A primary focus of this phase of the committee's inquiry has been the regulation of digital and crypto-assets in Australia. The committee has engaged deeply with industry players, peak bodies, academics and regulators on these issues.
The evidence the committee has received on these issues is covered over two chapters. This chapter provides an overview of digital asset classes and the current market for these products in Australia and internationally. It then provides a broad summary of the existing regulatory framework for digital assets in Australia, and an overview of the frameworks in place in some other leading jurisdictions, as highlighted by submitters to the inquiry.
Chapter 3 then discusses options for reforming Australia's regulatory treatment of digital assets that were raised in evidence to the committee.
Overview of digital assets markets
The Australian Securities and Investments Commission (ASIC) uses the term 'crypto-asset' as an umbrella term to describe products that are also commonly referred to as ‘digital assets’, ‘virtual assets’ or ‘digital tokens’.
ASIC offered the following broad definition in its submission:
A crypto-asset is a digital representation of value or contractual rights that can be transferred, stored or traded electronically. Crypto-assets use cryptography, distributed ledger technology or other technology to provide features such as security and pseudo-anonymity. A crypto-asset may or may not have identifiable economic features that reflect fundamental or intrinsic value.
ASIC noted that crypto-assets 'are not a homogenous asset class', stating:
The rights and features of each crypto-asset can raise different considerations for consumers, product issuers, and regulators. Crypto-assets are commonly regarded as speculative assets, with volatile prices and minimal to no regulatory oversight.
A brief overview of some common terms often discussed in the context of digital and crypto-assets are included here, as follows.
The most well established and highly traded digital assets are cryptocurrencies. The Reserve Bank of Australia (RBA) described cryptocurrencies in the following terms in its submission:
[Cryptocurrencies] have their own ‘currency’ unit and are not denominated in the currency of any sovereign issuer. The distinguishing feature of most cryptocurrencies is that they utilise DLT [Distributed Ledger Technology] and cryptography to store digital ‘coin’ ownership records and transactions in a digital ledger that is distributed (and synchronised) across a number of ‘nodes’ (or computers) rather than relying on a central party to operate the system. Bitcoin is the most prominent implementation of a decentralised cryptocurrency protocol, but thousands of variations have emerged. Cryptocurrencies have no intrinsic value, are typically not issued by any single entity and effectively rely on users' complete trust in the software protocol that controls the system.
The RBA states that while the term 'cryptocurrency' may suggest these assets are a form of money, 'the consensus is that existing cryptocurrencies do not provide the key attributes of money', as they: are rarely used or accepted as a means of payment; are not used as a unit of account; and their prices can be very volatile so they are a poor store of value.
Proponents of cryptocurrencies disagree with this assessment. Bitaroo, an Australian Digital Currency Exchange (DCE), submitted that Bitcoin, the world's most prominent cryptocurrency, provides users with 'better control over their own money and alternatives to traditional and often exclusive financial services'. Proponents argue that cryptocurrencies can assist traditionally underserved and un-banked populations to access payment mechanisms. Several submitters noted that El Salvador has recently classified Bitcoin as legal tender, with other countries also reportedly considering this classification.
Decentralised Finance (DeFi) is an emerging and rapidly evolving area of financial technology. DeFi encompasses a range of blockchain-based business models and structures, with the main common factor being that DeFi solutions all attempt to 'provide functions analogous to, and potentially beyond, those offered by traditional financial service providers, without reliance on central intermediaries or institutions'. DeFi aims 'to reconstruct and reimagine financial services on the foundations of distributed ledger technology, digital assets and smart contracts'.
The Wharton Blockchain and Digital Asset Project identifies six major DeFi categories: stablecoins (discussed further below); decentralised exchanges for digital assets; credit products; derivatives, also known as synthetic financial instruments; insurance products; and asset management applications.
Recent DeFi developments in Australia include the launch of a DeFi investment fund, the development of cryptocurrency derivatives trading platforms which enabling cryptocurrency holders to lend their cryptocurrencies and earn a return, and the development decentralised insurance contracts which are programmed to pay out should software fail or criminals steal assets.
Blockchain applications are also being used to tokenise real world assets. A recent example in the Australian context is the issuance of the Perth Mint Gold Token (PMGT), a partnership between Perth Mint and Trovio Capital Management which digitises physical gold in the form of GoldPass certificates, and makes a tokenised form of these certificates available on a public blockchain where investors, traders and institutions can buy and sell them on Digital Asset Exchanges.
The World Economic Forum notes that although examples of DeFi have existed for several years, there was a sudden upsurge of activity in 2020, with the value of digital assets locked in smart contracts growing to over $13 billion:
In one year, the value of digital assets locked in DeFi smart contracts grew by a factor of 18, from $670 million to $13 billion; the number of associated user wallets grew by a factor of 11, from 100,000 to 1.2 million; and the number of DeFi-related applications grew from 8 to more than 200. This growth in turn has stimulated interest from both the private and public sectors.
Stablecoins are a leading category of DeFi assets. According to ASIC, stablecoins are 'a form of crypto-asset that aim to maintain a stable value relative to a specified unit of account or store of value':
Examples of these units or stores are as a national currency, commodity or other asset. Many other crypto-assets have prices determined solely by supply and demand and can be volatile. In contrast to these crypto-assets, stablecoins aim to maintain a specified price level. This makes them more attractive to hold as a means of payment or store of value.
