4.1
This chapter looks at the regulatory environment for the payments ecosystem in Australia. It provides an overview of the main regulatory agencies and
self-regulation mechanisms, and details the principal acts, instruments, and codes. It then describes the approach to mobile payments regulation in Australia, considers potential regulatory gaps, and summarises some of the reviews of the regulatory framework. It also provides a brief comparison of international approaches to payments regulation in select jurisdictions. This chapter concludes with the committee’s views and recommendations.
The regulatory approach
4.2
Australia currently operates a multi-regulator model for digital wallet providers through a combination of financial services regulation and industry self-regulation. APRA, ASIC, and RBA each have regulatory roles in relation to digital wallets and mobile payments (see Box 4.1).
Box 4.1: The regulators
The regulatory environment for mobile payments and digital wallets in Australia is primarily administered by the following actors:
Reserve Bank of Australia (RBA): the RBA is the principal regulator of the payments system that oversees the stability of the financial system as a whole, with responsibility for stored value facilities (SVFs) that are not governed by APRA.
Australian Prudential Regulation Authority (APRA): APRA is responsible for prudential regulation. It licences and supervises large purchased payments facilities (PPFs, with payment obligations above $10m) that are ‘widely available’ (>50 users) and redeemable in Australian dollars on the basis that these services are comparable to bank deposits.
Australian Securities and Investments Commission (ASIC): ASIC is responsible for market conduct and elements of consumer protection, including in relation to SVFs. ASIC has generally exempted small and low-value facilities from regulation, as well as gift voucher and gift card programmes, and similar closed facilities. ASIC is also responsible for regulating entities that provide credit. ASIC administers the ePayments code and offers an enhanced regulatory sandbox in which certain regulations are relaxed to enable the testing of eligible innovative financial service products for up to 12 months.
Australian Competition and Consumer Commission (ACCC): while responsibility for consumer protections related to financial services lies with ASIC, the ACCC retains responsibility for consumer guarantees under Australian Consumer Law. In 2020 the competition regulator began a five-year Digital Platform Services Inquiry. Its second interim report was released in March 2021.
Council of Financial Regulators (CFR): The CFR is the coordinating body for Australia’s financial regulatory agencies, and facilitates coordination and information sharing across regulators, including APRA, ASIC, the RBA, and Treasury.
Australian Transaction Reports and Analysis Centre (AUSTRAC): larger open SVFs (accounts that hold $1,000 or more) may carry certain anti-money laundering and counter-terrorism financing (AML/CTF) obligations and fall within AUSTRAC’s jurisdiction. PayPal, for example, reports to AUSTRAC.
Australian Payments Network (AusPayNet): AusPayNet is the self-regulating industry association for the payments system in Australia, with members from financial institutions, retailers, payment service providers, and technology companies, among others. AusPayNet’s industry self-regulation includes an independent sanctions tribunal and financial penalties for non-compliance. Ultimately, non-compliant members face suspension or termination with the effect that they can no longer process payments. Some of the big technology platforms are reported to have chosen not to join the industry association.
Other agencies and departments have regulatory and oversight responsibilities for aspects of the payments ecosystem, including the Department of Foreign Affairs and Trade and the Office of the Australian Information Commissioner.
4.3
There are a variety of acts, instruments, and codes that form the regulatory framework for the payments ecosystem (see Box 4.2).
Box 4.2: Relevant acts, instruments and codes
Payment Systems (Regulation) Act 1998 (PSRA): the PSRA is administered by the RBA and grants the RBA the power to regulate payment systems and PPFs, including SVFs. The PSRA establishes the Reserve Bank’s power to designate a payment system. Under Section 7 of the PSRA, a payment system is (somewhat narrowly) defined as ‘a funds transfer system that facilitates the circulation of money, and includes any instruments and procedures that relate to the system’.
Corporations Act 2001 (Corporations Act): the financial services regulatory regime administered by ASIC.
