TL;DR
- Australian exchanges should not treat April 2027 as the first compliance date. AUSTRAC obligations and readiness expectations are already active, with 1 July 2026 the major next milestone. Transaction monitoring is mandatory now, compliance officers must be notified by May 30, and the Travel Rule takes effect on July 1.
- The assumption that the existing financial services law is irrelevant until the Digital Assets Framework (DAF) regime starts is inaccurate. ASIC’s current guidance still applies where products or services already fall inside the Corporations Act perimeter. INFO 225 expires in June, after which firms must comply with existing licensing requirements while the new regime is built around them.
- Stablecoin oversight and scam prevention are being developed on separate policy tracks — stablecoins through payments reform legislation, scams through the Scam Prevention Framework targeting banks, telcos, and social media platforms. Where those tracks converge is at the point of conversion: the moment funds move on-chain and exchanges become critical intervention points. How Australia connects these two frameworks will determine whether its scam prevention architecture has a gap at the most critical link.
Australia’s crypto reforms have moved from policy to implementation, but the market now faces two different timelines: AUSTRAC’s AML/CTF and VASP obligations, many of which are already live or due by 1 July 2026, and ASIC’s Digital Assets Framework, which commences on 9 April 2027 after an 18-month transition. With this, the long-standing “digital currency exchange” (DCE) designation is gone, replaced by the internationally recognised VASP terminology.
The regulatory clock is ticking, and the next 18 months will be key.
The framework
For years, Australia treated crypto as a regulatory afterthought. Exchanges registered with AUSTRAC for AML/CTF purposes, but the broader treatment of the assets, the platforms, and their activities, was unsettled.
The Digital Assets Framework Act changes this. It brings digital asset platforms (DAPs) and tokenised custody platforms (TCPs) under existing financial services law, with clear obligations around licensing, custody, disclosure, and consumer protection that mirror what traditional financial services firms already face.
In addition, AUSTRAC’s updated VASP rules complement this by strengthening customer due diligence, transaction monitoring, and suspicious matter reporting. The shift from DCE to VASP is more than a relabelling; “digital currency exchange” implied a narrow function. VASP encompasses the fuller range of services now in the market: transfer, custody, issuance, and administration.
But passing the law was the first step. If you operate a digital asset platform in Australia, the compliance calendar just compressed. Several obligations are already live, more arrive within weeks, and the standards that will define how this market operates long-term are soon to be consulted on.
What firms need to do now
AUSTRAC’s AML/CTF transitional rules commenced on March 31. Ongoing transaction monitoring obligations are already mandatory, and firms must have notified AUSTRAC of their appointed compliance officer by May 30. AUSTRAC expects newly regulated entities to have an AML/CTF compliance officer in place by 1 July 2026. Chainalysis KYT allows firms to automate transaction screening against these obligations in real time, covering both fiat-to-crypto and cross-chain transfers.
And then, the Travel Rule takes effect on July 1. From that date, every VASP operating in Australia must transmit originator and beneficiary data with every transfer, conduct due diligence on counterparty VASPs, implement risk-based policies for self-hosted wallet transfers, and refuse to transact with entities operating without required FATF-jurisdiction licensing. Registration will close on July 29, and after that, operating without registration will be illegal.
What firms need to prepare for next
ASIC’s INFO 225 class no-action position, the regulatory comfort that allowed platforms to operate while the framework was being finalised, expires in June. After that, firms must comply with existing licensing requirements while the new regime is built around them.
The content of the regime will be consulted on over the next six months, with the new Regulatory Guide and standards instruments finalised by early 2027 and Australian Financial Services Licence (AFSL) applications opening shortly after. Firms should make sure to be in those consultation rooms to shape those standards, thereby ensuring they are best positioned to meet them.
Scams: the persistent case for precision
Australia’s framework exists in part because of scams. Crypto is increasingly used at the conversion stage, the point where victims are pressured into moving funds quickly across borders. Our 2026 Crypto Crime Report estimated as much as $17 billion was stolen globally through crypto-enabled scams and fraud, based on what we can actually see and verify on-chain.
