Fintech in Australia 2024

Australia Fintech in 2024

Australia Fintech in 2024

FINTECH 2024

AUSTRALIA

John Bassilios

(Hall & Wilcox)

FINTECH LANDSCAPE AND INITIATIVES

General innovation climate

  1. What is the general state of fintech innovation in your jurisdiction?

Financial technology innovations in Australia are rapidly accelerating and are competitive in a global context. Australia’s national fintech association, FinTech Australia, estimates that the fintech industry in Australia is worth A$4 billion. The covid-19 pandemic has bolstered the strength of the fintech market as increased online transactions during lockdowns led to more businesses requiring digital payment capabilities. The Australian Trade and Investment Commission attributes the success of fintech in Australia to a supportive regulatory environment, a highly qualified and diverse talent pool, our geographic proximity to Asia and desire of Australian fintech companies to expand their international reach.

Government and regulatory support

  1. Do government bodies or regulators provide any support specific to financial innovation? If so, what are the key benefits of such support?

Government bodies and regulators in Australia are eager to support fintech innovations without comprising the principles of existing regulations. Forms of support offered by government bodies and regulators include:

  • an innovation hub launched by Australian Securities and Investment Commission, which allows fintech businesses to access informal assistance to navigate Australia’s regulatory system;
  • the enhanced regulatory sandbox (ERS). The ERS has been available since 1 September 2020 and allows businesses to test their financial services or credit activities before obtaining an Australian financial services license or Australian credit license for a period of up to 24 months. To access the ERS exemption, businesses must satisfy the eligibility requirements and conditions for entry; and
  • establishment of fintech bridges with the United Kingdom and Singapore. The purpose of a fintech bridge is to improve access for Australian fintech businesses into the UK and Singapore markets, including entry into regulatory sandboxes, quicker license processing and facilitating advice and mentorship opportunities for Australian fintech businesses.

Government bodies continually review aspects of the fintech industry to strengthen the regulatory environment, with a particular focus on ensuring regulatory settings are fit for purpose.

FINANCIAL REGULATION

Regulatory bodies

  1. Which bodies regulate the provision of fintech products and services?

The key regulatory bodies in Australia include:

  • the Australian Securities and Investment Commission (ASIC);
  • the Australian Prudential Regulation Authority (APRA);
  • the Australian Transaction Reports and Analysis Centre (AUSTRAC);
  • the Reserve Bank of Australia (RBA); and
  • the Australian Competition and Consumer Commission (ACCC).

Each regulatory body performs a different function and a fintech business may need to interact with more than one regulatory body for the provision of its products and services.

ASIC regulates financial services, consumer credit and authorized financial markets. It is responsible for licensing and monitoring businesses that engage in financial services or consumer credit activities. Entities cannot engage in certain activities without an Australian financial services license or Australian credit license (unless an exemption applies). Licensees must comply with their obligations under the law and the conditions of their license.

APRA is responsible for the prudential regulation and supervision of banking, insurance and superannuation institutions to promote financial system stability. Its role involves authorizing entities to be banking or insurance businesses or to be a trustee of a superannuation fund.

AUSTRAC is responsible for preventing, detecting and responding to criminal abuse of the financial system. Industries regulated by AUSTRAC include banking, digital currency exchanges and financial services providers. Entities regulated by AUSTRAC are required to have an anti-money laundering or counter-terrorism financing programme and comply with ongoing reporting obligations.

RBA is the central bank of Australia and is responsible for maintaining the stability of the financial system. As the primary payments system regulator, the RBA ensures that the payments system is safe and robust. RBA may designate a particular payment system as being subject to its regulation and determine rules for participating in that system.

ACCC is the regulator of competition and national consumer law in Australia, including enforcing prohibitions on misleading and deceptive conduct and unconscionable conduct. The scope of ACCC’s regulation includes all businesses.

Regulated activities

  1. Which activities trigger a licensing requirement in your jurisdiction?

Financial services and credit activities trigger licensing requirements in Australia unless an exemption applies. Fintech businesses testing innovative financial services or credit activities may benefit from the enhanced regulatory sandbox exemption if it meets the eligibility criteria.

Australian financial services license

Fintech businesses carrying on a financial services business in Australia must hold an Australian financial services license (AFSL). Financial services include the provision of financial product advice, dealing in financial products, making a market for financial products, operating registered schemes, providing custodial or depository services and operating a crowdfunding service. A financial product is a facility through which, or through the acquisition of which, a person makes a financial investment, manages financial risk or makes non-cash payments. Australian financial services licensees must comply with obligations under the Corporations Act and Corporations Regulations.

Australian credit license

Fintech businesses providing consumer credit activities in Australia must hold an Australian credit license (ACL). Credit activities include providing credit under, suggesting or assisting with, a credit contract or consumer or consumer lease. Australian credit licensees must comply with their obligations under the National Consumer Credit Protection Act 2009, National Credit Code and National Consumer Credit Protection Regulations 2010.

APRA-regulated entities

Banking (including stored value facilities), insurance and superannuation businesses are required to be licensed by APRA. Licensed entities are required to meet APRA’s prudential standards.