Several stablecoins that aim to have their price pegged to the US Dollar have gained prominence in recent times. There are not currently any stablecoins of significance linked to the Australian dollar.
Central Bank Digital Currencies
The RBA submitted that a Central Bank Digital Currency (CBDC) represents a potential new form of digital money that would be a liability of, or a claim on, a central bank. The RBA explained further:
This could include both retail CBDC, which would be like a digital version of cash that is essentially universally accessible, and wholesale CBDC, which would be accessible only to a more limited range of participants (but probably including some that do not currently have access to settlement accounts at central banks). Like cash and settlement account balances, the unit of account of the CBDC would be the sovereign currency (i.e. the Australian dollar), the CBDC would be convertible at par (i.e. one for one) with other forms of money, and it would likely also be specified to serve as legal tender.
The RBA stated that while much research is occurring internationally on CBDCs, including by the RBA itself, only one country (the Bahamas) currently has a fully operational CBDC. The RBA noted, however, that the People’s Bank of China is in an advanced stage of testing possible issuance of a retail CBDC or ‘digital yuan'.
Non-Fungible Tokens (NFTs)
NFTs are crypto-assets which 'may represent the original or licenced literary and artistic works of an author or authors or the unique contractual terms between parties'. The most high-profile examples of NFTs are digital artworks, however NFT technology is broader than this, as explained by FinTech Australia:
NFTs is a description of the technology used where something unique or a record of something unique, is maintained on a blockchain or distributed ledger. What an NFT is, depends on the nature of the information that is provided when an NFT is transferred and recorded. For example, NFTs underpin many blockchain use cases, such as in relation to supply chain management to track the movement of a particular good at a particular time, or records of trademarks. Other NFTs exist purely in the digital realm, such as collectors items, such as jpeg images, or rights in those images.
Size and scope of digital assets markets in Australia and globally
ASIC noted that, consistent with global trends, it has seen 'significant interest in the Australian market for crypto-assets', which are 'available to Australian retail investors through local digital currency exchanges and overseas-based crypto-asset trading platforms'.
Global market for digital assets
Recent estimates have put the current aggregate market value of the digital asset ecosystem globally at approximately $2.8 trillion AUD, with about 221 million users worldwide having traded a cryptocurrency or used a blockchain-based application as of June 2021, up from 66 million at the end of May 2020.
DeFi is an area of the crypto-asset ecosystem experiencing remarkable growth. The World Economic Forum notes that although examples of DeFi have existed for several years, there was a sudden upsurge of activity in 2020:
In one year, the value of digital assets locked in DeFi smart contracts grew by a factor of 18, from $670 million to $13 billion; the number of associated user wallets grew by a factor of 11, from 100,000 to 1.2 million; and the number of DeFi-related applications grew from 8 to more than 200. This growth in turn has stimulated interest from both the private and public sectors.
The Digital Law Association (DLA) submitted that its members have undertaken preliminary research showing the significance of the global economic opportunities associated with various parts of the digital asset economy, summarised at Figure 2.1.
Figure 2.1: Potential scope of the digital asset economy
Source: Digital Law Association, Submission 49, p. 8.
Size of the digital asset market in Australia
The Australian Taxation Office (ATO) submitted that ATO data analysis in relation to cryptocurrencies and other digital assets 'shows a dramatic increase in trading since the beginning of 2020'. The ATO estimated that there are 'over 600,000 taxpayers that have invested in digital assets in recent years'.
Finder submitted research findings from June 2021, based on a representative survey of just over 1,000 individuals, showing that 17 per cent of Australians currently own cryptocurrency, with a further 13 per cent of respondents saying they plan to buy cryptocurrency in the next 12 months. Finder noted that close to a third of 'Gen Z' respondents currently own cryptocurrency, showing the strong interest among younger consumers.
Swyftyx, a Brisbane-based DCE, released findings in September 2021, based on a nationally representative survey of nearly 2,800 individuals, showing similar uptake: 17 per cent of respondents (the equivalent of 3.4 million individuals nationally) currently own cryptocurrency, while a further eight per cent have owned cryptocurrency in the past but do not currently.
Independent Reserve, a Digital Currency Exchange operating in Australia since 2013, submitted that it 'services hundreds of thousands of Australian customers each year' and estimated that in FY20-21 total turnover on its platform alone will exceed AUD $5 billion, with total assets in custody 'in the hundreds of millions'.
In addition to the value of crypto-assets themselves, the committee heard of the scale of opportunity in related areas to support this emerging industry. For example, Blockchain Australia noted that a new market to emerge from the growth of crypto-assets is businesses which provide digital asset infrastructure:
Like physical assets which need to be securely stored, digital assets rely on an underlying infrastructure to support them. In most cases, this infrastructure is typically storage and computational power.
Blockchain Australia noted that, for example, Bitcoin mining activities generated USD $1.5 billion in March 2021. The committee heard of one digital asset infrastructure project being proposed in New South Wales involving upwards of $150 million worth of capital expenditure over two years.
The DLA argued that, despite industry's efforts to assist in estimating the economic benefits of a digital asset policy framework in Australia, the lack of a single, consolidated and comprehensive assessment 'has meant government and policy-makers have not had an accessible resource from which to understand and prioritise policies in this area'. It recommended that the Australian Government engage an independent body 'to properly and comprehensively assess the economic benefit of the opportunity within Australia of a digital asset policy framework'.
