The Financial Technology Law Review: Australia


Australia's general policy and regulatory approach to fintech is maturing to reflect shifting consumer preferences and opportunities created by technology.

Australia's current financial services policy and regulatory context is largely informed by the findings of the 2017–2019 Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (Royal Commission). The Royal Commission made a series of recommendations for regulatory reform, focusing on matters such as prioritising the interests of consumers, overhauling conflicted remuneration structures and changing the way add-on products are distributed. A raft of legislative changes followed (or are expected to follow) to implement these recommendations. Fintechs – particularly those that are motivated to provide financial services in a way that is more convenient, personalised and simplified for consumers – will be well placed to adapt to these changes, and to seize the opportunity presented by the current public sentiment of dissatisfaction with traditional providers.

More specifically, Australian regulators have supported new fintechs by streamlining access and offering informal guidance to enhance regulatory understanding. Both the Australian Securities and Investments Commission (ASIC) and the Australian Transaction Reports and Analysis Centre (AUSTRAC) have established innovation hubs to assist emerging providers in navigating the Australian regulatory regime. The Australian Trade and Investment Commission has also created opportunities to support Australian fintechs with international expansion and offshore fintechs entering the local market.

ASIC has entered into a number of cooperation agreements with overseas regulators that aim to further understand the approach of fintech businesses in other jurisdictions, in an attempt to better align the treatment of these businesses across jurisdictions. These cross-border agreements facilitate the referral and sharing of information on fintech market trends, encourage referrals of fintech companies and share insights from proof of concepts and innovation competitions. A number of these agreements aim to further understand the approach to regulation of fintech businesses in other jurisdictions to better align the treatment of these businesses across jurisdictions.

Given the proliferation of fintech providers in Australia, there is a lot of publicly available data reporting on trends and concentration of fintech providers and sectors. ASIC's Innovation Hub website also publishes guidance and details of events relevant to fintech providers.

Investments in fintechs can potentially be made through concessionally taxed Australian incorporated limited partnerships called 'early-stage venture capital limited partnerships' and 'venture capital limited partnerships'. Subject to satisfying certain eligibility criteria, such investments may receive favourable tax treatment. Depending on the investment vehicle, benefits can include tax exemptions for resident and non-resident investors on revenue and capital gains on a disposal of the investment, plus a 10 per cent non-refundable tax offset available for new capital invested and the carried interest of fund managers being treated on capital account.

A programme known as the R&D Tax Incentive is available for entities incurring eligible expenditure on R&D activities, which includes certain software R&D activities commonly conducted by fintechs. Claimants under the R&D Tax Incentive may be eligible for one of the following incentives:

  1. small businesses (less than A$20 million aggregated turnover) not controlled by exempt entities: a 43.5 per cent refundable tax offset; and
  2. other businesses (aggregated turnover ofA$20 million or more or controlled by exempt entities): a 38.5 per cent non-refundable tax offset for eligible expenditure below A$100 million and 30 per cent for eligible expenditure over A$100 million.

Significant changes to the R&D Tax Incentive have been enacted, which will apply from the first income year commencing on or after 1 July 2021. Under the changes, companies with an annual aggregated turnover of less than A$20 million will be able to access a refundable offset of 18.5 per cent above the claimant's corporate tax rate, which from 1 July 2021 will be 25 per cent providing a 43.5 per cent refundable tax offset. The changes also include the introduction of an 'incremental intensity threshold' that will increase the tax offset available to companies with an annual aggregated turnover of A$20 million or more based on the proportion of their eligible R&D expenditure as a percentage of total business expenditure.


i Licensing and marketing

The regulatory framework applicable to fintech companies includes banking, financial services, consumer credit, consumer protection, data and privacy, payments and anti-money laundering and counter-terrorism financing regulation. The regulatory obligations broadly include licensing and registration requirements, conduct requirements and disclosure requirements.

There is no fintech-specific licence; however, there are several exemptions that may be suitable for a fintech business to use to test a fintech product or service offering. For example, ASIC offers eligible providers an enhanced regulatory sandbox, which is a 24-month conditional exemption from the requirement to hold an Australian financial services licence (AFSL) to test financial services and products in the Australian market, and an Innovation Hub that offers applicants 12 months of informal guidance on licensing and regulation.

