The Financial Technology Law Review: Australia


Australia's general policy and regulatory approach to fintech is maturing to reflect shifting consumer preferences and opportunities created by technology.

Australia's current financial services policy and regulatory context has largely been informed by the findings of the 2017–2019 Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (the Royal Commission), which shifted the regulatory focus towards prioritising consumer outcomes. Fintechs have generally been well placed to adapt to changes stemming from the Royal Commission, and have seized the opportunity presented by dissatisfaction with traditional providers.

The Australian government has recently taken a more proactive stance on the regulation of digital assets and services and emerging payments models, with a view to attracting new businesses to the jurisdiction. This includes a raft of reviews into Australia's payments systems, stored value facilities, mobile digital wallets, and digital asset products and services. Among the recommendations are significant shifts to bring new payments and digital asset platforms within the regulated regime and provide clarity on the treatment of digital assets in Australia.

Australian regulators have supported new fintechs by streamlining access and offering informal guidance to enhance regulatory understanding. Both the Australian Securities and Investments Commission (ASIC) and the Australian Transaction Reports and Analysis Centre (AUSTRAC) have established innovation hubs to assist emerging providers in navigating the Australian regulatory regime. The Australian Trade and Investment Commission has also created opportunities to support Australian fintechs with international expansion and offshore fintechs entering the local market.

ASIC has entered into a number of cooperation agreements with overseas regulators that aim to further understand the approach of fintech businesses in other jurisdictions, in an attempt to better align the treatment of these businesses across jurisdictions. These cross-border agreements facilitate the referral and sharing of information on fintech market trends, encourage referrals of fintech companies and share insights from proof of concepts and innovation competitions. A number of these agreements aim to further understand the approach to regulation of fintech businesses in other jurisdictions to better align the treatment of these businesses across jurisdictions.

Given the proliferation of fintech providers in Australia, there is a lot of publicly available data reporting on trends and concentration of fintech providers and sectors. ASIC's Innovation Hub website also publishes guidance and details of events relevant to fintech providers.

Investments in fintechs can potentially be made through concessionally taxed Australian incorporated limited partnerships called 'early-stage venture capital limited partnerships' and 'venture capital limited partnerships'. Subject to satisfying certain eligibility criteria, such investments may receive favourable tax treatment. Depending on the investment vehicle, benefits can include tax exemptions for resident and non-resident investors on revenue and capital gains on a disposal of the investment, plus a 10 per cent non-refundable tax offset available for new capital invested and the carried interest of fund managers being treated on capital account.

A programme known as the R&D Tax Incentive is available for entities incurring eligible expenditure on research and development (R&D) activities, which includes certain software R&D activities commonly conducted by fintechs. Claimants under the R&D Tax Incentive may be eligible for one of the following incentives:

  1. small businesses (less than A$20 million aggregated turnover) not controlled by exempt entities: a 43.5 per cent refundable tax offset; and
  2. other businesses (aggregated turnover of A$20 million or more or controlled by exempt entities): a 38.5 per cent non-refundable tax offset for eligible expenditure below A$100 million and 30 per cent for eligible expenditure over A$100 million.

Significant changes to the R&D Tax Incentive were enacted and apply from the first income year commencing on or after 1 July 2021. Under the changes, companies with an annual aggregated turnover of less than A$20 million may be able to access a refundable offset of 18.5 per cent above the claimant's corporate tax rate, which, from 1 July 2021, is 25 per cent providing a 43.5 per cent refundable tax offset. The changes also included the introduction of an 'incremental intensity threshold' that increases the tax offset available to companies with an annual aggregated turnover of A$20 million or more based on the proportion of their eligible R&D expenditure as a percentage of total business expenditure.


i Licensing and marketing

The regulatory framework applicable to fintech companies includes banking, financial services, consumer credit, consumer protection, data and privacy, payments and anti-money laundering and counter-terrorism financing regulation. The regulatory obligations broadly include licensing and registration requirements, conduct requirements and disclosure requirements.