Australian Securities and Investments Commission Act 2001 (ASIC Act): the general consumer law protections administered by ASIC, including prohibitions related to financial products and services against unconscionable conduct, false or misleading representations, or misleading and deceptive conduct with respect to financial products and services.
ASIC Corporations (Non-cash Payment Facilities) Instrument 2016/211: a legislative instrument that provides conditional exemptions for certain types of non-cash payment facilities, administered by ASIC, including some low-value SVFs, loyalty and gift schemes, and road tolls.
ePayments Code: administered by ASIC, the voluntary code of practice regulates electronic payments, including ATM, BPAY, EFTPOS and credit or debit card transactions, online payments, and internet and mobile banking. It covers transactions made both through mobile payments and digital wallets for providers that subscribe to the Code. Key protections in the Code relate to the disclosure to customers of product terms, conditions, and fees; security safeguards relating to customer information; exempting customers from liability for unauthorised transactions; procedures for returning funds to customers for mistaken transfers; and complaints handling processes. ASIC is currently reviewing the ePayments Code to ensure it remains fit for purpose, including considering extending some of the protections of the Code to small businesses on an opt-out basis. Several large institutions (including the Commonwealth Bank of Australia) have expressed support for making an updated Code mandatory for all SVFs and mobile payment service providers. The 2014 Financial Systems Inquiry also recommended making the Code mandatory. The Government has accepted recommendations that the Code be made mandatory. The committee understands that neither Apple nor Google are signatories to the code.
Banking Code of Practice (Banking Code): the Banking Code sets the (enforceable) standards for the industry in relation to individuals and small business customers, including mobile payments or digital wallets that fall within the Code’s definition of a ‘banking service’. It is administered by the Australian Banking Association, approved by ASIC, with compliance monitored by a committee. The Banking Code is currently under independent review.
AFIA Buy Now Pay Later (BNPL) Code of Practice: the world’s first BNPL Code sets standards for the sector with respect to consumer protections and customer service, and supports compliance with legal and industry obligations. Specifically, the BNPL Code caps late fees, institutes a minimum age of 18 years for users, and includes protections for customers who cannot meet repayments, among other commitments. AFIA claimed the voluntary Code—which came into effect in March 2021—has been agreed by providers that make up 98 per cent of the BNPL market in Australia. Compliance with the BNPL Code is monitored by a committee and is enforceable through AFIA, which can investigate complaints referred by unsatisfied BNPL customers. AFIA can impose sanctions, require remediation, demand product changes, and name and shame non-compliant members.
4.4
Broadly, regulation divides over whether the service holds funds (as with an SVF) or simply initiates payments. Open passthrough facilities, such as those linked to credit cards, generally fall under existing regulations and largely come under ASIC’s jurisdiction, including through the ePayments code. Closed wallets have generally been exempted from regulation given the
single-use and typically low-value nature of these services, and consequently the limited systemic risk they pose. Open SVFs providing digital wallet and mobile services in Australia are regulated as purchased payment facilities (PPFs, see Figure 4.1). PPFs are a unique regulatory construct without international equivalency that form a special class of authorised deposit-taking institutions (ADIs). PPFs come under the oversight of APRA, ASIC or the RBA, depending on payment obligations and the number of users on each service. Small SVFs that can only be used at a limited number of merchants are typically exempt from many regulatory requirements.
4.5
There have been a number of recent reviews into the regulatory framework for the payments system (see Table 4.1).
4.6
The CFR review into SVFs recommended the regulatory framework be streamlined and updated to replace PPFs with tiered SVFs based on risk and regulated by APRA and ASIC (rather than the RBA), with APRA being responsible for prudential supervision of larger or higher risk facilities. The CFR also recommended SVF providers be required to hold an Australian Financial Services license and comply with the ePayments Code.
4.7
The Government has announced it will introduce a new regulatory framework for SVFs, as recommended by the CFR. Treasury reports that the CFR continues to refine the details of the proposed reforms, some of which may require legislative change. The portfolio agency also reported to the committee that APRA was reviewing its PPF prudential framework.
