Cryptocurrency regulation

While there have been legislative amendments to accommodate the use of cryptocurrencies, to date these have predominantly focused on the transactional relationships (e.g., the issuing and exchanging process) and activities involving cryptocurrencies, rather than the cryptocurrencies themselves. As set out above, Treasury has undertaken (and continues to undertake) multiple consultations to clarify the nature of digital assets and how the associated risks translate to a regulatory framework for crypto asset service providers. These consultations are maintaining the focus of managing risks through regulating centralised entities rather than individual assets or decentralised (or distributed) structures.

In the context of its recent enforcement actions, ASIC reaffirms the view that legislative obligations and regulatory requirements are technology-neutral and apply irrespective of the mode of technology that is being used to provide a regulated service. While there is currently no legislation created to deal with cryptocurrencies as a discrete area of law, this does not prevent them from being captured within existing regimes under Australian law 
(see under Sales regulation below).

ASIC’s regulatory guidance informs businesses of its approach to the legal status of crypto assets. This turns on how they are structured and the rights attached, which ultimately determines the regulations with which an entity must comply. For example:

  • Cryptocurrency that is, or forms part of a collective investment product that is, a financial product under the Corporations Act 2001 (Cth) (Corporations Act) will fall within the scope of Australia’s existing financial services regulatory regime. See Sales regulation for further information.

  • There has also been a proliferation of cryptocurrency lending activities. Where such activities fall within the scope of the credit activities and services caught under the National Credit Consumer Protection Act 2009 (Cth) (NCCP Act), the relevant entities may need to hold an Australian credit licence or be otherwise exempt from this requirement.

ASIC has clarified expectations for crypto assets that form part of the underlying assets of ETPs and other investment products (see INFO 230). In INFO 230, ASIC sets out expectations for market operators, retail fund operators (i.e., responsible entities), listed investment entities (including listed investment trusts and listed investment companies) and Australian financial services licence (AFSL) holders dealing in crypto assets. This primarily centres around criteria that ASIC expects market operators to apply when determining whether a specific crypto asset is an appropriate asset for market-traded products. This broadly requires institutional support of the crypto asset, service providers willing to support ETPs that invest in or provide exposure to the crypto asset, maturity of the spot market for the crypto asset, regulation of derivatives linked to the crypto asset, and the availability of robust and transparent pricing mechanisms for the crypto asset. ASIC has commented that (as at October 2021) it considers Bitcoin and Ether likely satisfy ASIC’s criteria for determining appropriate underlying assets for an ETP. ASIC has also included good practices in relation to how fund asset holders are required to custody crypto assets, as well as ensuring that adequate risk management systems are in place. While ASIC has provided this clarity, recent enforcement actions indicate that it considers crypto assets to be an appropriate investment asset for retail clients in very limited circumstances.

There are currently no specific regulations dealing with blockchain or other distributed ledger technology (DLT) in Australia. However, ASIC maintains a public information sheet (INFO 219 Evaluating distributed ledger technology) outlining its approach to the regulatory issues that may arise through the implementation of blockchain technology and DLT solutions more generally. Businesses considering operating market infrastructure, or providing financial or consumer credit services using DLT, will remain subject to the compliance requirements that currently exist under the applicable licensing regime. There is a general obligation that entities relying on technology in connection with the provision of a regulated service must have the necessary organisational competence and adequate technological resources and risk management plans in place. While the existing regulatory framework is sufficient to accommodate current implementations of DLT, as the technology matures, additional regulatory considerations will arise.

Various cryptocurrency networks have also implemented “smart” or self-executing contracts. These are permitted in Australia under the Electronic Transactions Act 1999 (Cth) (ETA) and the equivalent Australian state and territory legislation. The ETA provides a legal framework to enable electronic commerce to operate in the same way as paper-based transactions. Under the ETA, self-executing contracts are permitted in Australia, provided they meet all the traditional elements of a legal contract.

Sales regulation

The sale of cryptocurrency and other digital assets is regulated by Australia’s existing financial services regulatory regime. Core considerations for issuers are outlined below.