There is no fintech-specific licence; however, there are several exemptions that may be suitable for a fintech business to use to test a fintech product or service offering. For example, ASIC offers eligible providers an enhanced regulatory sandbox, which is a 24-month conditional exemption from the requirement to hold an Australian financial services licence (AFSL) to test financial services and products in the Australian market, and an Innovation Hub that offers applicants 12 months of informal guidance on licensing and regulation.

Fintech businesses carrying on a financial services business in Australia must hold an AFSL or be exempt from the requirement to be licensed. The Corporations Act 2001 (Cth) (the Corporations Act), which is administered by ASIC, defines a financial service to include the provision of financial product advice, dealing in financial products (as principal or agent), making a market for financial products, operating registered schemes, providing custodial or depository services and operating a crowdfunding service. A financial product is a facility through which, or through the acquisition of which, a person makes a financial investment, manages a financial risk or makes a non-cash payment (NCP).

These definitions are broad and will capture common fintech offerings such as deposit taking, investment or wealth management, payment services (e.g., digital wallets), advisory business (including robo-advice), trading platforms, crowdfunding platforms and peer-to-peer marketplaces. Financial product advice will also require an AFSL (including the provision of automated digital advice, so long as it can reasonably be regarded as intending to influence a client to make decisions in relation to financial products or services).

The Australian credit licence (ACL) regime applies to fintechs that engage in consumer credit activities in Australia, and covers lending, leasing and intermediary activities. Any person engaging in consumer credit activities must hold an ACL, or otherwise be exempt from the requirement. Consumer credit activity is regulated by ASIC under the National Consumer Credit Protection Act 2009 (Cth) (the National Credit Act) and associated regulations. It is possible that a particular fintech offering may trigger both the AFSL and ACL requirements, for example fintechs that provide marketplace lending products, peer-to-peer lending or crowd-lending platforms may provide both financial services and engage in consumer credit activities and trigger both the AFSL and ACL requirements.

The provision of credit information services in Australia is subject to the Privacy Act 1988 (Cth) (the Privacy Act), which provides that only credit reporting agencies (i.e., corporations carrying on a credit-reporting business) are authorised to collect personal information, collate it in credit information files and disclose it to credit providers. Credit reporting agencies must comply with obligations relating to the use, collection and disclosure of credit information.

Fintech businesses may also need to hold an Australian market licence where they operate a facility through which offers to buy and sell financial products are regularly made and accepted (e.g., an exchange). If an entity operates a clearing and settlement mechanism that enables parties transacting in financial products to meet obligations to each other, the entity must hold a clearing and settlement facility licence or be otherwise exempt.

Most financial services businesses will have obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (the AML/CTF Act) and Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1) (the AML/CTF Rules). Anti-money laundering and counter-terrorism financing (AML/CTF) laws apply to entities that provide 'designated services' with an Australian connection. The AML/CTF Act generally applies to any entity that engages in financial services, remittance or credit (consumer or business) activities in Australia. In 2018, the AML/CTF Act was amended to capture entities that provide digital currency exchange services. Obligations include enrolment (and, in some circumstances, registration) with AUSTRAC, conducting customer due diligence prior to providing any designated services and adopting and maintaining an AML/CTF programme.

Any entity that conducts a 'banking business', such as taking deposits or making advances of money, or provides a purchased payment facility, must be licensed as an authorised deposit-taking institution (ADI). The Australian Prudential Regulation Authority (APRA) is responsible for the authorisation process and the granting of ADI licences (as well as ongoing prudential supervision). In 2018, APRA released the restricted ADI framework, which is designed to assist new businesses wishing to enter the banking industry. Under this regime, entities can conduct a limited range of business activities for two years while they build their capabilities and resources. After this time, they must either transition to a full ADI licence and operate without restriction or exit the industry. As at February 2022, there were three restricted ADIs on APRA's register with several restricted ADIs having transitioned to holding full ADI status since 2018. Some restricted ADIs have faced sustainable market entry challenges in recent years. As a result, APRA recently revised its approach to licensing restricted ADIs to focus on ensuring applicants are able to launch with income-generating products, are able to meet scaled capital requirements and have appropriate exit strategies.

