Alex is Sprintlaw's co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
- What Is An STO (Security Token Offering)?
- Are STOs Legal In Australia?
The Key Legal And Compliance Issues To Think About Before You Launch
- Is Your Token A Financial Product?
- Do You Need Disclosure Documents Or Can You Use An Exemption?
- Will You Trigger AFSL Issues?
- AML/CTF And KYC: Don’t Treat This As Optional
- Marketing, Statements About Returns, And Misleading Conduct
- Data, Privacy, And Investor Onboarding
- Jurisdictions, Geofencing, And Secondary Trading
- What Documents Do Australian Businesses Usually Need For An STO?
- Key Takeaways
If you’re a startup founder or small business owner exploring new ways to raise capital, you’ve probably come across the term “STO” in the same breath as blockchain, tokenisation, and digital assets.
It can sound exciting (and it can be), but it can also feel like a legal minefield - especially in Australia, where fundraising is closely regulated, and “innovative tech” doesn’t automatically mean “unregulated”.
In this guide, we’ll unpack what an STO is (a Security Token Offering), then walk through how STOs work in practice, what the Australian legal and compliance issues usually are, and what you can do to set your business up properly before you speak to investors.
What Is An STO (Security Token Offering)?
An STO is a Security Token Offering. In simple terms, it’s a fundraising method where you issue digital tokens (usually on a blockchain) that represent investor rights that look and behave like “traditional securities”.
In the most practical sense, an STO is often the tokenised version of something investors already understand, such as:
- Shares or equity-like interests (eg rights linked to ownership, voting, dividends, or future upside)
- Debt instruments (eg a token that represents a loan with interest and repayment terms)
- Interests in a fund or pool (eg where funds are pooled and managed for investors)
- Revenue share or profit share rights (depending on the structure and what investors are promised)
Unlike “utility tokens” (which are usually positioned as access to a product or service), security tokens are typically promoted and structured as an investment - meaning they often trigger financial services laws.
That’s why STOs are sometimes described as “more compliant” token offerings: the concept is to work on the basis that the token is likely a security/financial product and design the offering around the legal requirements, rather than assuming the technology avoids regulation.
How Does An STO Work In Practice?
While every project is different, most STOs follow a similar flow:
1) You Decide What The Token Represents
This is the starting point. The token might represent equity-like rights, debt-like rights, or rights to distributions based on performance or revenue.
From a legal perspective, the “rights attached to the token” matter more than the technology used to issue it.
2) You Choose The Legal Structure Behind The Token
Most STOs still rely on a standard legal structure underneath, such as:
- a company issuing tokens directly
- a special purpose vehicle (SPV) issuing tokens
- a trust or managed structure holding assets and issuing token interests
At this stage, many founders also revisit their corporate governance basics - for example, whether the business should adopt or update a Company Constitution to support the fundraising and investor rights they’re building.
3) You Prepare The Offering Terms
Investors will want to understand:
- what they’re buying
- what rights they receive
- what happens if the project doesn’t go to plan
- how transfers work (eg can they sell the token, and to whom?)
- what ongoing reporting or governance applies
Even if you’re doing an STO, investors still expect the commercial fundamentals to be clear. Often, projects start by aligning on a Term Sheet before locking in the full legal documentation.
4) You Market The Offer And Onboard Investors
This is where compliance becomes very real. The way the offer is described and distributed (including who it’s targeted at, and what is said about risk and returns) can affect how regulators view the token and the offering - and what disclosure, licensing, and conduct obligations may apply.
Onboarding usually includes identity checks (KYC), investor status checks (eg sophisticated investor processes), and acceptance mechanics.
5) You Issue Tokens And Manage Ongoing Obligations
After close, you’ll generally have ongoing obligations to tokenholders - which might include reporting, distribution calculations, governance processes, transfer restrictions, and compliance controls.
In other words, an STO isn’t just a “fundraising event”. It’s a long-term investor relationship, supported by both code and legal documents.
Are STOs Legal In Australia?
STOs can be legal in Australia, but they’re not a loophole. Whether your STO is compliant depends on how it is structured, offered, and marketed.
In Australia, the key question is often:
Is the token a “financial product” (or does it involve providing a “financial service”) under the Corporations Act?