4.8
The government commissioned in 2020 a Review of the Australian Payments System, led by Mr Scott Farrell, known as the Farrell Review. The Review was released in August 2021. Among the 15 proposed reforms to the payments system, the review recommended the introduction of a national-interest trigger, whereby the Treasurer would be empowered to designate firms as participants in the payment system and issue them binding directions.
4.9
The Farrell Review also recommended the government:
develop a strategic plan for the payments sector;
foster greater coordination between regulators;
establish a tiered payments licensing system under ASIC;
mandate all recipients of payments licenses sign on to the ePayments code; and
expand the PSRA to cover new and emerging payment systems and better equip the RBA to regulate these platforms.
Perceptions of complexity and regulatory overlap
4.10
The multi-regulator model has led to perceptions of complexity and regulatory overlaps, as well as possible gaps in the regulatory framework.
4.11
Industry analyst Mr Lance Blockley described Australia’s regulatory system as ‘very confusing for new entrants’.
4.12
AusPayNet described the regulatory environment as ‘inconsistent and complex’, failing to ‘adequately incorporate new business models’, and ‘overly burdensome’ for market participants. The payments industry association argued for the need to ‘simplify the regulatory framework in a way such that it aids and adapts to innovation’.
4.13
The Commonwealth Bank of Australia (CBA) described digital wallet services as subject to ‘inconsistent regulatory treatment, with some providers operating outside of the existing formal and self-regulatory framework that govern the payments system in Australia’.
4.14
Zip Co’s Chief Executive Officer, Mr Peter Gray, described the regulatory environment for the payments industry as follows:
In providing cutting-edge services and products, we operate in a variety of regulatory landscapes and are faced with a myriad of current and potential regulation from different regulators that does not speak to the technology or products that we have created. As a quick snapshot, we're currently regulated or overseen by ASIC, the ACCC, AFCA, AUSTRAC, the OAIC, APRA, Treasury and the ASX, and now, in addition, the RBA is also making moves.
4.15
Mr Gray also described a degree of regulatory overlap in the BNPL industry with respect to responsible lending obligations, which he asserted were covered by both the ACCC and ASIC, as well as surcharging, which he suggested fell under both the RBA and ASIC.
4.16
In parallel with the committee’s inquiry, the federal Treasurer, the Hon Josh Frydenburg MP, acknowledged ‘the need to deal with multiple regulators is leading to delays which add to costs and increase barriers to entry for new players’.
4.17
Accounting firm EY (formerly Ernst & Young) characterised the regulatory environment in Australia as ‘one of the most highly regulated financial service ecosystems in the world’, which EY cautioned may stifle innovation and the adoption of new products.
Potential regulatory gaps
4.18
The committee heard evidence that the payments ecosystem faces potential regulatory gaps, primarily related to the regulatory architecture as well as rapid technological changes within the system.
Regulatory architecture and regulatory gaps
4.19
The committee was warned of the potential for regulatory gaps and associated risks to the system and to consumers arising from a mismatch between the mandate of regulatory agencies and the functions of major players within the broader ecosystem. For example, non-financial institutions have introduced
e-wallet capabilities, sometimes leading to products that may fall outside existing regulatory frameworks.
4.20
CBA cautioned that ‘some new competitors take advantage of business models that are not subject to the same level of regulatory oversight as traditional business models’.
4.21
Further, CBA CEO, Mr Comyn, suggested some of the big technology platforms and payment providers were relying on regulatory ‘carve-outs’ that resulted from outdated regulations and frameworks, and had also chosen not to subject themselves to industry self-regulation like AusPayNet or the ePayments Code.
4.22
Mr Bezzi disputed that payments platforms were using a regulatory carve-out, telling the committee that payments providers do not come under APRA’s remit because they are not an ADI and similarly do not fit within the services covered by the Reserve Bank’s payments regulations.
4.23
Ms Layfield told the committee:
We are not a payments provider ourselves. We are a technology platform and technology service provider that seeks to enable others, both merchants and financial institutions as well as users, to extend the benefit of digital payments to their customers and make these benefits accessible to everyone.