Marketing financial services may itself constitute a financial service requiring an AFSL or reliance on an exemption. If financial services will be provided to retail clients, a financial services guide must first be provided, setting out prescribed information (including the provider's fee structure) to assist a client to decide whether to obtain financial services from the provider. Retail clients wishing to buy a financial product must receive a disclosure document in the form of a product disclosure statement (PDS), which must contain sufficient information such that the retail client can make an informed decision about their purchase. Broadly, a PDS must contain the risks and benefits of acquiring the financial product, the significant characteristics of the financial product and the fees payable in respect of the financial product. ASIC has also published 'good practice guidance' that sets out its expectations regarding marketing and advertising financial and consumer credit services and products in Australia.

Fintech businesses are also subject to the Australian Consumer Law, which is administered by the Australian Competition and Consumer Commission (ACCC). Broadly, this includes prohibitions on misleading and deceptive conduct, false or misleading representations, unconscionable conduct and unfair contract terms. While the Australian Consumer Law does not apply to financial products or services, many of these protections are enforced by ASIC, either through mirrored provisions in the Australian Securities and Investments Commission Act 2001 (Cth) (the ASIC Act) or through delegated powers.

ii Cross-border issues

Comparable regulator exemption

It has generally been common in Australia for foreign financial services providers (FFSPs) to provide financial services to wholesale clients by relying on ASIC's 'passport' exemption from the requirement to hold an AFSL. In March 2020, the passport relief was repealed (subject to a 24-month transitional period) and replaced with a new regime that required FFSPs to apply for a foreign AFSL (i.e., a modified form of an AFSL). However, in 2021 the Australian government announced that it would consider options to restore a modified version of the passport exemption. After an initial consultation period, the Treasury released draft legislation (the Draft FFSP Bill) that seeks to implement a 'comparable regulator exemption'. This is based on the previous passport exemption, with modified conditions and an expanded list of approved jurisdictions. The consultation period for the Draft FFSP Bill concluded on 12 January 2022 and at the time of writing has not been passed into law.

Professional investor exemption

Australia has an AFSL exemption that captures FFSPs providing certain financial services to professional investors from outside Australia. The Draft FFSP Bill proposes to enhance this exemption by expanding the scope of financial services to all financial services; however, this will be subject to certain conditions regarding the FFSP's physical operations. The consultation period for the Draft FFSP Bill concluded on 12 January 2022 and at the time of writing has not been passed into law.

Limited connection relief

'Limited connection relief' is available to an FFSP that is not carrying on business in Australia but is deemed to be carrying on a financial services business in Australia only because it engages in conduct that is inducing, or intended to induce, a person in Australia to use its financial services and provides financial services only to wholesale clients in Australia. However, ASIC announced that limited connection relief will be discontinued and is expected to expire on 31 March 2023. The Draft FFSP Bill does not propose to continue the relief.

Australian presence

Foreign businesses, including fintechs, wishing to access Australian customers must register with ASIC to carry on a business in Australia. Registration can involve either establishing a local presence (i.e., registering a branch office) or incorporating an Australian subsidiary. Generally, the greater the level of system, repetition or continuity associated with an entity's business activities in Australia, the greater the likelihood registration will be required.

Marketing foreign financial services

An offshore provider can generally address requests for information, pitch and issue products to an Australian customer if the customer makes the first approach (i.e., there has been no conduct to induce the investor, or that could have been taken to have that effect) and the service is provided from outside Australia.

If the unsolicited approach relates to credit activities that are regulated under the National Credit Act, the provider is required to hold an ACL irrespective of the unsolicited approach.

