Self‑Managed Superannuation Funds (SMSFs) are increasingly investing in digital assets, including NFTs (Non‑Fungible Tokens).
Because NFTs are unique, volatile, and often lightly regulated, they present significant audit risks and require enhanced audit evidence, similar to cryptocurrency.
Both the ATO and ASIC have recently emphasised the importance of sufficient audit evidence, particularly for asset valuation, arm’s‑length dealings, and ownership verification. For example, the ATO notes that failing to obtain evidence of arm’s‑length transactions and market value is one of the most common reasons auditors are referred to ASIC. ASIC has also acted against auditors for failing to obtain evidence supporting borrowings, asset values, and compliance with SIS law.
Below is a complete outline of what an SMSF auditor must do when NFTs appear in the fund’s investment portfolio.
1. Verify Wallet Ownership & Existence of the NFT
Auditors must confirm the NFT exists and is controlled by the SMSF, not a member.
Evidence you should obtain:
- Wallet address linked to the SMSF
- Blockchain transaction hash verifying the NFT transfer to the SMSF wallet
- Read‑only wallet access or digitally signed message proving ownership
- Downloaded blockchain explorer data (e.g., Etherscan, Solscan)
⚠ Screenshots alone are not sufficient audit evidence.
The ATO has repeatedly referred auditors to ASIC for insufficient evidence of asset ownership and valuation (crypto-like assets included).
2. Classify the NFT Correctly (Investment vs Collectable)
Depending on its purpose and characteristics, an NFT may be treated as:
A. A Collectable or Personal‑Use Asset
Examples:
- Digital art
- Sports memorabilia NFTs
- Music or media NFTs
If so, SISR 13.18AA rules apply, including:
- Insurance within 7 days of acquisition
- Prohibition on storage with related parties
- No member personal use or display
B. An Investment Asset
Examples:
- Metaverse land parcels
- Tokenised rights
- DeFi‑linked NFTs
Collectables have stricter compliance rules, so classification must be documented.
3. Test for Related‑Party Transactions (SIS Act s66)
NFTs often originate from creators, founders, or related-party businesses.
The auditor must determine:
- Who the NFT was acquired from
- Whether any counterparty is a related party
- Whether the acquisition violates SIS Act s66 (prohibited acquisitions)
Prohibited acquisitions from related parties are a common basis for ATO→ASIC referral when auditors fail to detect or report breaches. [ato.gov.au]
4. Test Arm’s‑Length Terms (SIS Act s109)
ATO auditor reviews show arm’s‑length evidence is one of the top weaknesses in SMSF audit files and leads to ASIC referrals.
For NFTs, auditors must consider:
- Was the NFT purchased at fair market value?
- Was it transferred at a suspiciously low value (e.g., gas fee only)?
- Is there marketplace data available at the date of purchase?
- Does the seller have a connection to the members?
If arm’s‑length terms cannot be supported → SIS breach risk + potential ACR.
5. Verify 30 June Valuation (SISR 8.02B)
NFT valuation is one of the highest audit‑risk areas.
Mandatory evidence includes:
- Floor price of the NFT collection on a reputable marketplace
- Latest sales of that specific NFT
- Date‑stamped marketplace valuation screenshots
- Volume and liquidity analysis
- Independent valuation if no reliable market exists
ASIC has acted against auditors who failed to obtain evidence supporting market values of fund assets, including digital and hard‑to-value assets.
6. Review Investment Strategy Compliance
The SMSF investment strategy must explicitly address:
- Digital assets (NFTs & crypto)
- High volatility
- Liquidity risks
- Diversification
- Risk tolerance
NFTs often represent high concentration risk and speculative exposure, making this review essential.
7. Assess Storage, Security & Sole-Purpose Test
You must confirm:
- NFT is held in the SMSF wallet
- No one personally uses the NFT (e.g., displays it, uses it for perks)
- No keys are kept solely by a member on personal devices
- For collectable NFTs: stored, insured, and handled per 13.18AA
Personal use = SIS Act s62 breach.
8. Required Audit Documentation (ASA 230)
Your audit file must contain:
- Blockchain transaction verification
- Wallet ownership evidence
- NFT metadata and token ID
- Valuation evidence
- Related party analysis
- Arm’s‑length testing
- Investment strategy testing
- SIS compliance checklist
- Management letter notes (if required)
If evidence is missing → scope limitation → modified audit opinion.
9. Opinion Modification Triggers
You must qualify or disclaim if any of the following occur:
- Ownership cannot be independently verified
- NFT valuation cannot be supported
- Trustees refuse to provide marketplace evidence
- NFT used personally
- NFT is a collectable and rules breached
- Acquisition appears non-arm’s‑length
- Related‑party transaction may breach s66
- Security/keys held by members personally
- Essential evidence is missing (e.g., no blockchain transaction proof)
ASIC and ATO have sanctioned auditors for exactly these types of evidence failures, including digital assets, loans, property, and LRBA testing deficiencies.
Conclusion
NFTs held inside SMSFs pose significant audit complexity, due to:
- High volatility
- Valuation uncertainty
- Ownership verification challenges
- Related-party risks
- Sole-purpose test implications
- Collectable rules
SMSF auditors must apply enhanced audit procedures, obtain robust independent evidence, and comply strictly with SIS and ASA standards to avoid scope limitations — or potential regulator action.