4.24
When pressed by the committee on whether Google was part of the Australian payments ecosystem, Ms Layfield claimed, ‘we are a technology provider’, asserting:
You have to distinguish between financial services companies who provide services associated with payments, who provide the underlying accounts to users from which where [sic] they make payments, from the network players who provide the card network infrastructure to technology players who provide an ability on a platform to create a payments app.
4.25
Ms Layfield further stated:
[Google Pay is] essentially a token provider and a technology provider. We facilitate that transaction. We do not sit in the money flow at all. We’re not even in a pass-through model, involved in the funds transfer. We merely facilitate the technology for that funds transfer.
4.26
Dr Anthony Richards acknowledged that while the Reserve Bank has regulatory powers over payments systems:
It’s not obvious that mobile payments providers [like Apple Pay and Google Pay] should be defined as participants in payments systems, so it’s not clear that the Reserve Bank currently has a regulatory mandate over mobile payments providers.
4.27
The RBA also told the committee:
While the case for regulatory attention on digital wallets appears to be growing, it is unclear that the Bank currently has regulatory powers in this area. Accordingly, it is likely that the ACCC would take the lead, with cooperation from the Bank, should competition issues warrant regulatory scrutiny. For example, the limits to the Bank’s powers in this area could affect the Bank’s ability to seek relevant data or other information from wallet providers.
4.28
The RBA reportedly recommended to the Farrell Review that the Government consider expanding the Reserve Bank’s mandate to include a broader range of entities within the payments ecosystem.
4.29
Dr Richards nevertheless insisted that the RBA has a ‘very close working relationship with the ACCC’ and that the two regulators were coordinating closely in this area.
Rapid pace of change in the sector
4.30
A second area in which regulatory gaps may emerge relates to recent innovations and the rapid pace of change within the sector. Treasurer, the Hon Josh Frydenberg MP, noted that the pace of change within the payments system had outpaced the regulatory architecture:
Ultimately, if we do nothing to reform the current framework, it will be Silicon Valley alone that determines the future of our payments system, a critical piece of our economic infrastructure.
4.31
The RBA acknowledged in its submission to this inquiry that there had been ‘significant technological changes that have occurred since the current regulatory framework was introduced two decades ago’.
4.32
The Farrell Review outlined the need for regulatory reform, noting:
Today’s regulatory architecture was designed to accommodate the technology, providers and business models of the payments system more than two decades ago… There was no separation between the ownership of a payments system (i.e. the ‘plumbing’ or the ‘rails’) and the ability to facilitate a payment by providing services that sit ‘on top’ of the system.
4.33
The Review also observed:
The disintermediation of the payments process by fintechs has changed the competitive dynamics within the payment ecosystem. It has led to more layers of competition and new issues relating to access to payment systems… The shift in the source of risks within the payments ecosystem warrant a change in the regulatory approach to ensure payments remain safe, efficient and effective for consumers and businesses.
4.34
The Treasurer echoed these concerns, claiming ‘the regulatory framework governing the payments system has not evolved. In fact, it remains largely unchanged from what the Wallis inquiry put in place two decades ago’.
4.35
AusPayNet CEO, Mr Andy White, described regulation in Australia as capturing only ‘money at rest’, meaning it has focused on deposit-taking or prudential risk rather than ‘money in movement’ or information related to transactions. There is consequently a regulatory gap, he suggested, in relation to the licensing of payment providers.
4.36
Mr White pointed specifically to BNPL as falling outside AusPayNet industry self-regulation.
4.37
Ms Layfield described how the company is subject to regulation in other jurisdictions (such as an e-payments licence) ‘where we touch the money flow’ associated with purchases made through the Google Play store.
4.38
Co-founder of BNPL provider Zip Co, Mr Peter Gray, cautioned against adopting a ‘Whac-A-Mole’ approach to payments regulation, in which regulators are constantly implementing outdated policies in an attempt to catch up with innovation. Mr Gray instead encouraged the committee to promote technologically agnostic approaches to regulation that could better accommodate future developments in the payments sector.
