Crypto license in Australia
Last Update: 14.05.2026
A crypto license in Australia takes 6 weeks – 6 months for AUSTRAC DCE registration, or 6–12 months for the combined DCE + AFSL path. AUSTRAC charges no registration fee; AFSL compliance documentation runs AUD 50,000–200,000 (~$33,000–132,000), with total DCE-only setup from $10,900 USD. Smaller operators qualify for the VASP-lite exemption (≤ A$5,000 / ~$3,300 per customer AND < A$10M / ~$6.6M annual turnover); above these thresholds AFSL becomes mandatory under the Corporations Amendment (Digital Assets Framework) Bill 2025.
Crypto in Australia is regulated under a dual-regulator model: AUSTRAC supervises AML/CTF compliance and registers digital currency exchanges (DCE), while ASIC issues the Australian Financial Services License (AFSL) for services that qualify as financial products. The Corporations Amendment (Digital Assets Framework) Bill 2025, which received Royal Assent on 8 April 2026, extends the AFSL framework to two new financial-product categories — Digital Asset Platforms (DAP) and Tokenised Custody Platforms (TCP) — capturing exchanges, custodians, brokers, and tokenization operators that handle client crypto. Together with AUSTRAC’s expanded VASP scope from 31 March 2026, the framework brings crypto-to-crypto trading, custodial services, staking, stablecoins, and tokenized real-world assets into a unified compliance perimeter. Operators choose between three paths: DCE-only (AUSTRAC, 6 weeks – 6 months, total budget from $10,900 USD); the combined DCE + AFSL path for custody and financial-product services (6–12 months, AUD 50,000–200,000 / ~$33,000–132,000 in compliance documentation); or the VASP-lite exemption for smaller operators — a predictable regulatory runway comparable in scope to MiCA in the EU and the Singapore / Hong Kong licensing frameworks.
Which crypto licenses can a business obtain in Australia?
A business in Australia can obtain three types of crypto authorization: AUSTRAC DCE registration under the AML/CTF Act 2006, an ASIC-issued AFSL for services that qualify as financial products under the Corporations Act 2001, and one of the two new categories — Digital Asset Platform (DAP) or Tokenised Custody Platform (TCP) — introduced by the Corporations Amendment (Digital Assets Framework) Bill 2025. The right authorization depends on the service model. DCE-only path fits exchange operators within VASP-lite thresholds (≤ A$5,000 / ~$3,300 per customer AND < A$10M / ~$6.6M annual turnover) and platforms with no custody scope. DCE + AFSL fits custodians, staking platforms, stablecoin issuers, and tokenization projects above the VASP-lite thresholds. DAP / TCP categories under the Digital Assets Framework Bill 2025 apply to digital asset platforms and tokenized custody — both treated as financial products with AFSL obligations.
AUSTRAC DCE / VASP (AML/CTF basic regime)
DCE covers any company that exchanges digital currency for fiat or vice versa, including exchanges, OTC platforms, crypto ATMs, and custodial wallets with buy/sell functionality. Once the VASP transition takes effect, the regime expands to all virtual asset services (VASP), including crypto-to-crypto exchanges, custodial services, virtual asset transfers, and trading platforms for NFTs, stablecoins, and tokenized assets. Travel Rule applies to transactions between VASPs and self-hosted wallets.
What DCE/VASP registration gives you: legal operation in the exchange market, faster time-to-market than AFSL, clear AML/CTF, Know Your Customer (KYC), and reporting requirements, and no AFSL obligation if the service does not handle financial products.
AFSL (ASIC, financial product regime)
AFSL is mandatory if the crypto service qualifies as a financial product under the Corporations Act 2001. This applies to projects that store customer digital or tokenized assets (custody), provide trading or investment infrastructure, organize the issuance or circulation of tokenized financial instruments, or provide consulting or brokerage services. AFSL requires corporate governance, internal controls, risk management, and ongoing reporting to ASIC.
DAP and TCP (Digital Assets Framework Bill 2025)
The Digital Assets Framework Bill 2025 introduced two new categories of regulated services: Digital Asset Platform (DAP) — infrastructure with asset storage, trading, transfers, staking, and wrapped assets — and Tokenised Custody Platform (TCP) — specialized custodial platforms for tokenized assets. Both are treated as financial products, which automatically makes AFSL mandatory. The transition window is 12 months from Royal Assent plus a 6-month operator window for AFSL submission.
| License Type | Who Needs It | Regulator | Key Services | Timeline | Threshold |
|---|---|---|---|---|---|
| AUSTRAC DCE / VASP | All crypto exchanges, OTC desks, custodial wallets, crypto ATMs, payment processors with crypto rails | AUSTRAC | Crypto-to-fiat, crypto-to-crypto, custody, transfers, NFTs, stablecoins, tokenized assets (after VASP transition) | 6 weeks – 6 months | All operators (no minimum) |
| AFSL | Custodians, tokenized-asset operators, derivatives platforms, stablecoin issuers recognized as financial product | ASIC | Financial products, custody, managed schemes, brokerage, tokenized financial instruments | 4–8 months | Services qualify as financial products under the Corporations Act 2001 |
| DAP / TCP (Digital Assets Framework Bill 2025) | Digital asset platforms, tokenized custody, staking platforms, trading infrastructure | ASIC | Infrastructure services, custody, trading, staking, wrapped assets, tokenized custody | 12 months Royal Assent + 6 months operator AFSL window | A$10M (~$6.6M) annual volume OR A$5,000 (~$3,300) per customer |
| VASP-lite (exemption) | Small operators meeting both thresholds | AUSTRAC | Simplified AML/CTF regime, basic AUSTRAC compliance | Same as DCE | ≤ A$5,000 (~$3,300) per customer AND < A$10M (~$6.6M) annual turnover |
What are the differences between DCE and AFSL licenses?