Consumer lending

  1. Is consumer lending regulated in your jurisdiction?

ASIC regulates consumer lending pursuant to the National Consumer Credit Protection Act (NCCP Act), the National Credit Code (NCC) and National Consumer Credit Protection Regulations. Under the NCCP Act, persons engaging in a credit activity must hold an ACL, unless an exemption applies. The purpose of the NCCP Act is to provide protections to consumers and impose obligations on creditors in providing consumer credit.

Licensees must comply with responsible lending conduct obligations in the NCCP Act, which prevents Australian credit licensees from entering into a credit contract with a consumer, suggest a credit contract to a consumer or assist a consumer to apply for a credit contract if it is unsuitable. ASIC’s views on responsible lending obligations are set out in Regulatory Guide RG 209.

Banks carrying out consumer lending activities are also required to comply with APRA’s lending standards.

Further, the buy now, pay later (BNPL) industry has gained traction in Australia, but not without additional suggestions for further regulation. In November 2022, the Treasury released a consultation paper outlining three broad options for regulatory intervention:

  • strengthening the industry code for BNPL;
  • creating tailored legislation under the Credit Act; or
  • creating full regulation under the Credit Act.

In May 2023, the government announced that BNPL will be regulated through the second option, meaning that BNPL service providers will need to hold an Australian credit license and comply with the relevant obligations. ASIC will continue to regulate this.

Secondary market loan trading

  1. Are there restrictions on trading loans in the secondary market in your jurisdiction?

There are no legislative restrictions to trading loans in the secondary market. The main restriction on trading loans is the limited secondary market in Australia.

The trading of consumer loans regulated under the National Consumer Credit Protection Act will require assignees of the loan to hold an Australian credit license.

Collective investment schemes

  1. Describe the regulatory regime for collective investment schemes and whether fintech companies providing alternative finance products or services would fall within its scope.

Collective investment schemes typically fall within the meaning of a ‘managed investment scheme’ (MIS) under the Corporations Act. A MIS has the following features:

  • people contribute money or money’s worth as consideration to acquire interests to benefits produced by the scheme (whether the rights are actual, prospective or contingent and whether they are enforceable or not);
  • any of the contributions are to be pooled, or used in a common enterprise, to produce financial benefits or benefits consisting of rights or interests in property for the members who hold interests in the scheme (whether as contributors to the scheme or as people who have acquired interests from holders); and
  • the members do not have day-to-day control over the operation of the scheme (whether or not they have the right to be consulted or to give directions).

Responsible entities and fund operators of an MIS are typically required to hold an AFSL. Registered MIS are subject to additional obligations under Chapter 5C of the Corporations Act. The meaning of a MIS is broad and could encompass many schemes not otherwise viewed as collective investments; however, a recent case LCM Funding Pty Ltd v Stanwell Corporation Limited [2022] FCAFC 103 highlighted the overarching purpose of the regime should be taken into account in concluding whether a scheme is a MIS.

The Corporate Collective Investment Vehicle (CCIV) regime commenced on 1 July 2022. A CCIV is a type of company limited by shares that is an investment vehicle. The CCIV regime incorporates some aspects of the existing regulatory framework for MIS but has additional features such as the ability to operate ‘sub-funds’.

Depending on the structure of the offering, fintech companies providing alternative finance products or services could fall within the scope of a MIS. ASIC information sheet INFO 213 provides guidance on marketplace lending schemes structured as an MIS.

Equity-based crowd-sourced funding is governed under Part 6D.3A of the Corporations Act. Crowdfunding platforms that fall within the scope of Part 6D.3A are specifically excluded from the definition of a MIS.

Alternative investment funds

  1. Are managers of alternative investment funds regulated?

Collective investment undertakings that raise capital from a number of investors and invest it in accordance with a defined investment policy will generally satisfy the elements of a managed investment scheme if investors have no day-to-day control over the operation of the scheme. Managers of a managed investment scheme are required to hold an Australian financial services license. If interests in the scheme are offered to retail investors, the scheme must be registered with ASIC and must have a constitution and compliance plan that meet various requirements. In addition, a Target Market Determination and a Product Disclosure Statement (similar to a prospectus) needs to be prepared.

Peer-to-peer and marketplace lending

  1. Describe any specific regulation of peer-to-peer or marketplace lending in your jurisdiction.

While there is no specific regulation, aspects of peer-to-peer or marketplace lending may give rise to regulatory requirements. For example, if the lending scheme is structured as a managed investment scheme, the operator would be required to hold an Australian financial services license. Where the lending relates to consumer credit, an Australian credit license is required. ASIC provides its guidance on marketplace lending products and the applicable regulations in information sheet INFO 213.

Crowdfunding

  1. Describe any specific regulation of crowdfunding in your jurisdiction.

The Corporations Act provides a crowd-sourced funding (CSF) regime that allows companies to make public offers of shares with reduced regulatory requirements. ASIC released RG 261 to provide guidance to companies seeking to raise funds through equity-based CSF, including eligibility to make an offer under the CSF regime and obligations of the company.

Providers of CSF services are required to hold an AFSL. ASIC’s RG 262 provides guidance on the AFSL obligations and specific CSF regime obligations applicable to intermediaries seeking to provide CSF services.