4.39
FinTech Australia Chair and Paypa Plane CEO, Ms Simone Joyce, advocated for better targeted regulations, warning that Australia’s reliance on ADIs as the gatekeepers of the national payments infrastructure had impeded the ability of fintechs and startups from entering or innovating in the payments space.
Reviews of the regulatory framework
4.40
The following table provides an overview of the main reviews of the payments system carried out over the last ten years.
Table 4.1: Recent reviews of the regulatory framework for the payments system
|
|
|
|
|
Review of the Australian Payments System (‘Farrell Review’)
|
Review of the regulatory architecture of the payments system to ensure it is fit for purpose, supports innovation, and benefits both businesses and consumers. Led by Mr Scott Farrell with secretariat support provided by Treasury.
|
October 2020—May 2021; final report released August 2021.
|
|
RBA Review of Retail Payments Regulation
|
Considers potential gaps in the payments system and emerging regulatory issues in the payments space.
|
November 2019—present.
|
|
Council of Financial Regulators’ review of the Regulation of Stored-value Facilities in Australia
|
Review of the regulation of SVFs
|
2018—2019; final report released October 2019.
|
|
Productivity Commission inquiry into Competition in the Australian Financial System
|
Review of the provision of financial services and the interaction of market participants, issues facing the consumers of financial services, and the functions and activities of the regulators.
|
July 2017—June 2018; final report released August 2018.
|
International approaches to payments regulation
4.41
This section examines comparable jurisdictions that have proactively regulated the mobile payments sector.
Singapore
4.42
Singapore’s Payments Services Act 2019 is a comprehensive licensing regime for platform companies, payment service providers, and digital wallets. Singapore operates a two-tiered licensing arrangement under the central bank, within which SVFs are regulated as ‘e-money’. Tiers are based on the value of monthly transactions that pass through each facility. Regulatory requirements differ for larger facilities, related primarily to their initial capital requirements, mandated risk mitigation measures, and their obligation to establish a physical presence in the country. Larger individual SVF accounts in Singapore are regulated as bank deposits. Regulated SVFs are stored in fiat currency as opposed to virtual currency, and include peer-to-peer transfers but exclude limited purpose funds, such as gift cards, single-merchant cards, or public transport cards. SVFs are required to have AML/CFT provisions.
4.43
Singapore regulates virtual currency wallets separately given their perceived inherent vulnerability to money laundering and terrorism financing risks.
Hong Kong
4.44
Hong Kong administers a licensing regime under which SVFs are regulated by the central bank, which maintains a public register of licensees. The regime does not apply to non-storage payment systems (passthrough wallets). Hong Kong has also reportedly launched a scheme to encourage merchants to support mobile POS payments. Hong Kong is expected to require real-name registration for customers wanting to take advantage of the full functionality of digital wallets, such as inter-bank or cross-border transfers. Digital wallet vendors will also be expected to conduct real-time verification of customers.
New Zealand
4.45
New Zealand’s legal frameworks and regulatory regime is considered technology-neutral, applying equally to FinTech and traditional financial services providers.
European Union
4.46
The European Union (EU) runs a two-tiered licensing regime in which regulatory requirements differ according to risk and in which reporting and initial capital requirements differ. As with Singapore, SVFs in the EU are regulated as ‘e-money’. All e-money providers must be authorised by a national authority and be included on a public register.
4.47
The European Commission is currently investigating whether Apple’s
third-party NFC access restrictions and its terms and conditions distort competition, reduce consumer choice, or constitute violations of EU competition laws.
4.48
The EU is separately considering legislation to ensure competitive neutrality between device manufacturers and app developers that would provide
third-parties with the same levels of access to hardware features as manufactures on fair and reasonable terms.
Germany
4.49
Germany passed legislation that requires mobile phone manufacturers from early 2020 to open access to their tech to other payment service providers, including the NFC chip for an ‘appropriate fee’. This law effectively enables competition for mobile payment processing on Apple devices. The RBA noted in correspondence with the committee, ‘the law was widely interpreted as a response to Apple Pay’s restriction on direct access to the iPhone’s NFC technology’.
