What Is an STO? Security Token Offerings and Australian Law

If you’re exploring new ways to raise capital for your startup or SME, you may have come across the term STO (Security Token Offering) and wondered what it actually means.

An STO (Security Token Offering) is one of the newer fundraising models in the market - and it sits right at the intersection of “traditional” securities law and blockchain technology. For founders, it can look attractive because it promises faster capital raising, access to a broader investor base, and the possibility of more automated compliance and administration.

But an STO isn’t a shortcut around the law. In Australia, if your token is a “financial product” (and many security tokens are), the usual rules around fundraising, disclosure, licensing and investor protections can still apply - and the outcome is highly fact-dependent.

Below, we’ll break down what an STO is in plain English, how it’s typically structured, and what Australian startups and SMEs should think about before launching one.

What Is an STO (And How Is It Different From Other Token Sales)?

At a high level, an STO is a fundraising event where a business offers security tokens to investors in exchange for money (often AUD, stablecoins, or cryptocurrency).

A security token is a digital token (often issued on a blockchain) that represents an interest that looks a lot like a traditional security. Depending on the structure, that token might represent:

• an equity-like interest (similar to shares)
• a debt-like interest (similar to a loan or bond)
• a right to revenue share or distributions
• exposure to an underlying asset (for example, a pool of receivables or other real-world assets)

So, when people ask “what is an STO?”, the key point is this: it’s a token offering where the token is treated as a security (or financial product), not just a “utility” token.

STO vs ICO vs “Utility Token” Offerings

In practice, the market has used a few labels:

• ICO (Initial Coin Offering): historically used for early token raises, often with less clarity around whether the token was a security.
• Utility token offering: a token sold primarily for access to a product/service (for example, a token you must use inside a platform).
• STO: a token offering that is deliberately structured with securities/financial products compliance in mind.

In Australia, the label is less important than the legal substance. If what you’re offering meets the legal definition of a financial product, calling it a “utility token” won’t change the compliance obligations.

How Does an STO Work in Practice?

While every project is different, most STOs follow a similar commercial path. Thinking about it as a “fundraising workflow” can help you plan the legal pieces early (instead of scrambling right before launch).

1. You Decide What Investors Are Actually Getting

This is the commercial core of your STO. Your token economics need to be very clear, including:

• what rights attach to the token (voting, distributions, redemption, conversion, etc.)
• how returns are generated (profit share, interest, buybacks, etc.)
• what happens on exit events (acquisition, winding up, insolvency)
• transferability rules (can investors sell, when, and to whom?)

From a legal perspective, these rights will heavily influence whether the token is regulated as a financial product and what fundraising pathway you can use.

2. You Choose the Issuer and the Legal Structure

Some businesses issue tokens directly from their operating company. Others create a dedicated issuing vehicle (sometimes for risk, governance, or investor clarity).

This is also where your existing company governance matters. If you have (or plan to adopt) a Company Constitution, you’ll want to ensure it doesn’t conflict with the token-holder rights you’re proposing.

If you already have multiple founders or investors, it’s also common to align the STO structure with an existing Shareholders Agreement, so decision-making, veto rights, and future funding rounds don’t become messy.

3. You Draft the Offering Terms and Investor Materials

Even if your STO is “on-chain,” your key promises to investors will almost always be documented off-chain too - in a set of offering terms, and often a formal information pack.

This is where clear contract drafting is critical. In Australian contract law, the basics of offer and acceptance still matter - even if acceptance happens by clicking a button or sending crypto to a wallet address.

4. You Build Compliance Controls Into the Process

Depending on the structure, you may need controls around:

• who can invest (for example, wholesale/sophisticated investors only)
• marketing restrictions (what you can and can’t say publicly)
• identity verification and screening
• transfer restrictions (to avoid secondary sales to ineligible investors)

This is one reason STOs can be more complex than they first appear: the technology is only one part - the compliance workflow is often the real project.