The differences between DCE and AFSL licenses in Australia fall along three axes: regulator (AUSTRAC for DCE / AML/CTF supervision vs ASIC for AFSL / financial-product oversight), scope (DCE covers crypto-to-fiat and, after the VASP transition, all virtual asset services; AFSL covers custody, tokenized assets, derivatives, and stablecoins recognized as financial products), and cost / timeline (DCE — no registration fee, 6 weeks – 6 months review; AFSL — AUD 50,000–200,000 / ~$33,000–132,000 in compliance documentation, 4–8 months review).
| Parameter | AUSTRAC DCE / VASP | ASIC AFSL |
|---|---|---|
| Regulator | AUSTRAC | ASIC |
| Scope | AML/CTF for crypto-to-fiat and (after VASP transition) crypto-to-crypto, custody, transfers, NFTs, stablecoins, and tokenized assets | Financial products: custody of tokenized assets, trading infrastructure, managed schemes, and stablecoins recognized as financial product |
| Mandatory for | All crypto exchanges, OTC platforms, crypto ATMs, custodial wallets, and payment processors with crypto rails | Custodians, tokenization platforms, staking platforms (DAP), tokenized custody (TCP), and stablecoin issuers |
| Application channel | AUSTRAC Reporting Portal | ASIC Regulatory Portal |
| Timeline | 6 weeks – 6 months review | 4–8 months review |
| Cost (compliance documentation) | No registration fee. AML/CTF program build varies by scope | AUD 50,000–200,000 (~$33,000–132,000) — lawyers, documentation, internal systems |
| Capital requirement | No fixed minimum | ASIC evaluates capital adequacy. Insurance coverage required |
| Renewal | Every 3 years. Records kept 7 years | Ongoing reporting. Annual ASIC fees |
Quick Facts: Australia Crypto License
An Australia crypto license takes 6 weeks – 6 months for AUSTRAC DCE alone, or 6–12 months for the combined DCE + AFSL path. AUSTRAC charges no registration fee. AFSL compliance documentation runs AUD 50,000–200,000 (~$33,000–132,000). Travel Rule becomes effective 1 July 2026. AFSL is mandatory above A$10M (~$6.6M) annual volume or A$5,000 (~$3,300) per customer. A resident director and physical office are required for all paths.
| Parameter | Value |
|---|---|
| Timeline (DCE only) | 6 weeks – 6 months |
| Total budget (DCE-only / VASP-lite) | from $10,900 USD (G&S BASIC package) |
| Timeline (DCE + AFSL) | 6–12 months |
| Timeline (full DAF compliance) | ~18 months from Royal Assent (12 + 6) |
| AUSTRAC registration fee | No fee. Ongoing AML/CTF compliance costs vary by scope |
| AFSL compliance documentation cost | AUD 50,000–200,000 (~$33,000–132,000) — lawyers, documentation, internal systems |
| AFSL threshold (after VASP transition) | A$10M (~$6.6M) annual volume OR A$5,000 (~$3,300) per customer |
| VASP-lite exemption | ≤ A$5,000 (~$3,300) per customer AND < A$10M (~$6.6M) annual turnover |
| Corporate tax | 25% for turnover under A$50M (~$33M). 30% above |
| GST (Goods and Services Tax) | 10%, generally exempt for crypto exchange services |
| Minimum capital | No fixed minimum for DCE. ASIC evaluates capital adequacy for AFSL |
| Resident director | Required (Australian resident) |
| Physical office | Required |
| AML/CTF compliance | Mandatory for all (AUSTRAC supervision) |
| Key 2026 deadlines | 31 March (Transitional Rules) / 30 May (Compliance Officer — existing) / 30 June (ASIC AFSL lodgement) / 1 July (Travel Rule) / 29 July (new VASP enrolment) |
| Travel Rule | Effective 1 July 2026 |
| Bill 2025 Royal Assent | 8 April 2026 |
| Transition period | 12 months from Royal Assent + 6 months operator AFSL submission window |
How is crypto regulated in Australia?
Crypto in Australia is regulated by two bodies: the Australian Securities and Investments Commission (ASIC) for consumer protection and financial-product oversight, and the Australian Transaction Reports and Analysis Centre (AUSTRAC) for AML/CTF compliance. Together they form a dual-regulator model where DCE registration with AUSTRAC handles the AML side and AFSL from ASIC handles financial-services obligations including custody, tokenized assets, and stablecoins recognized as financial products. The Corporations Amendment (Digital Assets Framework) Bill 2025 (Royal Assent 8 April 2026) and the AML/CTF Amendment Act 2024 (Travel Rule effective 1 July 2026) define the 2026 regulatory perimeter — from VASP-lite exemption thresholds to AFSL obligations for digital asset platforms (DAP) and tokenised custody platforms (TCP).
Australian Securities and Investments Commission (ASIC)
The Australian Securities and Investments Commission (ASIC) regulates financial services in Australia, including crypto businesses that handle financial products. ASIC issues AFSL licenses, maintains public registers of licensed entities, has enforcement powers (fines, license suspension, civil penalties), and updates digital-asset guidance through INFO 225 and related publications. Its powers are set in the ASIC Act 2001.
