Our submission to Treasury on Token Mapping

image description
Paul Derham Managing Partner Linkedin

Dear Director,

RE: Token Mapping Consultation Paper

Thank you for the opportunity to provide feedback on Treasury’s Token Mapping Consultation Paper (the Consultation Paper).

As set out in our response to Treasury’s consultation paper,[1] we support improvements to the regulatory framework for the crypto ecosystem in Australia. Appropriate regulation will be critical to providing regulatory certainty to crypto businesses and improving consumer confidence in the sector.

We support expanding the existing financial services and consumer credit regulatory regime to improve regulation of the crypto ecosystem, which appears to be Treasury’s preferred approach in the Consultation Paper. In our view, a separate regulatory regime for crypto would only serve to increase regulatory uncertainty and potential overlap with other financial services laws.[2]

However, in tailoring the existing regulatory regime to capture crypto products and services, it is critical that the policy approach of ‘similar activity, similar risk, specialised regulation, same outcome’ is adopted by policymakers – not ‘same activity, same risk, same outcome’ as initially proposed by the Financial Stability Board (FSB) in its consultation paper.[3] This should include legal recognition of Decentralised Autonomous Organisations (DAOs) [4], and a specialised approach to regulating crypto asset providers who provide order-book style software to match crypto tokens or crypto assets, market-making platforms, custodial or certain other services. The current regulatory uncertainty for crypto businesses, including DAOs, is hindering innovation and growth, whilst also undermining consumer protection and business confidence in the sector.

We have provided further feedback in response to several of the consultation questions below.

Established since 1995, Holley Nethercote Lawyers are experts in financial services law and regulation. We are also experts in credit, financial crime and commercial law. Employing 34 staff across our Melbourne and Sydney offices, our firm has a preventative-law focus and deep regulatory expertise. We are one of Australia’s leading law firms in distributed ledger and other digital technologies so far as they impact on the financial services and credit sectors, and we act for some of the world’s largest digital currency exchanges. We were also heavily involved in consulting with AUSTRAC on the creation of Australia’s current Digital Currency Exchange regime, were primary authors of Blockchain Australia’s Code of Conduct for Digital Currency Businesses and chair Blockchain Australia’s Financial Crime Committee.  We also presented in person in February 2023, on behalf of IDAXA[5], to the FSB in response to their consultation paper proposing regulation, supervision and oversight of crypto-asset activities and markets.

Holley Nethercote also provides non-legal services, including Australian Financial Services Licence (AFSL) and Australian Credit Licence (ACL) application support, training, template compliance documents and regulatory updates via the HN Hub.[6]


  1. What do you think the role of Government should be in the regulation of the crypto ecosystem?

 In our view, Government intervention is necessary to improve regulation of the crypto ecosystem. Amendments to existing laws and, in some cases, new laws, are required to:

  • enhance consumer protections;
  • provide regulatory certainty to industry;
  • foster trust, growth and innovation in the sector; and
  • address potential consumer harm.

As set out in our previous submission, a lack of regulation discourages domestic and international investment, makes important service provider relationships more difficult, decreases consumer confidence, increases global regulatory arbitrage, and disadvantages industry participants with a more conservative legal risk appetite. Importantly, an appropriate legislative framework for the sector could set a minimum legal standard that is conducive to the banks wanting to bank regulated entities in the sector.

There have been steps towards self-regulation in Australia, for example, Blockchain Australia’s Code of Conduct for Digital Currency Businesses, which we substantially drafted. The Code was an important first step before any crypto-specific regulation existed. However, as crypto becomes increasingly mainstream, a formal licensing and consumer protection regime that provides clarity to industry is required.

In addition to domestic regulation, the Australian Government has an important role to play in the setting of international standards, including the development and use of consistent terminology. Given the borderless nature of the crypto ecosystem, it is critical that Australia participates in and contributes to international policy developments, and seeks to align its approach as best as possible with other jurisdictions.

  1. What are your views on potential safeguards for consumers and investors?

As set in our previous submission, we support incorporating crypto regulation into the existing financial services regulatory regime (or a new version of the financial services components of the Corporations Act, depending on the outcome of the Australian Law Reform Commission Review). Recently, we have seen this done successfully for claims handling and settling services[7] and superannuation trustee services in the Corporations Act.[8]

The Corporations Act’s Chapter 7 includes a number of licensing regimes.  One relevant regime is the Australian Financial Services Licensing (AFSL) regime, which is triggered when particular elements are present:

  1. A person carries on a financial services business; and[9]
  2. provides a financial service (such as financial product advice[10], dealing (including issuing)[11], or making a market[12] for a financial product or operating a registered scheme[13]);
  3. with respect to a specifically defined financial product (such as securities[14]) or a generally defined financial product (such as a facility through which a person makes non-cash payments[15]). Crypto regulation could be applied, at least in most intermediated token systems, in a similar way to ensure that both the token and the token system are captured or excluded, depending on their characteristics and functions. This is demonstrated using the ‘fruit, tree, orchard’ analogy below:[16]

 Fruit Tree

Orchard growers

Current Regime Financial product (eg. A security)


Financial Service (eg. Advising, dealing, making a market) Person carrying on a financial service
Varied Regime What Treasury calls crypto tokens that would constitute financial products. Advising, dealing, making a market or providing a custodial or depository service in a crypto token that would constitute a financial product – including much of what Treasury calls a “function”. Additionally, a new financial service could be created such as making a market or providing some other financial service with respect to a crypto token that is not a financial product. A person (in the case of a centralised or permissioned blockchain) or a DAO or similar autonomous organisation (in the case of a decentralised or permissionless blockchain)

By ensuring regulation applies to both the token and the token system, the provision of financial advice in relation to a regulated token would be covered as well as the service of making a market for the token (and other relevant services).

By incorporating crypto regulation into the existing financial services regulatory regime, this ensures that key consumer protections, such as licensing, general conduct obligations, disclosure requirements, and client money provisions would apply. The Corporations Act in particular is a flexible regime, where it is possible to ‘turn on and turn off’ different obligations depending on the consumer protections required for the financial services or products being provided. This could be determined through further consultation with stakeholders.

However, regulating decentralised or permissionless token systems (including DAOs) that do not involve promises, intermediaries and agents presents a complex challenge for policymakers, as recognised in the Consultation Paper.[17] We support the legal recognition of these systems, but acknowledge that this requires significant additional resources for policymakers and regulators to acquire a full understanding of the technology in order for effective and appropriate regulation to be developed and enforced.  In our view, token mapping will be ineffective if the “person” is not defined and given clear regulatory status.  This will involve:

  1. Considering other jurisdictions, including the Coala model law[18]
  2. Setting minimum code requirements benchmarked against international standards
  3. Considering how to impose responsibility where a DAO acts illegally. For example, imposing an officer[19]-like definition on natural persons in certain situations.

We are also aware of widespread concern amongst crypto asset service providers (such as AUSTRAC-registered digital currency exchanges) that if crypto assets and crypto networks (or the functions that they enable) are regulated under Chapter 7 as financial products, then order-matching software will meet the definition of operating a financial market’[20] and trigger an Australian Market Licence obligation.  We agree that consumers need adequate safeguards and protections – and that markets should be stable and efficient.  However, we think a “similar activity, similar risk, specialised regulation, same outcome” approach makes it clear that a specialised solution is required.  So, if Chapter 7 is used to regulate crypto asset service providers, an exemption to the Australian Market Licence regime is necessary[21], and a new set of obligations are required.  They could be included as a new financial service (similar to the crowd-funding service[22] regime), and existing obligations including general obligations[23] and many parts of Part 7.10 (Market misconduct and other prohibited conduct relating to financial products and financial services) of Chapter 7 could apply, by way of example.   Similarly, if the software provides an “over the counter” style matching service, there is concern that this would trigger the need for make a market obligations.   Crypto asset providers should have a specialised set of obligations if they operate market making platforms.  The same logic applies to providers of crypto asset custodial or depository services – they require specialised obligations.

  1. The concept of ‘exclusive use or control’ of public data is a key distinguishing feature between crypto tokens/crypto networks and other data records.

              a.  How do you think the concepts could be used in a general definition of crypto token and crypto network for the purposes of future legislation?

We agree with the submission from BADAS*L that the concept of ‘exclusive use or control’ is flawed for the purposes of defining crypto tokens and crypto networks. In the absence of a digital identity framework or any way of verifying a person’s identity at the time of holding tokens or making a transaction, it would be almost impossible to determine exclusive use or control. People can also share their private key with another person. While passcode security requirements, similar to those in the E-Payments Code,[24] could be applied to limit crypto service providers’ liability for client losses, it is not appropriate concept for defining crypto tokens and crypto networks themselves.

  1. This paper sets out some reasons for why a bespoke ‘crypto asset’ taxonomy may have minimal regulatory value.

            b. What are your views on the creation of a standalone regulatory framework that relies on a bespoke taxonomy?

