The digital frontier – staying ahead of the crypto curve

23 March 2022
Matthew Bode, Partner, Brisbane Kate Mills, Partner, Sydney

We are in an era that many are now describing as the ‘digital frontier’ – where visions of decentralised financial systems (DeFi) and decentralised autonomous organisations (DAOs) run abound with an endgame that intends to shake up the way traditional finance is offered to consumers.

On 21 March 2022 the Treasury released its consultation paper on Crypto asset secondary service providers: Licensing and custody requirements (Consultation Paper) raising 32 consultation questions in relation to crypto licensing and custody requirements. The Consultation Paper fulfils the government’s December 2021 commitment in its ‘Transforming Australia’s Payment System’ report, to develop a licensing and custody regime for digital assets, with advice to be provided to Government on policy by mid-2022. The Consultation Paper has been released in the face of the regulatory challenge governments are facing, not only in Australia, but internationally, to implement appropriate consumer safeguards whilst still leaving room for future innovation, growth and competition in a market that is expected to grow domestically from A$2.1 billion to A$68.4 billion by 2030 with ‘the right regulatory settings’[1].

The Consultation Paper maps the crypto ecosystem [see Figure 1] and makes it clear that the move to regulate this frontier is one that seeks to harness the economic benefits from the technological innovations arising from the crypto ecosystem for Australia, and create a local crypto ecosystem that the consumer can trust. In addition to the crypto ecosystem, the Consultation Paper looks at proposals for a licensing regime for crypto asset secondary service providers (CASSPrs), custody obligations to safeguard private keys and seeks early views on the classification of crypto assets.

Figure 1[2]

The current state of the crypto asset eco system

Currently, financial products are regulated by imposing obligations on the sellers or distributors of the products, with intermediaries supervised and held accountable for products and services they are offering. The government is looking to shift this approach in the digital sphere, by fostering CASSPrs in respect of custody and storage, exchange, brokerage and dealing services and operating a market.

Australia presently has two minimum custody requirements that apply to crypto assets, which include (a) a safekeeping scheme under the Corporations Act 2001 (Cth) (Corporations Act)[3]; and (b) safekeeping of financial products under the Corporations Act by custodians or depository service providers[4].

The Consultation Paper seeks to address perceived regulatory gaps currently in place in order to classify crypto assets as financial or non-financial products and mitigate counterparty risk associated with using crypto as a store of value or investment. The proposed changes to crypto regulation are also intended to protect the community from criminal enterprise and fraud.

The Consultation Paper raises questions in relation to the definition of CASSPrs and alternative terms, as well as the definition capturing crypto assets, whether one definition should apply across all Australian regulatory frameworks and/or whether crypto assets such as non-fungible tokens (NFTs) should be carved out[5].

Considerations and feedback for a licensing regime for CASSPrs and establishing the potential scope of obligations on secondary service providers

The Consultation Paper presents two foundational principals of crypto assets:

  1. products and services should be regulated according to risk; and
  2. regulation should be technology neutral, and the regulatory approach should seek to ‘look through’ the technology and apply regulation consistently based on the risk associated with the subject of the regulation.

The report provides that the principles for regulating crypto assets are not identical to those behind financial product regulation and shouldn’t be treated as such. On this basis, the relationship between the buyer and seller, unlike typical financial services, can be treated as trustless. Part of this philosophy is taken from the fact that a Crypto asset stems from the mathematical. As such, will do what it is programmed to do, hence there is no requirement to trust a central authority to arbitrate transactions. The second reason for the difference is that information on open block chains is entirely visible, and as such, is permissionless and transparent.

The Consultation Paper does not seem to suggest however, dispensation for regulation of secondary service providers, which they have deemed higher risk of inflicting consumer detriment when dealing with Crypto assets. Thus, the licensing regime for CASSPrs would provide higher regulatory clarity and set out minimum ‘policy guardrails’ of conduct for business operations and for dealing with consumers.

The Consultation Paper therefore proposes the following policy objectives to underpin the CASSPrs licensing regime, including:

  1. minimising the risk to consumers from the operational, custodial, and financial risks facing the use of CASSPrs;
  2. supporting the AML/CTF regime and protecting the community from the harms arising from criminals and their associates owning or controlling CASSPrs; and
  3. providing regulatory certainty about the policy treatment of crypto assets and CASSPrs, and providing a signal to consumers to differentiate between high quality, operationally sound businesses and those who are not[6].