Overview of digital assets regulation in Australia
Digital assets are generally not prescriptively regulated in Australia. Several regulators have a current role, or potential future role, in regulating these products. In particular:
Certain digital asset businesses must register with the Australian Transaction Reports and Analysis Centre (AUSTRAC) to manage potential anti-money laundering and counter-terrorism financing (AML/CTF) risks.
Digital assets that meet the definition of 'financial product' under the Corporations Act 2001 are subject to regulatory oversight by ASIC; companies dealing with these financial products need to hold an Australian Financial Services Licence (AFSL) or an Australian Market Licence, depending on the circumstances.
The Australian Taxation Office (ATO) oversees the collection of tax revenue arising from digital asset businesses and transactions, and provides guidance on the circumstances in which tax accrues.
A number of other regulatory bodies may also affect businesses operating in the digital assets space, for example: the RBA has responsibility for payments policy and monitoring the development of digital assets intended for use as payment mechanisms, such as stablecoins; the Australian Competition and Consumer Commission regulates how businesses can market and sell products to consumers; and the Australian Prudential Regulation Authority (APRA) supervises Authorised Depository Institutions who provide services to digital assets businesses.
An overview is provided here of ASIC and AUSTRAC's regulatory role, as the bulk of the commentary in evidence to the committee related to these two regulators. The role of other regulators is discussed further in the remainder of this chapter and Chapter 3 where relevant.
Overview of ASIC regulation and licensing
Companies seeking to provide financial products or services (that is, operate a financial services business) need to apply to ASIC for an AFSL. Companies seeking to operate a financial market in Australia (such as a stock exchange) need to apply to ASIC for a Market Licence. These licences involve a range of obligations for licensees.
ASIC summarised its current regulation of digital assets as follows:
ASIC currently regulates crypto-assets and related products and services to the extent they fall within the existing regulatory perimeter of ‘financial products and services’… Crypto-assets that are not financial products and services are generally not regulated by ASIC. They may, however, be subject to other Australian laws—for example, the anti-money laundering and counter-terrorism financing laws regulated by AUSTRAC, consumer protection obligations regulated by the ACCC, and the taxation requirements regulated by the Australian Taxation Office (ATO).
Under the current regulatory framework, the question of whether a particular crypto-asset is within or outside the financial regulatory framework 'depends on particular characteristics of the crypto-asset offering'. ASIC noted that this can cause uncertainty for investors and consumers as well as issuers and distributors of these assets. Further:
Crypto-assets are not a homogenous asset class and each crypto-asset raises different considerations. As such, crypto-assets present unique challenges that can make it difficult to meet the safeguards in place to protect retail investors and Australian financial markets.
ASIC does not provide advice to companies seeking to launch an Initial Coin Offering (ICO) or other digital asset offering about whether a product is likely to qualify as a regulated financial product, with the onus falling on entities to 'be prepared to justify a conclusion that their ICO does not involve a regulated financial product'. Several submitters to the inquiry suggested that this regulatory uncertainty leaves many project developers unable to operate in this environment. For example, the Digital Law Association reported:
Our member legal practitioners are reporting an increasingly frustrated cohort of otherwise law-abiding digital asset client businesses unwilling to become embroiled in regulatory test cases, but crying out for clear direction and legal processes.
Most crypto-assets that are currently available to Australian retail investors (via Australian-based DCEs or overseas-based trading platforms) fall outside of ASIC's regulatory perimeter, meaning that companies offering these products do not need to hold an AFS Licence or a Market Licence. ASIC submitted that, as such:
These products do not automatically benefit from all the safeguards provided under the Australian financial regulatory framework administered by ASIC, such as upfront disclosure of the risks involved, access to dispute resolution services, or access to compensation funds. The safeguards available depend on the rights and features of each individual crypto-asset. Each crypto-asset service provider or trading platform is responsible for complying with all relevant Australian laws applicable to it.
ASIC stated that it was 'not aware of any retail financial products that have crypto-assets as a sole underlying asset' that have been issued under the Australian financial regulatory framework (except on an incidental basis) whether on an unlisted or quoted basis. ASIC stated that AFSL holders 'may be facilitating access to overseas funds that hold crypto-assets for wholesale or sophisticated investors'.
ASIC informed the committee that, as at August 2021, it was aware of at least nine AFSL holders who were also registered by AUSTRAC as DCEs; and at least five companies that were authorised representatives of AFSL holders who were also registered by AUSTRAC as DCEs.
ASIC regulatory approach and activities
ASIC noted that it has established an internal cryptocurrency working group, and stated that its general regulatory approach towards crypto-assets includes:
engagement with legitimate crypto-asset businesses to support their compliance;
monitoring the crypto landscape to identify emerging risks;
identifying opportunities to disrupt scams and take enforcement action where required; and
engaging with industry participants on practical proposals involving crypto-assets, to identify any gaps in the financial services regime to share with Treasury.
Guidance on initial coin offerings and crypto-assets
ASIC has provided guidance to industry on crypto-assets and initial coin offerings (ICOs) in its Information Sheet 225: Initial coin offerings and crypto-assets (INFO 225), issued in 2017 and then updated in March 2019. This information sheet describes how obligations under the Corporations Act and the ASIC Act may apply to ICOs and businesses involved with crypto-assets.