Licensing

Entities carrying on a financial services business in Australia must hold an AFSL or be exempt. Therefore, persons providing financial services in relation to crypto assets that constitute financial products will trigger the AFSL requirement and associated compliance and disclosure requirements. The definitions of “financial product” and “financial service” under the Corporations Act are broad and ASIC has indicated in INFO 225 that crypto assets with similar features to existing financial products will trigger the relevant regulatory obligations.

As above, ASIC indicates (in INFO 225) that the legal status of crypto assets turns on their structure and the associated rights (which ASIC interprets broadly). Depending on the circumstances, crypto assets may constitute interests in managed investment schemes (collective investment vehicles), securities, derivatives, or fall into a category of more generally defined financial products, all of which are subject to AFSL regulation. In INFO 225, ASIC provides high-level regulatory signposts for crypto asset participants to determine whether they have legal and regulatory obligations. These signposts are relevant to crypto asset issuers, crypto asset intermediaries, miners and transaction processors, crypto asset exchanges and trading platforms, crypto asset payment and merchant service providers, wallet providers and custody service providers, and consumers.

Entities dealing in financial product crypto assets will need to comply with the regulatory requirements under the Corporations Act, which generally include disclosure, registration, licensing and conduct obligations. An entity that facilitates payments by crypto assets may also be required to hold an AFSL and the operator of a crypto asset exchange may be required to hold an Australian market licence if the supported assets are financial products.

As noted, Treasury continues to consult on a proposed licensing regime for crypto asset service providers. While the form of any proposals remains unknown, it is expected that any regime will focus on service providers that deal in crypto assets generally (that is, financial product and non-financial product crypto assets), as well as tailored inclusions for financial services providers dealings in financial product crypto assets. See Government attitude and definition for further information.

Concurrently, the Australian Law Reform Commission (ALRC) is conducting an inquiry into simplifying Australia’s overarching financial services regulatory framework to make it “more adaptive, efficient and navigable for consumers and regulated entities”. As part of the inquiry, the ALRC has provided interim reports on three areas, being the design and use of definitions in corporations and financial services legislation, the regulatory design and hierarchy of laws, and the potential to reframe or restructure financial services laws. A consolidated report is due on 30 November 2023; however, it remains to be seen whether any proposals will address crypto as an asset class.

Marketing

As crypto asset sales may involve an offer of financial products, this has marketing implications. For example, financial product offers to retail clients (with some exceptions) must be accompanied by a regulated disclosure document (e.g., a product disclosure statement or a prospectus and a financial services guide) that satisfies the content requirements of the Corporations Act and regulatory guidance published by ASIC. Such a disclosure document must set out prescribed information, including benefits and risks of the product, as well as the provider’s fee structure, to assist a client in deciding whether to acquire the crypto asset from the provider. In some instances, the marketing activity itself may cause the sale to be an offer of a regulated financial product.

Depending on the investor’s status as a wholesale client, an offer of financial products may not require regulated disclosure under the Corporations Act.

Cross-border issues

Carrying on a financial services business in Australia will require a foreign financial services provider (FFSP) to hold an AFSL, unless an exemption applies. Notably, the Corporations Act may apply to crypto asset sales regardless of whether they are created and offered from Australia or overseas. At the time of writing, Australia’s treatment of regulated offshore entities is in a state of flux. Historically, FFSPs regulated in comparable jurisdictions had the benefit of limited licensing relief for financial services provided to wholesale clients. In 2020, this was repealed and replaced with a foreign AFSL regime. In 2021, the Government proposed reverting back to the comparable jurisdiction regime (with some amendments). This proposal was put to Australian parliament in early 2022; however, the proposed legislation lapsed with the change of Government. At the time of writing, there has been no intention announced regarding the future of FFSP regulation in Australia. An announcement is expected in late 2023, and it is broadly expected that a form of comparable jurisdiction relief will be reintroduced.