Foreign exchange and currency-control restrictions

Australia does not have foreign exchange or currency-control restrictions on the inward or outward flow of currency. However, there are cash-reporting obligations to AUSTRAC. To control tax evasion, money laundering and organised crime, AUSTRAC must receive reports of transfers of A$10,000 or more (or the foreign currency equivalent) and reports of suspicious transactions from reporting entities (e.g., banks, building societies and credit unions). Unless an exemption applies, reporting entities must also submit an annual AML/CTF compliance report to AUSTRAC, which collects information about the appropriateness of a reporting entity's money laundering and terrorism financing risk assessments and of its AML/CTF compliance programme.

Digital identity and onboarding

There is no generally recognised digital identity in Australia.

The Australian federal government's Digital Transformation Agency is creating an Australian Digital Identity System. The system will replace the need for multiple logins across a range of government services, as well as providing the policy and processes to govern the system and the technology to allow it to work. The national overarching digital identity technology called 'GovPass' is divided into four components: the Trusted Digital Identity Framework (TDIF), the exchange gateway, the digital identity services and the service providers. The TDIF governs the GovPass platform and allows people to choose their identity provider and access a range of government services, with an opportunity for future integration with the private sector.

Currently, the GovPass digital identity has only been used for a limited number of government services. However, work is underway to develop a new version of the myGov platform to initially run alongside the existing platform before eventually replacing it. The government is also currently proposing to expand the TDIF to allow access for Australian businesses that become identity accredited.

Financial services providers can carry out fully digitised onboarding of clients, subject to compliance with know your customer (KYC) and AML/CTF obligations. Under the AML/CTF Rules, electronic verification of client information and data may be undertaken with or without hard-copy documentation. Financial services providers may use safe harbour documentation-based or electronic-based procedures to verify individuals where the reporting entity determines that the relationship with the customer is of medium or lower money laundering or terrorism financing risk. During the covid-19 pandemic, AUSTRAC released guidance confirming that this and the AML/CTF Rules support flexible KYC processes and procedures, and that face-to-face or documentation-based procedures are not required or the only method for meeting KYC obligations.

Digital markets, payment services and funding

i Digital marketplaces and cryptoassets

Australia's approach to regulating digital marketplaces and cryptoassets is developing. While Australia's regulatory framework is 'technology neutral' and therefore will trigger regulatory requirements where cryptoassets are financial products (see Section II), 2021 witnessed a shift in regulatory focus towards digital platforms and cryptoassets as a discrete area. This included ASIC releasing guidance for exchange-traded products that invest in cryptoassets (including bringing these within the scope of AFSL authorisations), as well as expectations for financial markets that list such products.

Separately, the Australian government has undertaken a raft of regulatory reviews focussed on cryptoassets (see Section I), recommendations from which may see crypto exchanges and custody providers brought within the regulatory regime. This also includes a proposal to recognise decentralised autonomous organisations (DAO) as legal entities in Australia, as well as a token mapping exercise to determine the relevant features and regulated status of cryptoassets in the market. These recommendations are currently subject to consultation and it is expected that any outcomes will be released later in 2022.

ii Collective investment schemes

Collective investment schemes in Australia are referred to as managed investment schemes, which can be contract-based schemes, unincorporated vehicles (typically structured as unit trusts or unincorporated limited partnerships) or bodies corporate (which are incorporated and typically structured as companies or incorporated limited partnerships).

Depending on the structure, a platform or scheme operated by a fintech company may fall within the scope of the Australian financial services, AML/CTF and consumer protection regulations.

iii Crowdfunding and crowd-lending

Australia has a crowd-sourced equity funding (CSF) regime for companies to raise funds from large pools of investors by utilising licensed CSF platforms instead of listing on a securities exchange. While the regime reduces the regulatory barriers to investing in small and start-up businesses, the framework also includes certain licensing and disclosure obligations for CSF intermediaries (i.e., persons listing CSF offers).