Invoice trading

  1. Describe any specific regulation of invoice trading in your jurisdiction.

Some invoice factoring arrangements could technically satisfy the definition of a ‘derivative’ in section 761D of the Corporations Act. ASIC issued legislative instrument ASIC Corporations (Factoring Arrangements) Instrument 2017/794 to relieve debt factoring arrangements from the requirement to hold an AFSL.

Payment services

  1. Are payment services regulated in your jurisdiction?

The RBA is the primary payments system regulator however the scope of RBA’s designation power is unlikely to extend to all new fintech innovations (for example, intermediaries such as digital wallets may not be captured).

ASIC is responsible for the licensing and regulation of non-cash payment facility providers.

APRA, ASIC and RBA are responsible for the regulation of purchase payment facility (PPF) providers.

PPFs that are widely available and redeemable upon demand into Australian currency are considered to carry on a banking business and require a special class of authorized deposit-taking institution authorization from APRA, which licenses a limited range of banking activities. If PPFs are not widely available nor redeemable for Australian currency, they may be either authorized or exempted by the RBA. Depending on the nature of the PPF, it may also constitute a non-cash payment facility that could require an Australian financial services license.

Payment services businesses may also voluntarily subscribe to be bound by the ePayment Code administered by ASIC.

In June 2023, the Treasury provided direction as to its key priorities for modernizing payments and simplifying processes of obtaining different authorizations, in particular proposing that ASIC is the single point of contact for applications of all sorts of authorizations.

It is also noted that BNPL services have attracted the need for additional regulation, requiring BNPL service providers will need to hold an Australian credit license and comply with the relevant obligations. This too, is currently regulated by ASIC.

Open banking

  1. Are there any laws or regulations introduced to promote competition that require financial institutions to make customer or product data available to third parties?

In November 2017, the government introduced consumer data right (CDR) in Australia, which seeks to provide consumers with greater access and control over their data. ACCC is the lead regulator for CDR and is responsible for its development and implementation.

The first sector of CDR is open banking, which has allowed bank customers to provide accredited third parties with savings, credit card, mortgage, personal loan and joint bank account data since late 2020. Accredited businesses could include other authorized banks, financial institutions and organizations.

Australia is still in the early stages of adopting an open banking initiative, meaning that the incorporation of the CDR regime in Australia has been slow.

Robo-advice

  1. Describe any specific regulation of robo-advisers or other companies that provide retail customers with automated access to investment products in your jurisdiction.

ASIC defines robo-advice as the provision of automated financial product advice using algorithms and technology without the direct involvement of a human adviser. ASIC released RG 255 highlighting issues associated with providing digital advice to retail clients. In summary, if the robo-adviser provides customers with general or personal financial product advice, it will need to hold an Australian financial services license (AFSL). If the robo-adviser is limited to providing factual information, generally an AFSL is not required.

Where the robo-adviser is used to provide a designated service under anti-money laundering or counter-terrorism financing legislation, it may have reporting obligations to AUSTRAC.

Insurance products

  1. Do fintech companies that sell or market insurance products in your jurisdiction need to be regulated?

Generally, life insurance or general insurance businesses (issuers) are required to be authorized by APRA and to hold an Australian financial services license, whereas non-insurance businesses that sell or market insurance products are only required to hold an AFSL.

Credit references

  1. Are there any restrictions on providing credit references or credit information services in your jurisdiction?

Under the Privacy Act, only credit reporting agencies are permitted to collect and provide consumer credit information to credit providers.

CROSS-BORDER REGULATION

Passporting

  1. Can regulated activities be passported into your jurisdiction?

Foreign financial services providers’ exemptions

Foreign financial services providers (FFSP) may qualify for relief from the requirement to hold an Australian financial services license (AFSL).

  • An FFSP may be exempted from holding an AFSL if it only provides funds management financial services to certain types of professional investors in Australia.
  • An FFSP that is authorized by an overseas regulatory authority alternatively may be eligible to apply for a modified form of an AFSL (known as a foreign AFS license) to provide specified financial services to wholesale clients only. Where an FFSP obtains a foreign AFS license, it is exempted from certain obligations under Chapter 7 of the Corporations Act, provided they are subject to sufficiently equivalent overseas regulatory requirements.

Australian Securities and Investment Commission (ASIC) RG 176 provides guidance on the eligibility requirements for FFSPs and the obligations that apply. The current relief for FFSPs is expected to apply until 31 March 2024.

In February 2022, the government introduced the Treasury Laws Amendment (Streamlining and Improving Economic Outcomes for Australians) Bill 2022 seeking to restore regulatory relief for FFSPs. This bill has not yet been passed and lapsed in April 2022. We note, however, that following the lapse of the Bill, ASIC has extended the transitional relief for an additional year (to 31 March 2024) as mentioned above. FFSPs can therefore rely on regimes being either the sufficient equivalence or limited connection relief until this date.

Once this transitional relief expires, it is unclear what the permanent options will be in future. This depends on whether the Bill is reintroduced into Parliament, and passed.

