it.

Application to digital assets

A digital asset may be characterised as a security where it confers rights analogous to traditional financial instruments, such as:

• ownership or equity interests
• voting or governance rights
• rights to share in profits or distributions
• rights to repayment of funds

This is most commonly considered in the context of token offerings or capital-raising arrangements.

Token offerings and capital raising

Where digital assets are issued to raise capital, the arrangement may resemble:

• an equity offering
• a debt issuance
• or another form of fundraising

If the rights attached to the token are similar to shares or debt instruments, the token may fall within the definition of a security.

Regulatory implications

Where a digital asset constitutes a security:

• a prospectus or other disclosure document may be required for retail offers
• licensing requirements may apply
• misleading or deceptive conduct provisions will apply to marketing and communications

These obligations apply regardless of whether the offering is conducted using blockchain or traditional infrastructure.

Key legal point

The classification of a digital asset as a security depends on the rights it confers, not the form in which it is issued.

(e) Custodial or depository services

Custody is a central regulatory consideration.

Where a business:

• holds digital assets on behalf of clients
• controls private keys
• aggregates assets in platform wallets
• or executes transfers based on client instructions

it may be providing custodial or depository services.

Control as the key determinant

A critical principle is that control is more relevant than duration or legal form.

In particular:

• temporary holding of assets does not prevent a custody characterisation
• transfer of legal title to the operator is not determinative
• the key question is whether the operator retains practical control over how assets are dealt with

In the context of digital assets, control is most commonly evidenced by:

• possession or control of private keys; or
• the ability to initiate or authorise transfers on behalf of clients

ASIC has indicated that where a person controls the private keys to blockchain addresses, this will generally be a strong indicator of custody.

Custodial services as a financial service

A person provides a custodial or depository service where they:

• hold financial products, or
• hold beneficial interests in financial products

on trust for, or on behalf of, clients.

Where digital assets are themselves financial products, or form part of a financial product arrangement, custody of those assets will constitute a financial service.

Whether this threshold is met will depend on:

• the nature of the digital asset
• the rights attached to it
• the structure of the arrangement
• and how assets are held in practice

Custodial vs non-custodial models

It is important to distinguish between:

• custodial models, where the provider controls private keys or assets; and
• non-custodial (self-hosted) models, where users retain control

A self-custody or non-custodial wallet solution, where the provider does not have access to or control over private keys, is less likely to constitute a custodial or depository service.

However, this distinction must be assessed carefully, particularly where:

• the provider retains any form of control or override capability; or
• the operational design effectively centralises control despite a “non-custodial” label

Regulatory expectations for custodians

Custodial or depository service providers are subject to principles-based obligations under Australian financial services law.

ASIC’s Regulatory Guide 133 (RG 133) provides guidance on these obligations, including:

• safeguarding of client assets
• segregation of client assets from firm assets
• maintenance of adequate records and controls
• oversight of asset-holding arrangements

These obligations apply regardless of the form of the financial product and are intended to be flexible, taking into account:

• the nature of the assets
• the business model
• the scale of operations

Omnibus holding and digital asset structures

The regulatory framework recognises that digital asset custody often involves:

• pooled or omnibus wallet structures

Under RG 133, omnibus holding of client assets is permitted in certain circumstances, provided that:

• client entitlements can be clearly identified; and
• client assets are properly segregated from firm assets

This approach reflects the operational realities of digital asset markets, while maintaining appropriate safeguards.

Financial and capital requirements

Custodial or depository service providers are also subject to financial resource requirements, including net tangible asset (NTA) thresholds under Regulatory Guide 166.

These requirements are designed to ensure that custodians:

• have sufficient financial resources
• can meet operational risks
• and can support the safeguarding of client assets

The application of these requirements may vary depending on whether custody is:

• a core service; or
• incidental to another business activity

Key legal point

In practical terms:

where a platform has the ability to control, hold or transfer client assets, it is likely to be treated as providing custody, regardless of how the service is described.

(f) Dealing and intermediation

Where a platform facilitates transactions, executes trades or intermediates between counterparties, it may be engaging in financial services, particularly dealing, arranging or market making.