Fintech businesses carrying on a financial services business in Australia must hold an AFSL or be exempt from the requirement to be licensed. The Corporations Act 2001 (Cth) (the Corporations Act), which is administered by ASIC, defines a financial service to include the provision of financial product advice, dealing in financial products (as principal or agent), making a market for financial products, operating registered schemes, providing custodial or depository services and operating a crowdfunding service. A financial product is a facility through which, or through the acquisition of which, a person makes a financial investment, manages a financial risk or makes a non-cash payment (NCP).

These definitions are broad and will capture common fintech offerings such as deposit taking, investment or wealth management, payment services (e.g., digital wallets), advisory business (including robo-advice), trading platforms, crowdfunding platforms and peer-to-peer marketplaces. Financial product advice will also require an AFSL (including the provision of automated digital advice, so long as it can reasonably be regarded as intending to influence a client to make decisions in relation to financial products or services).

The Australian credit licence (ACL) regime applies to fintechs which engage in consumer credit activities in Australia, and covers lending, leasing and intermediary activities. Any person engaging in consumer credit activities must hold an ACL, or otherwise be exempt from the requirement. Consumer credit activity is regulated by ASIC under the National Consumer Credit Protection Act 2009 (Cth) (the National Credit Act) and associated regulations. It is possible that a particular fintech offering may trigger both the AFSL and ACL requirements, for example fintechs that provide marketplace lending products, peer-to-peer lending or crowd-lending platforms may provide both financial services and engage in consumer credit activities and trigger both the AFSL and ACL requirements.

The provision of credit information services in Australia is subject to the Privacy Act 1988 (Cth) (the Privacy Act), which provides that only credit reporting agencies (i.e., corporations carrying on a credit-reporting business) are authorised to collect personal information, collate it in credit information files and disclose it to credit providers. Credit reporting agencies must comply with obligations relating to the use, collection and disclosure of credit information.

Fintech businesses may also need to hold an Australian market licence (AML) where they operate a facility through which offers to buy and sell financial products are regularly made and accepted (e.g., an exchange). If an entity operates a clearing and settlement mechanism that enables parties transacting in financial products to meet obligations to each other, the entity must hold a clearing and settlement facility licence or be otherwise exempt.

Most financial services businesses will have obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (the AML/CTF Act) and Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1) (the AML/CTF Rules). Anti-money laundering and counter-terrorism financing (AML/CTF) laws apply to entities that provide 'designated services' with an Australian connection. The AML/CTF Act generally applies to any entity that engages in financial services, remittance or credit (consumer or business) activities in Australia. In 2018, the AML/CTF Act was amended to capture entities that provide digital currency exchange services. Obligations include enrolment (and, in some circumstances, registration) with AUSTRAC, conducting customer due diligence prior to providing any designated services and adopting and maintaining an AML/CTF programme.

Any entity that conducts a 'banking business', such as taking deposits or making advances of money, or provides a purchased payment facility, must be licensed as an authorised deposit-taking institution (ADI). The Australian Prudential Regulation Authority (APRA) is responsible for the authorisation process and granting of ADI licences (as well as ongoing prudential supervision). In 2018, APRA released the restricted ADI framework, which is designed to assist new businesses wishing to enter the banking industry. Under this regime, entities can conduct a limited range of business activities for two years while they build their capabilities and resources. After such time, they must either transition to a full ADI licence and operate without restriction or exit the industry. As of February 2021, there is one restricted ADI on APRA's register but several restricted ADIs have transitioned to holding full ADI status since 2018.

Marketing financial services may itself constitute a financial service requiring an AFSL or reliance on an exemption. If financial services will be provided to retail clients, a financial services guide must first be provided, setting out prescribed information (including the provider's fee structure) to assist a client to decide whether to obtain financial services from the provider. Retail clients wishing to buy a financial product must receive a disclosure document in the form of a product disclosure statement (PDS), which must contain sufficient information such that the retail client can make an informed decision about their purchase. Broadly, a PDS must contain the risks and benefits of acquiring the financial product, the significant characteristics of the financial product and the fees payable in respect of the financial product. ASIC has also published 'good practice guidance' that sets out its expectations regarding marketing and advertising financial and consumer credit services and products in Australia.