For crypto businesses, ASIC assesses corporate governance, capital adequacy, management competence, risk management systems, and client asset protection at AFSL application stage. ASIC has also issued a no-action letter valid until 30 June 2026, allowing temporary operation without AFSL provided an application has been submitted.
Australian Transaction Reports and Analysis Centre (AUSTRAC)
The Australian Transaction Reports and Analysis Centre (AUSTRAC) is Australia’s financial intelligence agency, in operation since 1989, responsible for AML/CTF supervision and enforcement. For crypto businesses, AUSTRAC handles DCE/VASP registration, AML/CTF program assessment, KYC and transaction-monitoring oversight, and Travel Rule enforcement (mandatory from 1 July 2026). Its powers stem from the AML/CTF Act 2006, the AML/CTF Amendment Act 2024, and the Financial Transaction Reports Act 1988.
Legal framework for crypto-business in Australia
Crypto laws in Australia rely on the Corporations Act 2001 (financial-product framework), the AML/CTF Act 2006 (anti-money-laundering regime), and the Digital Assets Framework Bill 2025 (in force from 2026). Crypto assets are regulated by their functional characteristics: a token classified as a financial product triggers AFSL obligations, a custodial service triggers TCP obligations, and an exchange triggers DCE/VASP registration with AUSTRAC.
Key acts and their role:
- AML/CTF Act 2006 — defines AML/CTF obligations for reporting entities including crypto exchanges, amended by the AML/CTF Amendment Act 2024 with phased implementation through 1 July 2026.
- Corporations Act 2001 — defines what constitutes a financial product (Section 765A). Crypto services that fall under it require AFSL.
- ASIC Act 2001 — establishes ASIC’s powers over financial-services regulation.
- Financial Transaction Reports Act 1988 — underpins AUSTRAC’s reporting framework.
- National Consumer Credit Protection Act 2009 — credit license required for crypto lending.
- Electronic Transactions Act 1999 — covers electronic transactions including DLT/blockchain self-executing transactions.
- Competition and Consumer Act 2010 — prohibits misleading or deceptive conduct against consumers.
- Digital Assets Framework Bill 2025 (Corporations Amendment) — introduces DAP and TCP categories under AFSL, in force after 12 + 6 month transition. Comparable in scope to Markets in Crypto-Assets Regulation (MiCA) in the EU and the licensing frameworks of Singapore and Hong Kong.
How will crypto regulation change in Australia in 2025–2026?
Australia’s crypto regulation changed substantially on 8 April 2026 when the Corporations Amendment (Digital Assets Framework) Bill 2025 received Royal Assent (the Senate had passed the Bill on 1 April 2026). The reform brings digital asset platforms (DAP) and tokenized custody platforms (TCP) under AFSL alongside traditional financial services. AUSTRAC’s AML/CTF Amendment Act 2024 phases in expanded Travel Rule obligations through 1 July 2026. ASIC’s INFO 225 and related guidance clarify which tokens and services qualify as financial products even before full DAF effect.
For crypto operators, the practical timeline is: 12 months from Royal Assent (8 April 2026 → April 2027) for the law to come into force, plus a 6-month operator window during which an AFSL application must be submitted. Once an application is filed, AFSL obligations are deferred only until ASIC’s decision rather than for the full transition period — making early submission decisive. Industry estimates from the Digital Finance Cooperative Research Center (DFCRC) place the total digital-finance opportunity at roughly A$24 billion (~$15.8 billion) annually under the new framework, against A$1 billion (~$660 million) under the previous regime.
Why choose Australia for your crypto business?
Australia gives licensed crypto operators a dual-regulator framework — AUSTRAC for AML/CTF supervision and ASIC for financial-product oversight — with a predictable transition schedule under the Digital Assets Framework Bill 2025, comparable in compliance bar to Singapore and Hong Kong. Licensed status simplifies banking relationships, aligns with Financial Action Task Force (FATF) reporting standards, and signals to partners that the operation passes AUSTRAC and ASIC scrutiny. For tokenization and RWA projects, the new TCP category under AFSL provides a defined regulatory home that EU MiCA does not yet cover with the same specificity.
Legal recognition under dual-regulator supervision
An Australian crypto license puts the operator under AUSTRAC supervision (AML/CTF Act 2006) and, where financial products are involved, ASIC supervision (Corporations Act 2001, Section 765A). Licensed status is publicly verifiable through the AUSTRAC Register of Reporting Entities and the ASIC Professional Register, which institutional counterparties check during onboarding.
Predictable transition window under Bill 2025
The Digital Assets Framework Bill 2025 sets a fixed regulatory timeline — 12 months from Royal Assent (8 April 2026) plus a 6-month operator AFSL submission window — replacing the case-by-case ambiguity of the previous regime. Operators get a defined runway to align AML/CTF programs and AFSL documentation against ASIC’s 2025 Business Description template.
Tokenization-ready framework via TCP / AFSL
The new Tokenised Custody Platform category under AFSL gives tokenized real-world assets a defined regulatory home — relevant for RWA platforms, fractional real estate, and tokenized funds. EU MiCA does not yet cover tokenized financial-product custody with comparable specificity, which makes Australia an early-mover jurisdiction for RWA projects targeting Asia-Pacific.