Consultation on Exchange Traded Products providing exposure to crypto-assets
ASIC has also recently released a consultation paper on the potential for the creation of Exchange Traded Products (ETPs) that invest in, or provide underlying exposure to, cryptocurrencies or other digital assets. ETPs include certain managed funds, exchange traded funds (ETFs) and structured products. All of these products are classified as financial products and as such fall within ASIC's regulatory perimeter. ASIC noted significant industry interest in crypto-asset ETPs as the reason for its consultation process, and submitted:
Given the unique, ever-evolving characteristics and consumer risks associated with crypto-assets, ASIC’s current focus is on understanding the global developments in relation to crypto-asset ETPs such as a bitcoin ETF.
We have worked with market operators and Treasury to consider the appropriateness of crypto-assets as permissible underlying assets for ETPs on Australian licensed financial markets and the appropriate minimum standards for such products.
ASIC's consultation paper Crypto-assets as underlying assets for ETPs and other investment products (CP 343) was released in June 2021, seeking feedback on proposed good practices to meet existing legal obligations that apply to:
Australian market licensees that admit such products onto their market; and
issuers of crypto-asset ETPs and other investment products that provide retail investors with exposure to crypto-assets.
The proposed good practices in CP 343 cover:
admission and monitoring standards for products on a market, including about:
the nature of crypto-assets that are appropriate as underlying assets of ETPs;
the reliable pricing of crypto-assets; and
how crypto-assets should be classified with respect to underlying asset rules; and
standards for issuers of ETPs and other investment products, including in relation to custody, risk management and disclosure.
ASIC noted in CP343 that the only crypto-assets it considers could potentially meet the appropriate criteria to form the basis of an ETP at this point in time are Bitcoin and Ether.
Regulation of consumer protection issues relating to digital assets
Some submissions highlighted consumer protection issues relating to crypto-assets. ASIC noted in its submission that scams relating to crypto-assets are an increasing problem:
The rise in value of crypto-assets globally has seen a sharp increase in retail investor interest in crypto-assets. Further, the crypto-asset marketplace is technologically complex, online and global. These factors have resulted in a substantial increase in unscrupulous operators seeking to defraud consumers.
From the beginning of 2021 to date, ASIC has received a significantly higher number of crypto-related scam reports, compared to previous years.
Most reports of misconduct (complaints) lodged with ASIC that involve crypto-assets involve what appear to be outright scams. We are increasingly seeing crypto-wallets as the preferred method of funds transfers to scammers, instead of bank accounts and wire transfers.
Many scams originate via either dating apps (‘romance-baiting’) or fake news articles. They are usually coupled with advertisements to trade in foreign exchange or contracts for difference (CFDs) with promises of high returns.
Scammers often impersonate Australian financial services licensees, and/or use ASIC’s logo to legitimise their operations.
ASIC stated that it has taken action in response to crypto-related scams, including: publishing scam warnings; sharing information with other regulators such as AUSTRAC; writing warnings and 'reverse onus' letters to issuers of scam-like material; and issuing warnings on the risks of investing in cryptocurrencies on the Moneysmart website. It noted that a key challenge is that scams are often generated offshore, which diminishes viable intervention options.
The Australian Competition and Consumer Commission (ACCC) operates the ScamWatch website, which provides information to consumers and small businesses about how to recognise, avoid and report scams. The ACCC informed the committee that between 1 January and 31 August 2021, the ACCC has received 3007 reports of scams involving cryptocurrency investment scams, with losses of $53.2 million. It noted that cryptocurrency investment scams represent 55 per cent of all investment scam losses and 48 per cent of all investment scam reports.
Role of the Australian Financial Complaints Authority
It was noted during the inquiry that the Australian Financial Complaints Authority (AFCA) currently has limited scope to resolve consumer complaints arising from cryptocurrency dealings, because AFCA is only able to consider complaints against financial firms that are members of AFCA.
Any businesses offering financial or credit products under an AFSL or an Australian Credit Licence are required by law to hold AFCA membership and be subject to its complaints processes; however at present, cryptocurrency or digital asset providers are generally not required to hold AFCA membership as they are not regulated through an AFSL.
AFCA noted that in recent times a small number of crypto-asset providers have become voluntary members of AFCA. AFCA recommended that access to internal and external dispute resolution arrangements should be put in place for consumers accessing digital asset products, similar to those in place for other regulated financial services providers.
AUSTRAC registration requirements and AML/CTF risks
Some digital asset businesses are required to register with the Australian Transaction Reports and Analysis Centre (AUSTRAC) under requirements set out in the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act).
The Department of Home Affairs (Home Affairs) and AUSTRAC stated in a joint submission that the AML/CFT Act 'provides a framework to detect and deter money laundering and terrorism financing and provide intelligence to revenue, law enforcement and national security agencies'. It applies a risk-based approach to combating financial crime, 'consistent with global best practice, as reflected in the inter-governmental Financial Action Task Force (FATF) standards'.
The scope of the AML/CTF Act was specifically expanded in 2018 to include regulation of digital currency exchanges (DCEs). Home Affairs and AUSTRAC submitted that DCEs, which exchange fiat currency for digital currency and vice versa, represent the ‘onramps’ and ‘off-ramps’ to digital currency, and 'have a significant role to play in mitigating financial crime risks'. They submitted that the main money laundering and terrorism financing risks associated with digital currencies are:
greater anonymity or, in some cases, complete anonymity, compared with traditional payment methods;
transfers of digital currency are unconstrained by national borders and difficult to tie to any particular geographic location;
transactions can be made on a peer-to-peer basis, generally outside the regulated financial systems; and
different components of a digital currency system may be located in different countries and subject to varying degrees of regulatory oversight which can lead to regulatory arbitrage or the use of digital currency moving underground.
