Australia: Fintech

There are numerous sources of law that regulate payments in Australia, depending on the nature of the payment service.

Financial services

Payment services are regulated as financial services under the Corporations Act 2001 (Cth) (Corporations Act) where they relate to non-cash payment (NCP) facilities. NCP facilities are facilities through which, or through the acquisition of which, a person makes a payment otherwise than by the delivery of physical Australian or foreign currency (e.g. notes or coins) to more than one person. A person who provides advice, issues or arranges for the issue of an NCP facility in Australia must hold an Australian financial services licence (AFSL) unless exempt from the requirement (e.g. low value facilities, gift vouchers and loyalty schemes).  A range of obligations under the financial services laws apply to AFSL holders.

Prudential regulation

An NCP facility that constitutes a purchased payment facility (PPF) (e.g. a digital wallet allowing customers to prefund amounts to make payments to third parties) is subject to additional regulatory requirements.  A PPF is:

• a facility purchased by a person from another person;
• where the facility is able to be used to make payments up to an amount that is available for use, and such use can be subject to certain conditions; and
• where payments are made by the provider of the facility or by a third party with whom the provider is in an arrangement.

Under the Payment Systems (Regulation) Act 1998 (Cth), the holder of stored value with respect to a PPF must be an authorised deposit-taking institution (ADI) as defined under the Banking Act 1959 (Cth) (Banking Act) or be exempt (e.g. limited value and payee facilities). An entity must apply to the Reserve Bank of Australia for authority to provide a PPF.

Anti-money laundering and counter-terrorism financing (AML/CTF)

Providing payment services typically triggers obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act), which regulates persons who provide a designated service with a geographical link to Australia (reporting entities).

Designated services most relevant to payment services are designated remittance services (items 31 and 32), operating a remittance network (item 32A) and issuing and increasing the value of a stored value card (items 21 to 24).

Where designated services are provided, obligations include to enrol (and register in some instances) with the Australian Transaction Reports and Analysis Centre (AUSTRAC) and adopt and maintain a risk-based AML/CTF program that satisfies content requirements including customer due diligence, reporting to AUSTRAC, governance and oversight, employee due diligence, training and record keeping.

Future of payments regulation

The Australian Government has recently concluded a raft of reviews into Australia’s payments systems, stored value facilities and mobile digital wallets. Among the recommendations are significant changes to bring new payments and digital stored value facilities within the regime. While still subject to industry consultation, many of the recommendations focus on reshaping the regulatory regime to capture integrated payments models, as well as expanding the definition of PPFs.

Payment services such as NCP facilities can be provided by non-banks.  As noted in question 1, PPFs must be provided ADIs (banks, building societies or credit unions) unless an exemption applies (e.g. limited value, limited participation or obligations are guaranteed by an ADI or by a government authority).

According to the Australian government, the most popular payment methods are credit and debit cards.[1] In the wake of the COVID-19 pandemic and advances in technology, the use of tap and go services continues to grow and cash and cheques continue to decline.

In addition to credit and debit cards, popular methods of payment include:

• online transfers – customers transfer funds from one Australian bank account to another using the “New Payments Platform” (NPP) enabling real time payments;
• online payment providers – e.g. PayPal, AliPay, Apple Pay and Google Pay;
• buy now pay later (BNPL) providers – e.g. Afterpay, Humm, Klarna and Zip Pay; and
• stored value cards, including gift cards.

Whilst cryptocurrencies are not legal tender in Australia, some businesses provide services to facilitate payments using cryptocurrencies (e.g. bitcoin).

[1] https://business.gov.au/finance/payments-and-invoicing/choose-payment-methods#:~:text=The%20most%20common%20payment%20method,card%20transactions%20are%20now%20contactless.