Path to operational banking
Debanking remains a sector-wide issue, but licensed AUSTRAC / ASIC status moves the operator out of the unregulated risk tier that most Australian banks decline by default. Under the Digital Assets Framework, banks apply structured risk criteria to licensed operators, which improves the probability of opening and maintaining settlement accounts at Tier-1 institutions over time.
Market competitiveness against unregulated platforms
ASIC’s no-action letter mechanism (valid until 30 June 2026 for applicants in process) and AUSTRAC’s public register let licensed operators demonstrate regulatory standing during investor due diligence. Operators above A$10M (~$6.6M) annual volume that secure AFSL early gain a 12–18 month head start over peers still in the transition window.
Entry into international markets
Australia’s licensed status aligns with FATF Travel Rule requirements (effective 1 July 2026) and FATCA / CRS reporting, which simplifies cross-border partnerships with regulated counterparties in the EU (MiCA-licensed CASPs), Singapore (DPT-licensed entities), Hong Kong (VASP-licensed exchanges), and the UAE (VARA / FSRA-licensed providers).
AUSTRAC + AFSL path mapping
Ready to map your DCE + AFSL path in Australia?
G&S compliance team scopes the right regulatory path for your service model, drafts the AML/CTF program, and prepares AFSL documentation against ASIC 2025 templates.
Timeline
6 weeks – 12 months
AUSTRAC fee
No fee
What are the requirements for a crypto license in Australia?
Requirements for a crypto license in Australia cover six areas: a registered Australian company with resident director, AUSTRAC DCE / VASP registration, an AFSL where the service involves financial products, a full AML/CTF program with Travel Rule readiness, cybersecurity and operational risk controls, and capital adequacy with insurance coverage for AFSL applicants. The Digital Assets Framework Bill 2025 adds DAP / TCP-specific obligations layered on top of AUSTRAC supervision.
- Australian company registration. Australian legal entity with an ABN (Australian Business Number) and ACN (Australian Company Number), resident director (Australian resident), appointed Compliance Officer (notification to AUSTRAC required by 30 May 2026 for existing reporting entities, 29 July 2026 for newly regulated VASPs), and physical office in Australia. Foreign companies may operate but must establish a local entity.
- AUSTRAC DCE/VASP registration. Mandatory before commencing operations, submitted via the AUSTRAC Reporting Portal. AUSTRAC reviews risk profile, AML/CTF program, KYC procedures, transaction monitoring, and reporting capability (TTR — Threshold Transaction Reports, SMR — Suspicious Matter Reports). Renewal every 3 years, records kept 7 years. After the VASP transition (31 March 2026), registration scope extends to all virtual asset services (VASP), including crypto-to-crypto exchanges, custodial services, transfers, NFTs, stablecoins, and tokenized assets. Existing DCE providers auto-roll-over into VASP status; new VASPs must enrol and register by 29 July 2026.
- AFSL licensing under ASIC supervision. Required when the service handles financial products: custody of tokenized assets, derivatives, investment schemes, or stablecoins recognized as financial product. ASIC assesses corporate governance, capital adequacy, management competence, risk management, and client asset protection. ASIC’s no-action letter is valid until 30 June 2026 for platforms that have submitted AFSL applications.
- AML/CTF program and Travel Rule. Risk assessment, KYC/CDD procedures, transaction monitoring, AUSTRAC reporting (TTR, SMR), internal audits, incident management. Travel Rule (effective 1 July 2026): transfer of sender and recipient data, enhanced due diligence between VASPs, verification of self-hosted wallets, reporting of unverified or suspicious VA transactions.
- Cybersecurity and operational risk. Access control, vulnerability management, recovery protocols, infrastructure protection. ASIC assesses ability to prevent hacks and ensure customer asset safety.
- Financial stability and insurance (AFSL applicants). Capital adequacy, reserves, professional liability insurance coverage. Higher requirements when handling custody.
- Digital Assets Framework Bill 2025 obligations. Once the 12-month period from Royal Assent ends, DAP and TCP operators have a 6-month window to submit an AFSL application. Submission defers AFSL obligations only until ASIC’s decision, not for the entire transition period. Missing the 6-month window triggers immediate AFSL applicability.
- VASP-lite exemption. Available only when both conditions are met simultaneously: client funds ≤ A$5,000 (~$3,300) per customer AND annual platform turnover < A$10 million (~$6.6M). Such operators follow a simplified AML/CTF regime but still meet AUSTRAC’s basic requirements.
AFSL document set
Need an AFSL-ready document set for ASIC submission?
G&S prepares AML/CTF programs, Business Description (ASIC 2025 format), risk policies, and operational documentation that pass AUSTRAC and ASIC review without rework cycles.
Review cycle
4–8 months ASIC
Doc package
AUD 50K–200K (~$33K–132K)
What documents are required for a crypto license in Australia?
Documents for a crypto license in Australia split into five packages: corporate setup (ABN / ACN, founding documents, director information), AUSTRAC DCE / VASP package (AML/CTF program, business description, key-person profiles), AFSL package (people proofs, ASIC 2025 Business Description template, risk policies, financial documents), AML/CTF and Travel Rule package (effective 1 July 2026), and cybersecurity and operational risk package (especially for custody operations). The full checklist for FY 2025–2026 follows below.
Documents for registering a company in Australia
- Company’s founding documents (Constitution / registration package from BRS — Business Registration Service).