Home Affairs and AUSTRAC explained the scope of the regulations that apply to DCEs as follows:
The regulatory obligations imposed on DCEs under the AML/CTF Act are in line with guidance developed by the FATF in 2015. The Act does not regulate cryptocurrency or digital assets, just as it does not regulate fiat currency, such as the Australian dollar. However, following the 2018 amendments, businesses offering DCE services between fiat currency and digital currency (i.e. cryptocurrency), and vice versa are regulated for AML/CTF purposes only. It does not regulate transaction exchanges from digital currency to digital currency.
Specific requirements for DCE providers under the AUSTRAC regulations are to:
enrol and register their business with AUSTRAC;
adopt and maintain an AML/CTF program to identify, mitigate and manage the ML and TF risks they may face;
collect information and verify the identities of their customers and undertake ongoing customer due diligence;
report suspicious matters and transactions involving physical currency that exceed $10,000 or more to AUSTRAC; and
keep records relating to customer identification, transactions, and their AML/CTF program and its adoption.
AUSTRAC may refuse an application (thereby preventing a digital currency exchange from operating) or tailor a business’ registration according to its money laundering, terrorism financing or other serious crime risk, and may suspend or cancel the registration of a DCE on similar grounds. AUSTRAC noted that its remit on regulating DCEs does not extend to areas outside AUSTRAC’s mandate, such as prudential, competition or consumer protection regulation.
Mr Bradley, Brown National Manager, Education, Capability and Communication, AUSTRAC took the committee through the registration process for DCEs:
AUSTRAC's registration process, which is actually stipulated through our rules, requires businesses to efficiently complete an attestation in relation to their business operations and that will include requirements around whether they had previously had any criminal record, so whether they have been charged, convicted of any offences in relation to money laundering, terrorism, financing, any other serious crimes. They are required to obtain and maintain a national police check. In our most recent engagements in the renewal of registration, now that it is after three years, we are actually asking for businesses to produce those national police certificates. We obviously also, as a financial intelligence agency, have capability to work with some of our partners to cross reference in relation to people who register with AUSTRAC. We also look at their capabilities and that includes their capability to develop and implement an anti-money-laundering counterterrorism financing program.
Mr Brown indicated that they also 'look at the competency of the people who are registering with us to say that they are and do have the ability to operate businesses'. AUSTRAC's role is then ongoing oversight:
That ongoing supervision includes for us an annual compliance report, so each business has to complete a compliance report in relation to various different aspects of their obligations under the legislation. They all have to have AML/CTF programs. They are required to identify and know their customer and to do customer due diligence, which actually requires them to do transaction monitoring of the transactions that they undertake with their customers. They have to record all that—record keeping—and they are required to submit reports to us and that includes suspicious matter reports, which many of the regulated businesses have been doing. I would suggest that it's more robust. The CEO or delegate also has the power to refuse, cancel or apply conditions in relation to registrations. In the last year six digital currency exchanges have had one of those forms of a penalty applied to them. Additionally, we also work with law enforcement where there may well be criminal considerations in relation to activities of digital currency extremism.
Number of DCEs registered with AUSTRAC
AUSTRAC informed the committee that there are 'more than 455 registered DCE providers in Australia', and that '[s]ince regulations commenced, six businesses have had their registration cancelled and three businesses have been refused registration'.
International AML/CTF framework
Home Affairs and AUSTRAC submitted that in June 2019, the FATF set international standards for the AML/CTF regulation of cryptocurrency/digital asset services. These standards 'built on the 2015 guidance and require AML/CTF regulation beyond the exchange of fiat currency for cryptocurrency or vice versa' to also include regulation of:
exchanges between one or more forms of cryptocurrency;
transfers of cryptocurrency on behalf of customers;
safekeeping or administration of cryptocurrency or instruments enabling control of cryptocurrency (e.g. custodial wallet providers); and
participation in and provision of financial services related to an issuer’s offer and/or sale of cryptocurrency (e.g. Initial Coin Offerings or ICOs).
The submission explains further:
Businesses providing these services are referred to globally as ‘virtual asset service providers’ (VASPs) and cryptocurrency or digital assets are referred to as ‘virtual assets’ (VAs).
The FATF also includes VASPs under the ‘travel rule’, which requires financial institutions to include verified information about the originator (payer) and information about the beneficiary (payee) for wire transfers and other value transfers throughout the payment chain. However, technological solutions to enable VASPs to comply with the ‘travel rule’ are still under development and only beginning to be rolled out globally.
Ongoing regulatory work in Australia
Several initiatives were highlighted to the committee involving regulatory work on digital asset issues.
Council of Financial Regulators stablecoins working group
APRA noted that the Council of Financial Regulators (CFR) established a Distributed Ledger Technology (DLT) Working Group in December 2015, to assess regulatory risks, and any emerging financial system risks associated with distributed ledger technologies. This working group is considering developments relating to central bank digital currencies, crypto-assets and decentralised finance.
In March 2021, a dedicated CFR Stablecoins Working Group was established as an offshoot of the CFR DLT working group. APRA noted:
This decision was made in the context of international developments in order to more closely assess risks that could potentially be presented by stablecoins, including a significant global stablecoin arrangement or a domestically issued AUD-backed stablecoin.