Foreign passport funds

In 2018, Australia committed to the Asia Region Funds Passport, which aims to remove unnecessary regulatory barriers and allows collective investment schemes in a participating economy to market their products in Australia. The process requires the foreign passport fund to register as a foreign country in Australia, satisfy an ‘ongoing offer’ requirement in its home country, lodge a notice of intention to offer interests in Australia with ASIC and provide ASIC with a PDS for the fund. Parties to the Asia Region Funds Passport include Australia, New Zealand, Japan, South Korea and Thailand. ASIC’s RG 138 concerning foreign passport funds outlines the entry and ongoing requirements for ‘notified foreign passport funds’.

Requirement for a local presence

  1. Can fintech companies obtain a license to provide financial services in your jurisdiction without establishing a local presence?

It is possible for a fintech company to obtain an AFSL in Australia where it is registered as a foreign company and carries on a business in Australia.

It could be onerous to register as a foreign company as they required to maintain a registered office in Australia that opens each business day from at least 10am to 12pm and 2pm to 4pm with a representative present during business hours and meet certain financial reporting obligations.

Due to the conditions attached to registering a foreign company, it may be more convenient for foreign fintech companies to incorporate an Australian resident subsidiary company to hold the AFSL.

SALES AND MARKETING

Restrictions

  1. What restrictions apply to the sales and marketing of financial services and products in your jurisdiction?

The marketing of a financial product constitutes a financial service that requires an Australian financial services license. Australian Securities and Investment Commission RG 234 contains good practice guidance on advertising financial products and services.

The Australian Securities and Investment Commission Act 2001 and Corporations Act provides consumer protection in relation to financial services and products to ensure that promoters do not make false or misleading statements or engage in misleading or deceptive conduct. The Corporations Act requires marketing material to include the identity of the issuer and to state that a PDS is available and that a person should consider the PDS in deciding whether to acquire the product.

For Australian credit licensees, marketing material for credit products must comply with the National Consumer Credit Act, which includes the requirement to include the Australian credit license number on all printed advertisements.

All businesses are subject to the overarching obligations under the Australian Consumer Law, which requires businesses not to mislead or deceive consumers or other businesses.

CRYPTOASSETS AND TOKENS

Distributed ledger technology

  1. Are there rules or regulations governing the use of distributed ledger technology or blockchains?

Australian Securities and Investment Commission (ASIC) released information sheet INFO 219 for businesses using distributed ledger technology or blockchain. In ASIC’s view, the existing regulatory framework accommodates the current distributed ledger technology use cases.

Digital currency exchange providers are required to register with the Australian Transaction Reports and Analysis Centre (AUSTRAC); and comply with anti-money laundering (AML) and counter-terrorism financing (CTF) rules and regulations.

Cryptoassets

  1. Are there rules or regulations governing the promotion or use of cryptoassets, including digital currencies, stablecoins, utility tokens and non-fungible tokens (NFTs)?

The applicable rules and regulations depend on whether the cryptoasset is a financial product. If the cryptoasset is a financial product, then any business that involves issuing, advising and dealing in the cryptoasset would require an Australian financial services license (AFSL).

The promotion of financial services and products requires an AFSL and is subject to consumer protection rules under the ASIC Act and Corporations Act to ensure that promoters to do not make false or misleading statements or engage in misleading or deceptive conduct.

Where the use of cryptoassets involves a digital currency exchange, the entity is required to register with AUSTRAC and comply with AML and CTF rules and regulations.

ASIC has also released INFO 225, which discusses the obligations under the Corporations Act 2001 relating to promotional communications about crypto-assets or ICOs. This mainly is ensuring that these communications are not misleading or deceptive, and that they do not contain false information, consistent with Australia’s consumer laws and protections.

Token issuance

  1. Are there rules or regulations governing the issuance of tokens, including security token offerings (STOs), initial coin offerings (ICOs) and other token generation events?

There is no specific rules or regulations governing the issuance of tokens; however, ASIC information sheet INFO 225 discusses implications of token issues under the Corporations Act, ASIC Act and Australian Consumer Law.

If the tokens meet the definition of a financial product, then the token issue and offer is a financial service that requires an Australian financial services license. If the token represents a share in a body corporate then an AFSL is not required but a prospectus is required if the offer us made to retail clients.

We note that the Treasury has also released in February 2023, a token mapping consultation paper. The consultation paper suggests that tokens, token systems, as well as its functions (benefits received from a token system such as payment) could be subject to regulation. Particularly in relation to intermediated token systems. The Treasury considered these sorts of assets to be defined as crypto assets given the link here is created through agreement. The paper highlights room for regulatory change being:

  • crypto tokens tradeable on secondary markets cannot enforce rights against an issuer as the subsequent holder holds no rights against the original issuer;
  • difficulties in being able to identify the issuer who is responsible for obligations relating to a particular crypto asset; and
  • there is a lack of transparency of the underlying terms of an arrangement that links a crypto token to its asset, making it challenging for holders to exercise rights and for regulators to be able to determine whether the asset is a financial product.

ARTIFICIAL INTELLIGENCE

Artificial intelligence

  1. Are there rules or regulations governing the use of artificial intelligence, including in relation to robo-advice?

There are no specific regulations governing the use of artificial intelligence (AI). At the beginning of June of this year, the Australian government has released two papers discussing the importance of implementing appropriate safeguards for technologies. The government’s Safe and Responsible AI in Australia Discussion Paper canvasses existing regulatory and governance responses in Australia and overseas, identifies potential gaps and proposes several options to strengthen the framework governing the safe and responsible use of AI.