4.50
Dr Lien Duong nevertheless told the committee that no German bank had actually developed a competing digital wallet for Apple devices, likely because the fees device manufacturers were permitted to charge under the legislation were prohibitive.
4.51
German legislators passed updated legislation in early 2021 requiring that fees paid to device manufacturers by digital wallet providers would not be in excess of actual costs. These amendments also expanded the scope of the legislation to devices other than smartphones, but allowed device manufacturers to refuse access if doing so would compromise the integrity and security of the device.
4.52
An amendment to the German Competition Act (GWB Digitalisation Act) gave the market regulator new intervention powers in early 2021, allowing it to prohibit large digital companies from engaging in activities deemed to be anti-competitive. Under this legislation, the regulator has initiated proceedings against Apple, Facebook, Amazon, and Google.
4.53
While EU regulations prohibit merchant surcharging for most consumer cards, the German Federal Court ruled in March 2021 that merchants were allowed to impose a customer surcharge for the use of certain mobile payments—including PayPal—providing the charge does not exceed the direct costs borne by the merchant.
4.54
The committee was also told that German consumers are permitted to opt out of data tracking and that policies are being considered that would require digital platforms to indicate which personal information would be kept and the specific purpose for which it would be shared with third parties.
The Netherlands
4.55
Concerned at the potential detriment to innovation and consumer choice, the Netherlands Authority for Consumers and Markets (ACM) launched an investigation in 2020 into third party access to NFC chips.
4.56
ACM closed the investigation in July 2021 without concluding that Apple had breached existing regulations. The Authority nevertheless advocated for amendments to European regulations that would require device manufacturers to offer third party access to payment technologies, such as the NFC chip.
The United Kingdom
4.57
The UK’s former regulatory regime was constituted by e-money regulations, payment services regulations, consumer protections, data protections, and other regulatory frameworks. In 2015, the UK established an independent industry-funded Payment System Regulator (PSR) under the Financial Conduct Authority (FCA, the UK’s financial services regulator) to ensure the interests of consumers and businesses, promote effective competition, and drive innovation in the payments sector.
4.58
The PSR’s regulatory and competition powers include requiring providers to allow smaller competitors to access their payments systems, setting standards and imposing requirements on industry, amending fees and charges, and addressing anti-competitive behaviour, among other powers.
4.59
The Prudential Regulation Authority and the Bank of England also regulate financial service firms in the UK, while the Competition and Markets Authority is responsible for competition issues that arise within the payments system.
4.60
The UK is considering bringing unregulated BNPL products under the FCA.
4.61
The UK’s Digital Markets Taskforce has proposed an enforceable code of conduct to prevent powerful BigTech firms from taking advantage of their power and position. The code would apply to firms with a designated ‘strategic market status’—that is, the most powerful digital firms operating in the country.
4.62
As in Australia, the UK runs a fintech sandbox framework, under which regulatory requirements are relaxed for small scale and time-limited product trials to promote innovation.
United States
4.63
At least 10 US states are reportedly considering bills that would mandate device manufacturers and app marketplace owners to open in-app payment systems to third parties.
4.64
The US is also considering mandating least-cost routing (see Chapters 2 and 6).
South Korea
4.65
At the time of writing, South Korea was reported to be considering legislation to ban app store owners from forcing app developers to use the app store’s own payment systems. The legislation would also make it illegal to prevent app store developers from telling customers about alternative ways to purchase content and services elsewhere.
4.66
ACCC Chair, Rod Sims, noted the South Korean approach, telling the Australian Financial Review his inclination was ‘to take a more holistic approach’ to app store regulation that would take more time to put in place.
Committee view
Engagement in the inquiry by Treasury and regulatory agencies
4.67
Evidence from a range of submitters and witnesses emphasised the fundamental importance of the payments ecosystem, the scale and rapidity of recent changes, and the enormous scale of the potential ramifications of these changes for business, citizens, and the country more broadly.