The Consultation Paper raises consultation questions on whether these objectives are appropriate, and whether these policy objectives can be expanded on[7].

Proposed Crypto Licensing regime

The Consultation Paper also envisions an interaction with the existing AML/CTF regime as supervisor for CASSPrs, providing designated services in order to ensure that criminal activity is kept out of the sector. The scope of the proposed licensing regime covers the following (although it would not be applicable to decentralised platforms or protocols):

  • all secondary service providers who operate as brokers, dealers, or operate a market for crypto assets; and
  • all secondary service providers who offer custodial services in relation to crypto assets.

Consultation questions are then raised as to the proposed scope and detail of the AML/CTF regime, and whether CASSPrs should require licenses or whether licensing should be specific to subsets of crypto assets – such as NFTs. The Consultation Paper also seeks to consult on how to best minimise regulatory duplication on this front.[8]

Establishing the potential scope of obligations on secondary service providers

The proposal to implement a CASSPr licensing regime is intended to be separate form and AFS licensing regime, and the Consultation Paper notes that the regime would seek to impose the following obligations on CASSPrs:

  1. do all things necessary to ensure that the services covered by the licence are provided efficiently, honestly and fairly, and any market for crypto assets is operated in a fair, transparent and orderly manner;
  2. maintain adequate technological and financial resources to provide services and manage risks, including by complying with the custody standards proposed in this Consultation Paper;
  3. have adequate dispute resolution arrangements in place, including internal and external dispute resolution arrangements;
  4. ensure directors and key persons responsible for operations are fit and proper persons and are clearly identified;
  5. maintain minimum financial requirements including capital requirements;
  6. comply with client money obligations;
  7. comply with all relevant Australian laws;
  8. take reasonable steps to ensure that the crypto assets it provides access to are ‘true to label’ e.g. that a product is not falsely described as a crypto asset, or that crypto assets are not misrepresented or described in a way that is intended to mislead;
  9. respond in a timely manner to ensure scams are not sold through their platform;
  10. not hawk specific crypto assets;
  11. be regularly audited by independent auditors;
  12. comply with AML/CTF provisions (including a breach of these provisions being grounds for a licence cancellation); and
  13. maintain adequate custody arrangements[9].

The Consultation Paper then raises consultation questions as to:

  • whether the proposed obligations are appropriate;
  • whether there should be a ban on CASSPRrs air dropping crypto assets through services provided;
  • whether there should be a ban on not providing advice considering a person’s personal circumstances in respect of crypto assets; and
  • what CASSPrs estimate the costs of implementing such a proposal to be.[10]

There is also intended to be provision for financial requirements of CASSPrs, a prohibition on hawking or pressure selling crypto assets, and provisions in respect of the custody of client assets.

Alternative options are also put forward in respect of regulating CASSPRs, which include bringing all crypto assets into the existing financial services regime by defining crypto assets as financial products under section 764A of the Corporations Act.

The Consultation Paper seeks feedback on this proposed approach, both from the market and CASSPrs, in respect of proposed operational costs in doing so.

Custody obligations to safeguard private keys

In respect of custody obligations to safeguard private keys, the Consultation Paper proposes the inclusion of the following principals-based obligations in order to afford consumers protections in relation to custody:

  1. holding assets on trust for the consumer;
  2. ensuring that consumers’ assets are appropriately segregated;
  3. maintain minimum financial requirements including capital requirements;
  4. ensuring that the custodian of private keys has the requisite expertise and infrastructure;
  5. private keys used to access the consumer’s crypto assets must generated and stored in a way that minimises the risk of loss and unauthorised access;
  6. adopt signing approaches that minimise ‘single point of failure’ risk;
  7. robust cyber and physical security practices;
  8. independent verification of cybersecurity practices;
  9. processes for redress and compensation in the event that crypto assets held in custody are lost;
  10. when a third-party custodian is used, that CASSPrs have the appropriate competencies to assess the custodian’s compliance necessary requirements; and
  11. any third-party custodians have robust systems and practices for the receipt, validation, review, reporting and execution of instructions from the CASSPrs[11].