If the token is a financial product (or the way you offer it involves financial services), you may need to consider requirements around:
- disclosure (eg a prospectus or other disclosure document, unless an exemption applies)
- Australian Financial Services Licence (AFSL) issues
- financial product distribution rules (including design and distribution obligations, depending on the product and how it’s offered)
- marketing and advertising restrictions
There isn’t a single “STO law” in Australia. Instead, STOs typically sit across existing frameworks - including corporations law, financial services regulation, and (depending on your model and how funds/transactions flow) areas like AML/CTF compliance, privacy, and consumer law.
This is one of those areas where it’s worth getting advice early - even a small change in token rights, transferability, or the investor base (including offshore investors) can significantly change your compliance burden. Many founders start these conversations as part of a broader capital raising consult, so the fundraising structure, documents, and compliance plan all match up.
The Key Legal And Compliance Issues To Think About Before You Launch
When we speak with founders exploring STOs, the legal “pressure points” tend to show up in a few predictable places.
Is Your Token A Financial Product?
This is the cornerstone question, and it depends on substance over labels. If you call it a “utility token” but you’re offering investor-style rights (or marketing it as an investment opportunity), it may still be treated as a regulated product.
Tokens that represent (or look like) shares, debentures, interests in a managed investment scheme, derivatives, or other investment rights can raise regulatory issues.
Do You Need Disclosure Documents Or Can You Use An Exemption?
In Australia, offering securities or other regulated interests to the public often requires a disclosure document (such as a prospectus), unless an exemption applies.
Some offers can rely on exemptions (for example, limited offers or certain investor categories), but these exemptions have strict requirements. If you get the exemption wrong, it can create serious legal risk.
This is why “going broad on social media” without checking the fundraising rules can quickly become a problem - even if your product is legitimate.
Will You Trigger AFSL Issues?
Depending on the offer and your role, you may be providing a “financial service” (such as dealing in a financial product, advising, or operating a managed investment scheme).
AFSL considerations are highly fact-specific. The right approach is usually to map the token’s features, the offer process, and each party’s role (issuer, platform, intermediaries, etc) and then work out what licensing or authorisations are needed.
AML/CTF And KYC: Don’t Treat This As Optional
If your STO involves handling investor onboarding and moving funds (particularly across borders, or through intermediaries like exchanges or payment providers), you should think carefully about AML/CTF risk and what checks and policies should be in place.
Whether Australia’s AML/CTF Act applies will depend on the specific activities being carried on (for example, whether a party is providing a “designated service”). Even where it doesn’t strictly apply to you, KYC is often commercially expected by serious investors and service providers.
Marketing, Statements About Returns, And Misleading Conduct
How you describe the STO matters.
If your marketing creates an impression that investors will get guaranteed returns, low risk, or “safe profits”, you can create risk under a range of laws - including misleading or deceptive conduct principles and financial product promotion rules (where relevant).
This is also where your internal team needs to be aligned. A single enthusiastic post by a founder can undermine a carefully structured fundraising exemption if it’s treated as public advertising.
Data, Privacy, And Investor Onboarding
Most STOs collect personal information (names, contact details, identification documents, wallet addresses, investor verification records).
That means you should think early about your privacy compliance position and the customer-facing documents you need, including a Privacy Policy if you’re collecting personal information through a website, platform, forms, or email processes.
Jurisdictions, Geofencing, And Secondary Trading
If you have overseas investors (or your offer materials can be accessed overseas), you may also need to consider non-Australian laws. Many STOs address this through eligibility criteria, jurisdictional disclaimers, and practical controls like geofencing.
Similarly, if you want tokens to be transferable or listed on secondary markets, plan early for how transfers will be restricted or managed to stay within your compliance settings (including investor eligibility checks and any platform/exchange requirements).
What Documents Do Australian Businesses Usually Need For An STO?
STOs sit at the intersection of “capital raising” and “product/platform operations”. So you usually need documents covering both the investment deal and the day-to-day rules around tokens.
Not every STO will need every document below, but these are common building blocks:
- Token terms and conditions: the core legal terms setting out what rights the token gives, transfer restrictions, governance, and what happens in edge cases (like forks, upgrades, shutdowns, or disputes).
