Digital Asset Regulation in Australia: Where to from here?


Learning Outcomes

This piece will examine various approaches to digital asset regulation as well as the expressed sentiment of regulators to equip the reader with information on the likely path forward in Australian digital asset regulation and the impact that will have on the investability of digital assets. Key issues addressed in this piece include:

  1. The way regulators in Australia and abroad treat digital assets.
  2. The key risks associated with digital assets.
  3. The mechanisms through which Australian regulators might seek to ameliorate these risks.


The unprecedented influx of demand for digital-asset investments has exposed limitations in Australia’s existing regulatory framework. As ASIC, AUSTRAC and the ATO work to implement an appropriate regulatory framework for these new assets, rapid investment continues into a space which is absent of significant regulatory oversight. Monochrome is actively involved in assisting the ongoing consultative processes with Australian regulators, as they seek to understand the nature of digital-assets, their potential value to Australia’s economy, and the various risks they pose to investors. This piece will examine various approaches to digital-asset regulation as well as the expressed sentiment of regulators to discern the likely path forward in Australian digital-asset regulation and the impact that will have on the investability of digital-assets. Key issues arising in this analysis include the way regulators treat digital-assets, the key risks associated with digital-assets, and the mechanisms through which Australian regulators might seek to ameliorate these risks.

How do regulators classify digital assets?

ASIC, AUSTRAC and the ATO are the key regulators in the Australian digital-assets landscape. AUSTRAC is the Australian Government agency responsible for detecting, deterring and disrupting criminal abuse of the financial system to protect the community from serious and organised crime. Whilst this is an important part of the regulatory landscape within digital assets and the financial system more broadly, it is separate to consumer protections found within the Corporations Act 2001 as enforced by ASIC.

There is a notable transition in sentiment that can be inferred through guidance materials and other materials released by these regulators, especially ASIC. Looking first at ASIC, initial guidance released on the classification of digital-assets indicated that they were risky but fell almost entirely outside the mandate of ASIC, the exception being those digital-assets that could be construed as financial products within the meaning of the Corporations Act 2001. This approach can be contrasted against ASIC’s current consultative process in relation to Consultation Paper 343 Crypto-assets as underlying assets for ETPs and other investment products (CP343), where ASIC is actively engaged in a consultative process, seeking industry feedback to develop an appropriate classification system.

Looking next to the ATO, we can see that, based on their most recent guidance, digital-assets are well integrable into Australia’s taxation framework. For general holders of digital-assets, the ATO will treat these as CGT assets. For those who engage in the trading, mining or exchange of digital-assets, the digital-assets will be treated as trading stock and not attract CGT.

What key risks are regulators concerned with?

Key investor risks arising in relation to digital-assets include price volatility, vulnerabilities in the digital currency protocols, the risk of fraud and risks arising out of reliance on intermediary parties necessary to facilitate digital-asset investments, such as the need for intermediary custody providers.

Regulators are well aware of the volatility of digital-assets and have evinced strongly that this is an important risk factoring into regulatory decisions. Notwithstanding this fact, there is a notable shift in the attitude of regulators to Bitcoin which trade in more liquid markets with strong price information mechanisms, and consequently are susceptible to lower volatility than other, less deeply traded, digital-assets.

Vulnerabilities in digital currency protocols refer to inherent weaknesses in the platform on which a digital-asset sits, which are able to be exploited by potential hackers. It is widely acknowledged that widely adopted platforms, such as Bitcoin, have sophisticated, in-built mechanisms which prevent this from happening. However, there is a strong acknowledgement that protocol attacks are a live risk with nascent digital-assets.This risk will likely be addressed by regulators.

The risk of ledger fraud arises purely in relation to those nascent coins which distribute transaction verification responsibilities to a limited pool of actors. Where more established digital assets like Bitcoin distribute verification responsibilities to thousands of nodes operated separately in an international network, newer digital assets may have more centralised verification mechanisms. The key here is that ledger fraud risk arises when over 50% of nodes on the network supporting the asset are controlled by a single actor or a group acting in concert. When this occurs, those in control of the central verification mechanism are able to manipulate the ledger in a fraudulent manner to steal from those holding digital assets on the platform. Those in control are also able to change protocol rules, increasing technical risks associated with those digital assets which are not truly centralised.

