Original author: Lawyer Shao Jiadian
introduction
In the past few years, in compliance discussions on crypto payments and stablecoin projects, Australia's Digital Currency Exchange (DCE) has often been regarded as a relatively "friendly" entry point: no financial license is required, and as long as registration with AUSTRAC and the establishment of an anti-money laundering system are completed, the exchange business between cryptocurrencies and fiat currencies can be carried out.
However, if we continue to apply this understanding from the perspective of 2026 , our judgment will often be flawed. This is because what is happening in Australian regulation is not an adjustment to a particular "license," but a reconstruction of the overall regulatory logic for virtual asset services.
The real question that needs to be answered has shifted from "Is DCE easy to do?" to: Where does DCE stand under the new regulatory structure? What problems can it still solve, and what problems can it not solve?
The current legal status of the Australian Department of Finance (DCE) is: anti-money laundering regulatory status, not a financial license.
Under the current system, the so-called "Australian Digital Currency Exchange (DCE)" is primarily legally based on the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) and its supporting regulations. Structurally, the DCE is not a financial services license in the sense of the Corporations Act 2001, nor does it imply that the company is recognized as a financial institution. Essentially, when a company provides exchange services between digital currencies and fiat currencies, it is brought under AUSTRAC's anti-money laundering regulatory system and becomes a reporting entity.
The focus of this type of regulation is very clear:
- Does the company identify its customers (KYC/CDD)?
- Can it monitor transactions and identify anomalies?
- Whether or not ongoing obligations such as reporting suspicious transactions are fulfilled.
At this stage, AUSTRAC does not make value judgments on the business model itself, nor does it examine whether a company is "suitable" to engage in such business. The regulatory logic is a typical ex-post regulation: allow the market to operate first, and then correct deviations through enforcement, auditing, and penalties. It is under this institutional background that DCE has long been used as a compliance "entry point" for projects such as crypto payments, OTC, and stablecoin payments.
Key changes in 2026: AML/CTF framework upgrade and "registration confirmation" mechanism
The real turning point came from Australia's systematic revision of its AML/CTF regime. At the end of 2024, Australia passed the AML/CTF Amendment Act 2024, and the Department of Home Affairs and AUSTRAC pushed for updates to supporting rules, explicitly incorporating virtual asset-related designated services more systematically into the anti-money laundering regulatory framework. According to the published implementation schedule, the key reform milestone related to virtual assets is March 31, 2026. This round of reforms will bring at least three substantial changes:
First, the scope of regulation has expanded from a single point of DCE (Digital Currency Exchange) to a collection of virtual asset services. While fiat currency and cryptocurrency exchanges remain regulated, they are no longer the sole focus. Exchanges, value transfers, and payment executions between virtual assets are now all subject to AUSTRAC's risk assessment and regulatory oversight.
Second, the regulatory pace has shifted from ex post to ex pre. Under the new framework, simply completing enrolment is no longer sufficient to grant business qualifications. For relevant virtual asset services, companies must obtain AUSTRAC registration confirmation and may not provide services before confirmation.
Third, the focus of compliance has shifted from "whether or not registration has been completed" to "whether or not sustainable compliance capabilities have been achieved." AUSTRAC is no longer concerned with mere formal compliance documents, but rather with whether companies truly understand their service types, funding channels, and risk exposures, and whether they have the ability to continuously fulfill their AML/CTF obligations.
This means that the previous space for "launching first and then complying with regulations" has been significantly reduced at the institutional level.
The Changing Role of DCE: From "Passport" to "Service Type Label"
Under the new AML/CTF structure, DCE will not be abolished, but its legal significance has changed. Before 2026, "holding a DCE registration" was almost equivalent to "whether one can legally conduct cryptocurrency exchange business in Australia"; after 2026, DCE is more accurately positioned as a specific service type within the AUSTRAC virtual asset services regulatory framework. Whether a company can legally operate depends on three more substantial questions:
- What virtual asset-related services were actually provided?