Foreign companies taken to be carrying on a business in Australia, including by dealing in crypto assets, may be required to either establish a local presence (i.e., register with ASIC and create a branch) or incorporate a subsidiary. Broadly, the greater the level of system, repetition or continuity associated with an entity’s business activities in Australia, the greater the likelihood that registration will be required. Generally, a company holding an AFSL will be carrying on a business in Australia and will trigger the requirement.

Marketing financial product crypto assets to Australian residents from offshore may still trigger licensing and disclosure requirements. Generally, an offshore service provider may respond to requests for information and issue products to an Australian resident if the resident makes the first (unsolicited) approach and there has been no conduct on the part of the issuer designed to induce the investor to make contact, or activities that could be misconstrued as the provider inducing the investor to make contact.

Design and distribution obligations and product intervention powers

Since October 2021, issuers and distributors of financial products must comply with design and distribution obligations (DDO), which may impact the way crypto assets are structured and sales are conducted. Issuers and distributors must implement effective product governance arrangements, which include (among other things) creating and distributing target market determinations (TMDs) in relation to retail clients acquiring the relevant financial products. The DDO aims to ensure that financial products are targeted at the correct category of potential customers, and disclosures regarding the adequacy and suitability of the product for the target market are required to be accurate and timely.

ASIC also has product intervention powers where there is a risk of significant consumer detriment, enabling ASIC to address market-wide problems or specific business models and deal with certain “first mover” issues. The power covers financial products under the Corporations Act and Australian Securities and Investments Commission Act 2001 (Cth) (ASIC Act) and credit products under the NCCP Act.

In ASIC’s 2022–26 Corporate Plan, ASIC has identified product design and distribution as one of its key strategic priorities, and has been actively enforcing this space. ASIC issued its first DDO stop orders in July 2022 in response to deficiencies in TMDs made under the DDO regime. Between July 2022 and June 2023, ASIC issued 41 stop orders to prevent consumers and investors being targeted by products that may be inappropriate for their objectives, financial situation and needs. This included three stop orders preventing the distribution of crypto funds associated with alleged deficient TMDs. ASIC’s powers are likely to impact marketing and distribution practices in the crypto asset sector where they fall within its remit.

Consumer law

Even if a crypto asset sale is not regulated under the Corporations Act, it may remain subject to other regulation and laws, including the Australian Consumer Law set out at Schedule 2 to the Competition and Consumer Act 2010 (Cth) (ACL) relating to the offer of services or products to Australian consumers. The ACL prohibits misleading or deceptive conduct in a range of circumstances, including in the context of marketing and advertising. Therefore, care must be taken in crypto sale promotional material to ensure that it does not contain false information and that buyers are not misled or deceived. Additionally, promoters and sellers are prohibited from engaging in unconscionable conduct and must ensure that the issued crypto assets are fit for their intended purpose. The protections of the ACL are generally reflected in the ASIC Act, providing substantially similar protection to investors in financial products or services.

ASIC has also received delegated powers from the Australian Competition and Consumer Commission to enable it to take action against misleading or deceptive conduct in marketing or issuing crypto asset sales (regardless of whether it involves a financial product). ASIC has indicated that misleading or deceptive conduct in relation to crypto asset sales may include:

  • using social media to create the appearance of greater levels of public interest;

  • creating the appearance of greater levels of buying and selling activity for a crypto asset by engaging in (or arranging for others to engage in) certain trading strategies;

  • failing to disclose appropriate information about the sale; or

  • suggesting that the sale is a regulated product or endorsed by a regulator when it is not.

ASIC has stated that it will use this power to issue further inquiries into crypto asset issuers and their advisers to identify potentially unlicensed and misleading conduct.

A range of consequences may apply for failing to comply with the ACL or the ASIC Act, including monetary penalties, injunctions, compensatory damages and costs orders.