On 12 August 2019, the Treasury Laws Amendment (Consumer Data Right) Act 2019 (Cth) amended the Competition and Consumer Act 2010 (Cth), the Privacy Act 1988 (Cth) and the Australian Information Commissioner Act 2010 (Cth) to establish a Consumer Data Right (CDR). The CDR gives customers a right to require banks and other data holders to share their data with accredited data recipients (including banks, comparison services, fintechs or third parties). The CDR also contemplates the introduction of action initiation which would allow accredited data recipients to transact and transfer accounts on the customer’s behalf. Accredited data recipients are accredited by the Australian Competition and Consumer Commission (ACCC) to receive consumer data to provide a product or service.

The CDR framework is being rolled out across a number of sectors. Each designated sector will be subject to CDR rules and technical data standards for that sector as made by the ACCC and Data Standards Chair respectively. Consumers will be able to exercise greater access and control over their data. These data sharing arrangements are intended to facilitate easier swapping of service providers, enhancement of customer experience based on personal and aggregated data, and more personalised offerings.

Data sharing

The banking sector was the first sector to be designated for data sharing under the Open Banking regime. The CDR rules for data sharing in the banking sector came into force on 6 February 2020 and consumers were able to consent to their bank sharing data with accredited data recipients from July 2020.

The Federal Government took a phased approach to introducing the CDR in the banking sector. First, CDR data was made available in phases, and second, they imposed data holder obligations at different times for different data holders. This approach was taken to allow all data holders enough time to set up the systems required to comply with their new data holder obligations.

As of 1 July 2022, individual Australian bank customers could direct data holders to share customer data with accredited third parties across a full suite of banking products. The major ADIs must also facilitate data sharing by business consumers, partnerships, and secondary users and joint accounts. Non-major ADIs were required to deliver the same from 1 November 2022.

Action initiation

The Treasury has consulted on a bill which will implement Action Initiation within the CDR. Action initiation will allow third-parties to act on behalf of a consumer (e.g. by making a payment or switching accounts on the customer’s behalf).

It appears that Action Initiation will be rolled out sector by sector in a similar way to the roll out of data sharing. It is proposed that the Minister will make a declaration designating new action types in particular sectors. Following which the Minister will be able to make rules, data standards and guidelines for those action types.

This bill is not specific to Open Banking, but given Open Banking is the most mature CDR sector, it is likely that the government will begin implementing Action Initiation in the banking sector.

Providers of financial services are likely to be subject to the Privacy Act 1988 (Cth).

In Australia, entities in all sectors with an annual turnover of more than $3 million have obligations under the Privacy Act. The Privacy Act also covers entities that earn $3 million or less if the entity is (among other things) a reporting entity under the AML/CTF Act, involved in trading in personal information or a credit reporting body.

Where data collected constitutes personal information, the provider must ensure that it is compliant with the Australian Privacy Principles. This includes, the following:

• having a clearly expressed, up-to-date, and publicly available Privacy Policy;
• only collecting personal information if the information is reasonably necessary for its functions or activities, and such collection is lawful and fair;
• receiving consent to collect sensitive information (financial information is not generally sensitive information);
• taking reasonable steps to notify end users of certain matters;
• only using or disclosing personal information for the purpose for which it was collected.
• generally, not using or disclosing personal information that they hold to communicate directly with an individual to promote goods and services;
• taking certain precautions before disclosing personal information across international borders;
• taking reasonable steps to ensure that the personal information collected and held is accurate, up-to-date and complete;
• taking reasonable steps to protect personal information from misuse, interference and loss and from unauthorised access, modification or disclosure and destroy or de-identify personal information when it is no longer needed; and
• allowing individuals to access and correct their personal information.

CDR obligations

The CDR provides a secure and trusted method for ‘accredited data recipients’ to access consumers’ (both individual and business consumers) banking data. Having access to banking data can provide greater insights into a customer’s financial situation and allow financial service providers to provide their services more efficiently.