- ABN / ACN — confirmation of registration in the Australian Business Register.
- Information about directors and shareholders, including: copies of passports, proof of address, and corporate structure.
- Appointment of a Compliance Officer and company contact persons.
- Organizational structure with description of roles and functions.
Documents for registration with AUSTRAC (DCE → VASP)
Documents for AUSTRAC DCE / VASP registration prove the company can manage ML / TF risks: a complete AML/CTF program (Part A risk assessment plus Part B operational policies), business description with all services and digital-asset flows, ongoing customer-monitoring procedures, records-retention readiness for 7 years, key-person profiles, and operational risk management plan. AUSTRAC may request additional proof of financial stability, source-of-funds confirmation for founders, and corporate group information.
- AML/CTF Program (Part A + Part B): risk assessment, KYC / CDD, transaction monitoring, reporting procedures (TTR / SMR), onboarding policies, incident response.
- Business Description with detailed description of all services and digital-asset flows.
- Ongoing customer and transaction monitoring procedures.
- Records and reporting: data-retention readiness up to 7 years.
- Key-person profiles (management, owners, resumes, experience).
- Operational risk management plan.
- On request: proof of financial stability, source of funds for founders, corporate group information.
Documents for obtaining an AFSL (if necessary)
If crypto services are subject to financial regulation, ASIC requests a separate package focused on people, process, and financial readiness.
- People Proofs (ASIC 2025 format): resume, qualifications, police checks (issued no earlier than 12 months ago), bankruptcy checks, confirmation of experience in the financial sector.
- Business Description in ASIC 2025 format (mandatory new template).
- Risk management policies, including IT security and custody solutions.
- Financial documents (requested at requirements stage): forecasts, capital confirmation, insurance coverage information.
- Operational documentation: asset flow diagrams, key business processes, internal quality control procedures.
Documents for AML/CTF and Travel Rule (effective 1 July 2026)
AML/CTF and Travel Rule documents extend coverage from crypto-to-fiat to all virtual asset services. The package includes a Travel Rule Compliance Policy (sender/recipient data transfer, counterparty due diligence, self-hosted-wallet verification, non-validated transaction handling), an updated AML/CTF program reflecting the DCE → VASP transition, and a digital-assets management policy covering stablecoins and tokenized products.
- Travel Rule Compliance Policy. Sender and recipient data transfer between VASPs, due diligence on counterparty VASPs, verification of self-hosted wallets, processing of non-validated or suspicious transactions.
- Updated AML/CTF program. Reflects the DCE → VASP scope transition: crypto-to-crypto exchanges, custody, transfers, NFTs, stablecoins, tokenized assets.
- Digital-assets management policy. Covers stablecoins, tokenized financial products, tokenized custody (TCP-relevant where applicable).
Documents on cybersecurity and operational risks
- Cybersecurity Framework: access control, vulnerability management, recovery plans, event logging.
- Description of platform architecture and data storage.
- Client asset protection policy (proportionate to the volume and nature of client assets held).
Financial documents and confirmation of company resources
- Data on capital and reserves.
- Financial forecasts and business plan.
- Professional liability insurance coverage.
- Confirmation of funding sources.
How do you set up a crypto business in Australia?
To set up a crypto business in Australia, choose the regulatory path — DCE-only for AUSTRAC-supervised AML/CTF compliance, or the combined DCE + AFSL path for custody and financial-product services. Each path runs through six stages: regulatory-path analysis, Australian company setup, operational documentation, AUSTRAC submission, AFSL application (where applicable), and Digital Assets Framework transition. Stage-by-stage timing is laid out in the realistic-timeline table below.
Step 1: Analysis of the service model and selection of the regulatory path
The first step is to determine what form of regulation the business will require:
- DCE/VASP (AUSTRAC) — if the project involves the exchange of digital assets.
- AFSL (ASIC) — if the model includes custody, trading of tokenized instruments, investment services, or working with financial products.
Step 2: Company registration and corporate setup
The company is established in Australia, obtains an ABN/ACN, appoints a resident director, and defines key roles. At this stage, the basic operational structure required for submitting applications and further interaction with regulators is formed.
Step 3: Preparation of operational documentation
The service forms a description of its work:
- service delivery model,
- digital asset flow structure,
- customer verification principles,
- transaction monitoring procedure.
These materials simplify subsequent registration and reduce the likelihood of regulatory inquiries.
Step 4: Registration with AUSTRAC as a DCE/VASP
The application is submitted through the Reporting Portal. The regulator analyzes the risk profile, transaction logic, and the company’s readiness to work with virtual assets.
The timing depends heavily on the quality of the documents: projects with a clear model are reviewed more quickly.
Step 5: Obtaining an AFSL license (if applicable)
If the service falls under financial products, an application is submitted through the ASIC Regulatory Portal.
ASIC assesses:
- management structure,
- operational stability,
- protection of client funds,
- compliance with financial requirements.
Well-prepared applications are reviewed within the lower end of the time frame.
Step 6: Transition to the Digital Assets Framework (DAF)
The bill introduces regulation of digital asset platforms and tokenized custody platforms.
Once the DAF comes into force, operators will have six months to apply for an AFSL. This stage will be mandatory for all infrastructure services, so projects will adapt their architecture in advance to meet future requirements.
How long does each crypto license path take in Australia?
