Developments in financial technology (A Guide to fintech in Australia) are a feature of Australia’s financial services industry. Australia has seen an extensive array of mature product offerings leveraging innovative technology to improve – and disrupt – the design and delivery of financial services.
There is a continuing focus on the opportunities and potential for blockchain technology and smart contracts to enhance and augment financial products and services and a corresponding interest in the use of cryptocurrency, tokens, coins, and assets (crypto assets).
The Australian Government and regulators are ostensibly receptive to innovation in financial services however there is considerable discussion around the risks and challenges for market participants and customers as web3 has evolved beyond recognizable digital representations of value to novel concepts like decentralized finance (DeFi), stablecoins, nonfungible tokens (NFTs), digital markets, tokenized assets, identity, exchanges and decentralized autonomous organizations (DAOs).
Web3 has been heralded as the next generation of the internet using blockchain and digital assets, and the phasing in of an era of decentralized, permissionless, and trustless digital economy.
Core elements of web3, crypto, and blockchain
Following is an overview of the building blocks of web3-based strategies.
Blockchain in Australia
A blockchain is a ledger method for recording transactions, organized in blocks or groups of data across many computers (ie, nodes) that are linked and secured. This is different from traditional record-keeping methods that store data in a central place.
Each block can only hold a certain amount of information, so new blocks are continually added to the ledger, forming a chain. Each block has its own unique identifier, which is a cryptographic hash. The hash protects the information in the block from anyone without the required code and also protects the block’s place on the chain.
Blockchain is a core component of cryptocurrency networks and acts as the ledger on which a permanent record of all transactions is kept. Blockchain is touted for its benefits such as immutability (ie, it is very difficult to alter or amend records), trust, traceability, security, and transparency. It also provides businesses with increased efficiency by automating processes and reducing the need for intermediaries.
In Australia, there have been several leading blockchain initiatives, including industry speciﬁc trials in ﬁnancial services, energy, minerals, agriculture, food and beverage, and the public sector. Blockchain has been used to manage validation, facilitate payment flows, manage supply chains, trade assets, and operate marketplaces.
A smart contract is a computer program or a transaction protocol stored on the blockchain that automatically executes actions according to the terms of a contract or an agreement. For example, a smart contract can hold crypto assets and send them as directed based on certain conditions. Smart contracts allow developers to build apps on blockchain protocols to provide other services or functionality.
Cryptocurrency and crypto assets
Cryptocurrency (also known as virtual assets, digital assets, crypto assets, or digital currencies) refers to digital tokens created from code using blockchain that does not exist physically in the form of notes or coins. Currently, Australian law does not equate cryptocurrency with fiat currency and does not treat cryptocurrency as “money” and there are currently no express prohibitions on the use or trading of cryptocurrency in Australia. Examples include Bitcoin (the native token of the bitcoin network) and Ether (the native token of the Ethereum network).
While cryptocurrency is generally used as a catch-all term, there have been a variety of new assets that have emerged in web3. These include:
- Stablecoins: Stablecoins are cryptocurrencies that peg their value to some external “stable” reserve asset, usually a fiat currency like the US dollar or a commodity like gold. The combination of traditional-asset stability with digital-asset flexibility has had significant uptake and stablecoins have become a very popular way of storing and trading value in the crypto ecosystem. Because stablecoins are seen to bridge the worlds of crypto and fiat, stablecoins have become popular in the context of accessing DeFi. Stablecoins can be collateralized, which means each token is backed 1:1 with a real-world asset (eg, US dollars) or they can be algorithmic. Algorithmic stablecoins are a series of smart contracts that attempt to balance the supply of tokens in circulation to maintain the value of the token.
- Central bank digital currencies (CBDCs): CBDCs are a new form of a digital payment instrument issued by a central bank (for example, the Reserve Bank of Australia (RBA)) that is representative of a national currency. CBDCs can be indirect (ie, wholesale only) meaning CBDCs are only accessible to wholesale market participants in the payments and settlement systems context, which would simplify the complex payment mechanisms currently in place between banks and the RBA. CBDCs can also be direct (ie, retail) meaning the RBA directly issues CBDCs to individuals as a payment mechanism, and all transactions and payments between individuals will operate at the RBA level. In Australia, it has generally been the RBA’s position that a retail CBDC will not bring substantive benefits. As of August 2022, the RBA has been collaborating with the Digital Finance Cooperative Research Centre on a research project to explore use cases for and the potential economic beneﬁts of a CBDC in Australia.