There is no specific regulatory framework applicable to crowd lenders. The government has previously indicated its intention to consult on the extension of the existing CSF regime to debt funding; however, at the time of writing, this has not occurred.

iv Marketplace lending

Providers of marketplace lending products (including peer-to-peer lending services) generally may need to hold an AFSL and comply with associated obligations.

Where the products are consumer loans (e.g., loans to individuals for domestic, personal or household purposes), the provider will also need to hold an ACL and comply with associated obligations. Similarly, all loans (including business loans that are not regulated under the National Credit Act) are subject to consumer protection provisions in the ASIC Act, including prohibitions on misleading or deceptive behaviour. Peer-to-peer lenders are sometimes structured as managed investment schemes, which trigger ASIC registration requirements if offered to retail investors.

There are generally no restrictions on secondary markets for trading loans; however, such activities may trigger licensing obligations for the provider of the market, market maker and market participants.

Marketplace lenders will also typically have AML/CTF obligations.

v Payment services

Payment services may be regulated as financial services where they relate to ADI deposit-taking facilities or NCP facilities.

NCP facility service providers must hold an AFSL or be exempt from this requirement. ASIC has outlined numerous AFSL exemptions, including NCP specific exemptions (e.g., gift vouchers and loyalty schemes).

Any entity that conducts a banking business (including certain holders of stored value purchased payment facilities (PPF)) must also be authorised as an ADI (see Section II).

The Australian government has undertaken a raft of regulatory reviews focused on Australia's payments systems (see Section I). While still subject to industry consultation, many of the recommendations focus on reshaping the regulatory regime to capture integrated payments models, as well as expanding the definition of PPFs to capture a broader range of stored value facilities.

vi Data sharing

In Australia there is no requirement to make client data accessible to third parties; however, this is often necessary for lenders and credit reporting agencies who must comply with obligations regarding the use, collection and disclosure of credit information (see Section II).

The Privacy Act includes 13 Australian Privacy Principles that impose obligations on the collection, use, disclosure and destruction of personal information.

The Privacy Act includes a notifiable data breaches (NDB) scheme, which requires regulated entities to notify any affected individuals and the Office of the Australian Information Commissioner in the event of a data breach (i.e., the unauthorised access to or disclosure of information) that is likely to result in serious harm to those individuals.

The Australian government is currently implementing the national consumer data right (CDR) framework, which gives customers a right to share their data with accredited services providers (currently including banks, comparison services, fintechs or other third parties). The CDR framework was first applied to the banking sector under the Open Banking regime in 2020, through which consumers can exercise greater access and control over their banking data. The CDR framework is expected to be expanded to the energy sector in 2022.

The European Union General Data Protection Regulation also has a broad extraterritorial reach and may significantly impact the data handling practices of data for Australian businesses providing goods and services in the EU.

Cryptocurrencies, initial coin offerings (ICO) and security tokens

i Blockchain

While there are currently no specific regulations dealing with blockchain technology in Australia, ASIC has published guidance outlining its approach to the regulatory issues that may arise through the implementation of blockchain technology and distributed ledger technology (DLT) solutions in fintech businesses more generally. ASIC reaffirms their 'technology neutral' stance in applying the financial services regime, including the position that businesses operating market infrastructure or providing financial or consumer credit services using DLT will still be subject to the compliance requirements that currently exist under the applicable regulation. As noted in Sections I and IV.i, Australia is currently experiencing a regulatory shift that may see various blockchain arrangements (e.g., DAOs) brought within the scope of regulation.

ii Cryptocurrencies

While there are currently no specific regulations dealing with cryptocurrencies, ASIC's regulatory guidance informs businesses of their approach to the legal status of coins or tokens offered in Australia. The legal status of these coins is dependent on product structure and any attached rights. Depending on the circumstances, this may comprise managed investment schemes, securities, derivatives, NCP facilities or fall into a category of more generally defined financial products. If a coin is a financial product, the operator and promoter will need to comply with financial services regulatory requirements under the Corporations Act. Cryptocurrencies are also subject to the general consumer protection provisions, prohibiting false or misleading representations and unconscionable conduct.

