There are a range of activities that a business might engage in in relation to digital or crypto currencies (digital currencies), such as bitcoin, in Australia. A business could be using a digital currency as a form of financing (such as through an Initial Coin Offering or ‘ICO’), providing a marketplace for exchange of the currency, or providing ancillary services (such as payment systems).
By Dr Drew Donnelly, Law Quarter.
This document sets out the regulatory framework for digital currency in Australia which involves a patchwork of different laws. It also sets out remedy and enforcement options that may be available to consumers who have suffered a loss through the purchase of digital currency.
The Reserve Bank of Australia (RBA) regulates the payments system in Australia through the Payment Systems (Regulation) Act 1998 (PSR Act). A payments system is a ‘funds transfer system that facilitates the circulation of money, and includes any instruments and procedures that relate to the system’ (section 7, PSR Act). The RBA’s approach is to regulate only where necessary with respect to competition, efficiency or risk to the financial system. Thus far, the RBA does not consider this threshold for intervention to be met, and thus does not regulate digital currency.
The Australian Securities and Investments Commission (ASIC) does not consider digital currencies to fall within the legal definition of ‘financial product’ under the Corporations Act 2001 (Corporations Act) or the Australian Securities and Investments Commission Act 2001 (ASIC Act).Broadly, this is because a financial product is defined through those Acts as a facility through which a person makes a financial investment, manages financial risk or makes a non-cash payment. Digital currency is not one of these things, nor is it a specifically regulated financial product such as a foreign exchange contract. This means that a person or business does not provide financial services, or a financial market, when they operate a trading platform, provide advice or arrange for the purchase and sale of digital currencies. Consequently, trading platforms are not required to hold an Australian Market Licence (AML) or an Australian Financial Services (AFS) licence, nor comply with associated obligations such as providing Product Disclosure Statements.
However, a business which deals in digital currencies, may be regulated by ASIC if it engages in related activities that do involve financial products. For example, a digital currency is not classified as a non-cash payment facility as it does not automatically confer a right of use as a payment method, nor as exchange for cash. However, if a business did provide such a payment service, it may be regulated by ASIC. Or, if the business facilitates contracts for the purchase and sale of digital currency that do not settle immediately, this may be classified as a derivative (a regulated financial product), and also be regulated by ASIC.
While protections that apply to general financial products do not apply to digital currencies, the general consumer protection provisions of the Competition and Consumer Act 2010, including the Australian Consumer Law (ACL), do apply. This means, for example, that any digital currency business must provide services with due care and skill (clause 60), that are fit for purpose (clause 61), that do not involve unfair contractual terms (clause 23), and do not involve unconscionable or misleading conduct (clauses 20 and 18).
There are a range of enforcement actions that may apply and remedies that may be available in the case of breach of the consumer law including court action by regulators, penalties, injunctions and compensatory damages (see chapter 5, ACL).
A business that engages in an initial coin offering (ICO), may also, depending on the circumstances, have obligations under the Corporations Act and be regulated by ASIC. An ICO is a form of fundraising, which operates by allowing investors to use digital currency to purchase coins via the internet for a set period of time. The ICOs are often global offerings which can be created anonymously and/or accepted anonymously.
Depending on the way in which the ICO is structured, it could be a managed investment scheme (MIS), an offer of shares, an offer of derivatives or a non-cash payment facility. In all such cases, obligations under the Corporations Act apply which may include disclosure, registration and licensing.
For more information see http://asic.gov.au/regulatory-resources/digital-transformation/initial-coin-offerings/.
The Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2017, which recently passed through the houses of parliament (and will shortly become law), means that, digital currency exchange providers will now be required to:
- enrol and register on the Digital Currency Exchange Register maintained by the Australian Transaction Reports and Analysis Centre (AUSTRAC) and provide prescribed registration details;
- adopt and maintain an Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) program to identify, mitigate and manage the risks they may face;
- identify and verify the identities of their customers;
- report suspicious matters and transactions involving physical currency that exceed $10,000 or more (or foreign equivalent) to AUSTRAC, and
- keep certain records related to transactions, customer identification and their AML/CTF program for seven years.