- Nonfungible tokens (NFTs): An NFT is a cryptographic token that represents a unique asset (ie, it is not interchangeable). NFTs can be tokenized versions of real-world assets or they can represent digital collectibles. The key benefit of NFTs is that they represent verifiably scarce, portable, and programmable pieces of digital property. NFTs have to date largely been used in relation to digital art but they can also be used for things like video game items, a plot of land in the Metaverse, data and identity documentation, certificates, and representations of real-world assets like premium wine or luxury consumer goods. NFTs can be traded or sold in marketplaces like OpenSea and often represent the access point for digital projects like CryptoKitties and Axie Infinity.
- Soulbound tokens (SBTs): SBTs are a type of NFT bound to a single wallet or individual, meaning they cannot be transferred to anyone else. SBTs can be used to store identification information in a secure way and can ensure that permits access to certain information is only provided on an as-needed basis. For example, a person could verify all certain credentials associated with their identities such as their identity documentation, medical information, credit information, or educational qualifications, and for each item, hold a corresponding SBT in their wallet.
- Tokenised financial assets: Tokenised assets can comprise a range of items, such as tokens representing underlying financial products, being a financial product itself, or using technology to bundle rights and income streams on-chain to create a new type of financial product. For example, various projects have tokenized traditional financial instruments like shares, carbon credits, mortgages, and bundled income streams from various packaged debt products to provide customers with greater certainty around ownership and transferability.
- Governance tokens: Governance tokens are designed to provide holders the right to vote on issues that govern the development and operations of a blockchain project. That is, governance tokens permit projects to distribute decision-making power to the community behind the network.
A crypto wallet is like a user account that facilitates customer interaction with a blockchain network. A wallet consists of:
- a public key that is an alphanumeric identifier that functions as an address or location for the user, which can be publicly disclosed; and
- a private key, a confidential password that is used to ‘sign’ transactions as well as provides access to the wallet.
All users require a wallet to undertake actions like sending and receiving crypto assets.
Decentralized finance (DeFi) and centralized finance (CeFi)
Decentralized finance or DeFi refers to the shift from traditional, centralized financial systems to peer-to-peer finance enabled by protocols like Ethereum. With DeFi, customers can undertake activities that traditional financial institutions typically intermediate, like making payments, lending, borrowing, and trading financial products like derivatives but customers can do so without the presence of traditional financial institutions as intermediaries or central parties. In DeFi, smart contracts replace the intermediaries in the transaction.
CeFi connects traditional finance and blockchain technology by reintroducing intermediaries between users and DeFi.
‘Staking’ has various meanings, models, and interpretations. Some examples include:
- Ethereum validators stake (or lock) ETH to activate validator software and participate in the Ethereum proof of stake mechanism via which transactions are validated. The network chooses people to validate based on the size of their stake and the length of time they’ve staked their tokens so the most invested participants are likely to be rewarded for staking, or securing the operation of, the network;
- decentralized groups providing liquid staking protocols that allow individuals to have access and exposure to staking rewards from node operators;
- centralized providers who provide managed staking services that allow individuals to have access and exposure to staking rewards from the provider’s own node;
- platforms that provide direct pass-through access to other staking products but do not provide their own staking product; and
- centralized providers that offer ‘staking’ under which users can lend assets to those providers and such providers use those assets to derive staking returns (a portion of which is provided to the lenders/users).
Centralized and decentralised exchanges
An exchange permits users to buy and sell crypto assets using fiat currency or other crypto assets. Centralized exchanges are run by a central party (ie, platform or market operator) that acts like a market maker to facilitate trades via the platform. Centralized exchanges generally take user funds or crypto assets and exchange these for the user’s desired crypto asset by drawing on the exchange’s existing reserves or by obtaining such assets from the exchange’s third-party liquidity providers. Centralized exchanges often provide custodial services for users to store a user’s funds and crypto assets on-platform.
A decentralized exchange (or DEX) does not have a central party and executes buy and sell orders using smart contracts to effect automated peer-to-peer trading (ie, where buyers and sellers are matched or by drawing on an existing liquidity pool supplied by liquidity providers).