A crypto license in Australia takes 6 weeks – 6 months for AUSTRAC DCE alone, 6–12 months for the combined DCE + AFSL path, and ~18 months from Royal Assent for full Digital Assets Framework compliance (12-month entry-into-force window + 6-month operator AFSL submission window). Below are realistic per-stage timelines for FY 2025–2026.
| Stage | Realistic timeline |
|---|---|
| Australian company registration (ABN/ACN) | ~1 week |
| AML/CTF program and document preparation | 3–6 weeks |
| AUSTRAC DCE/VASP registration review | 6 weeks – 6 months |
| AFSL application review (ASIC) | 4–8 months |
| Digital Assets Framework transition (DAP/TCP path) | 12 months from Royal Assent + 6 months operator AFSL window |
| Total — DCE only | 6 weeks – 6 months |
| Total — DCE + AFSL | 6–12 months |
| Total — full DAF compliance | ~18 months from Royal Assent |
What are the key compliance deadlines for crypto operators in Australia in 2026?
Crypto operators in Australia face four compliance deadlines in 2026 under the AML/CTF Amendment Act 2024 and the AUSTRAC Transitional Rules: 31 March 2026 (Transitional Rules in force + ongoing CDD obligations), 30 May 2026 (AML/CTF Compliance Officer notification deadline for existing reporting entities), 1 July 2026 (Travel Rule effective for all VASPs), and 29 July 2026 (enrolment and registration deadline for new virtual asset service providers + Compliance Officer notification for newly regulated VASPs). Existing DCE providers automatically roll over into VASP status without re-registration; new VASP providers must enrol and register by 29 July 2026.
| Deadline | Obligation | Who is affected |
|---|---|---|
| 31 March 2026 | AML/CTF Transitional Rules in force. Ongoing CDD obligations start. Registration scope expands from DCE to VASP. Existing DCE providers auto-roll-over into VASP status. | All existing reporting entities (existing DCE auto-roll-over). New VASPs may begin enrolment. |
| 30 May 2026 | AML/CTF Compliance Officer notification deadline. Existing entities update enrolment details on AUSTRAC Online. | Existing reporting entities including existing DCE / VASP providers. |
| 30 June 2026 | ASIC no-action letter expiry. Deadline to lodge AFSL application under INFO 225 no-action relief. | Digital asset businesses providing services treated as financial products under the Corporations Act 2001. |
| 1 July 2026 | Travel Rule obligations commence for virtual asset transfers. New VASP services regulated under the AML/CTF Amendment Act 2024. | All VASPs (existing and newly regulated). |
| 29 July 2026 | Enrolment and registration deadline for new VASPs. AML/CTF Compliance Officer notification deadline for newly regulated VASPs. | New virtual asset service providers (28 days after 1 July 2026 commencement). |
Packages of services for obtaining crypto license in Australia
G&S offers three turnkey packages for crypto-license setup in Australia, scoped to AUSTRAC DCE/VASP requirements. Pick the package that matches your service scope; AFSL applicability and DAP/TCP custody add-ons are quoted separately.
For operators that need AUSTRAC DCE/VASP registration plus a working local operational bank account and resident director — full turnkey path.
- Full turnkey company formation
- Address of registration for 1 year
- Developed AML/KYC Policy
- AUSTRAC license
- Apostilled corporate documents
- Local operational bank account
- Bank account opening assistance
- Local director for 1 year
For operators that need full AUSTRAC DCE/VASP registration and apostilled corporate documents, with banking handled separately.
- Full turnkey company formation
- Address of registration for 1 year
- Developed AML/KYC Policy
- AUSTRAC license
- Apostilled corporate documents
- Bank account opening assistance
For VASP-lite operators — minimum AUSTRAC registration scope, simplified compliance.
- Full turnkey company formation
- Address of registration for 1 year
- Corporate documents in English
- Standard AML/KYC Policy
- Registration of VASP activities AUSTRAC
How is crypto taxed in Australia?
Crypto in Australia is taxed as property under Australian Taxation Office (ATO) rules: buying with AUD is tax-free, selling or exchanging triggers a Capital Gains Tax (CGT) event with a 50% discount for Australian residents holding 12+ months, and corporate tax applies at 25% for turnover under A$50M (~$33M) or 30% above. Mining and staking income is taxed as ordinary income. GST applies at 10% to taxable supplies, but bona-fide crypto-to-fiat and crypto-to-crypto exchange services are generally GST-exempt under the ATO’s digital currency rules.
- Buying and holding. Tax-free.
- Selling, exchanging, fiat conversion, payment for goods. CGT event. Gain or loss calculated against acquisition cost.
- Mining, staking, rewards. Ordinary income at the time of receipt. CGT applies to subsequent sale.
- 50% CGT discount. Available to Australian residents holding the asset 12+ months.
- Records. Keep transaction records (acquisition cost, disposal value, date, counterparty) for at least 5 years.
- Tax-exempt scenarios. Receiving crypto as a gift, transferring between own wallets (subject to fees), buying personal-use goods/services with crypto, donating to DGR (Deductible Gift Recipient) charities.
Key provisions for cryptocurrency taxation in Australia (2026)
Australia crypto tax rules in 2026 treat cryptocurrency as property under the ATO regime: purchase is non-taxable, sale, exchange, fiat conversion, or payment is a CGT event, assets held 12+ months by residents get a 50% CGT discount, mining, staking, and rewards are ordinary income, transaction records must be kept at least 5 years, personal-use assets may receive limited tax benefits.
- Purchase of cryptocurrency is not taxable.