But not every “crypto scam” truly touches crypto. Many are investment scams wrapped in crypto language, with fake platforms, fake balances, and promised returns that exist only as characters on a screen. Crypto is part of the story told to the victim, not necessarily the rail used to move or hold value. That distinction really matters because effective prevention depends on identifying where the deception begins, not just where funds may later convert into digital assets.
What matters most is what happens at this conversion stage. And here, Australia has made more meaningful progress than most others with its Scam Prevention Framework, passed in early 2025, and which shifts the question from “who pays after the fact?” to “who could have stopped this earlier?”
The National Anti-Scam Centre (housed in the ACCC) coordinates and operationalises this across different sectors. Crypto firms are directly relevant to this shift. Many scams involve funds that begin in traditional payment rails but are routed through a crypto on-ramp, placing exchanges among the intermediaries that can detect and disrupt activity before funds become irreversible. The new VASP AML rules make this unambiguous: crypto service providers are regulated participants with reporting obligations, not passive infrastructure.
The tools and techniques for sustainable prevention and early intervention already exist. Behavioural detection, cross-channel signals, and real-time screening, including Chainalysis Alterya, can identify scam typologies and flag suspicious transfers before settlement. ASIC forthcoming transactional and settlement standards will formalise expectations around suspicious activity reporting and trading surveillance, creating a regulatory mandate for detection that platforms are already doing.
Stablecoins: the missing piece
Stablecoins are increasingly the currency of choice for cybercriminals, accounting for 84% of all illicit transaction volume. The same attributes that make them appealing to legitimate users; the dollar peg,speed of transfer, global reach, also make them the preferred rail for moving illicit funds. Australia’s framework has not yet fully addressed them.
The Treasury Laws Amendment (Payments System Modernisation) Bill classifies payment stablecoins as “tokenised stored-value facilities” under ASIC oversight, with APRA stepping in for major issuers above a $200 million threshold. ASIC has also introduced class relief for secondary distributors, allowing exchanges to list eligible stablecoins without redundant licensing while the broader framework is finalised.
Some issuers are already moving ahead of the framework. Macropod’s AUDM, Australia’s first AUD-backed stablecoin issued under an AFSL and a participant in the Reserve Bank’s Project Acacia, is now listed on major domestic exchanges with compliance and monitoring infrastructure embedded from the outset, including Chainalysis tools for entity risk scoring and real-time token tracking. It’s a useful proof point: stablecoin issuers can build for regulatory expectations before those expectations are fully codified.
But how stablecoin monitoring obligations are calibrated in the coming months will determine whether Australia’s scam prevention architecture covers the full chain or leaves a hole at the most critical junction.
Australia: emerging from the margins
Jurisdictions are converging on shared expectations, clear licensing, robust AML/CTF controls, consumer protection, cross-border cooperation, and by passing the Digital Assets Framework Act, Australia has moved from the margins of the regulatory conversation.
Within APAC, the choice of AFSL integration rather than a bespoke crypto licence signals something specific: Australia wants digital assets treated as financial services, not as a separate category requiring separate rules. Singapore and Hong Kong have taken different paths with purpose-built licensing regimes alongside their existing frameworks. While the mechanics are different, the destination is the same: a tier of jurisdictions competing for the same firms, capital, and mindshare through clear rules and alignment on FATF and FSB standards.
FATF’s mutual evaluation of Australia begins late 2026, and for the first time, the assessment tests whether laws actually work instead of just whether they exist. Australia’s success will likely depend on Travel Rule implementation, how the VASP regime functions in practice, and whether the cross-sector coordination promised by the Scam Prevention Framework actually materialises.
Australia has now well and truly got the legal groundwork in place, but the next 18 months will determine whether it becomes an operational reality.
This website contains links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.
This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.
Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.