Under the Corporations Act, “financial services” include:

• dealing in a financial product
• providing financial product advice
• making a market
• and providing custodial or depository services

A person carrying on a financial services business in Australia is generally required to hold an AFSL.

Dealing in financial products

“Dealing” is defined broadly and includes:

• acquiring or disposing of financial products
• issuing financial products
• applying for or varying financial products
• arranging for another person to do any of the above

In the digital asset context, this may arise where a business:

• buys or sells digital assets (as principal or agent)
• operates an exchange matching buyers and sellers
• facilitates client orders or execution
• acts as a broker or intermediary

Importantly, “arranging” is itself a form of dealing. A platform that assists clients to enter into transactions, even without taking principal risk, may still be within scope.

Issuing digital asset products

Issuing forms part of dealing and occurs where a person:

• creates; and
• makes available

a financial product.

This may be relevant where digital assets are structured in a way that constitutes a financial product, such as certain token issuance or platform-based arrangements.

Market making

A person generally makes a market where they:

• regularly state prices at which they are willing to buy or sell financial products; and
• do so on their own behalf, with counterparties able to transact against those prices

This model is common in both traditional financial markets and digital asset markets.

Where digital assets involved are financial products, market-making activity will constitute a financial service.

This is particularly relevant to:

• OTC desks quoting bid/offer prices
• platforms internalising client flow
• liquidity provision arrangements

Financial product advice

In addition to dealing, a platform may also provide financial product advice where it:

• makes a recommendation; or
• states an opinion

with the intention of influencing a person’s decision in relation to a financial product.

This may arise, for example, where a platform:

• compares digital assets
• promotes certain tokens
• or presents investment-related content

The fact that a product is digital in nature does not alter the regulatory treatment of advice.

Application to digital asset platforms

In practical terms, many digital asset businesses may fall within dealing or intermediation concepts where they:

• facilitate trading between users
• execute transactions on behalf of clients
• intermediate between liquidity providers and clients
• or play an active role in pricing or execution

This is particularly relevant for:

• centralised exchanges
• brokerage platforms
• OTC trading desks
• and hybrid models combining execution and custody

Key legal point

The critical question is whether the platform is participating in, facilitating or influencing transactions involving financial products.

Where a platform plays an active role in execution, pricing or transaction facilitation, it is likely to fall within dealing or intermediation concepts, regardless of how the service is described.

Regulatory implications

Where dealing, arranging or market making is identified:

• the activity may constitute a financial service
• an AFSL may be required
• conduct, disclosure and licensing obligations will apply

The analysis is highly fact-specific and depends on:

• the nature of the digital asset
• the structure of the platform
• and the role played by the operator

AUSTRAC registration as a DCE or remittance provider establishes AML/CTF compliance obligations but does not determine the broader financial services regulatory position.

For digital asset businesses, AUSTRAC’s regulatory framework is expanding to capture a broader range of virtual asset services, including exchange, transfer and safekeeping activities.

AUSTRAC-regulated entities are subject to AML/CTF obligations including:

• customer identification and verification (KYC / CDD)
• ongoing customer due diligence
• transaction monitoring
• sanctions and PEP screening
• record-keeping requirements

Reporting entities must also comply with a range of reporting obligations, including:

• suspicious matter reports (SMRs)
• threshold transaction reports (TTRs), where applicable
• international value transfer service (IVTS) reports
• annual compliance reporting

Virtual asset transfer and reporting developments

A key development under the AML/CTF reforms is the expansion of reporting and information-sharing requirements for value transfers, including digital assets.

This includes:

Travel Rule obligations

Where value (including virtual assets) is transferred between service providers, entities must:

• collect originator and beneficiary information
• verify relevant customer details
• transmit that information to the receiving provider

This introduces a data-sharing requirement across the transfer chain, increasing transparency and traceability.

IVTS reporting (replacing IFTI reporting)

The reforms also introduce IVTS reporting, which will replace the current IFTI reporting regime.

