Choosing the right Australian crypto exchange license is no longer a simple administrative step. In the past, many exchange operators focused mainly on KYC, AUSTRAC registration, and basic AML compliance. In 2026, the regulatory perimeter is more complex. The Corporations Amendment (Digital Assets Framework) Bill 2025 creates a clearer distinction between platforms that may operate under AUSTRAC DCE registration and those that may need an AFSL from ASIC.
For crypto founders, the key question is not only whether the business exchanges digital assets. The real issue is how the platform handles custody, client funds, staking, wrapped tokens, OTC trading, and other product flows. Choosing the wrong regulatory path can create serious enforcement risk, including penalties of up to AUD 16.5 million or 10% of annual turnover. To avoid this, each platform needs to map its actual business model against both AUSTRAC and ASIC expectations.
#AUSTRAC DCE Registration in Australia
AUSTRAC DCE registration remains the starting point for businesses that exchange digital currency for AUD or other digital assets. This path usually applies to platforms offering simple fiat-to-crypto or crypto-to-fiat services. For example, if users can buy BTC with AUD, sell BTC back into AUD, and the platform does not offer custody-heavy or investment-style products, AUSTRAC registration may be the primary requirement.
However, AUSTRAC focuses heavily on AML/CTF compliance. This means the business must have a risk-based AML/CTF program, reliable transaction monitoring, strong customer due diligence, and a compliance officer capable of managing the framework in practice.
Even if a platform only operates within the AUSTRAC DCE framework, compliance costs can still be significant. In 2026, two areas are especially important: the operational cost of maintaining a proper AML program and the Travel Rule obligations for digital asset transfers. AUSTRAC may not charge the kind of registration fee some founders expect, but the real cost appears in staffing, compliance systems, monitoring tools, and internal procedures.
#When an Australian Crypto Exchange License May Require an AFSL
An Australian crypto exchange license may need to move beyond AUSTRAC registration when the platform starts offering services that fall within ASIC’s financial services perimeter. The main trigger is control over client assets. If the platform can hold, transfer, manage, restrict, or otherwise control customer tokens, ASIC may treat the activity as custody or regulated financial services rather than a simple exchange function.
A basic fiat-to-crypto exchange will usually remain closer to the AUSTRAC DCE registration model because it mainly provides on-ramp and off-ramp services. By contrast, custodial wallets may require an AFSL if the platform controls client assets. Managed staking or staking-as-a-service may also create AFSL exposure, especially where the platform pools assets, controls validators, or manages reward distribution. Wrapped tokens can create additional regulatory risk because they may be treated as derivative-like products. OTC desks serving wholesale clients may also require both AUSTRAC registration and an AFSL, particularly where the business involves dealing, arranging, or market-making services.
ASIC also expects platforms to be transparent if they intend to rely on an exemption. Remaining silent while offering custodial services, even at lower thresholds, can still create breach risk.
#Custody, Staking, and Financialized Crypto Products
The more a platform moves into financialized products, the more likely it is to fall under ASIC supervision. Lending-style earn products, structured yield, packaged staking, pooled staking, and tokenized exposure can all move the business away from a simple AUSTRAC-only model.
A common risk pattern appears when users stake through the platform, the platform pools funds to meet protocol minimums, and the operator controls validators, reward routing, or distribution logic. In this structure, ASIC may view the product as closer to a managed investment arrangement than a purely technical interface.
Staking is generally cleaner from a regulatory perspective when it is truly non-custodial. In that model, users retain control of their private keys, and the platform acts only as an interface rather than an operator controlling client assets.
Wrapped tokens are another area that often attracts regulatory attention. If a token references an underlying asset on another blockchain, it may be difficult to describe the product as a simple exchange service. Custodial bridging, synthetic exposure, and referenced claims can all point toward AFSL-regulated activity. If these products are central to the business model, the platform may no longer fit within AUSTRAC DCE registration alone.
#Professional Indemnity Insurance for AFSL Crypto Businesses
Many founders focus on licensing timelines, net tangible asset requirements, and application documents, but insurance can become a major blocker. AFSL holders dealing with retail clients generally need adequate compensation arrangements under the Corporations Act. In practice, professional indemnity insurance becomes an important part of maintaining the license.