The Australian Securities and Investment Commission released RG 255 on providing digital advice to retail clients, which takes the view that provision of financial product advice through a robo-adviser requires an Australian financial services license. Where the robo-adviser is used to provide a designated service under anti-money laundering and counter-terrorism financing legislation, there may be reporting obligations to Australian Transaction Reports and Analysis Centre.

CHANGE OF CONTROL

Notification and consent

  1. Describe any rules relating to notification or consent requirements if a regulated business changes control.

Australian financial services licensees and Australian credit licensees must notify Australian Securities and Investment Commission (ASIC) on becoming aware of any change in control under the Corporations Regulations and National Consumer Credit Protections Regulations. There is no requirement to obtain approval from ASIC prior to a change in control.

All companies (regardless of whether they are regulated) are required to notify ASIC of a change to their register of members, share structure, directors or secretaries or a change to the ultimate holding company of a proprietary company.

There are no specific consent requirements associated with a change of control, subject to takeover prohibitions under the Corporations Act and regulatory policy.

FINANCIAL CRIME

Anti-bribery and anti-money laundering procedures

  1. Are fintech companies required by law or regulation to have procedures to combat bribery or money laundering?

The Anti-Money Laundering/Counter-Terrorism Financing Act (AML/CTF Act) imposes obligations on entities providing ‘designated services’ to combat illegal financing activities. Designated services include:

  • taking deposits;
  • making a loan in the course of carrying on a lending business;
  • remittance services;
  • exchanging currency; and
  • exchanging digital currency for fiat.

Entities providing designated services are required to enrol as a reporting entity with the Australian Transaction Reports and Analysis Centre (AUSTRAC), conduct know-your-customer identification, monitor and report on transactions and suspicious matters, have an AML and CTF programme in place and submit compliance certificates to the Australian Securities and Investment Commission.

Bribery of foreign public officials and Commonwealth public officials is covered in federal criminal legislation, whereas bribery of State and Territory public officials and private individuals is criminalized under the respective State and Territory legislation.

As of 1 July 2023, the Australian government has established the National Anti-Corruption Commission (NACC). The NACC will be an independent Commonwealth agency that has the aim of detecting, investigating and reporting on serious or systemic corrupt conduct in the Commonwealth public sector.

Guidance

  1. Is there regulatory or industry anti-financial crime guidance for fintech companies?

Digital currency businesses have been required to comply with anti-money laundering or counter-terrorism financing laws since April 2018. AUSTRAC released a guide to assist digital currency exchange businesses with preparing an implementing an AML and CTF programme. In April 2023, the Attorney General announced a public consultation on the proposed reforms for the above-mentioned AML and CTF regime. As AUSTRAC is the only regulator of Digital Currency Exchanges, the proposed reforms would expand the regulation to a broader range of services, being:

  • exchanges between one or more other forms of digital currency;
  • transfers of digital currency on behalf of a customer;
  • safekeeping or administration of digital currency; and
  • provision of financial services related to offer and sale of digital currency.

The consultation also seeks feedback on the implementation of the FATF travel rule.

AUSTRAC releases a number of anti-financial crime guides, some of which may be relevant to fintech companies, including Preventing the Criminal Abuse of Digital Currencies- released in April 2022.

DATA PROTECTION AND CYBERSECURITY

Data protection

  1. What rules and regulations govern the processing and transfer (domestic and cross-border) of data relating to fintech products and services?

Most businesses are subject to the Privacy Act 1988 (Cth), which deals with the protection of personal information of individuals. The Privacy Act regulates (among other things) the processing and transfer of personal information both domestically and in cross-border transactions.

The Privacy Act applies to and regulates dealing with ‘personal information’, being information about an individual where the identity of the individual is apparent or can reasonably be ascertained. As a result, the use of anonymized or aggregated information can still be regulated by the Privacy Act (such as where the relevant individual can reasonably be identified).

Where a fintech business is regulated by Australian Prudential Regulation Authority (APRA) or the Australian Securities and Investment Commission, additional obligations regarding processing of data can apply, for example, under APRA prudential standards.

The anonymization of personal data in a blockchain is not necessarily sufficient to comply with or avoid the need to comply with the Privacy Act. This is because, where the identifiers in the blockchain becomes linked to an individual, all of the transactions carried out on the blockchain ledger can be viewed publicly.

The National Blockchain Roadmap published by the government in February 2020 identified Privacy Act obligations as a key regulatory challenge for blockchain systems in Australia as there may not be a responsible party to seek remedy from once privacy has been breached and there may be no way to subsequently remove personal information from a blockchain ledger.

Cybersecurity

  1. What cybersecurity regulations or standards apply to fintech businesses?

Fintech businesses holding an Australian financial services license (AFSL) are obliged to have adequate risk management systems, including cybersecurity.

The Australian Securities and Investment Commission expects AFSL holders to:

  • have appropriate frameworks, policies, resources and controls to manage cybersecurity risks;
  • take advice from experts on the baseline standard of cybersecurity in the context of their operations; and
  • ensure the advice is promptly and properly implemented and regularly audited.