Taxation

The taxation of cryptocurrency in Australia has been an area of much debate, despite recent attempts by the Australian Taxation Office (ATO) to clarify the operation of the tax law. For income tax purposes, the ATO views cryptocurrency as an asset that is held or traded (rather than as money or a foreign currency). On 23 June 2023, Treasury Laws Amendment (2022 Measures No. 4) Bill 2022 received royal assent, which clarifies that cryptocurrencies are not foreign currencies for income tax purposes.

The tax implications for holders of cryptocurrency depend on the purpose for which the cryptocurrency is acquired or held. The summary below applies to holders who are Australian residents for tax purposes.

Sale or exchange of cryptocurrency in the ordinary course of business

If a holder of cryptocurrency is carrying on a business that involves sale or exchange of the cryptocurrency in the ordinary course of that business, the cryptocurrency will be held as trading stock. Gains on the sale of the cryptocurrency will be assessable and losses will be deductible (subject to integrity measures and “non-commercial loss” rules). Examples of relevant businesses include cryptocurrency trading and cryptocurrency mining businesses.

Whether or not a taxpayer’s activities amount to carrying on a business is a question of fact and degree, and is ultimately determined by weighing up the taxpayer’s individual facts and circumstances. Generally (but not exclusively), where the activities are undertaken for a profit-making purpose, are repetitious, involve ongoing effort, and include business documentation, the activities would amount to the carrying on of a business.

Isolated transactions

Even if a holder of cryptocurrency did not invest or acquire the cryptocurrency in the ordinary course of carrying on a business, profits or gains from an “isolated transaction” involving the sale or disposal of cryptocurrency may still be assessable where the transaction was entered into with a purpose or intention of making a profit, and the transaction was part of a business operation or commercial transaction.

Cryptocurrency investments

If cryptocurrency is not acquired or held in the course of carrying on a business, or as part of an isolated transaction with a profit-making intention, a profit on sale or disposal should be treated as a capital gain. In this regard, the ATO has indicated that cryptocurrency is a capital gains tax (CGT) asset. Capital gains may be discounted under the CGT discount provisions, so long as the taxpayer satisfies the conditions for the discount (for example, the cryptocurrency is held for at least 12 months before it is disposed of ).

Although cryptocurrency may be a CGT asset, a capital gain arising on its disposal may be disregarded if the cryptocurrency is a “personal use asset” and it was acquired for A$10,000 or less. Capital losses made on cryptocurrencies that are personal use assets are also disregarded. Cryptocurrency will be a personal use asset if it was acquired and used within a short period of time for personal use or consumption (that is, to buy goods or services).

Note that the ATO’s view on the income tax implications of transactions involving cryptocurrencies is in a state of flux due to the rapid evolution of both cryptocurrency technology and its uses. On 21 March 2022, the Government released the Terms of Reference for a review to be undertaken by the Board of Taxation into the appropriate policy framework for the taxation of digital assets and transactions in Australia. In August 2022, the Board of Taxation published a consultation guide. In this respect, the Board of Taxation has been asked to report back to the Government by 30 September 2023.

Staking cryptocurrency

An entity may hold units of cryptocurrency (i.e., tokens) to validate and verify transactions within a blockchain. The “validator” may be rewarded with additional tokens for its role in this process. Token holders who participate in proxy staking or who vote their tokens in “proof of stake” or other consensus mechanisms may also be rewarded with additional tokens. The value of such tokens should be treated as ordinary income of the recipient at the time they are derived.

Issuers of cryptocurrencies

In the context of an initial coin offering (ICO), a coin issuance by an entity that is either an Australian tax resident, or acting through an Australian “permanent establishment”, may be assessable in Australia. The current corporate tax rate in Australia is either 25% or 30%, depending on whether the issuer is considered a “base rate entity”. 

Australian goods and services tax (GST)

Supplies and acquisitions of digital currency made from 1 July 2017 are not subject to GST on the basis that they will be input-taxed financial supplies. Consequently, suppliers of digital currency will not be required to charge GST on these supplies, and a purchaser would prima facie not be entitled to GST refunds (i.e., input tax credits) for these corresponding acquisitions. On the basis that digital currency is a method of payment, as an alternative to money, the normal GST rules apply to the payment or receipt of digital currency for goods and services.