The view of the Australian Tax Office (ATO) is that transaction with bitcoin (and presumably other digital currencies) is similar to a barter arrangement, with similar tax consequences. ATO considers that bitcoin is neither money nor a foreign currency, and the supply of bitcoin is not a financial supply for goods and services tax (GST) purposes. Bitcoin is, however, an asset for capital gains tax (CGT) purposes. See https://www.ato.gov.au/General/Gen/Tax-treatment-of-crypto-currencies-in-Australia—specifically-bitcoin/, for further information.
The Privacy Act 1988 concerns the use and protection of personal information. This will apply to many digital currency businesses in Australia (in general, those with a turnover of more than three million). Through the Australian Privacy Principles (APPs), this can place a range of obligations on a digital currency business. For example, AAP 11.1 provides that an entity that holds personal information must take reasonable steps to protect the information from misuse, interference and loss, as well as unauthorised access, modification or disclosure.
Various areas of the common law will also apply for those engaged in activities related to digital currencies, including:
- Misrepresentation: This might apply, for example, if a consumer considers that misrepresentations have been made which induced them to enter into a foreign currency transaction;
- Unconscionable conduct. This might occur, for example, where the consumer considers that the business has taken advantage of some weakness in the consumer in order to facilitate the transaction;
- Tort: This might occur, for example, if an individual thinks that they have lost digital currency due to a digital currency business breaching its duty of care.
In many cases, common law protections are similar (though not identical) to protections available under the ACL.
Digital currency businesses can seek certification by the Australian Digital Commerce Association (ACDA). Such certification means they are subject to a code of conduct, compliance with which must be independently audited. Obligations under that code of conduct include being subject to best practice standards around reputation and general conduct, extensive consumer protections and AML/CTF programs (see http://adca.asn.au/home-2/code-of-conduct/). Failure to meet these obligations may mean that certification is revoked.
If a consumer considers that they have suffered a loss through the purchase of digital currency, there are several options for recourse that may be available to them, depending on the circumstances. Regardless of the complaint, the initial step for most consumers is to complain directly to the business to try and seek a solution.
The consumer should also consider whether the business is certified by the Australian Digital Currency Association. If so, the Industry Code of Conduct applies which includes an extensive list of consumer protections (see http://adca.asn.au/home-2/code-of-conduct/). This certification also means that the consumer must have access to an external dispute resolution scheme.
If a consumer is dissatisfied with the response of the digital currency business, whether or not that business is certified by ACDA, they should check on the relevant website whether that business is subject to an external dispute resolution scheme (such as the Financial Ombudsman Serviceor the Credit and Investments Ombudsman), and if so, make a complaint to that body.
In the case of a breach of the ACL, such as where a consumer considers that a person or business has been deceptive about the benefits of purchasing a digital currency, the consumer could consider:
- Lodging a complaint with the relevant state or territory consumer protection agency such as NSW Fair Trading in the case of a contract governed by New South Wales law. NSW Fair Trading may assist in resolving the issue and/or may take an enforcement action against the business in question. Note, however, that even where a consumer protection agency wishes to take action, this may not result in compensating the consumer;
- Making a consumer complaint to a tribunal in the consumer’s state or territory such as the Queensland Civil and Administrative Tribunal (QCAT) (see http://www.ncat.nsw.gov.au/Pages/cc/Divisions/consumer_claims.aspx) or NSW Civil and Administrative Tribunal (NCAT) (see http://www.ncat.nsw.gov.au/Pages/cc/Divisions/consumer_claims.aspx). For example, an application can be made to NCAT for disputes involve values of up to $40,000. NCAT can make orders that money be paid to compensate losses.
- If the consumer considers that the business may be offering a financial product they could consider making a complaint to the ASIC.
- If the consumer wishes to do so they could also take a civil claim to court. This could be for a breach of the ACL, but also for other causes of action such as negligence or misrepresentation. A consumer may wish to do so, for example, where they are seeking an amount greater than that available in a tribunal, or a remedy only available in a court (such as the equitable remedy of ‘specific performance’). Note, court action might be considerably more expensive than making an application to a civil tribunal.
- If the consumer considers that a business has breached its obligations under the Privacy Act 1988, the consumer could consider complaining to the Office of the Australian Information Commissioner (OAIC). OIAC can determine that compensation must be paid, or take civil action against a business for breach of the Privacy Act 1988.
 RBA, Submission to the Inquiry into Digital Currency, p10.
 Senate Economic References Committee, Digital currency—game changer or bit player, p8.
 See ASIC, Senate inquiry into digital currency:Submission by the Australian Securities and Investments Commission, p12.