In 2025 the ATO released updated guidance to trustees on the considerations for when a fund invests in Crypto assets.
When investing in cryptocurrency a trustee is responsible for being aware of potential risks associated with this investment. The ATO guidance highlights that that some SMSFs investments have been lost due to:
► Theft
► Misplaced passwords
► Fraudulent schemes.
Due to this heightened risk the ATO has provided guidance to trustees such as:
► Check to ensure the platform is legitimate and secure before transacting; and
► Protection and storage of wallets and passwords.
Trustee Responsibility
Trustees are required to support crypto asset investments and provide this information to the auditor.
The trustee must:
► Hold crypto assets and transact in a separate account or storage to crypto assets held personally.
► Maintain complete records of all crypto assets and transactions including transfers between platforms and storage wallets.
► Provide this documentation to the auditor.
The trustees are responsible for considering the risks attached to an investment in Cryptocurrency. This includes:
► The nature of the cryptocurrency held,
► The investment platform or other form utilised to invest
► The storage method the asset
The trustee must acknowledge and understand the asset class.
The trustees must also ensure that the investment is considered within the investment strategy having regard to:
► The fund’s specific circumstances
► Requirements of R 4.09 of SISR.
Trustee Governance Considerations
The trustees are responsible for the governance of an SMSF.
As part of this responsibility the trustees may have extended control environment considerations than those that are considered for audit assertions including:
► Digital security arrangements
► Safe custody controls over cryptocurrency assets
► Governance matters relating to cryptocurrency platform or other storage solution.
The Auditors Role
The SMSF auditor’s role is to consider the evidence provided by the trustee and whether this is sufficient and appropriate to support:
► Crypto transactions during the financial year
► Assets recorded at year end.
The key audit assertions include:
► Rights and obligations
► Existence
► Accuracy, occurrence and completeness of transactions for the year.
Cryptocurrency via Platform provider
Where transactions occur and/or assets are held on a crypto platform and the assets are held by the platform provider or under a platform sub-custodian arrangement.
► The Auditor is required to obtain an audit opinion report over the control environment from the platform provider.
Control reports are not always available, contributed by:
► The reports not being required by legislation; or
► The reports not always available at the retail level; or
► Are only made available to investors on the Crypto platform.
Where these reports are not available and the crypto assets or transactions are material to the fund the auditor may be unable to evidence the audit assertions. In these circumstances the auditor is required to issue a qualified audit report.
Cryptocurrency held in a Wallet
Different audit considerations apply to gathering audit evidence to support the audit assertions where cryptocurrency is held in a wallet, rather than via platform provider.
Storage wallets are commonly referred to as:
► Hot Wallet – An on-line wallet storage product
► Cold Wallet – An off-line wallet storage product
These storage products may not provide sufficient audit evidence to support the audit assertions due to:
► The fund beneficial ownership of the wallet is unable to be recorded in these products: an acknowledgement of trust may support beneficial ownership by the fund.
On-line Wallet ID & Blockchain website details are required by the auditor to support the:
► existence of the crypto assets and the
► accuracy, occurrence & completeness of transactions for the year.
Audit Evidence gathering issues
The following audit evidence gathering issues may arise:
► The trustee for security reasons may not provide access
► The wallet may not provide all information required
► The wallet is usually accessed post year end by the auditor, and the auditor may be unable to access a statement for the year of audit
For an off-line Wallet, a screenshot of the wallet may be provided by the trustee to support:
► existence
► accuracy, occurrence & completeness of transaction for the year
However:
► The wallet may not provide all information required
► The wallet is usually accessed post year end by the trustee, and the
► The trustee may be unable to access a statement for the year of audit
For wallets, where any of these circumstances arise an auditor may be unable to evidence the audit assertions. In these circumstances the auditor is required to issue a qualified audit report.
If you are not sure that you have relevant or sufficient information to support your crypto assets, please don’t hesitate to reach out. We’re here to work with you, so that you gather documentation effectively, to support the ATO guidance and you are audit ready.
Sign up now to our Evolv Insights Newsletter to receive our latest updates direct to your inbox.
Back to Insights