Users that trade with a liquidity pool on a DEX are usually charged a transaction fee, which is then proportionally shared with users that have provided liquidity by contributing to a liquidity pool. As there is no intermediary, DEXs are noncustodial meaning users retain control of their crypto assets.
Decentralised autonomous organizations (DAOs)
A DAO is an open-source code-based organization or community that is governed by its members typically using governance tokens. The ‘rules’ of the community are enforced using smart contracts such that there is no centralized authority and members do not need to be known to one another. A DAO’s governance token is generally used to incentivize participation in the DAO and holding governance tokens broadly permits the holder (being a member of the DAO) to vote on proposals relating to decisions of the DAO.
There has been significant industry and regulatory commentary as to the legal status of DAOs (and there is currently no legislated position on this in Australia).
Who are the key regulators today?
No regulator has been specifically tasked with supervising and regulating crypto assets in Australia and our regulators and agencies are each mandated with the administration of laws applicable to a particular industry or legal area.
Australian Securities and Investments Commission (ASIC)
ASIC is Australia’s corporate, markets, financial services, and consumer credit regulator. ASIC is responsible for overseeing licensing, supervision, and enforcement of Australian companies, financial markets, financial services organizations (including banks, credit providers, insurers, superannuation providers, and funds), and businesses dealing with or advising on investments, superannuation, insurance, deposit-taking, and credit. ASIC also has delegated powers from Australia’s competition regulator, the Australian Competition and Consumer Commission, with respect to administering the Australian Consumer Law with respect to crypto assets.
Australian Transaction Reports and Analysis Centre (AUSTRAC)
AUSTRAC is Australia’s financial intelligence agency, responsible for preventing, detecting, and responding to criminal abuse of Australia’s financial system. This includes oversight with respect to reporting entities that provide designated services (including digital currency exchange providers, remittance providers, certain financial product issuers and distributors, and stored value facility operators) and overseeing reporting and other measures to combat money laundering and terrorism financing.
Australian Prudential Regulation Authority (APRA)
APRA is Australia’s prudential regulator, responsible for administering the banking, superannuation, insurance, and prudential regimes. APRA is responsible for licensing, supervision, and enforcement of authorized deposit-taking institutions (ie, banks) and other purchased payment facility operators, and the creation and administration of prudential standards in relation to financial soundness, risk management, and governance within such institutions.
Reserve Bank of Australia (RBA)
The RBA is Australia’s central bank and payment systems authority, responsible for supervising Australia’s core banking and payment systems. This includes conducting monetary policy, maintaining financial stability, issuing banknotes, supervising payment schemes, as well as clearing and settling transactions between authorized deposit-taking institutions and purchased payment facility operators authorized and supervised by APRA.
Treasury: The Treasury is not a regulator but a central policy agency for the Australian federal government. It has played an increasingly important role in Australia’s crypto asset and web3 landscape by consulting with industry and providing guidance as to the direction of how legislators seek to introduce changes with respect to the regulatory treatment of crypto assets and service providers.
How is web3 regulated in Australia?
The regulation of crypto assets and web3 business models in Australia is complex and will be subject to a significant change in the next few years. Market events and increasing calls from the industry for clarity in regulation have caused Australian regulators, particularly ASIC, to become more active in the web3 landscape with a strong emphasis on consumer protection and market integrity.
Currently, there are no laws in Australia that have been implemented to specifically regulate crypto assets and Australia’s regulatory regimes adopt a technology-neutral approach, such that services will be regulated equally, irrespective of the method of delivery. There have been some legislative amendments to accommodate the use of crypto assets however the predominant focus has been the transactional relationships (eg, the issuing and exchanging process) and activities involving crypto assets and how these are captured under existing regulatory frameworks in Australia.
As with crypto assets, there are also currently no specific regulations dealing with blockchain or other distributed ledger technologies (DLT) in Australia. However, ASIC maintains a public information sheet (INFO 219 Evaluating distributed ledger technology) outlining its approach to the regulatory issues that may arise through the implementation of blockchain technology and DLT solutions more generally. Businesses considering operating market infrastructure or providing financial or consumer credit services using DLT, will remain subject to the compliance requirements that currently exist under the applicable licensing regime.