4.68
In this respect, the committee acknowledges the constructive engagement by the Reserve Bank and the ACCC during the inquiry. The informative submissions and witness evidence provided by the RBA and the ACCC in relation to the regulation of the payments system greatly assisted the committee’s understanding of the complex issues at play.
4.69
In contrast, the committee is disappointed at the lack of evidence provided by Treasury and APRA and their failure to engage constructively with the inquiry. The committee was struck by the paucity of the contributions made by Treasury and APRA on a matter of such importance and notes that neither Treasury nor APRA chose to make submissions to the inquiry.
4.70
The committee reminds Treasury of the importance of adopting a constructive approach to parliamentary inquiries. The purpose of a department appearing before a committee in a policy inquiry is to contribute information and knowledge. Indeed, it is a fundamental axiom of a parliamentary inquiry that a committee have access to a broad range of information and knowledge to properly inform itself. The committee therefore expects relevant departments and agencies to make an early submission that sets out the background to the inquiry, details the major policy issues, and is available for other submitters to make use of. The committee also expects relevant departments and agencies to respond to answers taken on notice fully and promptly, and to be ready to answer all relevant questions from the committee. In this respect, the committee considers Treasury did not adequately fulfil its obligations to properly inform the Parliament and the committee during this inquiry.
4.71
Further, the committee is deeply concerned about the absence of Treasury in many of the most critical policy discussions laid out in this report. Treasury is the portfolio agency and it should therefore have the requisite skills to lead technical and policy discussions related to the payments industry. Yet, Treasury’s failure to contribute substantive evidence to this inquiry suggests it currently lacks the skill or the will (or both) to play a leadership role in this space.
4.72
The committee also notes that it has encountered similar concerns with the department in previous inquiries. It therefore does not attribute Treasury’s shortcomings to the individuals who participated as witnesses in this inquiry, but rather regards the issues as a systemic failure on the part of the department.
4.73
The committee recommends Treasury enhance its skills, capacity, and expertise in the payments space to become more proactive in developing policy and exhibiting leadership.
Regulatory overlap
4.74
The committee recognises the issue of regulatory overlap is complex. When regulation is structured by the function of each regulator, regulated entities will likely be subject to multiple regulatory functions. But similarly, when regulating an entity by its economic function, regulated entities will likely have multiple economic functions and will therefore still come under the jurisdiction of multiple regulators. A degree of regulatory overlap is therefore likely to develop whether regulation is geared towards the function of the regulator or the function of the entity being regulated. It is not evident to the committee that a restructuring of the regulatory environment towards the function of the entity being regulated would overcome the concerns raised by witnesses concerning regulatory overlap.
Regulatory gaps
4.75
Evidence to this inquiry, as well as reviews and inquiries over many years have shone light on the gaps and inconsistencies in the current regulatory environment. Reforms are urgently needed to the mandate of regulators and to the regulatory architecture to better accommodate the evolving nature of the payments ecosystem in Australia. That said, with the release of the Farrell Review, the committee is cautiously optimistic that much-needed reforms are progressing.
4.76
In the committee’s view, regulation around stored-value facilities is outdated and in need of an update. The committee endorses recommendations proposed by the Council of Financial Regulators in relation to the regulation of SVFs (including the need to replace PPFs with tiered SVFs based on risk and the need for SVF providers to hold an AFS license and comply with the ePayments Code). The committee is not of the view that closed SVFs should be captured by further regulation through these changes. To this end, the committee recommends the Australian Government develop legislation to enable ASIC and APRA to administer stored-value facilities in line with CFR recommendations.
4.77
The committee recommends the Australian Government task the Treasury with legislative change to enable financial regulators to regulate
stored-value facilities in-line with recommendations made by the Council of Financial Regulators.
Industry self-regulation
4.78
Evidence before the committee suggests industry self-regulation through AusPayNet has been effective and largely fit-for-purpose. Nevertheless, the committee has concerns with this model on two fronts.