The risks associated with reliance on intermediaries are also significant. Particularly, regulators have indicated that they are concerned by risks associated with intermediary custody providers. A significant risk which is not considered by many digital asset investors is that, in the event that their custody provider is compromised, their entire investment may also be compromised. This issue is exacerbated by the opaque nature of custody arrangements often found in the digital-asset space. An example of this risk in practice arises when trading on digital asset exchanges. When investors trade on digital-asset exchanges, that exchange is tasked with custody of those digital-assets unless the investor decides to move their digital-asset to a different location (noting that no digital asset exchanges in Australia currently are, nor are they currently required to be, licensed by our regulators to custody funds on their trading platforms or brokerages). In the event that the exchange is compromised by an internal or external bad actor or procedural deficiency, the assets custodied on that exchange are also potentially compromised. And many investors, both large and small, with assets sitting on exchanges are not aware of this or under-appreciate this risk.

How might Australia address these risks?

Every country in the world which has regulated digital-assets to date has done so through a licensing or registration regime. It is likely that Australia will do the same. This would invariably involve requiring businesses involved in the digital-asset value chain to obtain licences or registrations, which confer a range of obligations designed to secure investor protections. The key question then becomes: what will these obligations look like? It is useful to consider an implemented licence framework as a case study and the structure of obligations found in the New York Codes, Rules and Regulations is instructive:

  • Minimum capital requirements: it is likely that digital-asset businesses will be required to maintain an amount of fiat currency as a percentage of the digital-assets they are holding to secure liquidity. This will likely align with the compliance mandates set out by ASIC’s Regulatory Guide 166.
  • Custody requirements: where a digital-assets business is holding the assets of its users, they will be required to ensure the safe custody of those assets. Licensed custodians currently have to meet the requirements set out in ASIC’s Regulatory Guide 133 and it is expected that digital-assets businesses will have to meet similar requirements.
  • Financial disclosures: it is likely that licensees will have to go above and beyond the disclosure requirements encumbering incorporated entities, providing a range of disclosures including in relation to future financial projections and other key financial metrics.
  • Cybersecurity: this will likely involve licensees being obligated to establish effective cybersecurity controls in relation to identification, protection, response and recovery for relevant cyber threats. This is similar to the cybersecurity compliance measures outlined in ASIC’s Cyber Resilience Good Practices Guidance.
  • Risk management and business continuity measures: these are compliance measures which require licensees to ensure that their business is able to operate through disruptions. This includes plans to ensure that emergencies which are capable of disrupting business operations are unable to compromise data, relevant infrastructure and personnel. This will likely align with the compliance mandates set out by ASIC’s Regulatory Guide 259.

The above is helpful to understand how the key risks associated with digital assets can be effectively mitigated. What can be said with a degree of certainty is that key risks associated with well tenured digital assets can be well mitigated with proper regulatory action. What is less certain is whether risks associated with nascent digital-assets can be effectively addressed, given their multiplicity and variety.


It is expected that Australian regulators will make significant progress over the coming years to develop an appropriate regulatory framework to maximise the protection of retail investors when interacting with digital-assets. Monochrome Asset Management is engaging with regulators to assist in this process. ASIC’s current approach appears facilitative in terms of the larger capitalised and ‘battle-tested’ digital digital-assets with deep liquidity; however, it is unclear whether, and at what pace, regulators will develop an appetite for and therefore be willing to facilitate, more nascent digital-assets that do not trade in deep, liquid markets, lack institutional support and do not have ‘battle tested’ protocols.

The content, presentations and discussion topics covered in this material are intended for licensed financial advisers and institutional clients only and are not intended for use by retail clients. No representation, warranty or undertaking is given or made in relation to the accuracy or completeness of the information presented. Except for any liability which cannot be excluded, Monochrome, its directors, officers, employees and agents disclaim all liability for any error or inaccuracy in this material or any loss or damage suffered by any person as a consequence of relying upon it. Monochrome advises that the views expressed in this material are not necessarily those of Monochrome or of any organisation Monochrome is associated with. Monochrome does not purport to provide legal or other expert advice in this material and if any such advice is required, you should obtain the services of a suitably qualified professional.

Get the latest Monochrome updates direct to your inbox.