The CDR’s impact on financial service providers is likely to increase over time with the roll out of the CDR economy wide. In particular, the Federal Government has announced that the CDR regime will be extended to “Open Finance”. That is, non-bank lending, insurance, superannuation and payments data. The rules for Open Finance have not been determined as the Government has only just completed its sectoral assessment for the sector. At a high level, these CDR obligations will require designated data holders to share data with accredited data recipients and may require data holders to allow Accredited Action Initiators to transact on behalf of their customers.

The expansion of the CDR is also likely to have tangential and unexpected impacts on the provision of financial services. For example, during the introduction of the CDR to the banking sector, it was the view of the fintech community that a ban on screen scraping would cripple the fintech industry. But there has been growing discussion and consideration about whether screen scraping should be banned once the CDR becomes a viable alternative method of gathering data in different sectors.

ASIC operates a regulatory sandbox which allows fintechs to operate small scale financial services or credit activities as pilot projects. The sandbox provides licensing relief, for a limited time, for a project.  There are strict eligibility criteria for the type of businesses that can participate and the products and services that qualify, including that there must be a net benefit to the public and the product or service must be new and innovative.

Under the Business Research Innovation Initiative, ASIC has been working with five regtech firms to explore potential solutions in addressing poor corporate disclosure by listed companies.  At the time of publication, the regtech entities have presented a feasibility study to ASIC. ASIC promotes the application of regtech to deliver better regulatory compliance and consumer outcomes through information-sharing and problem-solving events within industry and hosting quarterly regtech liaison forums.

AUSTRAC also recognises that regtech plays an important role in assisting reporting entities to meet their AML/CTF obligations and provides general guidance about AML/CTF regulation through the AUSTRAC RegTech Engagement program.  It has also published fact sheets for regtechs and reporting entities considering engaging regtechs.

Both ASIC and AUSTRAC committed to helping fintech businesses more broadly by streamlining access and offering informal guidance to enhance regulatory understanding and have established Innovation Hubs to assist start-ups in navigating the Australian regulatory regime.  AUSTRAC’s Fintel Alliance has an Innovation Hub targeted at combatting ML/TF and improving the fintech sector’s relationship with Government and regulators. It also assesses the impact of emerging technologies such as blockchain and cryptocurrency.

At the time of writing, we do not foresee imminent risks to the growth of the fintech market in Australia. There have been a number of legislative reviews and reforms are expected in the fintech space, in particular relating to payments, buy-now-pay-later and digital assets, these are anticipated in the medium term with lead times for compliance.  These changes are owing to digital solutions growing beyond the scope of current regulation and an attempt to simplify existing laws. With the introduction of new laws innovation may be slowed, with an increase in regulatory requirements becoming a barrier to entry.  The state of the broader economy and the decrease of investment activity more broadly may add to this, slowing the growth of the market as businesses become more risk averse.

Investments in fintechs can potentially be made through Australian limited partnerships known as early-stage venture capital limited partnerships and venture capital limited partnerships. Subject to satisfying certain eligibility criteria, investors in such partnerships may receive concessional tax treatment. For example, investors in an early-stage venture capital limited partnership may be exempt from tax on gains from the disposal of eligible investments. They may also be entitled to a 10 percent non-refundable tax offset on capital contributions made to the partnership.

Furthermore, businesses which incur eligible expenditure on research and development (R&D) activities may be eligible for the R&D tax incentive. Under the incentive:

• businesses with less than AUD$20 million aggregated turnover are entitled to a tax offset of 18.5 percentage points above the corporate tax rate (i.e. 43.5 percent in the case of a company that is subject to a 25 percent rate of tax). Any excess of the offset over tax payable is refundable;
• other businesses with aggregated turnover of AUD$20 million are entitled to a non-refundable tax offset equal to the corporate tax rate plus an incremental premium. The offset will be equal to the corporate tax rate plus an 8.5 percent premium for R&D expenditure up to 2 per cent R&D Intensity, and the corporate tax rate plus a 16.5 percent premium for R&D expenditure above 2 percent R&D Intensity. R&D Intensity is the proportion of a company’s eligible R&D expenditure as a percentage of total business expenditure.