Fintech businesses are also subject to the Australian Consumer Law, which is administered by the Australian Competition and Consumer Commission (ACCC). Broadly, this includes prohibitions on misleading and deceptive conduct, false or misleading representations, unconscionable conduct and unfair contract terms. While the Australian Consumer Law does not apply to financial products or services, many of these protections are enforced by ASIC, either through mirrored provisions in the Australian Securities and Investments Commission Act 2001 (Cth) (the ASIC Act) or through delegated powers.

ii Cross-border issues

Foreign Australian financial services licence

Until recently, it has been common in Australia for foreign financial services providers (FFSPs) to provide financial services to wholesale clients by relying on ASIC's 'passport' exemption from the requirement to hold an AFSL.

However, in March 2020 the passport relief was repealed (subject to a 24-month transitional period) and replaced with a new regime that requires FFSPs to apply for a foreign AFSL (i.e., a modified form of an AFSL). The foreign AFSL is available to eligible FFSPs that are regulated in a 'sufficiently equivalent' overseas regulatory regime and complies with both the laws of its home jurisdiction and applicable Australian financial services laws. FFSPs must submit a foreign AFSL application to ASIC, together with details regarding compliance with applicable requirements.

Limited connection relief

'Limited connection relief' is available to an FFSP that is not carrying on business in Australia but is deemed to be carrying on a financial services business in Australia only because it engages in conduct that is inducing, or intended to induce, a person in Australia to use its financial services and provides financial services only to wholesale clients in Australia. ASIC has announced that limited connection relief will be repealed on 31 March 2022 and in its place will be a new 'funds management relief' that will be available to eligible fund managers providing certain fund management services to eligible Australian clients.

Australian presence

Foreign businesses, including fintechs, wishing to access Australian customers must register with ASIC to carry on a business in Australia. Registration can involve either establishing a local presence (i.e., registering a branch office) or incorporating an Australian subsidiary. Generally, the greater the level of system, repetition or continuity associated with an entity's business activities in Australia, the greater the likelihood registration will be required.

Marketing foreign financial services

An offshore provider can generally address requests for information, pitch and issue products to an Australian customer if the customer makes the first approach (i.e., there has been no conduct to induce the investor, or that could have been taken to have that effect) and the service is provided from outside Australia.

If the unsolicited approach relates to credit activities that are regulated under the National Credit Act, the provider is required to hold an ACL irrespective of the unsolicited approach.

Foreign exchange and currency-control restrictions

Australia does not have foreign exchange or currency-control restrictions on the inward or outward flow of currency. However, there are cash-reporting obligations to AUSTRAC. To control tax evasion, money laundering and organised crime, AUSTRAC must receive reports of transfers of A$10,000 or more (or the foreign currency equivalent) and reports of suspicious transactions from reporting entities (e.g., banks, building societies and credit unions). Unless an exemption applies, reporting entities must also submit an annual AML/CTF compliance report to AUSTRAC, which collects information about the appropriateness of a reporting entity's money laundering and terrorism financing risk assessments and of its AML/CTF compliance programme.

Digital identity and onboarding

There is no generally recognised digital identity in Australia.

The Australian federal government's Digital Transformation Agency is creating an Australian Digital Identity System. The system will replace the need for multiple logins across a range of government services, as well as providing the policy and processes to govern the system and the technology to allow it to work. The national overarching digital identity technology called 'GovPass' is divided into four components: the Trusted Digital Identity Framework (TDIF), the exchange gateway, the digital identity services and the service providers. The TDIF governs the GovPass platform and allows people to choose their identity provider and access a range of government services, with an opportunity for future integration with the private sector.

Currently, the GovPass digital identity has only been used for a limited number of government services. However, work is underway to develop a new version of the myGov platform to initially run alongside the existing platform before eventually replacing it.

Financial services providers can carry out fully digitised onboarding of clients, subject to compliance with know your customer (KYC) and AML/CTF obligations. Under the AML/CTF Rules, electronic verification of client information and data may be undertaken with or without hard-copy documentation. Financial services providers may use safe harbour documentation-based or electronic-based procedures to verify individuals where the reporting entity determines that the relationship with the customer is of medium or lower money laundering or terrorism financing risk. During the covid-19 pandemic, AUSTRAC released guidance confirming it and the AML/CTF Rules support flexible KYC processes and procedures, and that face-to-face or documentation-based procedures are not required or the only method for meeting KYC obligations.

Reporting entities using electronic verification must verify the client's name and residential address using reliable and independent electronic data from at least two separate data sources and either the client's date of birth or residential address, or the client's transaction history for at least the past three years. Financial services providers must also receive express and informed client consent to use electronic verification. Reporting entities are required to retain information about verification requests and assessments for the life of the client relationship and for seven years from the date of the request after ceasing to provide the designated services to a client.