We do not support a standalone regulatory framework for regulating the crypto ecosystem. As set out in our previous submission, we believe that we should learn from our experience with regulating consumer credit, whereby the NCCP Act was created separate to the financial services regime. Many financial services businesses now hold both an ACL and AFSL. These businesses must comply with both the credit and financial services regulatory regimes in addition to the ASIC Act and AML/CTF Act. Significant reforms to the NCCP Act, such as recent changes to breach reporting obligations, have now aligned the consumer credit regulatory regime in many respects with the Corporations Act to address inconsistencies. It seems that a separate crypto regime could see the same outcomes, and result in some businesses holding three separate licences.

Our previous submission also included several examples where conflicting definitions and terminology could create significant regulatory confusion between regimes. We note in the Consultation Paper that a ‘crypto asset’ is defined as a ‘token system’.[25] In our view, using the word ‘asset’ to refer to a system is counterintuitive as it is at odds with the ordinary meaning of an asset.   Also, it is the equivalent of defining a “fruit” as a “tree” in the example used on page 4.

         c. In the absence of a bespoke taxonomy, what are your views on how to provide regulatory certainty to individuals and businesses using crypto networks and crypto assets in a non-financial manner?

 In our view, applying the ‘functional perimeter’ using the definition of a ‘facility’ and a modified DAO-friendly definition of “carries on a…business[26]” would help exclude most individuals and businesses that use crypto networks and crypto assets in a non-financial manner. ASIC should also be empowered to provide exemptions where necessary.

Clarity, precision, and unambiguity should be key priorities for legislative drafters. This does not mean legislation needs to be overly prescriptive. Principles-based financial services laws, such as the requirement to manage conflicts of interest, have been a long-standing feature of the current regulatory regime.

We strongly support examples of popular crypto assets and crypto networks being included in the Explanatory Memorandum for any legislation as examples of what is intended to be inside and outside of the regulatory perimeter. Similarly, it would be useful for ASIC regulatory guidance to include examples that provide clarity about the regulator’s views on the application of any new legislation, including a list of popular crypto assets and crypto networks.

It will be critical that stakeholders are given sufficient opportunity to consider and respond to draft legislation when it released for consultation given the legal complexities involved.

Please contact [email protected] if you have any questions or wish to discuss our submission.

Would you like to know more?

Contact Us Our Expert Team Our Training

Yours sincerely,

Holley Nethercote Lawyers


[1] Our previous submission is available here: https://www.hnlaw.com.au/wp-content/uploads/2019/08/Holley-Nethercote-CASSPr-submission-2022.pdf
[2] Such as the Corporations Act 2001 (Corporations Act), Australian Securities and Investments Commission Act 2001 (ASIC Act), National Consumer Credit Protection Act 2009 (NCCP Act) and Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act).
[3] Taking a “same activity, same risk, same outcome” approach is popular amongst traditional finance experts. Whilst it may work when considering some crypto products (like a crypto-based perpetual futures contract which is very much like a traditional derivative product and probably deserves similar regulation, it doesn’t work when considering how to regulate aspects of decentralised finance (DeFi) protocols: https://www.fsb.org/2022/10/regulation-supervision-and-oversight-of-crypto-asset-activities-and-markets-consultative-report/
[4] A DAO is “a crypto network-based system that enables people to coordinate and self-govern according to smart contract rules published on a public crypto network” – The Treasury, Token Mapping Consultation Paper p 47: https://treasury.gov.au/sites/default/files/2023-02/c2023-341659-cp.pdf
[5] https://www.idaxa.org/.  IDAXA represents some of the world’s largest crypto asset service providers, as well as many of the world’s in-country crypto asset industry bodies who in turn represent crypto asset service providers.
[6] https://www.hnhub.com.au/hn-hub-home/
[7] Corporations Act s766A(1)(eb).
[8] Corporations Act s766A(1)(ec).
[9] Corporations Act s911A(1)
[10] Corporations Act, s766B
[11] Corporations Act, s766C
[12] Corporations Act, s766D
[13] Corporations Act s766A(1)(d)
[14] Corporations Act s764A(1)(a)
[15] Corporations Act s763D
[16] We agree with Joni Pirovich’s wider use of this analogy in her BADAS*L submission p. 4
[17] The Treasury, Token Mapping Consultation paper, page 11.
[18] chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://coala.global/wp-content/uploads/2022/03/DAO-Model-Law.pdf
[19] Corporations Act, s9
[20] Corporations Act, s767A
[21] Exemptions are not uncommon.  See here for a list of exemptions: https://asic.gov.au/regulatory-resources/markets/market-structure/licensed-and-exempt-markets/exempt-markets/
[22] Corporations Act, s766F
[23] Corporations Act, s912A
[24] E-Payments Code 2022, clause 12: https://download.asic.gov.au/media/lloeicwb/epayments-code-published-02-june-2022.pdf
[25] The Treasury, Token Mapping Consultation Paper, page 16.
[26] Corporations Act, 911A(1)