Is An STO Legal In Australia? The Key Regulatory Issues You Need To Think About

In Australia, STOs can be legal - but the right answer depends on your token design, your investor audience, and how you market and distribute the tokens.

There isn’t one single “STO law.” Instead, STOs can touch multiple regimes, including corporate fundraising rules, financial services laws, consumer law, and privacy obligations.

1. Is Your Token a “Financial Product”?

This is usually the first (and biggest) legal question.

If a token gives investors rights that look like shares, debentures, interests in a managed investment scheme, or derivatives-like exposure, it may be regulated under the Corporations Act framework for financial products.

When a token is a financial product, you may need to consider things like:

• what disclosure documents are required (if any)
• whether you can rely on an exemption
• whether the issuer, an exchange/platform, or another intermediary needs an Australian Financial Services Licence (AFSL)
• how you manage ongoing reporting and conduct obligations

The “financial product” analysis is technical, and it’s often worth getting advice early - because small changes in token rights can materially change your compliance pathway.

2. Wholesale vs Retail Investors (And Why It Matters)

Many STO concepts assume you can sell to anyone globally. In reality, Australian fundraising rules draw a major line between:

• wholesale investors (who generally receive fewer regulatory protections), and
• retail investors (who generally require more disclosure and protections).

If your STO is open to retail investors, your compliance burden can increase significantly. For example, depending on the structure, you may need a Product Disclosure Statement (PDS) and to comply with Design and Distribution Obligations (DDO) - including having a target market determination and distribution controls. You may also need to consider ASIC’s product intervention powers where a token offering is considered to create significant consumer detriment.

If you’re limiting the offer to wholesale investors, you’ll still need a robust process to verify investor status and to prevent “leakage” through secondary sales.

3. Marketing And Misleading Claims

Founders often underestimate how much risk sits in the marketing layer.

Even if your legal structure is solid, you can create serious exposure if your website, pitch deck, social media posts, or community moderators make statements that are inaccurate, too promotional, or imply guaranteed returns.

This is where it helps to align your communications with a clear legal position and consistent written terms. (As a general principle, if your marketing says one thing and your token terms say another, you’re setting yourself up for disputes.)

4. AML/CTF And Identity Checks

Depending on how you structure the raise, what services you provide, and which service providers you use, you may need to consider Australia’s anti-money laundering and counter-terrorism financing (AML/CTF) regime.

AML/CTF obligations don’t automatically apply to every STO. They generally arise where you (or your providers) are providing designated services (for example, operating an exchange between fiat and digital currency, or certain custody/payment services) and are therefore a “reporting entity” with obligations like KYC/CTF programs and reporting. Even where you’re not directly regulated, investors, exchanges, banks, and enterprise partners will often expect reasonable identity and screening controls.

5. Data And Privacy Compliance

Most STOs collect personal information (names, emails, ID documents, wallet addresses, transaction data, residency details). That means privacy compliance can quickly become part of your risk profile.

If you’re collecting personal information, having a properly drafted Privacy Policy is a practical baseline - and it should match what you’re actually doing with data (including where data is stored, and who you share it with).

How Should Startups And SMEs Structure An STO? A Practical Checklist

If you’re thinking about launching an STO, it helps to approach it like any other serious capital raise: clarify the commercial objective, pick the right legal mechanism, then build the technology around it (not the other way around).

Step 1: Get Clear On Your Fundraising Goal

Before you commit to the STO path, ask:

• Are you raising growth capital, bridging runway, or funding an asset pool?
• Do you want investors to receive upside, yield, or governance rights?
• Do you need ongoing access to investors for follow-on rounds?
• Is investor liquidity (secondary trading) a key selling point, or a distraction?

This helps you choose between tokenised equity, tokenised debt, revenue share models, or a more conventional funding instrument.

