Insight,

Cybersecurity,

AUSTRAC and APRA crypto updates – sculpting the Australian regulatory landscape

26 May 2022

Our People
KWM Kinetic
Owl Advisory
AU | EN
Current site :    AU   |   EN
Australia
EN |
China
JP | ZH | EN |
China Hong Kong SAR
ZH | EN |
Japan
JP | ZH | EN |
Singapore
ZH | EN |
United States
EN |
Global
ZH | EN |

Global crypto markets are no stranger to volatility.  We have been here before.  At the same time, with Australia’s first crypto exchange traded fund (ETF) launch, we are also seeing a significant uptick in Australian market entry for major international crypto players, as well as the continued expansion of home-grown service providers and developers.  Banks are also entering the fray.

In short, the industry is still actively building.  And in our experience, an easing ‘hype cycle’ supports far more measured growth. 

Regulatory updates for crypto-assets also continue to emerge. This past month has seen updated roadmaps and guidance from both APRA and AUSTRAC. 

In this alert, we summarise these key regulatory developments.

1. APRA – A focus on APRA regulated entities, plus a roadmap

As we reported in our April update, the Australian regulatory landscape for crypto-assets is being considered.

This all takes time.  In the meantime, regulators globally are focussing on what they action swiftly and what signals they can send to the market in respond to transnational trend lines.

Regulated entities – shaping engagement with crypto-assets

A letter from the Australian Prudential Regulation Authority (APRA) Chair, Wayne Byres, has outlined APRA’s expectations for all APRA regulated entities that engage in activities associated with crypto-assets, and a policy roadmap for the period ahead.

APRA identified a range of activities that could be undertaken by entities it regulated which present new risks and challenges such as investment in crypto-assets, lending linked with crypto-assets, issuance of crypto-assets and providing services associated with crypto-assets for customers.

In its own consultation processes, the Basel Committee on Banking Supervision (Basel Committee) has identified these risks as including operational, investment, and credit risk. The operational risks, which are a particular concern for APRA, encompass fraud, cyber, conduct, AML/CTF and technology risks.

Due to these risks, APRA expects that all APRA regulated entities will do the following:

  • Conduct appropriate due diligence and a comprehensive risk assessment before engaging in activities associated with crypto-assets, and ensure that they understand, and have actions in place to mitigate, any risks that they may be taking on in doing so.
  • Consider the principles and requirements of Prudential Standard CPS 231 Outsourcing or Prudential Standard SPS 231 Outsourcing when relying on a third party in conducting activities involving crypto-assets.
  • Apply robust risk management controls, with clear accountabilities and relevant reporting to the Board on the key risks associated with new ventures. A high-level summary of the potential prudential risks to be considered for specific activities is provided in Annex A of the letter.
  • Ensure they comply with all conduct and disclosure regulation administered by ASIC, and consult with APRA and ASIC where required.

Regulatory roadmap

APRA has also published its regulatory roadmap and is currently developing a framework in consultation with international regulators to ensure consistency. The Basel Committee is currently consulting on the prudential treatment for bank exposures to crypto-assets. This will both provide a basis for an internationally agreed minimum standards for Authorised Deposit-taking Institutions, as well as a starting point for prudential expectations for other APRA-regulated industries.

As for its announced roadmap, APRA plans to:

  • crypto-activities: consult on requirements for the prudential treatment of crypto-asset exposures in Australia for authorised deposit-taking institutions (ADIs), following the conclusion of the Basel Committee’s current consultation. The consultation in Australia is expected to be undertaken in 2023, and APRA will consider the need for initial prudential guidance in the interim;
  • operational risk: progress new and revised requirements for operational risk management, covering control effectiveness, business continuity and service provider management. While these requirements will apply to the entirety of an entity’s operations, many will be directly relevant to the management of operational risks associated with crypto-asset activities. The draft prudential standard will be released for consultation in mid-2022; and
  • stablecoins: consider possible approaches to the prudential regulation of payment stablecoins. These stablecoin arrangements bear similarities with Stored-value Facilities (SVFs) and APRA, in conjunction with peer agencies on the Council of Financial Regulators, is developing options for incorporating them into the proposed regulatory framework for SVFs. Subject to the development of the broader legislative and regulatory framework, APRA envisages consulting on prudential requirements for large SVFs in 2023.

2. AUSTRAC – A focus on reigning in criminal activity

The Australian Transaction Reports and Analysis Centre (AUSTRAC) has published two new financial crime guides in respect of crypto-assets.

Criminal typologies for digital currencies

The first guide aims to help prevent the criminal abuse of digital currencies. This guide provides indicators to assist businesses (which includes digital currency exchange providers) to recognise and report criminal activity through digital currencies.

This guide may be helpful for:

  • establishing red flag indicators – of increasing importance to banks and payment institutions supporting the crypto sector;
  • calibrating transaction monitoring systems; and
  • staff training.

However, perhaps of most interest is that AUSTRAC has called out non-fungible tokens (NFTs), decentralised finance (DeFi) and staking as emerging financial crime risks.  As we reported in our “Building a legal architecture for the Metaverse” report in November 2021, the global standard setter, the Financial Action Task Force, has a number of these areas under close focus.  In practice, this means a watching brief for industry, with a further wave of global regulation likely in the coming years.  A focus on decentralisation, the quality of algorithms and structuring of systems will also undoubtedly accelerate following the Terra/Luna difficulties. 

Ransomware and crypto-assets

The second guide looks to help businesses stop ransomware attack payments. This guide contains practical information and key indicators to help business understand, identify and report suspicious activity where someone could be the target of, or trying to profit from, a ransomware payment.  This is a highly practical and educative guide and supports both preventing and managing cyber-events.  While, the Australian Cyber Security Centre goes so far as to state “Never pay a ransom”, ransom demands are often made and (when there is a decision for various reasons to meet that demand despite this edict) and paid in crypto assets.  Ultimately, the key is to ensure a structured approach to decision-making and threat resolution, taking into account sanctions, financial crime and reporting considerations.

If you would like to discuss the latest consultations, have any questions around the current requirements or would like some assistance, please contact us, anytime.

Categories

MEET THE AUTHORS

LATEST THINKING
Insight
NTC Consultation Paper: Streamlining Rolling Stock Approval Processes
The National Transport Commission (NTC) have released a consultation paper for industry feedback as part of their review of existing rolling stock approval processes

14 May 2025

Insight
Under the Hood – Connected Vehicles & Australia’s Privacy Commissioner
Australians have long embraced technological innovation, and nowhere is this more apparent than on our roads. Vehicles that once operated in splendid isolation are now sophisticated, data-generating computers on wheels

13 May 2025

Insight
Reform Reflections: Understanding the Shift in Australia’s Industrial Landscape
The incumbent Australian Labor Party (ALP) has been re-elected to a second consecutive term in office. While all races are yet to be formally declared, the ALP is set to have more seats than at any point since its establishment, and will likely face a materially less fractured Senate, no longer having to rely on patching together support from a diverse group of independents in order to pass legislation.

12 May 2025

EXPLORE LATEST THINKING
OUR PEOPLE
LOCATIONS
MEDIA CENTRE
CAREERS
ABOUT US
Explore Our Expertise
Explore insights
Explore Our Insights

Advertising and Targeting Cookies