Fintech areas with the most investment in Australia include:

• blockchain and cryptocurrency;
• payments, including Buy Now Pay Later (BNPL);
• wealth management;
• mortgages and lending; and
• digital banks.

Outside of founder funding, capital raising is largely from venture capitalists, angel investors and strategic corporate investors.

Australia’s fintech sector is one of the fastest growing in the world.[2] It is connected and well aligned with global markets which makes the Australian market accessible and a great place to pioneer ideas or invest in fintech. As discussed in questions 6 and 8, Australia offers initiatives (including by regulators) which encourage innovation in the fintech sector. In addition, Australian regulatory requirements are technology neutral, providing for relative regulatory certainty and stability.

[2] https://www.austrade.gov.au/international/invest/opportunities/fintech

Migrants require working visas from the Department of Home Affairs (DOHA) to work in Australia, and each type has its own eligibility requirements. Businesses can nominate or sponsor such visas.

The Temporary Skill Shortage (subclass 482) visa (TSS visa) is the most common form of employer-sponsored visa for immigration to Australia. To be eligible for the TSS visa, an applicant’s occupation must:

• be on the short-term skilled occupations list, with a maximum visa period of two years, or up to four years if an International Trade Obligation applies (Hong Kong passport holders are eligible for up to five years), with an option to apply for permanent residency subject to eligibility requirements;
• be on the medium-and long-term strategy skills list or the regional occupational list, with a maximum period of four years (or five years for Hong Kong passport holders) and an option to apply for permanent residency, subject to eligibility requirements; or
• have an employer that has a labour agreement with the Australian Government in effect, with a maximum period of up to four years (or five years for Hong Kong passport holders).

The DOHA has created a Global Business & Talent Attraction Taskforce to attract high value businesses and individuals to Australia. The Taskforce facilitates the Global Talent Visa program and Global Talent Employer Sponsored program. To be invited to apply for a visa under the Global Talent Visa program, a candidate must be highly skilled in one of the ten target sectors (including digitech and financial services and fintech) and be able to attract a salary that meets the high income threshold (AUD162,000 as of 1 July 2022).

The Australian Government and Treasury recently hosted a Jobs and Skills summit which brought together a range of stakeholders to discuss the Australian labour market and economy. Following the summit, at the time of writing, Treasury is consulting on an Employment White Paper, in relation to which any person can make a submission regarding talent and needs. The Government, rather than regulators are attempting to fill gaps in access to talent and in the recent budget, announced programs to support tech skills and innovation in Australia. Other than in relation to the Taskforce referred to in question 11, the fintech industry has limited influence on immigration policy.

There are multiple layers of protection available to fintechs in Australia in respect of intellectual property (IP). Key forms of protection are outlined below. Sophisticated fintechs have a strategy that leverages many, if not all of these:

Copyright: Copyright legislation in Australia protects many aspects of fintech innovation, including source code, visual features, application programming interface structures, and other works.[3]  Copyright arises automatically on creation of an original work. An important limitation is that it protects the material expression of an idea, rather than the idea itself.

Patents: In Australia, it is challenging to secure patent protection for fintech innovations. There is uncertainty as to whether an invention that uses or features computer software or hardware will be patentable subject matter under the Patents Act 1990 (Cth) and courts will likely consider this issue on a case-by-case basis.[4]  Generally, a mere scheme, plan or discovery, or mere abstract ideas or information are not patentable subject matter.[5]

Confidential information: Trade secrets and know-how are particularly valuable in the fintech space, given the difficulties in securing patent protection for software. Confidential information is protected under common law. There is no statutory trade secrets regime. This means that robust contractual and practical protections in respect of confidential information are essential.