- Sale, exchange, fiat conversion, payment for goods — CGT event.
- Hold 12+ months (residents) — 50% CGT discount applies.
- Mining, staking, rewards — ordinary income at receipt.
- Records kept for at least 5 years.
- Personal-use assets may qualify for limited tax benefits.
Income tax rates (personal income tax), 2025–2026
Australian personal income tax rates for FY 2025–2026 (residents) apply on top of the tax-free threshold of A$18,200 (~$12,000). Rates do not include the Medicare levy (typically 2%) added separately. CGT on crypto disposal flows through these brackets unless a 50% discount applies (12+ month hold).
| Taxable income (AUD) | Rate / income tax* |
|---|---|
| 0 – 18,200 (~$0 – 12,000) | 0% (tax-free threshold) |
| 18,201 – 45,000 (~$12,000 – 29,700) | 16% on the amount exceeding 18,200 |
| 45,001 – 135,000 (~$29,700 – 89,100) | 4,288 AUD (~$2,830) + 30% on the amount exceeding 45,000 |
| 135,001 – 190,000 (~$89,100 – 125,400) | 31,288 AUD (~$20,650) + 37% on the amount exceeding 135,000 |
| 190,001 and above (~$125,400+) | 51,638 AUD (~$34,080) + 45% on the amount exceeding 190,000 |
* Excludes Medicare levy (typically 2%), added on top of the basic income tax.
Expert view
The biggest mistake we see at AFSL stage is operators treating CGT discounts and AML/CTF risk classifications as separate workstreams. With the Digital Assets Framework in force, ASIC reads the AML/CTF risk profile as part of the AFSL fit-and-proper assessment — they need to align from day one.
Senior Associate, Business Development Manager (Crypto & Blockchain)
Why choose Gofaizen & Sherle to obtain a crypto license in Australia
Gofaizen & Sherle adapts the AUSTRAC + AFSL path to the operator’s actual service model — DCE-only for exchanges and OTC, DCE + AFSL for custodians and tokenization platforms, full DAP/TCP scope for staking and tokenized custody. Our team builds AML/CTF programs to AUSTRAC’s risk-based standard and AFSL document packages to ASIC’s 2025 Business Description format, reducing rework cycles that typically extend timelines by 2–3 months.
Practice focus areas:
- DCE/VASP scoping for crypto exchanges, OTC platforms, custodial wallets, payment processors with crypto rails.
- AFSL preparation for custodians, staking platforms, stablecoin issuers, and tokenized real-world asset projects.
- Travel Rule operationalization: counterparty due diligence, self-hosted wallet verification, non-validated transaction handling.
- Digital Assets Framework Bill 2025 transition planning: 12 + 6 month roadmap from current state to AFSL submission.
- Cross-border structuring for non-Australian groups establishing local entities under DCE/AFSL.
FAQ about the Crypto license in Australia
How do I get a crypto license in Australia?
To get a crypto license in Australia in 2026, register an Australian company (ABN / ACN with resident director), submit AUSTRAC DCE / VASP registration via the Reporting Portal, and apply for an AFSL with ASIC where the service handles financial products (custody, tokenized assets, derivatives, stablecoins recognized as financial product). The DCE-only path takes 6 weeks – 6 months. The DCE + AFSL path takes 6–12 months. With the Digital Assets Framework Bill 2025 in force (Royal Assent 8 April 2026), most platforms above A$10M (~$6.6M) annual volume or A$5,000 (~$3,300) per customer require AFSL.
Are there crypto regulations in Australia?
Yes, crypto is regulated in Australia under a dual-regulator model. The Australian Securities and Investments Commission (ASIC) supervises financial-product services and issues AFSL licenses. The Australian Transaction Reports and Analysis Centre (AUSTRAC) supervises AML/CTF compliance and registers digital currency exchanges. The Corporations Amendment (Digital Assets Framework) Bill 2025, which received Royal Assent on 8 April 2026, adds two new categories — DAP and TCP — under AFSL.
Do you need a license to trade crypto in Australia?
Yes — to trade crypto commercially in Australia, you need AUSTRAC DCE / VASP registration if you operate an exchange, OTC desk, or custodial wallet. From 31 March 2026, the registration scope expanded from crypto-to-fiat to all virtual asset services (crypto-to-crypto, custody, transfers, NFTs, stablecoins, tokenized assets). AFSL is additionally required for custody, tokenized assets, and platforms above A$10M (~$6.6M) annual volume or A$5,000 (~$3,300) per customer under the Digital Assets Framework Bill 2025. Personal trading without commercial activity is not licensed but is subject to CGT.
What’s the new crypto law in Australia?
The new crypto law in Australia is the Corporations Amendment (Digital Assets Framework) Bill 2025, which received Royal Assent on 8 April 2026. It introduces two regulated categories — Digital Asset Platforms (DAP) and Tokenised Custody Platforms (TCP) — under the AFSL regime supervised by ASIC. The framework comes into force 12 months after Royal Assent, with a 6-month operator window to submit AFSL applications. AFSL is mandatory for platforms above A$10M (~$6.6M) annual volume or A$5,000 (~$3,300) per customer. Smaller operators can use the VASP-lite exemption.
Is crypto taxed in Australia?