4.79
First, regulators appear to have no direct insight into the non-compliance of AusPayNet members and may therefore be unaware of the extent to which certain issues or patterns of issues have arisen within the payments sector
to-date (although the committee understands certain issues may separately be reported to regulators by industry members themselves).
4.80
The committee recognises the need to maintain industry engagement in a
self-regulatory model, and the sensitivities and risks that may arise from publishing data about industry non-compliance. Nevertheless, issues may develop in a self-regulatory system that is not fully transparent to regulators. The committee therefore recommends that AusPayNet provide the relevant regulators, on a voluntary basis, quarterly aggregated data on non-compliance among its members.
4.81
The committee recommends the Australian Payments Network voluntarily provide to relevant regulators quarterly aggregated information on
non-compliance among its members.
4.82
Second, with changes rapidly impacting the payments landscape and the potential for large multinationals to fall under payments system self-regulation in the future, the committee is concerned that the effectiveness of this model could be eroded.
4.83
The committee therefore encourages Treasury and the Reserve Bank to formally assess the extent to which the current model of self-regulation for the payments system is working, and, if it becomes necessary, explore the value of moving towards a quasi- or co-regulatory model for the payments industry. To this end, Treasury should table a review of payments regulation in Parliament by the end of 2023.
4.84
The committee recommends Treasury consult regulators and industry on the effectiveness of payments system self-regulation and table in Parliament by the end of 2023 a review that outlines any gaps in the current self-regulatory model.
4.85
The committee welcomes other efforts by industry to self-regulate, including the establishment of the world-first BNPL Code of Practice and the ePayments Code. In principle, the committee recognises that industry-led self-regulation may be more agile, lower-cost, and more responsive to technological changes than regulations governed by legislation. The committee is nevertheless concerned that both codes remain voluntary and may quickly become outdated if they are not regularly revised.
4.86
The committee is also concerned that some key actors within the payments ecosystem, like payment platform providers, are not currently subject to the code, nor is it clear that they would be subject even were the ePayments Code to be mandated—as the government has announced it intends to do, in line with CFR recommendations.
4.87
To this end, the committee makes two recommendations. First, that ASIC continue to monitor the ePayments Code and ensure the code is updated as and when necessary with a view to ensuring it can adapt to technological advances. In particular, the committee looks forward to the findings of ASIC’s review with respect to whether the code should become mandatory. The committee would like to see, however, further consultation of which actors should be subject to the code, with particular attention to payment platform providers like Apple and Google.
4.88
Second, given the potential consumer harms, the relative immaturity of the BNPL sector, and the rapid technological changes that underpin the provision of BNPL services, industry-self regulation may quickly be surpassed by the changing environment if it is not regularly updated. To this end, the committee recommends the finance industry association, AFIA, continues to monitor the effectiveness of the BNPL Code to ensure the code is updated as and when necessary.
4.89
The committee recommends the Australian Securities and Investments Commission continue to monitor the ePayments Code and ensure the Code is updated as and when necessary, and provide recommendations to government on whether and how to expand the Code to payment platform providers.
4.90
The committee recommends the Australian Finance Industry Association continues to monitor the effectiveness of the Buy Now Pay Later Code of Practice and ensure the Code is updated as and when necessary.
4.91
The committee recommends the Australian Securities and Investments Commission be given the power to make the ePayments Code mandatory for all industry participants.
Fit-for purpose regulation
4.92
The committee notes the regulatory environment in Australia has not kept pace with the rapid changes experienced across the payments ecosystem over recent decades. The very concept of a payments system articulated in the Payments System (Regulation) Act 1988 no longer adequately captures all its relevant components today. Definitions within the Act should therefore be updated to reflect the system as it exists today, and, as far as possible, attempt to capture what the payments systems of tomorrow will look like.
4.93
The committee recommends the definition of a payments system within the Payment Systems (Regulation) Act 1988 be expanded to encompass new and emerging payments systems and platforms, in keeping with the findings of the Treasury Payments System Review.