[[key]]
[[/key]]
Australia's new Digital Assets Framework Bill 2025 requires crypto platforms to hold an Australian Financial Services Licence (AFSL). Penalties for operating without one can reach $16.5 million. [[widget currency=(AUD) crypto=(BTC)]]
That single fact has scared a lot of Australian fintech teams away from crypto entirely.
However, the law only regulates platforms that operate as digital asset exchanges or custodians. It does not require every app that offers crypto functionality to become one.
There's a difference between running a crypto exchange and plugging into one. That difference is the entire basis for how your app can offer crypto features.
This article explains how that works in the Australian regulatory context, what the three main integration paths look like, and how to decide which one fits your platform.
[[related text=(A Step-by-Step Guide to Blockchain Payments) link=(https://transak.com/blog/a-step-by-step-guide-to-blockchain-payments)]]
An Australian Financial Services Licence (AFSL) is issued by the Australian Securities and Investments Commission (ASIC). It authorises a business to provide financial services (things like dealing in financial products, providing financial advice, or operating a market).
Historically, most crypto businesses in Australia only needed to register with AUSTRAC (the Australian Transaction Reports and Analysis Centre) as a Digital Currency Exchange (DCE) provider. That registration covers anti-money laundering and counter-terrorism financing obligations, but it doesn't regulate the product itself.
The Digital Assets Framework Bill 2025 changes this. It brings crypto platforms under the Corporations Act 2001, which means:
In short, if your platform takes possession of customer crypto or exercises "factual control" over digital tokens, you are now operating a regulated financial service in Australia.
This is the concept at the heart of the new framework, and it's worth understanding clearly.
The Bill defines factual control as the practical ability to transfer a digital token or exclude others from doing so. It's not about what your terms of service say. It's about what your technology actually does.
You likely have factual control if your platform:
Outsourcing key management to a provider like Fireblocks does not remove the licensing obligation. If you control the client relationship and can instruct the custodian, you're the regulated entity.
This distinction matters because it draws a clear line. If your platform never has factual control, because a licensed infrastructure provider handles the entire conversion, custody, and settlement process, then the AFSL obligation falls on that provider, not on your platform.
Here's a simplified breakdown.
You likely need an AFSL if you:
You likely don't need an AFSL if you:
There's also a low-value exemption. Platforms holding less than $5,000 per customer and processing under $10 million annually are exempt. But this threshold is low and most apps with any meaningful traction will exceed it quickly. So, it's not a viable long-term strategy.
Note that this is a general framework, not legal advice. The specific integration architecture determines where the regulatory boundary sits. Platforms should seek legal counsel to assess their specific setup.
Every Australian fintech evaluating crypto features faces the same architectural decision. There are three paths, and each trades off regulatory burden against user experience and control.
The simplest approach. Your app sends users to a third-party. The user creates a new account there, completes a separate KYC process, buys crypto, and transfers it back to your app manually.
Here, since your platform isn't providing a financial service, it does not require AFSL or AUSTRAC registration.
The problem:
For a fintech competing on product quality, this approach protects you legally but undermines the product. And it hands the customer relationship to the exchange.
This is the opposite extreme. Your platform builds the full conversion stack including licensing, banking integrations, payment processing, KYC/AML, crypto liquidity, fraud detection, settlement.
This requires AUSTRAC DCE registration, AFSL from ASIC (costs $50,000–$200,000 in application fees, takes 6–8 months), banking partnerships, liquidity management, and ongoing compliance.
This path is best for platforms where crypto conversion is the core product, where controlling the full flow is a competitive advantage, and where the team has the capital and expertise to operate a regulated financial service.
For fintechs where crypto is a feature, not the business, this path is overkill. If your core product is payments, banking, lending, or remittances, building a full exchange diverts engineering and compliance resources away from what makes your platform valuable.
This is the path that most fintech platforms globally are choosing.
Instead of redirecting users or building from scratch, the platform integrates with an AUSTRAC-registered infrastructure provider that handles payment processing, KYC, AML/CTF compliance, crypto liquidity, conversion, and settlement.
The platform controls the user experience. The provider handles the regulated machinery behind it.
What the user sees is a conversion flow inside the app they already trust. They select an amount, choose a familiar payment method, and receive crypto in their wallet.
What happens behind the scenes is that the infrastructure provider verifies the user's identity, processes the AUD payment, executes the conversion, monitors the transaction for compliance, and delivers the crypto to the specified wallet address.
Two integration models exist:
Model |
How It Works |
Engineering Effort |
Brand Control |
|
Widget |
Pre-built module embedded in your app |
Low. Days to integrate |
Transak branding may be visible |
|
White-label API |
Platform builds its own UI on Transak’s backend |
Higher. Weeks to integrate |
Full brand control, Transak invisible |
A single fiat-to-crypto conversion is not a simple transaction. It's a chain of regulated activities. Here's what Transak manages so your platform doesn't have to:
Transak holds registrations and licences across multiple jurisdictions; AUSTRAC DCE registration in Australia, FCA registration in the UK, FinCEN MSB registration and state money transmitter licences in the US, and authorisations across the EU, Canada, and India. For Australian fintechs that also operate internationally, this means the same infrastructure provider can cover multiple markets without stitching together separate regional integrations.
Also Read: Transak Expands to Australia
No. It follows the same principle that operates across all financial services where regulated activities are performed by regulated entities, and other platforms integrate with them.
The regulatory obligation attaches to the entity performing the regulated service and not to every app that connects to it. This is not a loophole. It's how regulated infrastructure works.
The critical requirement is that the integration architecture genuinely separates the regulated activities from the platform's operations. If the platform intermediates funds, holds crypto during the conversion, or exercises factual control over tokens at any point, the analysis changes.
Also Read: What Is the European Travel Rule and How It’s Impacting Crypto Payments
As the infrastructure provider behind 450+ apps globally, including MetaMask, Ledger, and BitPay, and now AUSTRAC-registered in Australia, Transak can walk your team through integration options, supported payment methods, asset coverage, and compliance handling for the Australian market.
[[button text=(Integrate Transak Today) link=(https://transak.com/integrate-transak)]]