Financial services regulation
An entity carrying on a financial services business in Australia must comply with financial services laws under the Corporations Act 2001 (Cth) (Corporations Act), the Australian Securities and Investments Commission Act 2001 (Cth) (ASIC Act), and associated regulations as administered by ASIC. This includes the requirement to hold an Australian financial services license (AFSL) unless an exemption applies.
Fintech and web3 businesses may also need to hold an Australian market license where they operate a facility through which offers to buy and sell financial products are regularly made (eg, an exchange). If an entity operates a clearing and settlement mechanism which enables parties transacting in financial products to meet obligations to each other, the entity must hold a clearing and settlement facility license or be otherwise exempt.
The legal status of crypto assets and adjacent services turns on their structure and the associated rights (which should be interpreted broadly). Depending on the circumstances, the following financial products may be relevant: deposit products, securities, derivatives, interests in managed investment schemes (MIS) (ie, collective investment vehicles), miscellaneous investment and risk management facilities, and facilities through which non-cash payments (NCP) can be made.
The broad definition of what constitutes a financial product under the Corporations Act means that crypto asset issuers and adjacent service providers will need to undertake a detailed exercise to understand the key product features that may trigger regulatory obligations or give rise to risk due to regulatory uncertainty.
ASIC has released INFO 225 Crypto-assets (INFO 225) to assist businesses involved with crypto assets or provide crypto asset-adjacent services. In INFO 225, ASIC provides high-level regulatory signposts for crypto asset participants to determine whether they have legal and regulatory obligations. These signposts are relevant to crypto asset issuers, crypto asset intermediaries, miners and transaction processors, crypto-asset exchanges and trading platforms, crypto asset payment, and merchant service providers, wallet providers and custody service providers, and consumers.
Financial services may capture activities such as marketing or promoting activity, providing financial products or making them available to customers, and arranging for customers to acquire or close products. An entity that facilitates payments by crypto assets may also be required to hold an AFSL and the operator of a crypto asset exchange may be required to hold an Australian market license if the supported assets are financial products.
Entities dealing in financial product crypto assets will need to comply with the regulatory requirements under the Corporations Act, which generally include disclosure, registration, licensing, and conduct obligations. Product issuers and distributors should also ensure compliance with design and distribution obligations, including the requirement to develop and comply with appropriate target market determinations.
Consumer credit regulation
Certain credit activities will trigger the requirement to hold an Australian credit license (ACL) under the National Consumer Credit Protection Act 2009 (Cth) (NCCP Act) (including the National Credit Code (Credit Code)), and requirements under the ASIC Act and associated regulations as administered by ASIC. The ACL requirement applies to credit (ie, contracts for deferred debt) regulated under the Credit Code, meaning credit that is provided:
- to natural persons or strata corporations;
- for predominantly personal, household, or domestic purposes;
- for a fee or charge; and
- in the course of carrying on a business of providing credit in Australia.
Principal issuers of consumer credit contracts will trigger the requirement to hold an ACL. Web3 participants (particularly in centralized finance or CeFi) will need to consider whether credit licensing obligations are triggered in the context of borrowing or lending (including where loans are made using crypto assets or crypto assets are used as collateral for a fiat loan).
The ACL requirement also captures a broad range of businesses that provide credit services such as credit assistance (eg, suggesting or assisting a person in relation to credit) or credit intermediation (eg, acting as an intermediary in relation to credit). There are various ACL exemptions that are available for certain credit products, such as low-value and short-term credit arrangements or otherwise being supervised by an appropriately licensed entity.
Credit providers should also be aware of the conduct and disclosure obligations attach to dealing with consumer credit, including in relation to responsible lending, breach reporting, and disclosure. Product issuers and distributors should also ensure compliance with design and distribution obligations, including the requirement to develop and comply with appropriate target market determinations.
Anti-money laundering and counter-terrorism financing regulation
Entities that provide designated services with a geographical link to Australia (referred to as reporting entities) must comply with the Australian AML/CTF regime, which is captured under the Anti-money Laundering and Counter-terrorism Financing Act 2006 (Cth) (AML/CTF Act) and associated rules. This includes the requirement to enroll (and sometimes register) with the Australian Transaction Reports and Analysis Centre (AUSTRAC) as a reporting entity and comply with various compliance, transaction monitoring, and reporting obligations. Relevant designated services include a broad range of dealings in accounts with financial institutions, acquisition, and disposal of certain financial products, digital currency exchange, stored value cards, custodial services, and remittance services.