ASIC stated that the objectives of the CFR Stablecoin Working Group are to:
identify key types of stablecoin arrangements that could affect the Australian financial system or Australian consumers;
assess how these arrangements would be treated under existing regulatory frameworks (including whether the requirements are appropriate and what, if any, changes to the framework should be proposed);
develop recommendations on actions (if any) to address emerging regulatory gaps and risks related to stablecoins, for consideration by the CFR and the Australian Government; and
provide a forum to share information and coordinate Australian contributions on international work related to stablecoins.
APRA informed the committee that this working group has performed 'an initial assessment and analysis of key risks, existing significant stablecoin arrangements, international regulatory developments/proposals and the existing regulatory framework in Australia and how it could apply to stablecoin arrangements'. APRA noted that in relation to its mandate, 'the key policy issues are the threshold at which a particular stablecoin arrangement potentially raises financial safety and/or financial stability considerations, and the appropriate regulatory framework in such cases'.
APRA stated that the CFR 'has since agreed to refocus some working group activities in order to prioritise work considering regulatory arrangements across the spectrum of crypto-assets, including stablecoins', with Treasury assuming the role of Chair of the working group.
RBA work on CBDCs
The RBA commented that 'like many other advanced-economy central banks, the Bank does not consider that a policy case has yet emerged for issuing a CBDC'. However, the RBA 'is continuing to closely monitor the case for a retail CBDC and is engaging with some other central banks on possible use cases, including for cross-border payments'. It stated further:
The [RBA] has also been conducting research on the technological and policy implications of a wholesale CBDC. This work is taking place in the Bank's in-house Innovation Lab and included the development in 2019 of a limited proof-of-concept of a DLT-based interbank payment system using a tokenised form of CBDC backed by exchange settlement account (ESA) balances held at the Bank. Currently, the Bank is close to finalising a project with a number of external parties that extends the earlier proof-of-concept in a number of ways, including to incorporate tokenised financial assets. The project explores the implications of delivery-versus-payment settlement on a DLT platform as well as other programmability features of tokenised CBDC and financial assets; a report on the project will be published shortly.
Establishment of a Digital Finance Cooperative Research Centre
The RBA noted that it is also participating in the newly established Digital Finance Cooperative Research Centre (CRC), which will bring together academics and more than twenty entities in the finance industry. The aim of the CRC is 'to develop and exploit the opportunities arising from the digitisation of assets so they can be traded and exchanged directly and in real-time between any individual or organisation'.
International approaches to regulating digital assets
In this phase of the inquiry, the committee has examined the existing approaches and maturity of regulatory frameworks in comparable jurisdictions in order to assess where Australia currently stands and possible ways forward. A number of jurisdictions have taken steps to create a cohesive regulatory framework for digital assets in order to drive investment and enhance consumer protections.
Some submitters provided highly detailed observations about the regulatory frameworks in a number of jurisdictions. For the purposes of this chapter, a broad overview is included here followed by some insights on key jurisdictions, focusing on Singapore, the United States, and the United Kingdom.
Swyftx, an Australian Digital Currency Exchange, submitted that 'there is a commonality in general approach around the globe, at least at a high level', with regulatory regimes aiming to cover two broad areas:
Banking and payment systems and access: a key aspect of this regulatory regime is to ensure that digital asset service providers comply with AML/CTF rules and to ensure the integrity of the banking and payment systems.
Investment dealing and consumer protection regulation: this aspect of regulation, including the applications of securities and financial markets laws, has been defined by each jurisdiction’s approach to categorizing digital assets as certain types of financial instruments in order to fit them within existing regulatory frameworks.
Regulation of cryptocurrencies and digital assets continues to change rapidly across the globe. For example, China recently announced a complete ban on all crypto transactions and mining in September 2021. United States' regulators have also flagged further changes to its digital assets regulation, discussed further below.
The ADC Forum provided the following table shown at Figure 2.3, comparing a range of regulatory mechanisms used in application to digital currencies across a number of jurisdictions.
Figure 2.2: Comparative treatment of digital currencies
Source: ADC Forum, Submission 35, p. 6. Note since the publication of this table, China has announced a complete ban on cryptocurrency business and activity.
Dr Joseph Liu, Dr Weiping He and Ms Catherine Zhou from Monash University submitted that Singapore’s cryptocurrency regulatory regime 'shares many similarities with the Australian model—opting to regulate activities that fall within the purview of the financial regulator as opposed to regulating cryptocurrencies directly'.
Blockchain Australia noted that Singapore’s ‘financial regulatory body, the Monetary Authority of Singapore (MAS), has actively taken steps to regulate crypto-asset businesses’ by working:
…to support and facilitate crypto-assets in Singapore through a flexible regulatory posture including through supporting consumer and industry confidence through establishing a licensing regime.
Blockchain Australia explained that Singapore ‘has enjoyed an early-mover advantage by introducing a regulatory framework designed for crypto-assets’ with the introduction of the Payments Services Act (PSA) in January 2020. The PSA has been described by the MAS as a 'forward looking and flexible framework' that ‘consolidated and updated multiple pieces of legislation which were drafted in an era before FinTech and were no longer fit-for-purpose.’ Blockchain Australia provided the following outline of the PSA:
The PSA provides a framework to obtain a licence to operate a payment services business in Singapore. It defines a “payment service” as:
a) an account issuance service;
b) a domestic money transfer service;
c) a cross-border money transfer service;
d) a merchant acquisition service;
e) a e-money issuance service;
f) a digital payment token service; or
g) a money changing service.