The term “digital currency” in the GST legislation requires that it is a digital unit of value that has all the following characteristics:

  • it is fungible and can be provided as payment for any type of purchase;

  • it is generally available to the public free of any substantial restrictions;

  • it is not denominated in any country’s currency issued by, or under the authority of, the relevant government agency;

  • the value is not derived from or dependent on anything else; and

  • it does not give an entitlement or privileges to receive something else.

In relation to a holder carrying on an enterprise of cryptocurrency mining, whether or not GST is payable by the miner on its supply of new cryptocurrency depends on a number of factors, including its specific features, whether the miner is registered for GST, and whether the supply is made in the course or furtherance of the miner’s enterprise.

A miner will carry on an enterprise where it conducts an activity, or a series of activities, in the form of business or in the form of an adventure or concern in the nature of trade, but it does not include activities conducted for a private recreational pursuit, as a hobby or as an employee. The scope of carrying on an “enterprise” can be broader than carrying on a “business” (as outlined above), and some miners may unintentionally be carrying on an “enterprise” for GST purposes.

The specific features of cryptocurrency include it: being a type of security or other derivative; being “digital currency” as defined in the GST legislation; or providing a right or entitlement to goods or services. If the cryptocurrency is a security, derivative or “digital currency”, its supply will not be subject to any GST because it will be an input-taxed financial supply (assuming the other requirements are satisfied).

A cryptocurrency miner would generally be required to register for GST if its annual GST turnover is A$75,000 or more, excluding the value of its supplies of digital currencies and other input-taxed supplies. However, a miner who does not satisfy this GST registration threshold may nevertheless elect to register for GST in order to claim from the ATO full input tax credits (i.e., GST refunds) for the GST cost of its business acquisitions (but acquisitions that relate to the sales or acquisitions of securities, derivatives or digital currencies are prima facie non-creditable or non-refundable).

A supply made in connection with a miner’s enterprise, including the enterprise’s commencement or termination, will generally be “made in the course or furtherance” of their enterprise, and may attract GST should other requirements be satisfied.

Enforcement of cryptocurrency tax evasion

The ATO has created a specialist task force to tackle cryptocurrency tax evasion. The ATO also collects bulk records from Australian cryptocurrency designated service providers to conduct data matching to ensure that cryptocurrency users are paying the right amount of tax. With the broader regulatory trend around the globe moving from guidance to enforcement, it is likely that the ATO will also continue to tighten its scrutiny of cryptocurrency.

Money transmission laws and anti-money laundering requirements

Digital currency exchange (DCE) providers are required to register and enrol with the Australian Transaction Reports and Analysis Centre (AUSTRAC) as a reporting entity under Australia’s AML/CTF regulatory framework. There is a penalty of up to two years’ imprisonment or a fine of up to A$111,000, or both, for failing to register. Broadly, registered exchanges will be required to implement know-your-customer processes to adequately verify the identity of their customers, with ongoing reporting obligations such as annual compliance reporting and the requirement to monitor and report suspicious and large transactions. Exchange operators must also keep certain records relating to customer identification and transactions for up to seven years. DCE providers are required to renew their registration every three years.

The DCE sector has been of great interest to AUSTRAC, in particular monitoring the ML/TF risks associated with digital currency. In April 2022, AUSTRAC released a financial crime guide to preventing the criminal abuse of digital currencies. In April 2023, the Attorney General’s Department announced its consultation on long-awaited reform to Australia’s AML/CTF regime. Among the matters are proposed changes to:

  • how digital currency exchanges are regulated from an AML/CTF perspective. The consultation proposes expanding the types of regulated services to cover exchanges between one or more other forms of digital currency, transfers of digital currency on behalf of a customer, safekeeping or administration of digital currency and provision of financial services related to an issuer’s offer and/or sale of a digital currency; and

  • update the travel rule and extend its application to remitters and digital currency exchange providers. The consultation proposes to update the travel rule to align with international standards by requiring payer and payee information for transfers on behalf of customers to other businesses, payer information to be verified and the inclusion of payee information.