Digital currency exchange (DCE) providers are captured under the AML/CTF Act, which requires providers to enrol and register with AUSTRAC and apply AML/CTF processes to DCE services (e.g., customer identification, transaction monitoring).

As noted in Sections I and IV.i, Australia is currently experiencing a regulatory shift that may see various crypto products and projects brought within the scope of regulation. Specifically, the government is proposing to undertake a token mapping exercise to identify the relevant characteristics and regulated status of select cryptoassets.

For income tax purposes, the Australian Taxation Office (ATO) currently views cryptocurrencies as neither money nor a foreign currency. Instead, each cryptocurrency is treated as a separate asset. The tax implications for holders of cryptocurrency depends on the purpose for which the cryptocurrency is acquired or held. If a holder of cryptocurrency is carrying on a business that involves the sale or exchange of cryptocurrency, the cryptocurrency will be held as trading stock. Gains on the sale of the cryptocurrency will be assessable and losses will be deductible (subject to integrity measures and 'non-commercial loss' rules). Even if a holder of cryptocurrency did not invest or acquire the cryptocurrency in the ordinary course of carrying on a business, profits or gains from an 'isolated transaction' involving the sale or disposal of cryptocurrency may still be assessable where the transaction was entered into with a purpose or intention of making a profit, and the transaction was part of a business operation or commercial transaction. If cryptocurrency is not acquired or held in the course of carrying on a business, or as part of an isolated transaction with a profit-making intention, a profit on sale or disposal should be treated as a capital gain. In this regard, the ATO has indicated that cryptocurrency is a capital gains tax (CGT) asset, and a CGT event occurs when there is a sale or disposal of cryptocurrency. CGT events include selling cryptocurrency for fiat currency, exchanging one cryptocurrency for another, gifting or trading, or using it to pay for goods or services. In some instances where a cryptocurrency is held as an investment for at least 12 months, taxpayers may be entitled to a CGT discount to reduce the capital gain made on the disposal of the cryptocurrency. Also, certain capital gains or losses may be disregarded where there is a disposal of a cryptocurrency that is a personal use asset (i.e., an asset kept or used mainly to purchase items for personal use or consumption).

In the context of an ICO, a coin issuance by an entity that is either an Australian tax resident or acting through an Australian 'permanent establishment' may be assessable in Australia. However, if the issued coins are characterised as equity for tax purposes or are issued in respect of a borrowing of money, the ICO proceeds may not be assessable to the issuer. The ATO's views on the income tax implications of transactions involving cryptocurrencies is in a state of flux due to the rapid evolution of both cryptocurrency technology and its application.

Goods and services tax (GST) is not payable on the sale, including ICOs, or purchase of cryptocurrencies (namely those fulfilling the requirements for 'digital currencies' in the A New Tax System (Goods and Services Tax) Act 1999 (Cth), such as Bitcoin, Ethereum, Litecoin, Dash, Monero, ZCash, Ripple and YbCoin). However, entities registered for GST may generally (subject to certain exceptions) be restricted from claiming input tax credits for the GST component of costs associated with the sale or purchase of cryptocurrencies. No GST will be payable if the cryptocurrency is acquired by a non-resident for its overseas business because this will be a GST-free supply. The GST treatment is different still for businesses that receive cryptocurrency in return for their goods and services – in these circumstances, they will be subject to the normal GST rules. In other words, where taxable supplies of goods and services are made by businesses for which cryptocurrency is received as payment, there will be a requirement for that business to report and remit one-eleventh of the payment received for that taxable sale to the ATO (expressed as an amount of money in Australian currency). This is because cryptocurrency is treated as a method of payment and the GST consequences of using it as payment are the same as the GST consequences of using money as payment.