The PSA defines a Digital Payment token (DPT) as: a digital representation of value that:
is expressed as a unit, not denominated in any currency and is not pegged by its issuer to any currency;
is or is intended to be a medium of exchange accepted by the public as payment; and
can be transferred, stored or traded electronically.
Under this definition, cryptocurrencies including Bitcoin, Ether, Litecoin and Ripple would be considered as a DPT. Blockchain Australia explained further:
Crypto-asset businesses are now required to perform an assessment in relation to their tokens to determine if the token constitutes a capital market product, in which case the Securities and Futures Act applies, or if they constitute a DPT under the PSA. With the commencement of the PSA, exchanges will be required to have a payments licence if they provide a digital payment token service. This includes facilitating the exchange of digital payment tokens. Therefore if a DCE processes either fiat currency or a currency that satisfies the definition of a DPT it must now be licensed.
Crypto.com praised Singapore’s regulatory approach, highlighting Singapore’s Blockchain and Cryptocurrency Regulation 2021:
[Singapore has] been at the forefront of crypto-related technology adoption and advancement. Singapore’s positive attitude to crypto is reflected in their recent Blockchain and Cryptocurrency Regulation 2021. Compared to the UK, the level of regulatory support for navigating requirements and obtaining the relevant licence has been high.
Mr Scott Chamberlain, Entrepreneurial Fellow at the Australian National University’s School of Law, asserted that ‘Singapore is Australia’s main competitor for Digital Asset Projects’ and explained 'the commercialisation of all of our research projects has necessarily involved consideration of Singapore as the destination jurisdiction'.
Blockchain Australia identified that there had been challenges within Singapore’s system caused primarily as a result of its strict implementation of the licensing requirements to ensure compliance with the Financial Action Task Force (FATF) travel rule. Applicants faced a ‘lengthy application process’ and ‘a lack of commercial solutions to comply with the travel rule.’ As a result, the MAS ‘offered an exemption to applicants who applied before a cutoff date’ that:
…allowed applicants to continue to operate in Singapore under an exemption while waiting for their licence to be granted or rejected. However, the transitional period proved to be too short, relative to the ability of MAS to implement the regime.
Additionally, Blockchain Australia noted that ‘it is still difficult for an exchange to comply at a scale in a commercially viable manner.’
Australian DCE Independent Reserve recently announced on 1 October 2021 that it had received approval for a Major Payment Institution Licence in Singapore from the MAS to operate as a regulated provider for DPT Services. Independent Reserve is one of the first virtual asset service providers to obtain full licensure approval under the PSA in Singapore. Raks Sondhi, Managing Director of Independent Reserve in Singapore, commented that gaining licence approval in Singapore had attracted investors to the company:
Since receiving our in-principle approval, we’ve seen an influx of retail and institutional investors. Until that point, most had stayed on the sidelines because determining who to trust was a lot more difficult. This licence will allow Independent Reserve to accelerate its growth in Singapore and reassure investors of our integrity and safety.
The United States (US) has a broad range of regulations covering cryptocurrency and digital assets at the federal level, and some states have also implemented their own crypto-asset specific legislation.
Blockchain Australia stated that there ‘is generally broader acceptance by US banks for individuals and businesses that deal with crypto-assets’ and provided an overview of the current legislative approach to crypto-assets in the US:
Regulation of crypto-assets in the United States is a split across a patchwork of state and federal regulators. At the federal level, agencies involved include the Securities and Exchange Commission (SEC), the Commodities and Futures Trading Commission (CFTC), the Federal Trade Commission (FTC), the Treasury, and the Financial Crimes Enforcement Network (FinCEN). State legislatures also have enacted various items of legislation that deal with crypto-assets.
This patchwork has made formalising a standard regulatory approach difficult.
Blockchain Australia explained how each regulator treats crypto-assets to demonstrate some of the difficulties that come from the split in regulation across federal and state regulators:
For example, the SEC considers crypto-assets as securities, the CFTC considers them a commodity, while the IRS considers them as closer to property for the purposes of taxation. Unlike the UK [United Kingdom], there is no formal joint working group which brings together the multiple regulators nor is there yet a plan to develop a longer-term regulatory roadmap. However, a number of progressive actions have been taken at federal and state levels to facilitate the growth of the industry in the US including the provision of licences for ‘crypto banks’, guidance on stablecoins, and guidance on the debanking problem.
Generally, cryptocurrencies in the US would be subject to securities laws if their attributes are considered to be a security. It is ‘a matter of substance over form if a crypto-asset is considered to be a security’ and a crypto-asset which is determined to be a security is registered and regulated by the SEC.
In the US, the Howey test is used to determine when a security is an ‘investment contract’ and the same test is applied to crypto-assets. The Howey test considers the following criteria:
an investment of money;
in a common enterprise;
with a reasonable expectation of profits;
to be derived from the entrepreneurial or managerial efforts of others.
Blockchain Australia stated that one proposal being considered in the US is a 3-year safe harbour proposal to provide time for crypto-asset based projects to prove that they are not a security.
Several recent developments in the US federal regulation of digital assets are worth noting:
The Infrastructure, Investment and Jobs Act, which passed the US Senate with Bipartisan support in August 2021 and is now before the House of Representatives, would force crypto exchanges to report transactions and other user data to the US Internal Revenue Service.