Digital markets, payment services and funding

i Digital marketplaces and cryptoassets

Australia does not have special rules to specifically regulate digital marketplaces or cryptoassets (i.e., they are subject to existing regulatory frameworks). For example, a digital marketplace for financial product cryptoassets would be subject to existing market operation laws, including the requirement to hold an AML or AFSL. See Section II for further detail.

ii Collective investment schemes

Collective investment schemes in Australia are referred to as managed investment schemes, which can be contract-based schemes, unincorporated vehicles (typically structured as unit trusts or unincorporated limited partnerships) or bodies corporate (which are incorporated and typically structured as companies or incorporated limited partnerships).

Depending on the structure, a platform or scheme operated by a fintech company may fall within the scope of the Australian financial services, AML/CTF and consumer protection regulations.

iii Crowdfunding and crowd-lending

Australia has a crowd-sourced equity funding (CSF) regime for public and proprietary companies to raise funds from large pools of investors by utilising licensed CSF platforms instead of listing on a securities exchange. While the regime reduces the regulatory barriers to investing in small and start-up businesses, the framework also includes certain licensing and disclosure obligations for CSF intermediaries (i.e., persons listing CSF offers). ASIC has released Regulatory Guides 261 and 262 to assist companies seeking to raise funds through CSF and intermediaries seeking to provide CSF services, respectively.

There is no specific regulatory framework applicable to crowd lenders. The government has previously indicated its intention to consult on the extension of the existing CSF regime to debt funding; however, as at the date of writing, this has not occurred. Although debt financing is less common than equity raising for fintech businesses in Australia, businesses can approach institutions, suppliers and finance companies in relation to debt finance. Australia's consumer lending, anti-money laundering and consumer protection regulations commonly apply to crowd lenders.

iv Marketplace lending

Providers of marketplace lending products (including peer-to-peer lending services) generally may need to hold an AFSL and comply with associated obligations (e.g., disclosure and resourcing).

Where the products are consumer loans (e.g., loans to individuals for domestic, personal or household purposes), the provider will also need to hold an ACL and comply with associated obligations. Similarly, all loans (including business loans that are not regulated under the National Credit Act) are subject to consumer protection provisions in the ASIC Act, including prohibitions on misleading or deceptive behaviour. Peer-to-peer lenders are sometimes structured as managed investment schemes, which trigger ASIC registration requirements if offered to retail investors.

There are generally no restrictions on secondary markets for trading loans; however, such activities may trigger licensing obligations for the provider of the market, market maker and market participants.

Marketplace lenders will also typically have AML/CTF obligations.

v Payment services

Payment services may be regulated as financial services where they relate to ADI deposit-taking facilities or NCP facilities.

NCP facility service providers must hold an AFSL or be exempt from this requirement. ASIC has outlined numerous AFSL exemptions, including NCP specific exemptions (e.g., gift vouchers and loyalty schemes).

Any entity that conducts a banking business (including certain holders of stored value purchased payment facilities) must also be authorised as an ADI (see Section II).

In October 2020, the Australian government announced that it would commence a review into the regulatory architecture of the country's payments system to ensure it is fit for purpose and supports innovation. It is anticipated that the review will result in some streamlining of duplicated regulation, opportunities for innovative providers to enter the market and improvements to consumer outcomes.

vi Data sharing

In Australia there is no requirement to make client data accessible to third parties; however, this is often necessary for lenders and credit reporting agencies who must comply with obligations regarding the use, collection and disclosure of credit information (see Section II).

The Privacy Act includes 13 Australian Privacy Principles which impose obligations on the collection, use, disclosure and destruction of personal information.

The Privacy Act includes a Notifiable Data Breaches (NDB) scheme, which requires regulated entities to notify any affected individuals and the Office of the Australian Information Commissioner in the event of a data breach (i.e., the unauthorised access to or disclosure of information) that is likely to result in serious harm to those individuals.

The Australian government is currently implementing the national consumer data right (CDR) framework, which gives customers a right to share their data with accredited services providers (currently including banks, comparison services, fintechs or other third parties). The CDR framework is first being applied to the banking sector under the Open Banking regime (which commenced in July 2020) by which consumers can exercise greater access and control over their banking data.

The European Union (EU) General Data Protection Regulation also has a broad extraterritorial reach and may significantly impact the data handling practices of data for Australian businesses providing goods and services in the EU.