Trade marks: Establishing a unique brand and building goodwill in that brand is a key strategy for protection of fintech innovation in Australia, given the limitations of the other forms of protection. Australia recognises registered and unregistered trade mark rights, however registered trade marks are significantly simpler to enforce and commercialise.

Contractual protections (third party creation of IP): Where IP is created for a fintech by a third party, it is important to consider whether there is an effective assignment of the IP created by the third party and whether all of the relevant IP is captured within the agreement (e.g. including where any improvements to a fintech business’ intellectual property are made by the third party). Australia does not have a ‘work made for hire’ regime, so contractual assignment provisions are essential.

Employee created intellectual property: By default, IP created by employees is owned by the employer, where the creation of IP is within the scope of their engagement.[6] However, to avoid disputes about ownership, it is important to ensure that employment agreements contain adequate assignment provisions.

[3] Copyright Act 1968 (Cth), s47AB.

[4] Aristocrat Technologies Australia Pty Ltd v Commissioner of Patents [2022] HCA 29.

[5] Aristocrat Technologies Australia Pty Ltd v Commissioner of Patents [2022] HCA 29, [22] (per Kiefel CJ, Gageler and Keane JJ).

[6] University of Western Australia v Gray [2009] FCAFC 116.

Cryptocurrencies are generally regulated under existing frameworks, which are  currently under review.

Financial services regulation

Persons or entities dealing with, or providing services involving cryptocurrencies should consider whether the cryptocurrency, or arrangements associated with the cryptocurrency, constitute a financial product.  If so, this may trigger the requirement to hold an AFSL and obligations in relation to disclosure, registration and conduct. The definition of financial product is broad, and includes facilities through which a person makes a financial investment, manages a financial risk or makes an NCP and includes specific things that are financial products such as shares, derivatives and managed investment schemes (MISs) (i.e., collective investment vehicles). Cryptocurrencies with similar features to existing financial products may trigger the Australian financial services laws.

ASIC has published regulatory guidance in Info Sheet 225 Initial coin offerings and crypto-assets (INFO 225), setting out ASIC’s approach to determining the legal status of cryptocurrencies, which is dependent on the rights attached to the cryptocurrency – ASIC has indicated this should be interpreted broadly – as well as their structure.

An entity that facilitates payments using cryptocurrencies may be required to hold an AFSL and the operator of a cryptocurrency exchange will be required to hold an AFSL or Australian market licence if the crypto assets traded on the exchange constitute financial products.

Consultations and token mapping

Several consultations have recently concluded on proposed regulation concerning the treatment of crypto assets and their related services.

In early 2022, Treasury consulted on a proposed licensing framework for crypto asset secondary service providers (CASSPrs). This was generally targeted towards entities providing custody, brokerage, exchange and transmission services in relation to crypto assets that are not otherwise caught under the financial services regime. At the time of writing, Treasury has not reported on the outcome of the consultation and the change of Government in May 2022 created uncertainty around the future of such proposals. However, both the new Government and Treasury have indicated they will take a balanced approach to regulation.

In August 2022, the Government announced its intention to conduct a ‘token mapping’ exercise that seeks to identify how crypto assets and related services should be regulated. While, at the time of writing, the Consultation Paper setting out the Government’s approach to this exercise has not been released, the consultation is expected to involve the categorisation or “mapping” of various types of crypto assets to provide the government with a richer insight into how to best regulate the diverse asset class.

Following Treasury’s CASSPr Consultation, Senator Andrew Bragg published a private member’s bill titled Digital Assets (Market Regulation) Bill 2022 (Digital Assets Bill) in September 2022 for consultation, which proposed a new licensing regime and reporting requirements for digital asset exchanges, custody providers and stable-coin issuers (including designated banks dealing in digital Yuan). While the Bill was not introduced by the current Government, it has the capacity to become law if passed by both houses.