Other new business models

i Smart contracts

Self-executing contracts or 'smart contracts' are permitted in Australia under the Electronic Transactions Act 1999 (Cth) (the ETA) and the equivalent Australian state and territory legislation. The ETA provides a legal framework to enable electronic commerce to operate in the same way as paper-based transactions. Under the ETA, self-executing transactions are permitted in Australia, provided they meet all traditional elements of a legal contract: intention to create legally binding obligations, offer and acceptance, certainty and consideration.

Any attempt at an analysis of correction mechanisms, such as arbitration and mediation, in regard to this type of contract is challenging because there is little case law on smart contracts in Australia. Self-executing contracts may alter traditional dispute resolution in Australia based on the possibility of self-executing dispute resolution through online dispute resolution platforms.

ii Automated investments

Fully automated investments are permitted in Australia on the condition that the automated service provider holds (or is able to rely on) an AFSL with the requisite managed discretionary account (MDA) authorisation. Automated services providers and their retail clients are required to enter into individual MDA contracts to engage in this process. An MDA contract allows trades to be completed on a client's behalf and includes the ability to automatically adjust the asset allocation of a client's portfolio, without prior reference to the client for each individual transaction. Automated investment service providers must also comply with certain conduct and disclosure obligations applicable to providing the automated financial product service.

iii Artificial intelligence

At the time of writing, in Australia there are no special laws applicable to the use of artificial intelligence and machine learning. However, other general data protections including the Privacy Act and the NDB regime will apply. See Section for more detail.

iv Third-party websites

Third-party comparison websites that allow consumers to compare quotes on financial products must ensure they are providing accurate information and not misleading consumers, and may need to be licensed or exempt. ASIC has released guidance for operators of comparison websites, noting that generally operators should clearly disclose the basis of awards or ratings, disclose any links to the providers of products being compared including a warning if not all providers are being compared, clearly disclose advertisements and, where necessary, include a warning that the financial products compared do not compare all features that may be relevant for the consumer.

The ACCC, Australia's competition and consumer law regulator, also has jurisdiction over comparison websites. The ACCC is primarily concerned with the way in which comparison websites drive competition and help consumers make informed decisions. The ACCC also sets out guidance on how third-party comparison websites can facilitate comparisons, disclose commercial relationships between comparisons and financial product providers, and provide full disclosure of the financial products and providers that are being compared.

v Other new business models

There has been a steady increase in the establishment of NCP platforms and solutions aimed at maximising cost and time efficiencies and improving customer experience. The New Payments Platform (NPP) was launched in Australia in February 2018 as the result of industry-wide collaboration between Australia's largest banks and financial institutions as well as Australia's central bank, the Reserve Bank of Australia. Over time, the NPP is expected to replace a significant portion of direct payments between consumers' bank accounts, particularly those that are time-critical or benefit from additional data capabilities. The Australian government has undertaken a raft of regulatory reviews focused on Australia's payments systems (see Sections I and IV.v). The recommendations include a proposed expansion of the regulatory regime to capture emerging payments models and stored value facilities, as well as better access channels for NPP integration.

Australia has also seen a proliferation in the use of blockchain technology and a growth of interest in the use of DLT by established businesses. Fintech businesses are gradually moving beyond the concept stage to formalising actual use cases in areas of managing supply chains, trading derivatives, managing and issuing assets, making cross-border payments and digital currency exchanges. The Australian Securities Exchange (ASX) is continuing with its plan to replace its core clearing and settlement process with a blockchain-based system. The ASX is currently in its testing phase and has set a target go-live date of April 2023.

From yield products to play-to-earn games and non-fungible tokens, Australia has also witnessed a rise in DAO implementations through which communities jointly develop, deploy and govern new blockchain-based products and services. As noted in Section V.i, this has triggered a government proposal to recognise DAOs as corporate legal entities under Australian law.