APRA prudential standard CPS 234 requires regulated entities to:

  • clearly define the information security-related roles and responsibilities of its board, senior management, governing bodies and individuals;
  • maintain an information security capability commensurate with the size and extent of threats to its information assets;
  • implement controls to protect its information assets commensurate with its criticality and sensitivity;
  • undertake systematic testing and assurance regarding the effectiveness of implemented controls; and
  • notify APRA of security incidents or information security weaknesses in certain circumstances.

Amendments to the Security of Critical Infrastructure Act 2018(Cth) (SOCI) are now in effect. The changes broaden the scope of entities and assets caught by SOCI and may apply to some fintech business depending on the goods or services they offer, including reporting obligations of incidents and assets.

OUTSOURCING AND CLOUD COMPUTING

Outsourcing

  1. Are there legal requirements or regulatory guidance with respect to the outsourcing by a financial services company of a material aspect of its business?

While it is possible for Australian financial services license (AFSL) and Australian credit license (ACL) holders to outsource their functions, they cannot outsource their responsibilities as a licensee. The Australian Securities and Investment Commission’s expectations for outsourcing are set out in RG 104 (in relation to AFSL) and RG 205 (in relation to ACL).

Australian Prudential Regulation Authority (APRA)-regulated entities are required to comply with prudential standards on outsourcing and guidelines on outsourcing (CPS 231, SPS 231 and HPS 231) under which an APRA-regulated institution and the head of a group have ultimate responsibility for the outsourcing policy of the institution or group.

Cloud computing

  1. Are there legal requirements or regulatory guidance with respect to the use of cloud computing in the financial services industry?

APRA published an updated information paper in August 2018 on Outsourcing involving cloud computing services. In the information paper, APRA stated that it is prudent for an APRA-regulated entity to only enter into cloud computing arrangements where the risks were adequately understood and managed, by demonstrating:

  • ability to continue operations and meet obligations following a loss of service or other disruption scenarios;
  • preservation of the quality and security of critical and sensitive data;
  • compliance with legislative and prudential requirements; and
  • absence of other considerations that may inhibit APRA’s ability to fulfil its duties as prudential regulator.

Financial services providers engaging cloud computing services should ensure that use of cloud computing complies with its obligations to protect personal information under the Privacy Act. This includes stipulating in contracts with cloud service providers that it will comply with the Australian Privacy Principles set out in the Privacy Act.

INTELLECTUAL PROPERTY RIGHTS

IP protection for software

  1. Which intellectual property rights are available to protect software, and how do you obtain those rights?

The key intellectual property rights for protecting software include copyright, patents and trade secrets.

Copyright

New software in the form of code is protected as an original literary work under the Copyright Act 1968 (Cth). Copyright is automatically conferred over the software when it is created and does not require any form of registration under Australian law. Copyright provides the owner with an exclusive right to make copies of, publish, distribute and license the relevant works protected by copyright (such as the code for the software). Copyright does not protect the functionality of the software but the specific form of expression of the code or other relevant work. To protect the functionality of software, patent protection would often need to be considered.

Patents

Patents are a form of monopoly right that protect inventions, methods or processes that are sufficiently novel and inventive. A standard patent can provide protection over the patented invention, method or process for up to 20 years from the filing date. Obtaining a patent in Australia requires filing an application with IP Australia and prosecuting that application to registration. Applicants must be able to demonstrate that the relevant invention, method or process is sufficiently novel, inventive and otherwise meets the requirements for patent protection. Patents for software or components of software can be difficult to obtain under Australian law. In addition, use of the relevant software can impact on the validity of any subsequently filed patent application (meaning that advice regarding patentability of the software often needs to be sought as early as possible).

Trade secret

Aspects of the software could be protected as a trade secret, including under confidentiality obligations with employees, contractors and other third parties.

IP developed by employees and contractors

  1. Who owns new intellectual property developed by an employee during the course of employment? Do the same rules apply to new intellectual property developed by contractors or consultants?

Ownership of IP developed by employees or contractors will generally be based on the terms stipulated in the relevant employment or consultancy contract.

In the event that the contract is silent on ownership rights (or no contract is in place), IP created by an employee in the course of the employment of the employee will generally be owned by the employer, whereas IP created by a contractor will generally remain the property of the contractor.

Joint ownership

  1. Are there any restrictions on a joint owner of intellectual property’s right to use, license, charge or assign its right in intellectual property?

A joint owner’s right to deal with intellectual property (IP) depends on the type of IP and on the terms of any agreement in place between the owners.

The general rule for patents (unless an agreement says otherwise) is that joint owners are entitled to an equal undivided share in the patent and can exploit the patent for their own benefit without requiring consent from the other joint owners. However, a joint owner would not be able to grant a license or assign an interest in the IP without the consent of the other joint owners.

In contrast, the general rule for copyright and trademarks (unless an agreement says otherwise) is that joint owners cannot exploit the relevant copyright or trademarks for their own benefit without the consent of the other co-owners and cannot license or assign their interest in the IP without the consent of all other co-owners.

Joint ownership of IP is complex and frequently gives rise to disputes and uncertainty. As a result, caution should be exercised before agreeing to arrangements involving joint ownership of IP.