- Offering document / information memorandum style document: a clear explanation of the business, risks, use of funds, token rights, and investor eligibility criteria (the appropriate format depends on whether disclosure rules apply).
- Subscription mechanics: how investors apply, eligibility checks, acceptance, and issuance steps.
- Governance documents: for example, your Company Constitution may need to align with tokenholder rights or investor arrangements.
- Founder and investor arrangements: if you have multiple founders (or you’re bringing in cornerstone investors), a Shareholders Agreement can help set rules around decision-making, future raises, exits, and what happens if someone leaves.
- Confidentiality protections: if you’re sharing sensitive tokenomics, platform details, or technical documentation with partners or early-stage investors, a Non-Disclosure Agreement can help protect your confidential information.
- Privacy and data handling documents: investor onboarding and platform operations often require a Privacy Policy and internal processes around data retention and security.
One practical tip: make sure your documents and your smart contract logic don’t contradict each other. If the code says transfers are unrestricted but the legal terms say transfers require approval, you’ve created confusion (and likely disputes) waiting to happen.
Step-By-Step: How To Plan An STO As An Australian Startup
If you’re early in your STO journey, it helps to treat it like any other capital raise - with extra attention on regulation, transferability, and investor onboarding.
1) Clarify The Commercial Goal
Start with the basics:
- How much capital are you trying to raise?
- Who is the raise for (retail, sophisticated, overseas investors, strategic investors)?
- What are you comfortable giving investors (governance rights, economics, information rights)?
- Do you want tokens to be tradable, or tightly controlled?
These answers will influence whether an STO is even the right fit, or whether a more traditional raise structure is simpler and safer for your stage.
2) Map The Token’s Legal Character Early
This is the stage where founders often save (or lose) months of time.
Before you build too much, map the token’s rights against the likely regulatory categories in Australia. Small drafting choices - like whether there is a profit expectation or whether funds are pooled and managed - can substantially change the analysis.
3) Choose The Offering Pathway
Work out whether you’re:
- making a public offer (which may require formal disclosure), or
- relying on a fundraising exemption (which requires careful execution), or
- limiting the offering to certain investor categories or jurisdictions.
This is also where you should align your marketing plan with your legal pathway. A compliant offer can become non-compliant if it’s marketed like a public product launch, or if it reaches investors outside the intended categories or locations.
4) Build The Documentation Stack
Even when the offering is “token-based”, investors still expect to see clear written terms and proper governance arrangements.
If you’re raising alongside a standard corporate structure, it may also be the time to update your company documents and internal agreements so everyone understands the rules before funds come in.
5) Implement Onboarding, Privacy, And Compliance Controls
Think operationally:
- How will you verify investors and keep records?
- What checks happen before issuance?
- How will you handle personal information securely?
- What customer support and dispute handling will exist post-issuance?
Founders sometimes focus on issuance day and forget the months and years after. A well-run STO is built for long-term admin, not just a successful launch.
6) Plan For What Happens Next (Secondary Sales, Future Rounds, Exits)
Ask the future-looking questions early:
- Can tokens be sold to third parties?
- Are there restrictions to keep the investor base within compliant limits?
- How will future fundraising rounds interact with tokenholder rights?
- What happens if you pivot, merge, sell the business, or shut down?
STOs can create real flexibility - but only if the legal structure and documentation anticipate these events.
Key Takeaways
- What is an STO? An STO (Security Token Offering) is a way to raise capital by issuing blockchain-based tokens that carry investment-style rights, similar to traditional securities.
- In Australia, STOs are often regulated because the token may be a financial product and the offering may involve financial services.
- Your legal risk is driven more by the rights and how the offer is presented than the technology used to issue it.
- Common issues include disclosure obligations, AFSL considerations, marketing restrictions, AML/CTF risk management (which may apply depending on the activities involved), and privacy compliance during investor onboarding.
- STOs usually require a strong documentation stack, often supported by core governance documents like a Company Constitution and Shareholders Agreement.
- Getting the structure right early can help you avoid expensive rebuilds later, especially if you plan secondary trading, future raises, offshore investors, or a large investor base.
If you’d like a consultation on structuring an STO or planning a compliant capital raise for your business, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.