The Attorney General’s Department intends to consult further throughout 2023.

Promotion and testing

Regulators in Australia have generally been receptive to new technology (including blockchain and cryptocurrency) and have sought to improve their understanding of, and engagement with, businesses by regularly consulting with industry on proposed regulatory changes. Both ASIC and AUSTRAC have established Innovation Hubs designed to assist new market entrants (including those operating in the blockchain and cryptocurrency sectors) more broadly in understanding their obligations under Australian law. ASIC has also entered into a number of cooperation agreements with overseas regulators, which aim to further understand the regulatory approach and product offerings in other jurisdictions (as discussed below).

ASIC Innovation Hub

The ASIC Innovation Hub is designed to foster innovation that could benefit consumers by helping Australian start-ups (including those operating in the blockchain and cryptocurrency sectors) navigate the Australian regulatory system. The Innovation Hub provides tailored information and access to informal assistance intended to streamline the AFSL process for innovative fintech start-ups, which could include cryptocurrency-related businesses.

In 2016, ASIC established the fintech regulatory sandbox, which included a fintech licensing exemption to allow businesses to test certain financial services, financial products and credit activities without holding an AFSL or Australian credit licence. This had strict eligibility requirements for both the type of businesses and the products and services that qualify for the licensing exemption, as well as restrictions on how many persons can be serviced and caps on the value of the financial products or services that can be provided. In 2020, the Government passed regulation to enhance this regulatory sandbox (aptly named the “enhanced regulatory sandbox”), which expanded the scope of the sandbox to test a broader range of financial services and credit activities for up to 24 months. This is broadly considered to better support innovation in the sector by increasing the cap restrictions as well as providing more nuanced parameters for clients that can be serviced.

Cross-border business

ASIC engages with regulators overseas to deepen its understanding of innovation in financial services, including in relation to cryptocurrencies. In particular, ASIC’s enhanced cooperation agreement with the United Kingdom’s Financial Conduct Authority remains on foot, which allows the two regulators to, among other things, information-share, refer innovative businesses to each regulator’s respective regulatory sandbox, and conduct joint policy work. ASIC also currently has either information-sharing or cooperation agreements with regulators in jurisdictions such as Austria, Brazil, Canada, China, Germany, Hong Kong, Indonesia, Israel, Italy, Japan, Kenya, Luxembourg, New Zealand, Singapore, Switzerland and the United States of America. These arrangements facilitate the cross- sharing of information on a range of market trends, many encouraging referrals of new market entrants (including those in the blockchain and cryptocurrency sector), and share insights from proofs of concepts and innovation competitions.

ASIC is also a signatory to the IOSCO Multilateral Memorandum of Understanding, which has committed over 100 regulators to mutually assist and cooperate with each other, particularly in relation to the enforcement of securities laws.

ASIC has committed to supporting financial innovation in the interests of consumers by joining the Global Financial Innovation Network (GFIN), which is an international network of financial regulators and related organisations dedicated to facilitating regulatory collaboration in a cross-border context and providing more efficient means for innovative businesses to interact with regulators.

AUSTRAC Innovation Hub

AUSTRAC’s Fintel Alliance is a private-public partnership seeking to adopt innovative approaches to combatting financial crime, including by adopting new technology and ways of working with government and industry. This includes setting up an Innovation Hub targeted at designing and testing technology solutions (including assessing the impact of emerging technology like blockchain and cryptocurrency), and setting up an Operations Hub to facilitate the exchange of financial intelligence for analysis. In its 2021–22 Annual Report, the Fintel Alliance noted a key working group from the alliance focused on tax evasion using virtual assets.

Ownership and licensing requirements

At the time of writing, there are no explicit restrictions on investment managers owning cryptocurrencies for investment purposes. However, investment managers may be subject to the AFSL regime where the cryptocurrencies held are deemed to be “financial products” and the investment managers’ activities in relation to those cryptocurrencies are deemed to be the provision of financial services.