The Consultation Paper also floats an alternative option of industry self-regulation for bodies relating to crypto assets, citing as an advantage that such an option would allow industry participants the flexibility and limited regulatory barriers to foster and encourage growth of new and innovative blockchain technology within Australia.

The Consultation Paper raises questions as to whether such proposed obligations are appropriate, particularly in respect of safekeeping client crypto assets and/or whether self-regulation would be an appropriate model for custodians of crypto assets.[12] We at Gadens see issues with self-regulation particularly in respect of custody obligations.

Views on the classification of crypto assets, noting further consultation will follow on this aspect later in 2022

Lastly, the Consultation Paper seeks early views on token mapping of crypto assets on the networks in which they operate, noting that technological complexities can be programmed to provide a range of contractual rights and functions of specified networks. The Consultation Paper then seeks feedback on types of crypto assets to inform token mapping, including utility crypto assets, collectable crypto assets, zero utility crypto assets, membership crypto assets, asset-backed crypto assets, algorithmic stable crypto assets, and governance crypto assets, amongst others.

The Treasury also seeks feedback on examples of crypto assets that are financial products and any that ought to be banned in Australia.[13]

The Consultation Paper, together with announcements made by Treasurer Josh Frydenberg in respect of implementing a robust and competitive tax regime for crypto assets, have been made ahead of the federal budget next week.

It is expected that that the Federal Government will additionally:

  1. release terms of reference on Monday for a Council of Financial Regulators review of major banks ‘de-banking’ crypto start-ups;
  2. announce a Board of Taxation review to determine appropriate tax settings;
  3. ensure that the Treasury works with the Australian Taxation Office to issue more expansive guidance on the current tax treatment of digital assets and the review would not result in an increase to the overall tax burden;
  4. look to introduce a Digital Services Act, to address markets licensing, custody, DAOs, debanking, tax and tokens, which will be guided by four principles.[14]
  5. consider new legislation to help Australia play a part in the emergence of Web3, a new form of the internet that underpins cryptocurrencies and digital assets, which Treasury sees as a source of new jobs and tax revenue for the economy; and
  6. Seek to foster a DeFi system allowing banking-style services to run on decentralised networks, with a view to encouraging innovation, jobs and growth.

It is intended by the Treasury that this digital asset framework will align with the current ASIC framework in place for more traditional financial institutions, requiring managers to act honestly, efficiently and fairly and entities to hold capital to protect investors – but may provide more flexibility given digital assets are still evolving.

In addition to the expected announcements this week, the Government, per the December 2021 Treasury Report, intends by the end of 2022 to have:

  1. received a report from the Board of Taxation on taxation of digital transactions and assets;
  2. undertaken a token mapping exercise; and
  3. examined the potential of Decentralised Autonomous Organisations and how they can be incorporated into our legal and financial frameworks.

Next Steps

 Gadens is currently preparing its own consultation paper in respect of Crypto assets. Please get in touch to learn more and to contribute ideas.

If you found this insight article useful and you would like to subscribe to Gadens’ updates, click here.

Authored by:
Kate Mills, Partner
Freda Zacharia, Senior Associate
Taylor Green, Associate

Get in touch with the Gadens team to discuss any regulation and compliance issues.



[2] The Australian Government the Treasury, Crypto asset secondary service providers: Licensing and custody requirements Consultation Paper, The Treasury, 21 March 2022, 3.

[3] see ASIC Class Order 13/1409 and ASIC Regulatory Guide 133.

[4] see ASIC Class Order 13/1410 and ASIC Regulatory Guide 133.

[5] The Australian Government the Treasury, Crypto asset secondary service providers: Licensing and custody requirements Consultation Paper, The Treasury, 21 March 2022, 10-11.

[6] Ibid, 14

[7] Ibid, 14.

[8] Ibid, 15.

[9] Ibid, 16 -17.

[10] Ibid, 17.

[11] Ibid, 20-21.

[12] Ibid, 22.

[13] Ibid, 24


This update does not constitute legal advice and should not be relied upon as such. It is intended only to provide a summary and general overview on matters of interest and it is not intended to be comprehensive. You should seek legal or other professional advice before acting or relying on any of the content.

Get in touch