What Crypto Businesses in Australia Need to Do Before 31 March 2026
Australia’s AML/CTF regime is expanding from the narrower “digital currency exchange” concept into a broader Virtual Asset Services framework. If you run (or support) a crypto exchange, broker, custody business, swap service, or certain token-issuer distribution activities, the AUSTRAC virtual asset services reform could bring you into scope or expand what you already must do.
Contents
- What the AUSTRAC virtual asset services reform is doing
- Key dates and deadlines (March–April 2026)
- What counts as a “virtual asset” (and what doesn’t)
- The designated services that trigger regulation (50A, 50B, 46A, 50C, and transfers)
- The “geographical link” test (Australia connection)
- How this changes things for current DCEs and newly caught businesses
- Practical compliance checklist (first 30–60 days)
- FAQs
- Official resources and external links
- Disclaimer
1) What the reform is doing (plain English)
AUSTRAC is regulating more crypto business models by focusing on what you do (designated services), not just whether you look like a traditional “exchange.”
The big expansions under the AUSTRAC virtual asset services reform include:
- Crypto-to-crypto exchange / swaps (not just fiat on/off ramps)
- Custody / safekeeping of virtual assets or private keys (hosted wallets, key management, multi-sig structures)
- Certain “financial services” that help an issuer sell/distribute a virtual asset (e.g., underwriting/placement style involvement)
- Stronger “travel rule” obligations for businesses transferring value involving virtual assets
2) Key dates and deadlines you should calendar now
Table: timing snapshot
| Date | What happens | Who it affects |
|---|---|---|
| 31 March 2026 | New/expanded laws start for newly regulated virtual asset services | VASPs with an Australia link |
| By 31 March 2026 | AUSTRAC indicates you must be registered before providing registrable virtual asset services (and you must not provide them until registration is confirmed) | Businesses in-scope for registrable VA services |
| 28 April 2026 | AUSTRAC states you’ll have until this date to enrol (for the newly regulated virtual asset services) | Newly regulated VA services |
Mini timeline
3) What counts as a “virtual asset” (and what doesn’t)
AUSTRAC’s reform guidance explains that “virtual assets” are broad digital representations of value that can be transferred or traded electronically, but there are notable exclusions and grey areas (especially around NFTs and “digital records” of traditional assets).
Table: practical examples
| Likely included | Often excluded / not treated as a “virtual asset” (per guidance examples) |
|---|---|
| BTC/ETH and most tradeable tokens | Loyalty points (e.g., Flybuys / frequent flyer points) |
| Many stablecoins | In-game currencies (game “gold bars” style) |
| Some NFTs (where they function as transferable “value”) | “Just a digital record” of owning a non-virtual-asset (example given: a simple record of shares) |
4) The designated services that trigger regulation (the part that really matters)
The reforms are built around designated services in the AML/CTF Act. For virtual asset services, key items include 50A, 50B, 46A, 50C, and transfers of value involving virtual assets (items 29–30 where a VA is involved).
| Designated service | Plain-English meaning | Common business examples |
|---|---|---|
| 50A | Exchange a virtual asset for money (or arrange it) | On/off-ramps, broker desks, exchange fiat pairs |
| 50B | Exchange virtual asset ↔ virtual asset (or arrange it) | Swap services, crypto-only exchanges |
| 46A | Safekeep / control virtual assets or private keys for customers | Hosted wallets, custodians, key management platforms |
| 50C | Services connected with an issuer’s offer/sale of a virtual asset | Issuer distribution support, underwriting/placement style roles |
| 29–30 (where VA involved) | Transfer of value involving virtual assets on behalf of customers | Sending/settlement/transfer providers, some exchange withdrawal rails |
5) The “geographical link” test (don’t assume you’re out just because you’re offshore)
To be regulated, your designated service must have a geographical link to Australia usually meaning you provide it at or through a permanent establishment in Australia, or you meet certain residency/subsidiary conditions.
AUSTRAC also points out that serving Australians via a website does not automatically mean you meet the test it depends on whether you (or an agent) carry on relevant activities through a permanent establishment in Australia.
6) What changes for current DCEs vs newly regulated businesses
Quick comparison
| If you are… | What typically changes under the AUSTRAC virtual asset services reform |
|---|---|
| Existing fiat↔crypto exchange (DCE-style model) | You may now be captured for more services you already offer (swaps, custody, transfers), and you’ll need to map each product line to designated services |
| Crypto-only exchange / swap product | You may be newly captured via 50B (crypto-to-crypto) |
| Custody / hosted wallet provider | You may be newly captured via 46A (custody/safekeeping) |
| Token issuer support / distribution partner | You may be captured via 50C depending on the role you play in the issuer’s offer/sale process |
7) Practical compliance checklist (what I’d do first)
Here’s a straightforward “get moving” list that fits most VA businesses:
Week 1–2: scope and structure
- Map each product to a designated service (50A/50B/46A/50C/transfer).
- Confirm your geographical link position (office, staff, agents, operational footprint).
- Decide whether you need registration (not just enrolment) based on “registrable virtual asset service.”
Week 3–6: build the core AML/CTF uplift
- Update AML/CTF program, risk assessment, onboarding/KYC flows, and monitoring rules to match your in-scope services. (AUSTRAC’s reform guidance is intended to support this uplift.)
- Prepare for travel rule requirements if you transfer value involving virtual assets (collect/verify/pass on information; plus restrictions around dealing with illegal beneficiary institutions).
Before 31 March 2026
- Have your registration/enrolment pathway ready to avoid operational “stop” risk at go-live.
8) FAQs
What’s the best target keyword for SEO?
Use “AUSTRAC virtual asset services reform” as the primary keyword (and sprinkle variations like “VASP Australia AML/CTF reform” and “travel rule virtual assets Australia” in headings and FAQs). This aligns tightly with how people are searching and how AUSTRAC labels the guidance page.
I’m offshore but have Australian customers — am I regulated?
Not automatically. You still need a geographical link (often via a permanent establishment or certain residency/subsidiary scenarios). The facts matter.
Does “crypto-to-crypto only” really count?
Yes — that’s one of the headline expansions (designated service item 50B).
If we custody keys using multi-sig or MPC, does that count as custody?
Custody is framed around safekeeping / control on behalf of customers; AUSTRAC’s reform approach is meant to capture modern custody structures, not just old-school hosted wallets.
What’s the travel rule in one sentence?
It requires businesses involved in a transfer of value (including virtual assets) to pass required information along the transfer chain, and it comes with additional obligations/constraints in certain scenarios.
When do I need to enrol?
AUSTRAC’s summary says for newly regulated virtual asset services starting 31 March 2026, you will have until 28 April 2026 to enroll.
9) Official resources and external links
- AUSTRAC: Virtual asset services (Reform)
- AUSTRAC: Summary of obligations (Reform) (key dates)
- AUSTRAC: Geographical link requirement
- AUSTRAC: The travel rule (Reform) + overview
- AUSTRAC: Additional travel rule obligations when transferring virtual assets
- ASIC info sheet 225: Digital assets: Financial products and services
- Home Affairs: background on value transfer / travel rule changes
- Contact Us: click here
Disclaimer
This article is general information only and is not legal, financial, or compliance advice. AML/CTF obligations depend on your exact business model, the designated services you provide, and whether you meet the geographical link test. For authoritative requirements, rely on AUSTRAC guidance and the AML/CTF Act/Rules, and obtain professional advice for your circumstances.