Cross-border issues

The regulation of foreign financial service providers (FFSPs) is in a state of flux. At the time of writing, FFSPs carrying on a financial services business in Australia require an AFSL, a foreign AFSL (FAFSL) or must rely on an exemption (such as being appointed an authorised representative of an AFSL holder), unless relief is granted. The Corporations Act may apply to crypto asset sales regardless of whether the cryptocurrency was created and offered from Australia or overseas, if the cryptocurrency has the characteristics of a financial product. Historically, FFSPs regulated in comparable jurisdictions had the benefit of limited licensing relief for financial services provided to wholesale clients.  In 2020, this was repealed and replaced with a foreign AFSL regime.  In 2021, the Government proposed reverting back to the comparable jurisdiction regime (with some amendments).  Legislation to this effect was put to the Australian parliament in early 2022 but lapsed with the change of Government.  At the time of writing, there has been no intention announced regarding the future of FFSP regulation in Australia.

Foreign companies carrying on a business in Australia, including by issuing cryptocurrency or operating a platform developed using token sale proceeds, may be required to establish a local presence (i.e., register with ASIC and create a branch) or incorporate a subsidiary. Broadly, the greater the level of system, repetition or continuity associated with business activities in Australia, the greater the likelihood that registration will be required.

Promoters marketing cryptocurrency to Australian residents (where the cryptocurrency is considered a financial product) must meet licensing and disclosure requirements. Generally, a service provider from outside Australia may respond to requests for information and issue products to an Australian resident if the resident makes an unsolicited approach and there has been no conduct on the part of the issuer designed to induce the investor to make contact, or activities that could be misconstrued as the provider inducing the contact.

Consumer law

Even if a cryptocurrency is not a financial product, it will be subject to the Australian Consumer Law, set out at Schedule 2 to the Competition and Consumer Act 2010 (Cth) (ACL), relating to the offer of services or products to Australian consumers. The ACL prohibits misleading or deceptive conduct in a range of circumstances including in the context of marketing and advertising. Care must be taken in promotional material (including whitepapers) to ensure buyers are not misled or deceived and that the promotional material does not contain false information. Promoters and sellers are prohibited from engaging in unconscionable conduct and must ensure the crypto assets are fit for their intended purpose.

The protections of the ACL are generally reflected in the Australian Securities and Investments Commission Act 2001 (Cth) (ASIC Act), providing substantially similar protection to investors in financial products or services.

ASIC has delegated powers from the ACCC to take action against misleading or deceptive conduct in marketing or issuing cryptocurrencies (regardless of whether it is a financial product). A range of consequences may apply for failing to comply with the ACL or the ASIC Act.

Anti-money laundering and counter-terrorism financing (AML/CTF)

Digital currency exchanges (DCEs) that exchange digital currencies for fiat currencies and vice versa are required to register with AUSTRAC prior to operating. Registered exchanges are required to implement risk-based procedures in an AML/CTF Program that complies with content requirements including, know-your-customer processes, ongoing customer due diligence, reporting obligations and record keeping obligations.  DCEs are required to renew their registration every three years. The AML/CTF Regime is expected to be expanded in the future to cryptocurrency to cryptocurrency exchanges.

Taxation

For income tax purposes, the ATO views cryptocurrency as an asset that is held or traded (rather than as money or a foreign currency). The tax implications for holders of cryptocurrency depend on the purpose for which the cryptocurrency is acquired or held.

Sale or exchange of cryptocurrency in the ordinary course of business

If a holder of cryptocurrency is carrying on a business that involves the sale or exchange of the cryptocurrency (e.g. trading or mining), the cryptocurrency will be held as trading stock and generally gains on the sale will be assessable and losses deductible.

Isolated transactions

Profits or gains from an “isolated transaction” involving the sale or disposal of cryptocurrency (not in the ordinary course of carrying on a business) may be assessable where the transaction was entered into with a purpose or intention of making a profit and the transaction was part of a business operation or commercial transaction.