- Have these services been registered and confirmed?
- Does the corresponding AML/CTF system match the service risk?
In this context, simply emphasizing "whether or not there is DCE" is insufficient to fully describe a company's compliance status.
The second regulatory line: Why is ASIC introducing the "Digital Asset Platform and Custody" framework?
If AUSTRAC's reforms address the "compliant flow of funds," then ASIC's core concern is: who is custodian and controlling assets for clients, and who bears legal responsibility in the event of a risk? This logic is embodied in the Australian Treasury's 2025 "Regulating Digital Asset Platforms–Exposure Draft Legislation." This draft proposes to amend the Corporations Act 2001 to explicitly include specific types of digital asset platforms and custody arrangements within the regulatory framework for financial products and services. The regulatory approach adopted in the draft does not revolve around "whether virtual assets are securities," but rather around functionality and control . Its key judgment lies in:
- Is the private key held on behalf of the client?
- Do you manage account balances or internal ledgers?
- Does the entity have substantial control over the transfer of assets?
Once a business touches upon the aforementioned elements, the platform's legal role is no longer simply that of a technology intermediary or an entity obligated to combat money laundering. Instead, it enters the realm of financial services that "manage assets for clients," typically requiring the acquisition of an AFSL and acceptance of stricter requirements for conduct, governance, and client asset protection.
Australian virtual asset regulation can be summarized in just one watershed moment.
Australia employs a highly function-oriented, tiered regulatory approach for virtual asset services. Its core criterion is not whether crypto assets are involved, but rather whether the platform has begun managing and controlling assets on behalf of others. When the business only involves the exchange, transfer, or payment execution of virtual assets, the main risk lies in the compliance of fund flows, and the regulatory focus naturally falls on anti-money laundering and counter-terrorism financing. Such businesses can operate by completing registration with AUSTRAC, obtaining registration confirmation, and continuously fulfilling AML/CTF obligations.
However, once the business model evolves to holding private keys on behalf of clients, centrally managing assets, or establishing client rights to the platform's balances through account arrangements, the nature of the risk changes. At this point, the client's reliance on the platform's credit becomes the core issue, and the related business will no longer remain an entity obligated to anti-money laundering but will need to be incorporated into the ASIC-led financial services regulatory framework and obtain an Australian Financial Services License (AFSL).
In other words, simple value transfers fall under AUSTRAC's jurisdiction; however, once assets are managed on behalf of others, they must fall under ASIC's financial services regulatory framework. This dividing line constitutes the basic logic of Australia's virtual asset regulatory system.
Looking ahead to early 2026, is it still necessary to complete DCE registration now?
In this context, whether to "do DCE now" is no longer a question of right or wrong, but rather a strategic choice for a particular stage. For companies that clearly plan to conduct real cryptocurrency exchange or payment business in Australia in the long term and whose business model is relatively clear, completing the current DCE registration in advance is still of practical significance: it helps to establish a compliance record, run the AML/CTF system in advance, and lay the foundation for subsequent registration confirmation.
However, it must be clearly understood that the current DCE can only be regarded as a transitional foundation, not the final compliance after 2026. Regardless of whether registration is completed now, it is inevitable that registration confirmation will be completed under the new framework in the future, and more upfront regulatory review will be required.
The core of the Australian approach is not the DCE, but the regulatory logic itself.
To offer a higher-level assessment of Australian virtual asset regulation, the conclusion might be that Australia isn't attempting to solve all problems with a single new license, but rather is gradually integrating virtual asset services into the existing legal framework through functional stratification. The Digital Currency Electronic Certificate (DCE) still exists, but it's merely an entry point within this system. What truly determines the compliance path is how businesses address key issues like "exchange, transfer, custody, and control" in their business design. After 2026, understanding the regulatory logic itself is far more important than getting bogged down in a particular registration or license.