Cryptocurrencies, initial coin offerings (ICO) and security tokens

i Blockchain

While there are currently no specific regulations dealing with blockchain technology in Australia, ASIC has published guidance outlining its approach to the regulatory issues that may arise through the implementation of blockchain technology and distributed ledger technology (DLT) solutions in fintech businesses more generally. ASIC reaffirms their 'technology neutral' stance in applying the financial services regime, including the position that businesses operating market infrastructure or providing financial or consumer credit services using DLT will still be subject to the compliance requirements that currently exist under the applicable regulation.

ii Cryptocurrencies

While there are currently no specific regulations dealing with cryptocurrencies, ASIC's regulatory guidance informs businesses of their approach to the legal status of coins or tokens offered through initial coin offerings (ICOs) in Australia. The legal status of such coins is dependent on how the ICO is structured and the rights attached to the coins. Depending on the circumstances, ICOs may be managed investment schemes, an offer of securities, an offer of derivatives or fall into a category of more generally defined financial products, all of which are sometimes referred to as a security token offering (or STO). In these instances, entities offering such coins will need to comply with financial services regulatory requirements under the Corporations Act. An entity that facilitates payments by cryptocurrencies may also be required to hold an AFSL. If an ICO constitutes an offer of financial products, this will impact the marketing of the ICO and its disclosure obligations. Cryptocurrencies are also subject to the general consumer protection provisions, prohibiting false or misleading representations and unconscionable conduct.

In 2018, the Australian government brought cryptocurrencies and tokens within the scope of the AML/CTF Act. The regime is focused on the point of intersection between cryptocurrencies and the regulated financial sector, namely digital currency exchanges. Digital currency exchange providers are required to register with AUSTRAC in order to operate. Registered exchanges are required to implement KYC processes to adequately verify the identity of their customers, with ongoing obligations to monitor and report suspicious and large transactions. Exchanges are required to keep certain records relating to customer identification and transactions for up to seven years. Operating a registrable digital currency exchange service without registering with AUSTRAC is an offence that may attract civil penalties of up to A$22.2 million for a body corporate.

For income tax purposes, the Australian Taxation Office (ATO) currently views cryptocurrencies as neither money nor a foreign currency. Instead, each cryptocurrency is treated as a separate asset. The tax implications for holders of cryptocurrency depends on the purpose for which the cryptocurrency is acquired or held. If a holder of cryptocurrency is carrying on a business that involves transacting in a cryptocurrency, the cryptocurrency will be held as trading stock. Gains on the sale of the cryptocurrency will be assessable and losses will be deductible (subject to integrity measures and 'non-commercial loss' rules). Even if a holder of cryptocurrency did not invest or acquire the cryptocurrency in the ordinary course of carrying on a business, profits or gains from an 'isolated transaction' involving the sale or disposal of cryptocurrency may still be assessable where the transaction was entered into with a purpose or intention of making a profit, and the transaction was part of a business operation or commercial transaction. If cryptocurrency is not acquired or held in the course of carrying on a business, or as part of an isolated transaction with a profit-making intention, a profit on sale or disposal should be a capital gain. In this regard, the ATO has indicated that cryptocurrency is a capital gains tax (CGT) asset. In some instances where a cryptocurrency is held as an investment for at least 12 months, taxpayers may be entitled to a CGT discount to reduce the capital gain made on the disposal of the cryptocurrency. Also, certain capital gains or losses may be disregarded where there is a disposal of a cryptocurrency that is a personal use asset (i.e., an asset kept or used mainly to purchase items for personal use or consumption). In the context of an ICO, a coin issuance by an entity that is either an Australian tax resident, or acting through an Australian 'permanent establishment' may be assessable in Australia. The current corporate tax rate in Australia is either 26 per cent or 30 per cent. However, if the issued coins are characterised as equity for tax purposes or are issued in respect of a borrowing of money, the ICO proceeds may not be assessable to the issuer. The ATO's views on the income tax implications of transactions involving cryptocurrencies is in a state of flux due to the rapid evolution of both cryptocurrency technology and its application.