For example, a crypto business generating around AUD 2 million in retail revenue may need approximately AUD 2 million in cover for any one claim. The exact requirement depends on the business model, client type, and risk profile.
The challenge is that many traditional insurers still treat crypto businesses as high risk. Some avoid digital asset platforms entirely. If a platform cannot secure adequate professional indemnity cover, it may struggle to maintain its AFSL. ASIC has acknowledged broader de-risking issues, including insurance access, but relief is not automatic. It is assessed case by case and usually requires strong documentation showing equivalent consumer protection.
#ASIC No-Action Position for Existing Crypto Platforms
For platforms already operating in Australia, timing is critical. If a business is live and later determines that it needs an AFSL for crypto exchange activity, the key deadline is 30 June 2026. Platforms that lodge an application by that date may be able to rely on ASIC’s class no-action position while the application is being processed, provided they commenced relevant services before 31 December 2025.
Missing the deadline creates a serious risk. The platform may need to stop regulated activity immediately or continue operating with enforcement exposure. For this reason, existing exchanges should assess their custody model, staking products, token flows, and client arrangements well before the deadline.
#Tax Considerations for Australian Crypto Platforms
The license path may also influence the company’s tax profile. Australian company tax is generally 25% or 30%, depending on the business structure and income composition. To qualify for the 25% base rate, aggregated turnover must remain below AUD 50 million, and no more than 80% of income should be passive.
Crypto platforms that rely heavily on custodial staking fees, lending-style products, or yield-related income may create a different tax profile from a simple exchange business. If passive-style revenue becomes dominant, the company may be pushed toward the higher 30% tax rate. This can surprise founders because the product structure, not only the license type, can affect the tax outcome.
#Frequently Asked Questions
What is the difference between AUSTRAC DCE registration and an AFSL?
AUSTRAC DCE registration applies to digital currency exchange activity and focuses mainly on AML/CTF compliance. An AFSL may be required when a platform holds client assets, offers custody, operates regulated digital asset services, or provides investment-style crypto products.
Do all Australian crypto exchanges need an AFSL in 2026?
No. A platform may be able to operate with AUSTRAC DCE registration if it only provides simple fiat-to-crypto or crypto-to-fiat exchange services without custody or financialized products. However, custodial wallets, staking, wrapped tokens, and OTC dealing may trigger AFSL requirements.
When does a crypto exchange move from DCE registration to AFSL territory?
The main trigger is factual control over client assets. If the platform can move tokens, block withdrawals, pool assets, manage rewards, or control custody arrangements, ASIC may require an AFSL.
What are the AUD 5,000 and AUD 10 million thresholds?
These thresholds are often discussed in relation to low-value or limited activity exemptions. If a platform holds more than AUD 5,000 per customer or facilitates more than AUD 10 million in transactions over a rolling 12-month period, AFSL obligations may be triggered unless a valid exemption applies.
Can a crypto platform avoid an AFSL by relying on a low-value exemption?
Possibly, but it is not automatic. The platform must remain within the scope of the exemption and may need to notify ASIC. Even where transaction values are low, custody, staking, or financialized services may still create AFSL exposure.
Does staking require an AFSL in Australia?
In many cases, yes. Custodial or pooled staking may be treated as investment-style activity if the platform controls validators, rewards, distribution, or client assets. Non-custodial staking, where users keep control of their keys, may present a lower regulatory risk.
Are wrapped tokens regulated differently from spot crypto transactions?
Yes. Wrapped tokens can create additional regulatory exposure because they reference an underlying asset and may be treated as derivative-like products. If wrapped tokens are central to the platform’s business model, AUSTRAC registration alone may not be sufficient.
Can an exchange operate while applying for an AFSL?
Existing platforms may be able to rely on ASIC’s no-action position if they apply by 30 June 2026 and meet the relevant conditions. New platforms generally need approval before offering regulated services.
What happens if an exchange uses the wrong license?
Using the wrong license can lead to enforcement action. ASIC may impose penalties of up to AUD 16.5 million or 10% of annual turnover. AUSTRAC may also suspend or cancel registration for AML/CTF breaches.
Is AUSTRAC registration enough to access banking in Australia?
Not always. Banks increasingly review the full regulatory position of crypto businesses. Even for basic operational or client money accounts, banking partners may request AFSL coverage, a clear AFSL plan, or legal analysis confirming why an AFSL is not required.