Intellectual property and data protection

The most appropriate forms of intellectual property protection in Australia for fintech business models and related software are patent and copyright.

Patent protection is available for certain types of innovations and inventions in Australia. A standard patent provides long-term protection and control over an invention, lasting for up to 20 years from the filing date. The requirements for a standard patent include the invention being new, involving an inventive step and being able to be made or used in an industry. An innovation patent is targeted at inventions that take an innovative step and have short market lives, lasting up to eight years.

Business schemes and plans are not patentable, nor are abstract business models that happen to involve a new type of corporate structuring to bring about a certain result. However, there are some business methods that are patentable. To be patentable, the business method must directly involve a physical device that is used to bring about a useful product. If the method involves the application of technology, the technological aspect must be substantial and a useful product. Related software may only receive patent protection if it meets the requirement for a manner of manufacture and is an industrially applicable solution to a technological problem.

Fintech businesses may attain copyright protection for the literacy work in source code, executable code and data sets of new software. This usually protects the exact code that causes a computer to bring about a certain result; however, whether this can be extended to the look and feel of the software is debatable.

Broadly, the person or business that has developed intellectual property generally owns that intellectual property, subject to any existing or competing rights. In an employment context, the employer generally owns new intellectual property rights developed in the course of employment, unless the terms of employment contain an effective assignment of such rights to the employee. Contractors, advisers and consultants generally own new intellectual property rights developed in the course of engagement, unless the terms of engagement contain an effective assignment of such rights to the company by whom they are engaged.

Under the Copyright Act 1968 (Cth), creators of copyright works such as literacy works (including software) also retain moral rights in the work (for example, the right to be named as author). Moral rights cannot be assigned but creators can consent to actions that would otherwise amount to an infringement.

Year in review

The past year has witnessed a significant shift in both the volume and uptake of new technology-based products and services (particularly in the crypto and digital asset space), as well as corresponding regulatory frameworks. The impact of covid-19 placed importance on the value of digital transactions, which informed changing consumer preferences and outcomes.

As noted throughout this chapter, the Australian government has undertaken five separate reviews that seek to change the way Australia regulates payments, digital assets, blockchain projects and fintech implementations more broadly. While the majority of the recommendations are still subject to industry consultation, it is expected that many of the outcomes will result in greater regulatory clarity across the board. This has the potential to impact the full ambit of digital services, including collective investments, advice, marketplaces, custody, stored value facilities, payments and product structuring. This is broadly seen as a positive step for the Australian fintech community.

Following the Royal Commission, regulators have continued to focus their attention on ensuring positive consumer outcomes in financial services. This includes the roll-out of the design and distribution obligations in 2021, as well as ASIC's use of its product intervention powers to limit customer exposure to potentially adverse financial product outcomes. These frameworks seek to align product issuer objectives with commensurate consumer experiences.

Outlook and conclusions

Australia's regulatory framework as it applies to the fintech industry is on the precipice of significant change. While a raft of government reviews into payments, crypto and digital business regulatory frameworks over the past year suggest a fundamental regulatory shift may occur in 2022, as a federal election year it may be that implementation of some of the proposed changes will be given varied levels of priority. In any case, we expect that this year will see regulatory clarity in many areas of the fintech industry, as Australia continues its push to become a centre of financial technology and innovation.

We expect that regulators will continue to provide concessions in the wake of the covid-19 pandemic to promote business growth and product innovation; however, this will be balanced by the ongoing regulatory and enforcement focus on consumer outcomes.

2022 will provide significant opportunity for fintechs seeking to disrupt the way financial services are provided to consumers across a range of areas, and will signify a shift in the way technology products are regulated for years to come.


1 Peter Reeves is a partner, and Georgina Willcock and Robert O'Grady are lawyers, at Gilbert + Tobin.

The Law Reviews content