Our #Bitesize round-up covers key recent FinTech, payments, and Open Banking-related regulatory developments in Australia.

FinTech and Payments
February 2022 meeting of the Payments System Board

On 17 February 2022, the Reserve Bank of Australia’s Payments System Board met to discuss the following issues:

  • Payments system regulatory reforms including the development of a strategic plan for the payments ecosystem and measures to modernise the regulatory framework, including the Bank’s regulatory powers.
  • The Government’s critical infrastructure reforms which specify the Mastercard debit and credit card systems, the Visa debit and credit card systems, the EFTPOS card system and the New Payments Platform as critical infrastructure assets and would therefore impose new obligations on the central operators of these payment systems.
  • The Reserve Bank’s Review of Banknote Distribution Arrangements which examines how the banknote distribution system can remain effective, efficient, sustainable and resilient in the face of declining cash use. Bank staff will be meeting with stakeholders and will release a paper setting out stakeholder feedback in the second half of 2022.
  • Central bank digital currencies (CBDCs) including the potential use of CBDCs on a shared platform for cross-border settlements and an upcoming partnership with the Treasury later this year on a review of the viability of a retail CBDC.
  • The Review of Retail Payments Regulation and the Board’s expectation that large issuers will issue dual-network debit cards (DNDCs). The Board agreed to a 3-year exemption from this expectation for a limited set of debit cards issued to children, customers whose accounts are formally managed by another person; and other vulnerable customers who explicitly request a card with restricted functionality. Large issuers can issue single-network debit cards to these customers until the end of 2024, but will be expected to issue DNDCs after that.

The RBA’s media release is available here.

Paypa Plane joined AusPayNet as its first Payment Service Provider member

On 21 February 2022, AusPayNet highlighted its new membership category for Payment Services Providers (PSPs) in response to the Treasury Review recommendation to set up a tiered licensing framework for PSPs.

AusPayNet reported that Paypa Plane, a platform combining traditional scheduled payments and digital, data-rich and real-time payments, joined AusPayNet under the new PSP membership category.

AusPayNet also noted that its Members unanimously determined at its recent AGM to ensure that all AusPayNet Members, including the new PSP membership type, are represented on the AusPayNet Board.

AusPayNet’s media release is available here.

ASIC released report on feedback in ePayments Code review

On 7 March 2022, ASIC published REP 718: Response to submissions on CP 341 Review of the ePayments Code: Further consultation. REP 718 relates primarily to updates in the following areas of the Code:

  • compliance monitoring and data collection;
  • mistaken internet payments;
  • unauthorised transactions;
  • complaints handling; and
  • facility expiry dates.

In March 2022, ASIC began engaging with a range of key stakeholders to request their feedback on the technical details of a draft updated Code.

The report is available here.

ASIC’s media release is available here.

Senator Bragg called for delegated crypto regulation power

On 2 March 2022, Senator Bragg, who chaired the Senate Select Committee on Australia as a Technology and Financial Centre, reportedly told an APAC blockchain conference that Australia needs ‘One, enough funding; Two, hiring experts to work on this permanently within a dedicated unit of Treasury and Three, a broad principles-based regulation-making power delegated by law to a Minister’ in order to urgently regulate cryptocurrency and digital assets.

Regarding when the new regulations will be introduced, Senator Bragg noted that the government has ‘committed to delivering the crypto markets system by the end of the year’ but ‘we ought to be aiming for mid-year, such is the industry consensus and consumer protection needs.

Senator Bragg indicated his support for a new digital custody licence to be established as a standalone new chapter in the Corporations Act. Treasury has since released a consultation paper on licensing and custody requirements for crypto asset secondary service providers.

Senator Bragg also claimed that there was a strong case for a structure of custody only banks, which only provide asset storage services, similar to what has been implemented in the US state of Wyoming.

The media article is available here.

Cyber Security Industry Advisory Committee released a report on cryptocurrency

On 2 March 2022, the Cyber Security Industry Advisory Committee chaired by Andrew Penn released a report titled Exploring Cryptocurrency. The report calls for:

  • minimum cybersecurity standards for digital currency exchanges (DCEs);
  • increased specialist training about crypto investment for industry, government, law enforcement and criminal intelligence;
  • explicit consumer protections, financial audit powers and minimum security baselines for DCEs;
  • coordination with other countries to develop an approach for de-anonymising cryptocurrency addresses for cybercrime tracing and tax evasion management;
  • IFTI reporting to track the movement of illicit funds;
  • increased transparency around registered DCEs and providers of blockchain- based financial products or services that hold AFSLs; and
  • public education programs about the investment and cybersecurity risks related to crypto.

The report is available here.