The sale, including ICOs, or purchase of cryptocurrencies (namely those fulfilling the requirements for 'digital currencies' in the GST Act, such as Bitcoin, Ethereum, Litecoin, Dash, Monero, ZCash, Ripple and YbCoin) is not subject to GST. Instead, these sales and purchases will be input taxed such that no GST will be payable but entities registered for GST may be restricted from claiming input tax credits on the costs associated with the sale or purchase of cryptocurrencies. No GST will be payable if the cryptocurrency is acquired by a non-resident for its overseas business because this will be a GST-free supply. The GST treatment is different still for businesses that receive cryptocurrency in return for their goods and services – in these circumstances, they will be subject to the normal GST rules. In other words, where taxable supplies of goods and services are made by businesses for which cryptocurrency is received as payment, GST will be imposed at the usual rate of 10 per cent on the taxable supply. This is because cryptocurrency is treated as a method of payment and the GST consequences of using it as payment are the same as the GST consequences of using money as payment.

iii Security tokens

As discussed in Section II, if a token falls within the definition of a financial product, the Australian laws relating to financial products will apply. Regardless of whether a token constitutes a financial product, ICOs and STOs will be subject to Australian consumer law restrictions and AML/CTF reporting requirements. There have been significant technological developments and sandbox experiments digitising security interests in a blockchain environment, but no corresponding legal reform to facilitate issuing or transferring legal title to such products on-chain. The numerous small-scale Australian and offshore blockchain-based bond issuances to date only mirror off-chain transactions on an on-chain ledger and do not provide for dealings in legal title or an on-chain payment rail that are impediments to widespread adoption.

Other new business models

i Smart contracts

Self-executing contracts or 'smart contracts' are permitted in Australia under the Electronic Transactions Act 1999 (Cth) (ETA) and the equivalent Australian state and territory legislation. The ETA provides a legal framework to enable electronic commerce to operate in the same way as paper-based transactions. Under the ETA, self-executing transactions are permitted in Australia, provided they meet all traditional elements of a legal contract: intention to create legally binding obligations, offer and acceptance, certainty and consideration.

Any attempt at an analysis of correction mechanisms, such as arbitration and mediation, in regard to this type of contract is challenging because there is little case law on smart contracts in Australia. Self-executing contracts may alter traditional dispute resolution in Australia based on the possibility of self-executing dispute resolution through online dispute resolution platforms.

ii Automated investments

Fully automated investments are permitted in Australia on the condition that the automated service provider holds (or is able to rely on) an AFSL with the requisite managed discretionary account (MDA) authorisation. Automated services providers and their retail clients are required to enter into individual MDA contracts to engage in this process. An MDA contract allows trades to be completed on a client's behalf and includes the ability to automatically adjust the asset allocation of a client's portfolio, without prior reference to the client for each individual transaction. Automated investment service providers must also comply with certain conduct and disclosure obligations applicable to providing the automated financial product service.

iii Artificial intelligence

At the time of writing, in Australia there are no special laws applicable to the use of artificial intelligence and machine learning. However, other general data protections including the Privacy Act and the NDB regime will apply. See Section for more detail.

iv Third-party websites

Third-party comparison websites that allow consumers to compare quotes on financial products must ensure they are providing accurate information and not misleading consumers, and may need to be licensed or exempt. ASIC has released guidance for operators of comparison websites, noting that generally operators should clearly disclose the basis of awards or ratings, disclose any links to the providers of products being compared including a warning if not all providers are being compared, clearly disclose advertisements and, where necessary, include a warning that the financial products compared do not compare all features that may be relevant for the consumer.

The ACCC, Australia's competition and consumer law regulator, also has jurisdiction over comparison websites. The ACCC is primarily concerned with the way in which comparison websites drive competition and help consumers make informed decisions. The ACCC also sets out guidance on how third-party comparison websites can facilitate comparisons, disclose commercial relationships between comparisons and financial product providers, and provide full disclosure of the financial products and providers that are being compared.

v Other new business models

A Restricted ADI licence was launched in 2018, designed to assist new businesses to enter the banking industry and overcome the significant regulatory challenges faced when entering the market.

There has also been a steady increase in the establishment of NCP platforms and solutions aimed at maximising cost and time efficiencies and improving customer experience. The New Payments Platform (NPP) was launched in Australia in February 2018 as the result of industry-wide collaboration between Australia's largest banks and financial institutions as well as Australia's central bank, the Reserve Bank of Australia. Over time, the NPP is expected to replace a significant portion of direct payments between consumers' bank accounts, particularly those that are time-critical or benefit from additional data capabilities.