In a September 2021 interview, the incoming Chair of the SEC, Gary Gensler, flagged the development of a regulatory framework for cryptoassets, raising points including:
concern about the lack of disclosure obligations, and the need for the market for crypto to be brought into alignment with policy objectives such as investor protection, tax transparency, and financial stability;
a clear view that the SEC’s mandate effectively encompassed regulation of cryptoassets; and
stating that the presence of a significant unregulated market within the broader financial system was a significant risk to financial stability.
The US state of Wyoming was raised in evidence as having an advanced legislative approach to cryptocurrency and digital assets.
Mr Scott Chamberlain submitted that ‘the most comprehensive policy settings are being developed in Wyoming'. He explained:
Wyoming has deliberately and systematically set out to be a destination jurisdiction for digital assets. It laws have included:
(a) Specific forms of financial institutions for digital assets;
(b) Confirmation that financial custodians hold digital assets under bailment;
(c) Confirming the right to keep your secret keys secret; and
(d) Legal personality for DAOs [Decentralised Autonomous Organisations] and limited liability for members.
Blockchain Australia agreed that Wyoming ‘is seen as one of the more progressive states’ and ‘has passed numerous bills which are seen as some of the most crypto-friendly in the US.’ This includes the establishment of a new category of financial institutions called Special Purpose Depository Institutions (SPDI):
[This] allows cryptocurrency companies to create financial institutions that resemble traditional custodian banks but with special conditions imposed such as being required to hold enough liquid assets to cover 100 per cent of all deposits, not being able to offer loans, and requiring sufficient funds to cover three years of operating expenses.
Additionally, Wyoming has introduced legislation to:
…establish a Financial Technology Sandbox to allow companies to test innovations with flexible regulatory oversight. Cryptocurrencies are also considered as property under the new Digital Assets Act and clarifies that the Uniform Commercial Code (a set of consumer law protections) applies to cryptocurrencies.
Mr Chamberlain also stressed the importance of private key secrecy and custody and noted Wyoming’s approach to ensure ‘users are legally entitled to refuse to disclose their private keys.’ He explained why this is important:
Blockchain systems rely on key pair cryptography. A consequence of this technology is the digital assets are inextricably linked with the key pair. Whoever controls the private keys controls the asset. If the private keys are lost or destroyed the asset is destroyed.
In the United Kingdom, the Financial Conduct Authority (FCA) operates within a 'regulatory perimeter'. This perimeter determines what the FCA can and can’t regulate, and was initially set out in 2019 through a token classification regime, which set out three broad categories of tokens and gave an overview as to how and whether each fits within the regulatory perimeter:
e-money tokens have to meet the definition of electronic money in the Electronic Money Regulations 2011 – these are digital payment instruments that store value, can be redeemed at par value at any time and offer holders a direct claim on the issuer;
security tokens have characteristics similar to specified investments like a share or debt instrument. These could also be tokenised forms of traditional securities;
unregulated tokens are those which are neither e-money or security tokens and include:
utility tokens: tokens used to buy a service or access a DLT platform; and
exchange tokens: tokens that are primarily used as a means of exchange (which captures many of the widely known crypto-assets such as Bitcoin, Ether and Ripple).
Under this classification, 'unregulated tokens' do not fall within the current regulatory perimeter and therefore are not subject to FCA regulation, while 'e-money tokens' and 'security tokens' do fall within the regulatory perimeter and are therefore subject to the existing legislation.
Further consultation has been undertaken in the UK on promoting crypto-assets and the regulatory approach to stablecoins. A registration process was also introduced for AML/CTF requirements, but the deadline for this process has been extended twice from 9 January 2021 to 30 March 2022.
Several submitters spoke favourably of the UK's regulatory system. Dr Joseph Liu, Dr Weiping He and Ms Catherine Zhou argued that ‘[o]ne of the main concerns of the market is uncertainty in the cryptocurrency industry.’ They explained that ‘Singapore, Canada and the UK all have not developed a regulatory regime specific to cryptocurrency,’ instead ‘they use existing frameworks to regulate cryptocurrency with some specific interventions due to the nature of cryptocurrency.’ However:
While all three jurisdictions have adopted a broadly similar approach, the UK’s approach has created a friendlier and more certain environment for private investment in the industry.
Dr Joseph Liu, Dr Weiping He and Ms Catherine Zhou explained:
UK regulators have gone a step further to clarify how existing regimes apply to cryptocurrency. In doing so, the UK has made their regulatory objectives clear, adopting a regulatory principle of ‘same risk, same regulatory outcome’. Their guidance will undoubtedly help the market understand the application of regulations and ensure compliance.
Conversely, Crypto.com submitted that is has 'found the level of regulatory support for navigating requirements and obtaining the relevant licence in the UK to be limited'.
Australian DCE Coinjar recently received registration from the FCA in September 2021, and is now one of only 10 other registered “crypto asset firms” to receive FCA approval to operate across the UK market as a Cryptoasset Exchange Provider and Custodian Wallet Provider. Asher Tan, CEO of CoinJar, commented:
The UK is a world leader in fintech and a progressive regulator so we are very pleased to have received this recognition as part of our commitment to offering people a safe and positive experience of buying and selling digital currencies. With the establishment of the UK-Australia Fintech bridge, we hope that a similar scheme is replicated here via ASIC and AUSTRAC, with learnings from the two-year process taken into account.