Cryptocurrency investments

If cryptocurrency is not acquired or held in the course of carrying on a business, or as part of an isolated transaction with a profit-making intention, a profit on sale or disposal should be treated as a capital gain. Capital gains may be discounted, so long as the taxpayer satisfies the conditions for the discount.

Although cryptocurrency may be a capital gains tax asset, a capital gain arising on its disposal may be disregarded if the cryptocurrency is a “personal use asset” and it was acquired for AUD10,000 or less. Capital losses made on cryptocurrencies that are personal use assets are also disregarded. Cryptocurrency will be a personal use asset if it was acquired and used within a short period of time for personal use or consumption (e.g. to buy goods or services).

The ATO’s views on the income tax implications of transactions involving cryptocurrencies is in a state of flux due to the rapid evolution of both cryptocurrency technology and its uses. The Board of Taxation has been reviewing and consulting on the taxation of digital assets and transactions in Australia and has been asked to report back to the Government by the end of 2022.

Staking cryptocurrency

Cryptocurrency holders who participate in proxy staking or who vote their tokens in proof of stake or other consensus mechanisms may be rewarded with additional tokens and the value of such tokens should be treated as ordinary income at the time they are derived.

Goods and services tax (GST)

Supplies and acquisitions of cryptocurrency made from 1 July 2017 are not subject to GST on the basis they will be input-taxed financial supplies. Consequently, suppliers of cryptocurrency will not be required to charge GST on these supplies, and a purchaser would prima facie not be entitled to GST refunds (i.e. input tax credits) for these corresponding acquisitions. On the basis that cryptocurrency is a method of payment, as an alternative to money, the normal GST rules apply to the payment or receipt of cryptocurrency for goods and services.

As noted in question 14, a cryptocurrency may be a financial product, depending on its characteristics.  Where an initial coin offering (ICO) relates to a coin that is a financial product, a person involved in the issuance, distribution or marketing will require an AFSL and need to comply with the financial services laws.

Even if an ICO is not a financial product, it may still be subject to regulation, including under the ACL, which prohibits misleading or deceptive conduct (see question 14).  As such, whitepapers and ICO promotional material must not mislead or deceive customers or contain false information. Promoters and issuers are also prohibited from engaging in unconscionable conduct and must ensure the coins or tokens issued are fit for their intended purpose. The protections of the ACL are generally mirrored in the ASIC Act, providing substantially similar protection to investors in financial products or services.

ASIC has delegated powers from the ACCC to enable it to take action against misleading or deceptive conduct in marketing or issuing in ICOs (regardless of whether it involves a financial product).

A coin issuance by an entity that is an Australian tax resident, or acting through an Australian permanent establishment, may be assessable for tax purposes in Australia.

As at the time of writing, it is uncertain as to the timing of changes to the laws regulating ICOs after the recent reviews (see question 14).  If the Digital Assets Bill were passed, this would require issuers of stablecoins to hold a licence. The ‘token mapping’ exercise may provide guidance as to the regulation of categories of coins.

Many fintech businesses have leveraged blockchain to manage supply chains, make cross-border payments, trade derivatives, manage assets and operate digital currency exchanges. There have been notable applications of blockchain in Australia including:

• The Australian Securities Exchange is in the process of implementing and transitioning to a new blockchain-based system covering clearing, settlement, asset registration and other post trade services. This system represents one of the first mainstream, scaled uses of blockchain by any securities exchange globally and is likely to yield valuable insight as policymakers and regulators consider their approach to blockchain in future.
• The International Bank for Reconstruction and Development (an arm of the World Bank) and the Commonwealth Bank of Australia (CBA) issued A$110 million worth of bonds on a blockchain, coining the new blockchain operated debt instruments a “BOND-I”. The bonds were governed by New South Wales law and were the first bonds to be created, allocated, transferred and managed using blockchain.
• Three of Australia’s major banks partnered with IBM and Scentre Group to issue the first digital bank guarantee for retail property leases on blockchain, with the intention to reduce the issuance period for a bank guarantee from up to a month to the same day.
• Synthetix, a blockchain-based platform that, through smart contracts with ranging functionality, allows users to collateralise and gain synthetic exposure to assets in self-issued derivative-like products.
• Well-known companies and individuals are utilising non-fungible tokens (NFTs). Penfolds has offered NFTs tied to a physical barrels and bottles of Penfolds wine and other rights including wine-tasting and a vineyard tour.
• NFT marketplaces have become popular. Immutable X offers a trading solution for NFTs by aggregating multiple transactions into a single smart contract using zero knowledge proofs.

Blockchain projects are likely to keep growing in number and technicality in Australia.

The rising cost of compliance has prompted many companies in the financial sector to use artificial intelligence (AI) and natural language processing technologies and invest in regtech solutions for example, to automate regulatory reporting, manage compliance and ensure clarity in the way regulation is interpreted.

At the time of writing, there are no specific laws applicable to the use, development and adoption of AI or machine learning in Australia.  However, other data protections apply (e.g. Privacy Act requirements apply to AI technologies that use personal information). Importantly, the Privacy Act does not contain a specific principle related to automated decision making (such as is available under the General Data Protection Regulation) however, privacy reforms may introduce a similar principle in the future.

Fintechs should consider any discrimination or biases that may arise from their use of AI and monitor their AI products to ensure discriminatory outcomes are not experienced. Further, where AI solutions are implemented to provide financial services or undertake credit activities, the business must train and monitor its AI solution to comply with the applicable laws and ensure there are no negative consumer outcomes.

Whilst not currently a legal requirement for the private sector, the Government has designed 8 AI Ethics Principles, which provide a voluntary framework designed to complement (but not substitute) current AI practices.[7] These may provide insight into how AI may be regulated in Australia in the future. We expect regulation to encourage AI’s further use.

[7] https://www.industry.gov.au/publications/australias-artificial-intelligence-ethics-framework/australias-ai-ethics-principles

Australia has an evolving insurtech market that seeks to provide alternative insurance options for specific products, services and job types.

Insurtech has been disrupting individual sections of the insurance value chain, augment the existing processes of underwriting risk and predicting loss, and improving the existing capabilities of insurers, reinsurers, intermediaries and service providers. However, in Australia, insurtechs tend to collaborate with incumbent insurance companies more often than they compete against them, focusing on forging cross-sector alliances to embed legacy insurance offerings into alternative value propositions. Among other things, insurtechs may undertake this complementary approach owing to the more complex and heavily regulated nature of insurance products.

The regulation relevant to insurance businesses applies to insurtechs in a technologically agnostic manner. There are no regulations that specifically target insurtech.

Areas of fintech that are particularly strong in Australia are:

• payments and wallets;
• lending, including BNPL;
• regtech;
• supply chain;
• wealth and investment; and
• data analytics and information management.

Fintechs are both competing and collaborating with incumbent financial institutions. In the rise of digitalisation, incumbent financial institutions are partnering with fintechs to remain competitive with other fintechs and integrate innovation into their traditional service offerings. However, there is a significant population of fintechs preferring to capitalise on their points of differentiation with traditional financial institutions and compete against them. In many instances the disruptors are often targets of financial institutions, such as Up Bank, 86400 and Tyro.

Banks and other incumbent financial institutions are carrying out their own fintech development and innovation programs. In addition, they are collaborating and partnering with fintechs and investing in fintechs via venture capital arms.

The rise in fintech continues to disrupt and reshape the traditional financial services ecosystem in Australia, redefining customer expectations relating to the way they can access and manage their finances. This includes the proliferation of new and emerging payment systems, including BNPL, such as  Afterpay. Demonstrating the extent of BNPL’s impact in the industry, a number of major banks have launched competitive products.