If you are building a crypto product for the Australian market, your first decision is which rulebook you are playing under. In practice there are two gates. AUSTRAC supervises anti-money laundering for digital currency exchange businesses. ASIC supervises financial products and markets. Pick the wrong gate and you risk stalled banking, rejected partnerships, or a forced product pivot. Pick the right one and you can scale with predictable expectations.
When AUSTRAC is your primary path
If your core activity is exchanging fiat for crypto or crypto for fiat, you are in digital currency exchange territory. In Australia, if you’re pursuing a crypto license in Australia – shorthand for AUSTRAC Digital Currency Exchange registration – that means enrolling with AUSTRAC and registering as a Digital Currency Exchange provider, then running a documented AML/CTF program with KYC, transaction monitoring, and reporting. AUSTRAC can refuse or cancel registrations, and assessment of a complete application can take up to 90 days, so your compliance pack must be bank-ready before you apply.
Registration is not a license to offer financial products. It is an AML permission that allows you to operate an exchange business while meeting reporting and record-keeping obligations. AUSTRAC also provides model guidance for how a DCE should structure its AML/CTF program, from customer risk rating to blockchain analytics and suspicious matter reporting. Implementing those controls early shortens partner diligence and avoids rework.
Signals you are in AUSTRAC-only scope include spot conversion, brokerage for spot orders, and non-custodial swap interfaces where you do not issue or operate a financial product. If you later add features that look like a managed investment, a derivative, or a non-cash payment facility, expect ASIC’s regime to switch on.
When ASIC is your primary path
ASIC becomes your lead regulator when your crypto product is a financial product under the Corporations Act. That can happen in more ways than founders expect. A yield or staking program can resemble a managed investment scheme. A token or platform that aggregates customer funds and promises redemptions can resemble a non-cash payment facility. Tokenized derivatives, structured products, or exchange-traded crypto ETPs sit squarely in ASIC’s lane. ASIC’s Information Sheet 225 explains how crypto or “digital assets” can trigger financial product laws and what that means for licensing, conduct, disclosure, and advertising.
Once you are in ASIC territory, design and distribution obligations apply to most retail-facing financial products. You will need a documented target market determination, distribution controls, and a process to monitor outcomes and stop distribution if the product causes harm. ASIC’s RG 274 sets out how it expects issuers and distributors to comply, and it actively uses stop orders when DDO is ignored. If your product is admitted to a market as an exchange traded product, ASIC’s INFO 230 outlines good practices for market operators and the standards your product needs to meet.
Edge cases that trip teams up
Custody only services often assume AUSTRAC registration is enough, but custody bundled with deposit, transfer, or redemption features can start to look like a payment facility, pushing you toward ASIC permissions. Wallets that automate strategies, pool funds, or promise a return can drift into managed investment territory even when the assets are on-chain. Marketing is not a loophole. If your claims imply a financial product, ASIC will assess you as one and apply the disclosure and DDO rulebook.
A simple decision framework
Start with your dominant promises to users. If you promise safe conversion between fiat and crypto, and your economics come from spreads and fees on spot trades, AUSTRAC is likely your first stop. If you promise income, exposure to an index or basket, the ability to pay and be paid through a stored value mechanism, or any structured exposure beyond spot, plan for ASIC. The fastest way to validate your choice is to map each feature to a plain-English description and check it against AUSTRAC’s DCE definitions and ASIC’s INFO 225 examples. Document your reasoning. Partners and banks will ask to see it.
Building a partner-ready evidence pack
Regardless of your path, EU and Australian partners will evaluate you on paper. For EU counterparties, align your evidence pack with mica regulation expectations on disclosures, governance, and record-keeping. For AUSTRAC-first products, prepare an AML/CTF program with risk assessment, KYC flows, sanctions screening, blockchain analytics rules, suspicious matter escalation, and independent review timing. For ASIC-path products, add your licensing plan or authorization strategy, a target market determination, key risk disclosures, and a complaints and remediation process built to DDO expectations. This is not busywork. It directly determines your onboarding timelines with banks and payment providers.
Plan for reforms without pausing your roadmap
Australia is moving toward a more comprehensive framework for digital asset platforms and payments providers. Treasury concluded a consultation on regulating digital asset platforms and has signaled draft legislation and transitional arrangements in 2025. Teams that document their perimeter and controls now will migrate faster when the new permissions arrive. Plan your architecture so that custody, exchange, and product functions can be separated if future rules require it.
Putting it all together
You do not have to guess. If you exchange crypto and fiat and nothing more, build to AUSTRAC and get your AML program operational before you seek banking. If your product offers investment-like exposure, pooled returns, tokenized securities, structured payouts, or stored value payments, treat it as a financial product and design to ASIC’s expectations from day one. When in doubt, write a two-page perimeter memo that classifies features, cites AUSTRAC and ASIC guidance, and explains why each control exists. The discipline of that document will align your team, reassure partners, and keep you off the wrong side of the rulebook.