Trade secrets

  1. How are trade secrets protected? Are trade secrets kept confidential during court proceedings?

Trade secrets are not registered with IP offices (unlike many other forms of IP) and are protected by keeping the relevant information a secret and under contractual and equitable duties of confidentiality.

This can be effected by limiting access to confidential information and entering into non-disclosure agreements with employees, contractors and partners (which impose contractual restrictions on the use of the relevant trade secrets). Section 183 of the Corporations Act discourages officeholders and employees of a corporation from using or disclosing company information (such as trade secrets) for their own benefit or to the detriment of the company.

There can also be equitable duties of confidentiality that protect trade secrets, however, information in the public domain cannot generally be protected as confidential information.

Trade secrets may be kept confidential during court proceedings pursuant to suppression or other orders made by the court.

Branding

  1. What intellectual property rights are available to protect branding and how do you obtain those rights? How can fintech businesses ensure they do not infringe existing brands?

Branding is usually protected by trademark registration. A fintech business can apply for trademark registration through IP Australia. Registration involves nominating the trademark the business wishes to protect, selecting the goods and services that the trademark would be protected for and filing an application for trademark registration with IP Australia. The application would then need to be prosecuted through to registration.

In Australia, trademark registration lasts (once the mark is registered) for 10 years from its filing date. Fintech businesses can have trademark searches conducted to assess whether they are at risk of infringing existing brands. Copyright may also subsist in logos or other artwork used as part of the branding of a fintech business.

Remedies for infringement of IP

  1. What remedies are available to individuals or companies whose intellectual property rights have been infringed?

Where IP rights have been infringed, the owners of IP are primarily responsible for enforcing their rights.

The first step for IP owners is often to send a letter of demand setting out the infringing conduct and requesting that the infringement be ceased. If the infringer is unresponsive to the letter of demand, the IP owner may seek recourse by alternative dispute resolution or court proceedings.

The exact remedies available will depend on the nature of the IP infringed and the jurisdiction and courts in which proceedings are commenced. However a court may have the power to award remedies such as:

  • injunctive relief (interim and (or) final);
  • damages or account of profits (including potential additional or penalty damages in certain circumstances, such as where an infringement is flagrant); or
  • delivery up of infringing items.

A successful party may also be able to obtain an order for payment of its costs of the proceedings (although often this will not result in recovery of the full amount of costs actually incurred).

Registered IP rights are protected by (and available remedies depend on) different legislative schemes based on the type of IP, such as the Copyright Act 1968 (Cth), the Patents Act 1990 (Cth), the Trade Marks Act 1995 (Cth) and the Designs Act 2003 (Cth). In addition, other laws can be used to seek to protect the rights of an IP owner, for example, a common law claim for ‘passing off’ or claims for misleading and deceptive conduct or false or misleading representations under the Australian Consumer Law.

IP owners may also seek remedies for other relevant causes of action (namely, breach of confidence, breach of contract).

COMPETITION 

Sector-specific issues

  1. Are there any specific competition issues that exist with respect to fintech companies in your jurisdiction?

The consumer data right for the banking industry promises benefits of greater competition for existing financial services and more competitive pricing in the banking sector.

TAX

Incentives

  1. Are there any tax incentives available for fintech companies and investors to encourage innovation and investment in the fintech sector in your jurisdiction?

While there are no tax incentives specific to fintech companies, there are a number of tax incentives encouraging innovation and investment generally, including for R&D, early stage innovation companies (ESIC), early stage venture capital limited partnerships (ESVCLP) and employee share schemes (ESS).

Tax incentive for companies: R&D

The R&D tax incentive encourages innovation through R&D activity. Eligible companies may receive an R&D tax offset if they have eligible R&D expenses of at least A$20,000. Eligible R&D expenses include expenditure incurred on R&D activities and depreciation on assets used for conducting R&D activities.

The quantum and nature of the R&D tax offset depends on the type of company:

  • for small companies with less than A$20 million aggregated turnover and not controlled by exempt entities – a refundable tax offset of 43.5 percent, or in limited cases 48.5 percent(applied against notional R&D deductions) with no cap on cash refunds; and
  • for all other companies – a non-refundable tax offset of between 33.5 percent and 5 percent (applied against notional R&D deductions) and any unused offset can be carried forward to later years.

Tax incentive for investors: ESIC

Investors that purchase new shares in a company that qualifies as an ESIC may be eligible for tax incentives including:

  • non-refundable carry forward tax offset equal to 20 percent of the amount paid for the shares. The tax offset is capped at a maximum amount of A$200,000 for the investor and their affiliates each income year (namely, a tax offset will apply to the first A$1 million of ESIC investments each year); and
  • modified capital gains treatment under which capital gains on the ESIC shares that have been held for a period of between 12 months and 10 years may be disregarded.

For a company to be an ESIC, it cannot be a foreign company under the Corporations Act. It must prove that it is an early stage company and satisfy an innovation test. Even if the company ceases to be an ESIC at a later point in time, shares purchased by investors while the company was an ESIC continue to qualify for the tax incentives.