Step 2: Consider Whether Traditional Funding Instruments Are Simpler

Sometimes, a token isn’t the best first step - particularly if you’re pre-product, pre-revenue, or still validating your compliance position.

Depending on your stage, you may consider more familiar fundraising tools like a Convertible Note or a SAFE note, then tokenise later when you have stronger traction (and more budget for legal and technical implementation).

It’s also common to start negotiations with a Term Sheet to get alignment on the key commercial points before spending heavily on documents and build.

Step 3: Map The “Token Rights” Back To Real Legal Rights

One practical way to avoid confusion is to treat your token like a wrapper around rights that can exist in ordinary legal form.

For example:

• If the token represents a right to dividends or profit distributions, what contract or corporate mechanism enforces that right?
• If the token includes a buyback feature, what triggers it, who funds it, and what discretion exists?
• If you promise governance or voting, how does that interact with company law and existing shareholder rights?

This “legal reality check” is often where token projects tighten up (and where problems are caught early).

Step 4: Design Your Compliance And Admin Workflows Early

STOs can reduce some admin, but only if you design for compliance from day one. That includes:

• investor onboarding criteria and verification
• what happens if an investor is later found to be ineligible
• refund/reversal processes (where possible)
• record-keeping and reporting (including token holder registers and communications)

In a regulated context, these workflows are not “nice to have” - they’re part of how you demonstrate you’re acting properly and consistently.

What Legal Documents Do You Usually Need For An STO?

There’s no universal document pack for every STO, but most Australian startups and SMEs will need a combination of offering terms, governance documents, and agreements with service providers.

Here are the documents we commonly see as building blocks.

Core Documents For The Offer

• Token Terms / Offering Terms: sets out the token holder rights, restrictions, transfer rules, and key risk disclosures.
• Subscription Agreement: documents the investor’s purchase, eligibility representations, and acknowledgements (and can be important if you’re relying on exemptions).
• Risk Disclosure Statements: a practical way to ensure key risks are clearly communicated, especially given volatility and technology risks.

Company And Governance Documents

• Company Constitution: often needs to align with any token-holder governance mechanics, especially if the token resembles equity (this is where a Company Constitution can be critical).
• Shareholders Agreement: if you already have investors or co-founders, it’s important your token raise doesn’t unintentionally breach existing rights (a Shareholders Agreement is often the document that governs this).

Technology And Service Provider Agreements

• Platform / Development Agreements: if you’re using external developers or a token issuance platform, you’ll want clear deliverables, IP ownership, warranties, and liability allocation.
• Custody / Exchange / Registrar Arrangements: where relevant, agreements that cover record-keeping, transfers, and token-holder servicing.

Privacy And Customer-Facing Policies

• Privacy Policy: where you’re collecting and using investor personal data, a properly drafted Privacy Policy is a baseline protection for you and transparency for investors.

Not every STO needs every document above, and the order you prepare them in matters. But having a clear “document map” early can save you time, cost, and reputational risk later.

Key Takeaways

• What is an STO? An STO (Security Token Offering) is a fundraising method where you issue security tokens that typically resemble regulated securities or other financial products.
• In Australia, the legal label matters less than the substance - if the token is a financial product, you may need to consider disclosure rules (including PDS/DDO for retail offers), licensing (often involving an AFSL holder), and investor protections.
• Most STO risk sits in the details: token rights, marketing statements, investor eligibility controls, and how transfers are managed.
• It’s often smart to sanity-check whether a more traditional funding path (like a convertible note or SAFE) better fits your stage before committing to tokenisation.
• Strong documentation (offering terms, subscription agreements, governance alignment, and privacy compliance) can help you raise capital with more confidence and fewer disputes.

This article is general information only and is not legal, financial or tax advice. STOs are highly fact-dependent, and you should get advice on your specific structure (including tax treatment from a qualified accountant) before launching or marketing an offer.

If you’d like a consultation on structuring an STO or raising capital for your startup, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.