Key features include:

• applies to transfers of money, virtual assets or other value
• reporting obligation sits with the entity closest to the Australian customer
• enhanced ability to capture accurate customer information
• extends to digital asset transfer activity, including certain wallet-based transactions

Importantly, the reforms introduce new reporting obligations for transfers to or from self-hosted (unverified) wallets, reflecting increased regulatory focus on decentralised transfer pathways.

Separate regulatory frameworks

However, AUSTRAC registration and compliance do not determine whether a business is providing a financial service for the purposes of the Corporations Act.

In practice:

• AUSTRAC regulates financial crime risk, including AML/CTF compliance for digital asset and remittance services
• ASIC regulates financial services and investor protection, including licensing, conduct and disclosure obligations

These regimes operate concurrently and must be considered separately.

Key practical implication

It is common for digital asset businesses to:

• be compliant with AUSTRAC requirements (including Travel Rule and IVTS reporting); but
• still be carrying on a financial services business requiring an AFSL

Current regulatory attention is increasingly directed toward a number of recurring themes in digital asset business models.

These include:

• custody and safeguarding of client assets, particularly where platforms control private keys or operate omnibus wallet structures
• payment and settlement functionality, including the use of digital assets to transfer value between customers or counterparties
• vertically integrated business models, where a single platform performs multiple roles (such as exchange, custody, execution and liquidity provision)
• conflicts of interest, particularly where firms internalise client flow, act as principal, or engage in proprietary trading alongside client services

Regulators are also increasingly focused on:

• the adequacy of governance, risk management and internal controls
• the segregation and protection of client assets and client money
• the transparency of execution, pricing and counterparty arrangements

Practical implication

These factors are often determinative in assessing whether a business:

• is providing a financial service
• requires an AFSL
• and meets the standard of operating efficiently, honestly and fairly

In practice, the presence of multiple high-risk features within a single business model (for example, custody combined with execution and internalisation) will typically attract heightened regulatory scrutiny.

5. Shift toward control-based regulation

Regulatory developments indicate a shift toward a framework that focuses on control and possession of digital assets, rather than classification of the token alone.

In practical terms, regulatory analysis increasingly turns on whether a business has the ability to:

• transfer digital assets
• restrict or exclude others from accessing or transferring those assets
• act on behalf of clients in relation to those assets

This reflects a functional test of control, which aligns closely with how custody and asset-holding services are assessed under existing financial services law.

Regulatory direction

Under this approach, the focus is not limited to:

• legal title to the asset; or
• how the arrangement is described contractually

Instead, the analysis centres on the practical ability of the platform to deal with the asset, including whether it can control, move or administer the asset on behalf of a client.

Practical implication

In practice, this means that platforms may fall within regulatory scope where they:

• operate wallet infrastructure or custody arrangements
• facilitate settlement or transfer of digital assets
• or retain any form of operational control over client assets

This shift toward a control-based framework underpins the emerging distinction between different types of digital asset platforms, including custody-based and tokenised structures.

A Digital Asset Platform (DAP) can be understood, in practical terms, as a facility under which an operator possesses or controls digital assets for or on behalf of clients.

This concept captures arrangements where:

• the operator holds or controls digital tokens; and
• those tokens are held for, or dealt with on behalf of, a client, including where the operator is required to act in accordance with client instructions

Application to digital asset business models

This framework captures a broad range of digital asset business models, including:

• centralised exchanges
• OTC trading desks
• payment and settlement platforms
• wallet and custody providers

In many cases, the platform operator is effectively acting as the issuer and operator of the facility, with clients entering into the platform by opening an account or otherwise participating in the arrangement.

Control vs legal title

Importantly, legal title is not determinative.

A platform may fall within this category even where:

• legal ownership of assets is transferred to the operator; or
• assets are held in pooled or omnibus structures

provided that the client retains meaningful rights to:

• instruct how the assets are dealt with; or
• direct transactions or transfers

Key legal point

A platform will generally be characterised as a digital asset platform where it holds or controls digital assets and operates a facility through which those assets are managed or dealt with on behalf of clients.

A Tokenised Custody Platform (TCP) involves a distinct form of digital asset arrangement.