Tax incentive for investors and fund managers: ESVCLP

The ESVCLP programme is intended to help fund managers attract pooled capital to invest in early-stage businesses. An ESCVLP is a venture capital fund structured as a limited partnership or incorporated limited partnership that is established in Australia (or a country with which Australia has a double tax agreement) with between A$10 million and A$200 million in committed capital.

Investors in an ESVCLP benefit from the flow-through tax status of the partnership and are exempt from tax on their share of gains from eligible investments (or disposal of investments) as well as a non-refundable carry forward tax offset of up to 10 percent of the value of their eligible contributions into the ESVCLP. Fund managers can claim their carried interest in the ESVCLP on capital account (which may be concessionally taxed) rather than revenue account.

Tax incentive for employees: ESS incentives

Fintech businesses may incentivize their staff by issuing equity (options or shares) under an employee incentive scheme. Ordinarily, the acquisition of discounted shares or options could be taxable upfront to employees. Where the employee shares or options qualify under the ESS rules, employees can defer their taxing point until exercise or, if the company qualifies as a ‘start-up company’ for tax purposes, tax can be deferred until disposal and only 50 percent of the gain may be subject to tax.

Increased tax burden

  1. Are there any new or proposed tax laws or guidance that could significantly increase tax or administrative costs for fintech companies in your jurisdiction?

There are no new or proposed laws that would significantly increase tax for fintech companies.

Treasury released a discussion paper on October 2018 regarding digital services tax policies, however, in March 2019, the Treasurer announced that the government would not proceed with an interim digital services tax, but would instead engage in a multilateral process led by the OECD and G20.

The current tax treatment of digital assets results in a taxable event occurring on the disposal of digital assets. This can be onerous as it could result in a tax liability even where there is no cash gain (namely, where there is a crypto-to-crypto transaction). It can also be administratively burdensome as detailed tracking of asset movements is required to substantiate the amount of gain or loss. In its October 2021 report, the Senate Select Committee on Australia as a Technology and Financial Centre recommended that the capital gains tax regime be amended so that digital asset transactions only create a taxable event when they genuinely result in a clearly definable capital gain or loss. Draft legislation to give effect to this announcement has not been released at the date of this publication.

IMMIGRATION

Sector-specific schemes

  1. What immigration schemes are available for fintech businesses to recruit skilled staff from abroad? Are there any special regimes specific to the technology or financial sectors?

A streamlined visa pathway is available for highly skilled professionals in target sectors including digitech, financial services and fintech through the Global Talent (subclass 858) visa. The Global Talent visa allows visa holders to stay in Australia permanently.

Employers can sponsor highly skilled staff under the Global Talent Employer Sponsored (GTES) scheme if the roles cannot be filled by Australian workers or through other standard visa programs. The roles for staff recruited under the GTES scheme are not limited to occupation lists. Instead, it is specific to the industry and if the person is working in the fintech sector, they qualify for the GTES option.

There is also the Global Talent Independent option, which requires the individual needs to prove they are capable of earning above the Fair Work High Income Threshold (currently A$162,000), have a distinction average academics and is seen as an industry leader with work regularly cited leading journals or publications.

Other avenues for fintech businesses to recruit skilled staff include:

  • temporary skill shortage (subclass 482) visa, which generally allows visa holders to stay in Australia for up to four years if the worker has an occupation on the list of skilled occupations (which includes roles in technology and financial sectors); and
  • employer nomination scheme (subclass 186) visa, which allows visa holders to stay in Australia permanently if the worker has an occupation on the list of skilled occupations.

UPDATE AND TRENDS IN FINTECH IN AUSTRALIA

Current developments

  1. Are there any other current developments or emerging trends to note?

Traditionally, Australia has been a neutral jurisdiction in relation to blockchain and cryptocurrency regulations, however, recently, various regulatory bodies have addressed the digital assets space.

Cryptocurrency and other digital assets are currently being considered for various regulatory regimes relating to:

  • licensing;
  • marketing;
  • cross-border issues;
  • design and distribution obligations;
  • product intervention powers;
  • consumer law; and
  • taxation.

Further, in the buy now, pay later space, there will be further regulation that will ensure that service providers hold an Australian credit license and comply with the relevant obligations.

Additional emerging trends to note include new payments platform with open access infrastructure, and digitization, allowing instant payments.

There has been an increased interest in the use of blockchain technology in startups, established businesses and government agencies, with diverse use cases such as managing digital currency exchanges, issuing bonds, inter-government ledgers and authentication of trademarks. From a regulatory perspective, key focus points include:

  • ensuring a robust regulatory framework in relation to crypto assets;
  • developing policy options in relation to de-banking;
  • addressing the increasing use of decentralized finance, non-fungible tokens and unhosted wallets in illegal financing activities; and
  • a licensing and custody regime for crypto asset secondary services providers such as crypto exchanges and custody services.

* The information in this chapter was accurate as of July 2023.

If you need more consulting, please Contact Us at TNHH NT International Law Firm (ntpartnerlawfirm.com)

You can also download the .docx version here.

Rate this post

“The article’s content refers to the regulations that were applicable at the time of its creation and is intended solely for reference purposes. To obtain accurate information, it is advisable to seek the guidance of a consulting lawyer.”

NT INTERNATIONAL LAW FIRM