The Governor of the RBA spoke about the future of money and climate change at the Banking 2022 Conference

On 11 March 2022, Phillip Lowe, Governor of the RBA, spoke at the ABA’s Banking 2022 Conference. He spoke about the future of money and noted ‘We can’t be sure what the next innovation will be, but I think there’s a fair chance that it’ll be some form of digital token sitting in a digital wallet or a digital device.’ Mr Lowe then posed the following questions:

  • What form will these tokens take?
  • Will they reside on a distributed ledger or some other form of technology we use?
  • How do we ensure that the system is resilient and that it’s not subject to some form of counterfeiting?
  • Would these tokens be anonymous and private like banknotes so they can move around without leaving a fingerprint or would they be traceable?
  • Under what circumstances would they be traceable?
  • Should the tokens be backed by the central bank?
  • If instead a private entity was to issue the tokens, how do we ensure that they’re interoperable between various issuers and what are the collateral arrangements that would back those tokens?
  • Should these tokens pay interest?
  • What is the potential for these tokens to destabilise the financial system, particularly in periods of stress?

Mr Lowe emphasised key public policy issues which the RBA is considering, including the importance of ensuring that tokens are secure and the potential that central bank tokens which pay interest could displace the use of deposits at commercial banks, reshaping how financial intermediation works. He noted that in times of stress, people may prefer central bank-backed tokens, leading to a run from bank deposits that could destabilise the bank system.

Mr Lowe said that if proposed changes to the Payments System Regulation Act are passed, they will modernise what the payments system board of the RBA can do. He also called for legislation to:

  • give effect to a new regulatory regime for stored value instruments, including stable coins and what the collateral backing for those coins should be;
  • create a tiered licensing regime for payment service providers; and
  • regulate crypto-assets, including the custody arrangements for those crypto-assets.

On climate change, Mr Lowe noted that the Council of Financial Regulators is working on a framework to help firms price, manage and measure risk, including preparing a Climate Vulnerability Assessment. He also indicated that additional disclosure requirements may be implemented so that banks can allocate capital to manage climate related risks.

A transcript of Mr Lowe’s speech is available here.

IOSCO consultation on international regulatory and enforcement approaches to digitisation and new products

On 17 January 2022, the International Organization of Securities Commissions (IOSCO) released a consultation report containing proposed policy toolkit measures intended to assist IOSCO members to adapt their regulatory and enforcement approaches to respond to risks posed by digitalisation and the development of new products such as crypto assets. ASIC is a member of IOSCO.

The proposed policy toolkit measures relate to:

  • Firm level rules for online marketing and distribution;
  • Firm level rules for online onboarding;
  • Responsibility for online marketing;
  • Capacity for surveillance and supervision of online marketing and distribution;
  • Staff qualification and/or licensing requirements for online marketing;
  • Ensuring compliance with third country regulations; and
  • Clarity about legal entities using internet domains.

The proposed enforcement toolkit measures relate to:

  • Proactive technology-based detection and investigatory techniques;
  • Powers to promptly take action where websites are used to conduct illegal securities and derivatives activity and other powers effective in curbing online misconduct;
  • Increasing efficient international cooperation and liaising with criminal authorities and other local and foreign partners;
  • Promoting enhanced understanding by and collaboration with providers of electronic intermediary services with regard to digital illegal activities; and
  • Additional efforts to address regulatory and supervisory arbitrage.

The consultation closed on 17 March 2022.

The consultation report is available here.


Open Banking and the Consumer Data Right
Minister formally designated the Telecommunications Sector

On 24 January 2022, the Minister formally designated the telecommunications sector as the third sector to be covered by the Consumer Data Right. The designation causes carriers and carriage service providers to be potential data holders under the CDR regime. The designation extends to carriage services and goods or a services such as pre-paid mobile phone plans, post-paid mobile phone plans and broadband internet plans. Information about retail customers of these products, billing and account information about retail supplies of these products and information about these products is specified in the class of information may now be CDR data.

The Minister notes that the designation is intended to ‘allow consumers to access more accurate information about their own internet consumption, phone usage and product plans so they can more easily compare and switch between providers, encouraging more competition, lower prices and more innovative products.

The designation is available here.

The Minister’s press release is available here.

Treasury released Strategic Assessment Outcomes for the Consumer Data Right

On 24 January 2022, Treasury released a report on outcomes from the Consumer Data Right Strategic Assessment and identified ‘Open Finance’ as the next priority area. If the Minister designates the finance sector to become part of the CDR system, data from general insurance, superannuation, merchant acquiring and non-bank lending service providers will be accessible under the CDR. Treasury also noted that ‘The Government will also consider where complementary government-held datasets can be brought into the CDR ecosystem to support Open Finance.

Treasury reported that Open Finance will include the concurrent assessment and designation of datasets across the non-bank lending, merchant acquiring, superannuation and general insurance sectors. Treasury noted that a smaller mix of targeted datasets will be prioritised across these sectors and is intended to ‘unlock a broader range of higher value use cases, compared to expanding one sector at a time’.