In practical terms, it arises where:

• an operator identifies and holds an underlying asset (other than money); and
• issues a digital token that represents a right in respect of that asset

Core features

Under this structure, the holder of the digital token has a right to:

• redeem the underlying asset; or
• direct the delivery of that asset

The operator holds the underlying asset for or on behalf of the token holder, and is typically required to deal with that asset in accordance with the holder’s instructions.

One-to-one backing requirement

A defining feature of a TCP is the requirement for a one-to-one relationship between:

• each digital token; and
• a specific underlying asset

This means that:

• each token must correspond to a single identifiable asset; and
• the token must confer a right to that particular asset

This requirement is intended to ensure that tokenised custody arrangements are not used to facilitate fractionalised or pooled interests, which may instead fall within managed investment scheme regulation.

Distinction from other structures

A TCP is distinct from:

• digital asset platforms involving custody of tokens themselves; and
• investment or pooling arrangements

The key distinction lies in the fact that the operator is responsible for the custody of the underlying asset, rather than merely controlling the digital token.

Key legal point

A tokenised custody platform arises where a digital token represents a direct and redeemable interest in a specific underlying asset held by the operator on behalf of the token holder.

The regulatory framework places primary responsibility on the platform operator, regardless of how the underlying technology or infrastructure is implemented.

The use of third-party providers, including custody infrastructure, wallet technology or execution services, does not remove or dilute this responsibility.

The operator remains accountable for:

• how client assets are held and safeguarded
• how transactions are initiated, executed and settled
• compliance with applicable laws and regulatory obligations

Use of agents and service providers

Where an operator appoints third parties to perform functions in relation to the platform:

• those parties may be treated as acting on behalf of the operator; and
• the operator remains responsible for their conduct in connection with the platform

This applies even where the relevant functions are outsourced to specialised providers or implemented through external infrastructure.

Regulatory expectation

From a regulatory perspective, this reflects a clear position that:

• outsourcing operational functions does not transfer regulatory accountability; and
• the operator must maintain appropriate oversight, controls and governance arrangements in relation to all outsourced activities

Key legal point

Outsourcing technology or operational functions does not outsource regulatory responsibility.

9. Licensing and general obligations

Where a business is carrying on a financial services business involving digital asset platforms or similar arrangements, it may be required to hold an AFSL.

Whether an AFSL is required will depend on:

• the nature of the digital asset or arrangement; and
• the services being provided in relation to that asset

General obligations

Once licensed, operators are subject to a range of general obligations under the Corporations Act.

These include obligations to:

• act efficiently, honestly and fairly
• maintain adequate risk management systems
• ensure organisational competence, including appropriately qualified personnel
• maintain adequate financial, technological and human resources
• manage and disclose conflicts of interest
• comply with licence conditions and applicable laws

These obligations are principles-based and apply across all aspects of the licensee’s operations.

Application to digital asset businesses

For digital asset businesses, these obligations have particular relevance where the model involves:

• custody of client assets
• execution or intermediation services
• payment or settlement functionality
• vertically integrated platforms combining multiple roles

In these cases, regulators will expect:

• robust governance frameworks
• clearly defined roles and responsibilities
• effective internal controls and oversight mechanisms

Practical implication

For many digital asset businesses, the transition to an AFSL-regulated model represents a material uplift in governance, compliance and operational standards, particularly in areas such as risk management, asset safeguarding and conflict management.

Regulatory expectations extend beyond licensing and apply to the operational conduct of digital asset businesses, particularly in relation to asset holding and transaction processes.

Areas of regulatory focus include:

• safeguarding and custody of client assets, including secure key management and protection against loss, theft or misuse
• segregation and identification of holdings, including the ability to clearly attribute assets to individual clients, even where omnibus structures are used
• management of wallet infrastructure, including governance over access controls, transaction authorisation and system integrity
• handling of client money, where applicable, including appropriate segregation and compliance with client money requirements
• execution and settlement processes, including accuracy, timeliness and transparency of transactions
• oversight of liquidity providers and counterparties, including appropriate due diligence, contractual arrangements and ongoing monitoring

Operational standards and controls

Regulators will also expect digital asset businesses to maintain:

• robust internal controls and reconciliation processes
• clear record-keeping and audit trails
• documented policies and procedures governing asset handling and settlement
• effective risk management frameworks addressing operational and technological risks

Alignment with existing regulatory standards

These expectations reflect a broader regulatory objective of aligning digital asset platforms with established standards applicable to custodial, depository and financial service providers.