Australia has also seen a proliferation in the use of blockchain technology and a growth of interest in the use of DLT by established businesses. Fintech businesses are gradually moving beyond the concept stage to formalising actual use cases in areas of managing supply chains, trading derivatives, managing and issuing assets, making cross-border payments and digital currency exchanges. The Australian Securities Exchange (ASX) is continuing with its plan to replace its core clearing and settlement process with a blockchain-based system. The ASX is currently in its consultation and development phase and has set a target go-live date of April 2022.

There have also been a number of private sector projects that have used blockchain to deliver services to consumers. Three of Australia's four major banks have partnered with IBM and Scentre Group to establish an eight-week trial managing bank guarantees for retail property leases on blockchain, reducing the issuance period for a bank guarantee from up to a month to approximately the same day.

Intellectual property and data protection

The most appropriate forms of intellectual property protection in Australia for fintech business models and related software are patent and copyright.

Patent protection is available for certain types of innovations and inventions in Australia. A standard patent provides long-term protection and control over an invention, lasting for up to 20 years from the filing date. The requirements for a standard patent include the invention being new, involving an inventive step and being able to be made or used in an industry. An innovation patent is targeted at inventions that take an innovative step and have short market lives, lasting up to eight years.

Business schemes and plans are not patentable, nor are abstract business models that happen to involve a new type of corporate structuring to bring about a certain result. However, there are some business methods that are patentable. In order to be patentable, the business method must directly involve a physical device that is used to bring about a useful product. If the method involves the application of technology, the technological aspect must be substantial and a useful product. Related software may only receive patent protection if it meets the requirement for a manner of manufacture and is an industrially applicable solution to a technological problem.

Fintech businesses may attain copyright protection for the literacy work in source code, executable code and data sets of new software. This usually protects the exact code that causes a computer to bring about a certain result; however, whether this can be extended to the look and feel of the software is debatable.

Broadly, the person or business that has developed intellectual property generally owns that intellectual property, subject to any existing or competing rights. In an employment context, the employer generally owns new intellectual property rights developed in the course of employment, unless the terms of employment contain an effective assignment of such rights to the employee. Contractors, advisers and consultants generally own new intellectual property rights developed in the course of engagement, unless the terms of engagement contain an effective assignment of such rights to the company by whom they are engaged.

Under the Copyright Act 1968 (Cth), creators of copyright works such as literacy works (including software) also retain moral rights in the work (for example, the right to be named as author). Moral rights cannot be assigned but creators can consent to actions that would otherwise amount to an infringement.

Client data

See Section for further detail on client data and data sharing.

Year in review

Compared to previous years, there have been relatively few regulatory and legal developments impacting fintech (and financial services providers more broadly) in the past 18 months as a result of the impact of the covid-19 pandemic. The many changes expected to implement recommendations coming out of the Royal Commission have generally been deferred.

In November 2020, ASIC released a report on Australia's 'Buy Now, Pay Later' sector, detailing the number and value of transactions, and made observations regarding the potential for consumer detriment. Although ASIC has stated that it is not yet appropriate to regulate this sector specifically, it has alluded to the possibility of using its recent product intervention powers and the forthcoming (October 2021) design and distribution obligations to improve consumer outcomes.

The announcement of a forthcoming review into Australia's payment regulatory framework was generally received as being long overdue and a positive step towards simplifying the regulatory treatment of payment providers.

Outlook and conclusions

There has been a variety of regulatory and legislative developments in the fintech industry, and 2021 will likely see changes that will impact businesses and consumers.

The covid-19 pandemic has impacted the expected pace of regulatory change, and somewhat slowed the maturation of fintech offers. However, as at the start of 2021, the Australian economy and public has recovered reasonably well from the pandemic and there is some optimism that the pace of fintech creation, development and adoption will regain some speed.

Across the financial services sector and including fintechs, we expect to see more rigorous engagement with regulators such as ASIC, APRA and AUSTRAC on licensing, conduct and disclosure and a more proactive approach to enforcement. Fintech is firmly within the sights of these regulators, particularly the 'Buy Now, Pay Later' and payment remittance sectors.

Fintechs and start-ups, which historically have emerged to provide consumer focused solutions (powered by technological capabilities) to traditional financial services, can shape new business models to meet increasing demand for bespoke offerings and tailored services, while established institutions continue to face the challenge of redesigning their existing technology platform, strategies and capabilities.


1 Peter Reeves is a partner, and Georgina Willcock and Robert O'Grady are lawyers at Gilbert + Tobin.

Get unlimited access to all The Law Reviews content