Digital currency exchange (DCE) providers are required to register and enroll with AUSTRAC and must implement know-your-customer processes to adequately verify the identity of their customers, with ongoing reporting obligations such as annual compliance reporting and the requirement to monitor and report suspicious and large transactions. Exchange operators must also keep certain records relating to customer identification and transactions for up to seven years. DCE providers are required to renew their registration every three years. The DCE sector has been of great interest to AUSTRAC, in particular, monitoring the money laundering and terrorism financing risks associated with digital currency.
Crypto asset issuers and service providers must also consider whether they are subject to prudential regulation. While ASIC is responsible for regulating the issuance and distribution of deposit products, the operation and financial stability of businesses providing banking services fall under the Banking Act 1959 (Cth) (Banking Act), associated regulations, and prudential standards published by the Australian Prudential Regulation Authority (APRA). Generally, entities that are carrying on a banking business (eg, taking money on deposit and making advances of money) in Australia are required to be authorized by APRA as an authorized deposit-taking institution (ADI) and comply with associated obligations and prudential standards.
Entities that are holders of stored value in connection with a purchased payment facility (PPF) are required under the Payment Systems (Regulation) Act 1998 (Cth) (PSRA) to become an ADI authorized by APRA. A PPF is a facility (other than cash) where the customer is able to make payments up to the amount available under the facility and those payments are made by the provider of the facility (or another person acting in accordance with instructions). This may be relevant for digital wallet providers that offer customers digital wallets as a means of payment and storing value for customers.
The RBA has issued various declarations exempting certain PPFs from the application of the PSRA or exempting certain entities from the requirement to be an ADI though none specifically related to crypto assets. There is an open question as to how crypto asset banking participants can comply in practice with the banking and stored value regime and it is anticipated that the regime will be subject to change such that it is ﬁt for the purpose of the emerging ﬁnancial system and can accommodate future developments and technological advances, such as proposals for global stablecoins.
Even if crypto assets or crypto adjacent services are not captured under the Corporations Act, they may still be subject to other regulations and laws, including the Australian Consumer Law set out in Schedule 2 to the Competition and Consumer Act 2010 (Cth) relating to the oﬀer of services or products to Australian consumers. The ACL prohibits (among other things) misleading or deceptive conduct in a range of circumstances including in the context of marketing and advertising and unconscionable conduct. The protections of the ACL are generally reﬂected in the ASIC Act, providing substantially similar protection to investors in ﬁnancial products or services.
ASIC has also received delegated powers from the Australian Competition and Consumer Commission to enable it to take action against misleading or deceptive conduct in connection with crypto assets (regardless of whether it involves a ﬁnancial product).
Enforceability of smart contracts
Smart contracts (including self-executing contracts) are permitted in Australia under the Electronic Transactions Act 1999 (Cth) (ETA) and the equivalent Australian state and territory legislation. The ETA provides a legal framework to enable electronic commerce to operate in the same manner as paper-based transactions. Under the ETA, self-executing transactions are permitted in Australia, provided that they meet all traditional elements of a legal contract, including an intention to create legally binding obligations; oﬀer and acceptance; certainty; and consideration. The pre-determined and self-executing form of smart contracts creates diﬃculties where there is an element of discretion available to either party.
The taxation of crypto assets in Australia has been an area of much debate, despite recent attempts by the Australian Taxation Office (ATO) to clarify the operation of Australian tax law. For income tax purposes, the ATO views cryptocurrency as an asset that is held or traded (rather than as money or a foreign currency) however the tax implications for holders of cryptocurrency will depend on the purpose for which the cryptocurrency is acquired or held.
Reviews and consultations
While crypto asset issuers and service providers have sought to understand and comply with Australia’s existing regulatory framework, it is apparent that the existing regimes are not fit-for-purpose for web3 .
There have been numerous Government reviews in connection with how crypto assets and crypto asset-adjacent services should be regulated as well as how the broader financial services landscape should be regulated. These include:
It is expected that the outcome of these reviews will have significant effects on the current regulatory regimes relevant to crypto assets.