In practice, this means that digital asset businesses are expected to adopt:

• comparable asset protection measures
• equivalent levels of operational integrity
• and similar governance standards

to those applied in traditional financial services.

Key legal point

Digital asset platforms are expected to meet equivalent asset holding and settlement standards as traditional custodians and financial service providers, regardless of the technology used.

There is an increasing regulatory emphasis on disclosure, transparency and client protection in digital asset business models.

This includes requirements to provide clients with clear, accurate and meaningful information about how the service operates and the risks involved.

Key disclosure areas

In practice, this includes:

• clear explanation of how assets are held, controlled and safeguarded, including custody arrangements and use of third-party providers
• disclosure of key risks, including custody risk, counterparty risk, technology risk and liquidity risk
• transparency around execution, pricing and settlement processes
• consistency between marketing representations and actual functionality
• provision of structured client documentation, including terms of service and risk disclosures

Regulatory framework

Where a financial service is provided to retail clients, disclosure obligations may include:

• a Financial Services Guide (FSG)
• a Product Disclosure Statement (PDS), where applicable
• or, under emerging frameworks, a DAP or TCP Guide tailored to digital asset platforms

In addition, general prohibitions on misleading or deceptive conduct apply to all communications, including marketing materials and website content.

Regulatory focus

Regulators are particularly concerned with:

• lack of transparency in custody and asset handling arrangements
• unclear or incomplete risk disclosures
• inconsistencies between how products are marketed and how they operate in practice
• inadequate explanation of counterparty exposure and execution risks

Practical implication

Digital asset businesses should ensure that:

• disclosures are clear, accurate and not misleading
• documentation reflects the actual operation of the platform
• key risks are presented in a way that is understandable to clients

Key legal point

Disclosure obligations focus on ensuring that clients understand how digital asset services operate, the risks involved, and the nature of the platform’s role in holding, controlling and transacting assets.

The combined effect of current law and emerging regulatory direction is that digital asset businesses must assess their models against both existing financial services frameworks and platform-based regulatory developments.

In particular:

• many digital asset businesses may already fall within the scope of financial services regulation, regardless of how their products are described
• custody, payment and execution functionality are key regulatory triggers, particularly where platforms control or facilitate the movement of client assets
• regulatory expectations extend beyond licensing to governance, operational controls and disclosure standards

Key areas of focus

In practice, businesses should carefully assess:

• whether their products or arrangements constitute financial products (e.g. NCP, MIS, derivatives or securities)
• whether they are providing financial services, including custody, dealing or intermediation
• the extent to which they exercise control over client assets
• the adequacy of their AML/CTF, governance and risk management frameworks
• the accuracy and completeness of client disclosures and documentation

Forward-looking considerations

In addition, businesses should take into account the direction of regulatory reform, including:

• the increasing focus on control-based analysis
• the emergence of platform-based regulation (DAP and TCP concepts)
• enhanced expectations around asset holding, settlement and transparency

Practical takeaway

Digital asset businesses should adopt a proactive and structured approach to regulatory compliance, including:

• undertaking a holistic regulatory assessment of their business model
• identifying areas of potential AFSL exposure
• implementing appropriate governance, controls and documentation
• preparing for evolving regulatory expectations ahead of implementation timeframes

Key legal point

Digital asset businesses should not assume that AUSTRAC registration alone is sufficient and should assess their activities against the full financial services’ regulatory framework.

While many business models may already fall within existing financial services frameworks, regulatory direction is clearly moving toward a control-based and platform-focused approach, with increased emphasis on how digital assets are held, managed and transferred in practice.

Businesses that assess their activities holistically and align early with financial services standards will be best positioned to operate sustainably in an increasingly regulated environment.