Yes, crypto is taxable in Australia. The Australian Taxation Office (ATO) treats cryptocurrency as property, so each disposal event (sale, exchange, fiat conversion, payment for goods) is a Capital Gains Tax (CGT) event. For licensed crypto businesses, corporate tax is 25% for turnover under A$50M (~$33M) and 30% above. GST applies at 10% to taxable supplies, but bona-fide crypto exchange services are generally GST-exempt. Australian residents qualify for a 50% CGT discount on assets held 12+ months.
Will all crypto platforms in Australia require an AFSL license in 2026?
Not all crypto platforms in Australia will require an AFSL license in 2026 — only those whose services qualify as financial products under the Corporations Act 2001, which captures most commercially active operators above the VASP-lite thresholds. After the Digital Assets Framework comes into effect (12 months from Royal Assent on 8 April 2026, plus a 6-month operator AFSL submission window), AFSL is required for any platform above A$10M (~$6.6M) annual volume or A$5,000 (~$3,300) per customer. Small operators meeting both thresholds simultaneously (≤ A$5,000 (~$3,300) per customer AND < A$10M (~$6.6M) annual turnover) qualify for the VASP-lite exemption and remain under simplified AUSTRAC supervision.
How does AUSTRAC DCE differ from VASP status after March 31, 2026?
AUSTRAC DCE registration before 31 March 2026 covered crypto-to-fiat exchanges only, while the expanded VASP status after that date covers all virtual asset services — crypto-to-crypto exchanges, custodial services, virtual asset transfers, NFTs, stablecoins, and tokenized assets. Travel Rule obligations for virtual asset transfers apply from 1 July 2026 and cover transactions between VASPs and self-hosted wallet transfers. Operators registered as DCE immediately before 31 March 2026 are automatically rolled over into VASP status without re-registration.
What are the requirements for AML/CTF programs for crypto companies?
Companies are required to implement a comprehensive AML/CTF program that includes ML/TF risk assessment, KYC, transaction monitoring, reporting, and the Travel Rule. These measures are central to Australia’s crypto license requirements, as the regulator may reject an application if it is insufficiently prepared or has a high risk profile.
How does the Travel Rule work for cryptocurrency transactions in Australia?
The Travel Rule in Australia, effective from 1 July 2026, requires VASPs to transfer sender and recipient identification data on virtual asset transfers, perform enhanced due diligence on counterparty VASPs, verify self-hosted wallets, and report unverified or suspicious transactions. Operators must integrate Travel Rule technical solutions (TRP, TRUST, Notabene, or equivalent), align with VASP counterparties’ APIs, and budget for compliance platform integration.
How does registration with the AUSTRAC digital currency exchange and money transfer service in Australia work?
Registration is done through the AUSTRAC Reporting Portal and includes an assessment of the company’s business model, AML/CTF programs, and risk profile. Registration with the digital currency exchange and money transfer service in Australia is mandatory before operations can begin, and the regulator may request additional documents, suspend consideration, or refuse if the transaction monitoring system or KYC procedures are insufficient. For exchange services and payment operators, this is the first and basic level of market access.
How much does it cost to obtain a crypto license in Australia?
The cost of a crypto license in Australia consists of three components: no AUSTRAC registration fee, AUD 50,000–200,000 (~$33,000–132,000) in AFSL compliance documentation (lawyers, documentation, internal systems), and an ongoing AUSTRAC industry contribution levy (applicable above A$100M / ~$66M earnings or large reporting volumes) plus annual ASIC fees for AFSL holders. Total compliance budget for a DCE-only setup starts from $10,900 USD (G&S BASIC package) and runs into the low five figures depending on banking and director scope. A DCE + AFSL setup with custody scope ranges into the mid-six figures depending on capital adequacy and insurance coverage. Talk to the G&S team for a tailored quote.
Is a resident director required for a crypto license in Australia?
Yes — a resident director (Australian resident, age 18+, no disqualifications under the Corporations Act 2001) is mandatory for all crypto company structures in Australia (Pty Ltd or Ltd), regardless of whether the operator pursues DCE / VASP registration only or the full DCE + AFSL path. A local office and the appointment of a Compliance Officer are also required. Foreign companies can obtain a license but must establish an Australian legal entity with an ABN/ACN and comply with AUSTRAC and ASIC requirements.
What documents are required for registration with AUSTRAC?
AUSTRAC requires five core documents for DCE / VASP registration: a complete AML/CTF program (Part A risk assessment + Part B operational policies), a business description covering services and digital-asset flows, key-person profiles for directors and beneficial owners, an operational risk management plan, and confirmed 7-year records-retention capability. AUSTRAC may also request proof of financial stability and source-of-funds confirmation for founders. The full checklist is provided in the “What documents are required for a crypto license in Australia?” section above.
Important: The information on this page reflects the situation as of December 2025. AUSTRAC requirements, ASIC policy, and the Digital Assets Framework structure may be updated as new regulations come into effect. Before applying for DCE registration or obtaining an AFSL, it is recommended that you consult a licensed lawyer who works with Australian financial regulation. This material is not legal advice and is for general information purposes only.
What is the VASP-lite exemption in Australia?
The VASP-lite exemption in Australia covers small crypto operators that meet two thresholds simultaneously: client funds ≤ A$5,000 (~$3,300) per customer AND annual platform turnover < A$10 million (~$6.6M). Qualifying operators follow a simplified AML/CTF regime under AUSTRAC oversight and are not subject to full AFSL licensing under the Digital Assets Framework Bill 2025. If either threshold is exceeded, the operator must transition to full DCE / VASP and obtain AFSL where applicable.