For example, investment managers providing investment advice on financial product cryptocurrencies will be providing financial product advice and must hold an AFSL or otherwise be exempt from this requirement. ASIC has provided significant guidance in relation to complying with the relevant advice, conduct and disclosure obligations, as well as the conflicted remuneration provisions under the Corporations Act. Further, investment managers may be required to hold an AFSL with a custodial or depository authorisation or be exempt from this requirement if they wish to custody financial product cryptocurrencies on behalf of clients. In relation to cryptocurrencies that form the underlying assets of ETPs, investment managers will need to consider ASIC’s expectations in INFO 230 regarding the appropriateness of such assets within the overall profile of the ETP (see Cryptocurrency regulation for further information).

Australia has also seen expansion in robo-advice or digital advice models (including algorithmic or automated financial product advice without a human advisor). For investment or fund businesses seeking to operate in Australia by providing digital or hybrid advice (including with respect to investing in cryptocurrencies), there are licensing requirements under the Corporations Act. ASIC guidance contained in Regulatory Guide 255: Providing digital financial product advice to retail clients details issues that digital advice providers need to consider generally, during the AFSL application stage and when providing digital financial product advice to retail clients, and complements ASIC’s existing guidance on providing financial product advice, including Regulatory Guide 36: Licensing: Financial product advice and dealing. It is expected that there will be additional change in the financial advice sector (including the provision of digital advice) following the release of the Quality of Advice Final Report and the Government’s consultation on its Delivering Better Financial Outcomes package, which adopts key recommendations from the final report. The Government expects to issue its final response later in 2023. Financial product advisers also need to consider their conduct and disclosure obligations. ASIC has released Regulatory Guide 175: Licensing: Financial product adviser – conduct and disclosure with respect to this.

Mining

At the time of writing, there are no prohibitions on mining Bitcoin or other cryptocurrencies in Australia.

Cryptocurrency mining taxation

As above, the taxation of cryptocurrency and associated activities in Australia has been an area of much debate, and this has extended to taxation relating to mining cryptocurrency. See Taxation above for further information.

Cybersecurity

With the rise of cloud-based Bitcoin mining enterprises in Australia, mining businesses should carefully consider cybersecurity issues in relation to mining activities.

In its 2022-26 Corporate Plan, ASIC stated that a key priority is for ASIC to work with industry and other regulators to enhance cyber resilience, particularly given that the COVID-19 pandemic has accelerated technological trends. ASIC notes that there has been an increasing number of high-profile cyber attacks, and this has resulted in growing awareness in the industry of the importance of cyber resilience and enhanced investment in digital infrastructure to prevent data breaches, technology failures and system outages.

ASIC has also released regulatory guidance to help firms improve their cyber resilience, including reports, articles and practice guides. ASIC’s most recent report, Report 716 Cyber resilience of firms in Australia’s financial markets: 2020–21, identifies key trends in cyber resilience practices and highlights existing good practices and areas for improvement. The report builds on ASIC’s last look into the cyber resilience of firms in Australia’s financial markets, being Report 651 Cyber resilience of firms in Australia’s financial markets: 2018–19 and notes that there has been a small but steady improvement in cyber resilience, but that such improvement has not met the anticipated targets as a result of factors such as the pandemic, escalated threats and overly ambitious targets. ASIC has also previously provided two other reports, Report 429 Cyber resilience: Health check and Report 555 Cyber resilience of firms in Australia’s financial markets, which examine and provide examples of good practices identified across the financial services industry. The reports contain questions that board members and senior management of financial organisations should ask when considering cyber resilience.

In June 2023, ASIC invited regulated entities to anonymously take part in a survey to measure cyber resilience in Australia’s corporate and financial markets. The survey has been designated to assist entities with assessing its ability to govern and manage cyber risks, identify and protect critical information assets and detect, respond to and recover from cybersecurity incidents. ASIC intends to publish a report with key findings. Participants can elect to receive an individual report containing comparative insights.