Treasury stated that ‘further targeted consultation will be undertaken to support the assessment and designation of priority datasets in Open Finance, including datasets from across non-bank lending, merchant acquirers, superannuation and general insurance sectors, with a view to completing the first phase of assessments and designations of Open Finance in 2022. The assessment process will also explore the inclusion of relevant government Open Finance data.

Treasury’s report is available here.

Trusted adviser and CDR insight disclosure consents commenced

On 4 February 2022, the Data Standards Chair made data standards about disclosure of CDR data to trusted advisers and disclosure of CDR insights. This triggered the commencement of the permitted disclosure to trusted advisers and the disclosure of CDR insight data under section 7.5(1)(ca) of the Competition and Consumer (Consumer Data Right) Rules 2020.

A CDR consumer can now consent to a data holder or accredited data recipient disclosing CDR data to a trusted adviser who the CDR consumer has nominated in accordance with the requirements under the CDR regime. A CDR consumer can also consent to the disclosure of CDR insights to any specified person. CDR insights are a limited subset of CDR data used to verify the consumer’s identity, account balance or credits or debits on their account.

The Competition and Consumer (Consumer Data Right) Rules 2020 are available here.

The Consumer Data Standards are available here.

Treasury released a consultation paper on CDR Sectoral Assessment for the Open Finance sector – Non-Bank Lending

On 15 March 2022, Treasury released a consultation paper to inform the sectoral assessment for applying the Consumer Data Right to non-bank lending.

The consultation asks the following questions:

Benefits and use cases

  1. How could sharing non-bank lending data encourage innovation or new use cases for CDR data? Are there cross-sectoral use cases that non-bank lending data can support, in particular with Open Finance/Banking?
  2. May the benefits of sharing non-bank lending data vary across particular consumer groups; for example, vulnerable consumers?
  3. Would the designation of non-bank lending improve competition between lenders, including leveling the playing field with banks, or lead to greater market efficiencies?

Data holder and datasets

  1. If non-bank lending is designated, which entities should be designated as data holders?
  2. How should data holders be described in a designation instrument? Is there potential to leverage existing definitions (for example, the definition of ‘registrable corporation’ in the Collection of Data Act or ‘credit facility’ in the ASIC Act)?
  3. Where lending is securitised or provided to a brand owner by a white labeller, does the same entity retain the legal relationship with the customer, as well as hold the data on the loan?
  4. Are there differences in the data held by non-banks and banks that would require adapting the rules and standards that apply to banks so that those rules and standards would apply to non-bank lenders? If so, why?
  5. Are there products offered by non-bank lenders that aren’t covered by the existing rules and standards applying to banking data in the CDR? Are there CDR rules and standards that apply to banking data that warrant exclusion for non-bank lenders?
  6. Are there any government-held datasets that would be complementary to privately-held datasets and could support possible use cases in non-bank lending?
  7. What is the level of standardisation across products within business finance? Are there key datasets that are common across different types of business finance products that could be usefully compared? What are the key attributes of a product that would be useful for comparison services?

Privacy considerations and intellectual property

  1. Are there privacy concerns specific to non-bank lending that should be taken into account when considering the designation of the sector?
  2. Do you consider the existing privacy risk mitigation requirements contained in the banking rules and standards are appropriate to manage the privacy impacts of sharing non-bank lending data?
  3. Are there other examples of materially enhanced information specific to the non-bank lending industry?

Regulatory burden and cost considerations

  1. What datasets would cost more for a data holder to share securely and why?
  2. Which entities, defined either by size or product offering, would be less suitable for CDR data holder obligations from a cost or technological sophistication point of view and why?
  3. What would be the likely cost of implementation and ongoing compliance with CDR data sharing obligations for your entity? Please provide detail where possible.
  4. What barriers to product data sharing exist for your entity or product offering?
  5. Please provide information on the types of systems you use and whether there is the potential to limit access to information, such as where data storage obligations are outsourced to third-parties.
  6. Does your business have consumers that are unable to access their account and transaction information online and, if so, what proportion of your customers are ‘offline’?

Treasury reported that responses to the consultation will inform Treasury’s final report, which the Minister will consider when deciding whether to designate non-bank lending services. Submissions close on 12 April 2022.

The consultation paper is available here.



Charlotte Henry
Charlotte Henry
+61 2 9225 5733
Tony Coburn
Tony Coburn
+61 2 9322 4976
Julia Massarin
Julia Massarin
Special Counsel
+61 3 9288 1117
David Curley
David Curley
Senior Associate
+61 2 9225 5136
Anjelica Balis
Anjelica Balis
+61 2 9225 5595

Chloe Kim
Chloe Kim
+61 2 9322 4789