Introduction to Cryptocurrency Payment Licensing: Australia DCE

Author: Shao Jiadian Lawyer

Introduction

In recent years, during discussions on compliance for crypto payments and stablecoin projects, the Australian DCE (Digital Currency Exchange) has often been viewed as a relatively “friendly” entry point: no need for a financial license, as long as registration with AUSTRAC and the establishment of anti-money laundering systems are completed, businesses can conduct exchanges between cryptocurrencies and fiat currencies.

However, if we continue to interpret it this way at the 2026 time point, our judgments may be biased. Because what is happening in Australian regulation is not an adjustment of a single “license,” but a reconstruction of the overall regulatory logic for virtual asset services.

The real questions to be answered have shifted from “Is DCE easy to operate?” to: under the new regulatory framework, what is the position of DCE? What issues can it still address, and what issues are clearly beyond its scope?

Legal Position of Current Australian DCE: Anti-Money Laundering Regulatory Status, Not a Financial License

Under the current system, the so-called “Australian DCE” primarily derives its legal basis from the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) and its supporting regulations. Legally, DCE is not a financial service license under the meaning of the Corporations Act 2001, nor does it imply that the enterprise is recognized as a financial institution. Its essence is: when a business provides exchange services between digital currencies and fiat currencies for others, it falls under AUSTRAC’s AML regulatory system and becomes a reporting entity.

This type of regulation has very clear focus:

• Whether the enterprise performs customer identification (KYC/CDD);
• Whether it can monitor transactions and identify anomalies;
• Whether it fulfills ongoing obligations such as suspicious transaction reporting.

AUSTRAC at this stage does not make value judgments on the business model itself, nor does it review whether the enterprise is “suitable” to engage in such business. The regulatory logic is typical ex post regulation: allowing the market to operate first, then correcting through law enforcement, audits, and penalties. Under this system, DCE has long been used as a compliance “entry point” for crypto payments, OTC, stablecoin transactions, etc.

Key Changes in 2026: Upgrading AML/CTF Framework and “Registration Confirmation” Mechanism

The real turning point comes from a systematic revision of Australia’s AML/CTF regime. By the end of 2024, Australia passed the AML/CTF Amendment Act 2024, with supporting rules updated by the Department of Home Affairs and AUSTRAC, explicitly incorporating virtual asset-related designated services into the AML regulatory framework more systematically. According to the announced implementation schedule, a key reform milestone related to virtual assets is set for March 31, 2026. This round of reforms brings at least three substantive changes:

First, the scope of regulation expands from “single DCE point” to “set of virtual asset services.” Fiat-to-crypto and crypto-to-fiat exchanges remain regulated but are no longer the sole focus. Exchanges between virtual assets, transfer of value, payment execution, and other behaviors are now included in AUSTRAC’s risk assessment and regulatory scope.

Second, the regulatory approach shifts from ex post to ex ante. Under the new framework, merely completing enrollment (registration) is no longer sufficient to qualify for business operations. For relevant virtual asset services, enterprises must obtain AUSTRAC’s registration confirmation before providing services.

Third, compliance focus shifts from “whether registered” to “whether capable of sustainable compliance.” AUSTRAC’s concern is no longer just formal compliance documents but whether enterprises truly understand their service types, fund flows, and risk exposures, and possess the ongoing ability to fulfill AML/CTF obligations.

This means that the previous “launch first, then patch compliance” space has been significantly compressed at the institutional level.

The Role Shift of DCE: From “Pass” to “Service Type Label”

Under the new AML/CTF structure, DCE will not be abolished, but its legal significance has changed. Before 2026, “whether holding a DCE registration” was almost equivalent to “whether one can legally conduct crypto exchange business in Australia”; after 2026, a more accurate positioning of DCE is as a specific service type within AUSTRAC’s virtual asset service regulatory system. Whether a business can operate legally depends on three more substantive issues:

• What virtual asset-related services are actually provided;
• Whether these services have obtained registration confirmation;
• Whether the corresponding AML/CTF system matches the service risks.

In this context, simply emphasizing “whether DCE exists” is no longer sufficient to fully describe a company’s compliance status.

Second Regulatory Line: Why ASIC Introduces the “Digital Asset Platform and Custody” Framework

If AUSTRAC’s reform addresses “whether funds flow compliantly,” then ASIC’s core concern is: who holds and controls assets for clients, and who bears legal responsibility when risks occur. This logic is embodied in the Australian Treasury’s 2025 release of the “Regulating Digital Asset Platforms–Exposure Draft Legislation.” The draft proposes amending the Corporations Act 2001 to explicitly include certain types of digital asset platforms and custody arrangements within the financial products and services regulatory framework. The regulatory approach adopted is not centered on whether virtual assets are securities but on their functions and control rights. The key considerations are:

• Whether the platform holds private keys on behalf of clients;
• Whether it manages account balances or internal ledgers;
• Whether it has substantive control over asset transfers.

Once a business touches on these elements, the platform’s legal role shifts from a mere technical intermediary or AML obligor to a financial service provider “managing assets for clients,” typically requiring an Australian Financial Services License (AFSL) and subject to stricter conduct, governance, and client asset protection requirements.

Australia’s Virtual Asset Regulation: The Critical Threshold

Australia’s approach to virtual asset services is highly function-oriented layered regulation. The core judgment is not whether the platform involves cryptocurrencies but whether it begins to manage and control assets on behalf of others. When the business only involves exchange, transfer, or payment execution of virtual assets, the main risk concerns the compliance of fund flows, with regulatory focus naturally on AML and counter-terrorism financing. Such businesses can operate by completing AUSTRAC registration, obtaining registration confirmation, and continuously fulfilling AML/CTF obligations.

However, once the business model evolves to holding private keys on behalf of clients, centrally managing assets, or forming client balance rights through account arrangements, the risk nature changes. At this point, the client’s reliance on the platform’s credit becomes the core issue. The relevant business will no longer be just an AML obligor but must fall under ASIC’s financial services regulatory framework and obtain an Australian Financial Services License (AFSL).

In other words, simple value transfer remains under AUSTRAC; once managing assets for others, the business must enter ASIC’s financial services regulation track. This threshold constitutes the fundamental logic of Australia’s virtual asset regulatory system.

Is it still necessary to complete DCE registration now, at the beginning of 2026?

In this context, whether to “register DCE now” is no longer a binary yes/no question but a phased strategic choice. For enterprises with a clear plan to conduct long-term genuine crypto exchange or payment business in Australia, and whose business models are relatively clear, completing current DCE registration early still has practical significance: it helps establish a compliance record, enables early AML/CTF system operation, and lays the foundation for subsequent registration confirmation.

But it must be clearly understood: current DCE registration can only be regarded as a transitional base, not the final compliance after 2026. Regardless of whether registration is done now, future compliance will inevitably require registration confirmation under the new framework and acceptance of more proactive regulatory scrutiny.

The Core of Australia’s Path: Not DCE, but the Regulatory Logic Itself

If we are to give a higher-level judgment on Australia’s virtual asset regulation, the conclusion might be: Australia is not trying to solve all problems with a new license but is gradually integrating virtual asset services into the existing legal system through functional layering. DCE still exists, but it is just an entry label within this system. The real determinant of compliance pathways is how enterprises handle key issues like “exchange, transfer, custody, and control rights” in their business design. After 2026, understanding the regulatory logic itself will be far more important than fixating on a particular registration or license.