29 July 2026: The AUSTRAC Deadline Every Digital Currency Exchange Cannot Miss | VASP Australia 2026
If you run a crypto business in Australia, there is a date you need on the wall: 29 July 2026. But the most dangerous misconception about it is the one that feels like good news — "I'm an existing DCE, AUSTRAC rolled me over to VASP automatically, so I'm fine." Automatic rollover is real. It is also a trap. It moves your label; it does not make you compliant.
This is a plain-English explainer of what the deadline actually requires and where the genuine exposure sits. It is general information for crypto businesses, not legal advice.
First, the terminology shift
The reforms retire the old language. "Digital currency exchange (DCE)" is gone; you are now a virtual asset service provider (VASP), and "virtual asset" is deliberately broader than "digital currency." The net now catches activities that previously sat outside it — crypto-to-crypto exchange, virtual asset safekeeping (custody), and accepting instructions to transfer virtual assets on a customer's behalf — not just fiat-to-crypto.
This terminology shift matters practically: it determines whether you need to enrol, what services you need to register for, and which parts of the reformed AML/CTF framework apply to you.
Two situations — know which one you are in
You were a registered DCE before 31 March 2026. You were automatically registered as a VASP from 31 March 2026. You do not re-register, and if you were already enrolled you do not re-enrol. But "automatic" stops there. You still must:
- Update your enrolment information to reflect your VASP status and the new details the reformed Rules require. AUSTRAC asked existing providers to update enrolment details on AUSTRAC Online by 29 July 2026.
- Notify AUSTRAC of your AML/CTF Compliance Officer — existing reporting entities were given until 30 May 2026 to do this.
- Uplift your AML/CTF Program and switch on the new obligations, including the Travel Rule for virtual asset transfers, which applies from 1 July 2026.
You are a newly captured crypto business — for example, a crypto-to-crypto exchange, a custody provider, or a transferor that was not a fiat-to-crypto DCE. For you, 29 July is a hard line: you must enrol and apply to register with AUSTRAC by 29 July 2026. Once the deadline passes, providing registrable virtual asset services without registration is a criminal offence. Your AML/CTF obligations apply from 1 July 2026 — from the moment you provide the service, not from when you finish your paperwork.
Why "we will deal with it after the deadline" fails
Enrolment and registration are the visible step. The work behind them is what takes time: confirming beneficial ownership of the business, getting your Compliance Officer formally appointed and resourced, standing up your ML/TF Risk Assessment and AML/CTF Policies, and building Travel Rule capability — collecting and transmitting originator and beneficiary information, and conducting due diligence on counterparty VASPs.
None of that happens in the last week of July. AUSTRAC has been explicit that it expects reporting entities to be genuinely operational, not just enrolled. An entity that enrols on 29 July with nothing behind it has missed the point of the reform.
- Beneficial ownership confirmation can take weeks if your structure involves offshore entities or multiple layers.
- A Travel Rule implementation requires vendor selection, technical integration and counterparty-VASP onboarding — not a one-week job.
- An ML/TF Risk Assessment tailored to crypto-specific risks (self-hosted wallets, cross-chain activity, DeFi, sanctions jurisdictions) takes time to do well.
- A generic, recycled program is worse than nothing if it tells AUSTRAC you did not take the exercise seriously.
The AUSTRAC deadline is only the first transition
And it is not the only regulatory transition your crypto business faces. The Digital Assets Framework Act 2026 (Royal Assent April 2026) will require VASPs operating as Digital Asset Platforms or Token Capital Platforms to hold an Australian Financial Services Licence from April 2027. That means the compliance program you build now for AUSTRAC needs to be designed with ASIC/AFSL obligations in mind — because you will be managing both regimes simultaneously within 12 months.
AFSL applications typically take 6–12 months from lodgement to approval. If your business falls under the DAP or TCP definitions, the preparation window is effectively open now. VASPs that design their AML/CTF governance, risk management, and board reporting structures for dual-regime from day one will avoid the cost and disruption of rebuilding when AFSL obligations commence.
Where Veriqua fits
This is where a crypto business burns weeks it does not have — chasing enrolment fields, version-controlling policy documents, and trying to assemble a program from scratch. Veriqua is an Australian compliance operating system built for AUSTRAC reporting entities, with the virtual-asset sector mapped in.
Its AUSTRAC Reporting Wizard keeps your enrolment data structured and current and walks you through lodgement. The Program Documents module generates your ML/TF Risk Assessment and AML/CTF Policies from your own business data — pre-structured for the VASP sector, covering proliferation-financing risk, self-hosted wallet risk, and counterparty-VASP exposure. The compliance officer appointment is recorded with the date and person on the record, and every document is version-controlled and senior-manager approved with a single sign-off workflow. You arrive at July with evidence, not a to-do list.
Veriqua is also the only Australian compliance platform that manages both AUSTRAC AML/CTF and ASIC/AFSL obligations in a single system — so the program you build today extends naturally into your AFSL compliance framework when the Digital Assets Framework Act commences. See it in two minutes, no login: demo.veriqua.com.au/start.
Frequently Asked Questions
If I was an existing DCE, do I need to do anything before 29 July 2026?↓
What happens if a newly captured VASP misses the 29 July 2026 registration deadline?↓
What virtual asset services require VASP registration?↓
Will Australian VASPs need an AFSL as well as AUSTRAC registration?↓
Related articles
DCE → VASP: What Changes in Your AML/CTF Program on 1 July 2026
What actually shifts for crypto businesses on 1 July 2026 — the program structure, the Travel Rule, and risk-based CDD.
Is Your Crypto Business Ready? The VASP Compliance Checklist for July 2026
A scannable readiness checklist covering enrolment, CDD, Travel Rule, SMR/TTR, sanctions screening and AFSL readiness.
After the Deadline: Ongoing VASP Obligations That Define Your Audit Readiness
The ongoing compliance cadence — program review, SMR clocks, independent evaluation and board oversight.
The Dual-Regime Future: Why Australian VASPs Need to Prepare for AUSTRAC and ASIC Simultaneously
The Digital Assets Framework Act 2026 means VASPs will face both AUSTRAC and ASIC obligations from April 2027. How to build one unified compliance program.
See how Veriqua handles this
Veriqua is an Australian compliance operating system for AFSL holders and AUSTRAC reporting entities — automating AML/CTF programs, customer due diligence, transaction monitoring, SMR lodgement and board reporting.
Disclaimer: This article is general information only and is current as at July 2026. It reflects our understanding of the AML/CTF Act 2006, the AML/CTF Amendment Act 2024, the Digital Assets Framework Act 2026, and AUSTRAC and ASIC guidance as at that date, all of which may change. It is not legal, financial or compliance advice, and it is not a definitive statement of your obligations — which depend on the virtual asset services you provide, your own risk assessment, and transitional timing. Please confirm your position against current AUSTRAC and ASIC guidance and seek advice from a qualified professional before acting.