Fintechs set to ride wave of regulatory assistance

Good news for fintech start-ups as Australia’s corporate regulators adopt a number of initiatives to help entry level players gain a meaningful foothold in the industry.

Hall & Wilcox recently attended an Innovation Hub event organised by ASIC where regulators such as the RBA, APRA, AUSTRAC and OIAC provided an update on various initiatives they are undertaking to assist start-ups in the fintech (and to some extent, the regtech) space to navigate the regulatory landscape.

We have summarised the key elements of each initiative below.


ASIC has introduced the regulatory sandbox exemption.

This exemption seeks to encourage innovation in the fintech space without compromising the principles of market fairness, order and transparency.

The effect of the regulatory sandbox exemption is to permit eligible Australian fintechs to ‘test out’ certain financial services offerings for up to 12 months without obtaining a full Australian financial services or credit licence.

Requirements and conditions that an applicant must meet in order to be eligible for the sandbox exemption or rely on the sand exemption include:

Available to an applicant who offers

An applicant must (amongst other things)

Deposit products, with a maximum $10,000 balance Provide financial or credit services to no more than 100 retail clients
Payment products and with a maximum $10,000 balance Ensure that the total exposure of all clients (both retail and wholesale) does not exceed $5 million
Liquid investments in listed Australian securities or simple schemes limited to $10,000 Meet disclosure and conduct requirements such as telling clients that the business is not licensed and that it is relying on the sandbox exemption
Consumer credit contracts with a loan size between $2,001 and $25,000 Have adequate compensation arrangements for compensating clients for loss or damage

ASIC hopes that this initiative will also encourage fintechs to expand beyond Australia.


The New Payments Platform (NPP) is an initiative by the RBA to establish the new infrastructure for Australia’s low-value payments. It is scheduled to roll out this year with the aim of allowing businesses and consumers (including fintechs) to transfer money and data between bank accounts instantly via one basic platform.

NPP Australia is the body responsible for administering this platform and familiarising users with functions that the NPP platform offers.


On 15 August 2017, APRA released a discussion paper (on which it is presently seeking submissions) on its phased approach to authorising new entrants into the banking industry and reducing barriers to entry.

One cornerstone of this initiative is the introduction of a restricted ADI licence.

If introduced, fintechs will be able to obtain a licence much earlier and operate limited activities for a period of two years under the restricted ADI licence.

Companies which operate under a restricted ADI licence are expected to transition to an ADI and fully comply with the prudential framework or exit the industry at the end of the two year period. This regime will not be available to well resourced, large prudential bodies which would be expected to obtain a full licence (for example, a subsidiary of a large foreign bank).

APRA’s initial requirements will be as follows.

General requirements


Business plan Credible business plan outlining business model and viability of proposed business
Strategy to work towards full prudential framework Credible plan to progress to a full ADI Licence within two years
Governance Appropriate organisational structure and government framework including details of ownership and capacity to support the business
Capital Minimum start-up capital of $3m plus wind-up costs
Fit and proper Full compliance with CPS 520 -  fit and proper
Risk management Description of risk profile and a strategy to implement adequate systems and controls prior to service retail customers
Exit plan Credible exit plan which demonstrates it is able to protect depositors without reliance on the Financial Claims Schedule (FCS)
FCS systems and reporting Ability to provide the necessary information for the purposes of the FCS
Policies and procedures Well progressed draft policies and procedures

During the two year period in which subscribing businesses must work towards the full APRA licence, the ongoing requirements include:

General requirements


Liabilities Maximum aggregate deposit - $2m

Individual deposit limit - $250,000

Capital Minimum capital of $3m plus wind-up costs or 20% of total assets (whichever is greater)
Liquidity MLH of 20% of total assets
Nature of business Restricted with a focus on building capabilities and resources and not conducting banking business
Disclosure Clear disclosures on Restricted ADI Licence status
Reporting obligations Specific reporting requirements

Overall, this initiative allows companies to test the market but with sufficient consumer protection to ensure community confidence in the safety of their deposits with all ADIs in Australia.


As part of its Fintel Alliance Strategy, AUSTRAC has taken on the role of helping fintechs to understand the risks in the industry to promote clarity, certainty, integrity and trust in the financial services market.

An overriding concern for most fintechs is whether their services are captured by the relevant reporting provisions under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). Given the serious consequences of non-compliance, AUSTRAC encourages fintechs to connect with its designated compliance team for guidance.


Generally, an Australian company will be captured by the Australian Privacy Principles where the company:

  • has a turnover is in excess of $3m
  • collects customer information and
  • participates in Australia’s credit and loyalty reward system.

The Privacy Survey 2017 conducted by OAIC reinforces the community view that reputation is critical to the success of fintechs in Australia. Of the 1,800 people who took the survey:

  • 93% didn’t want their data sent overseas
  • 79% didn’t want their data shared with other organisations
  • 58% decided to avoid dealing with some businesses because they were concerned about (potential) privacy issues and
  • 44% avoided any downloading of smartphone applications.

In light of this, the OIAC encourages fintechs to undertake a Privacy Impact Assessment (PIA). A PIA will systematically assess a company’s project, identify the impact that project might have on individuals and set out recommendations to manage, minimise or illuminate key issues.

Hall & Wilcox has substantial experience in undertaking PIAs. Please contact us if you would like more information about this service.

Going Forward

All of these initiatives above seek to equip fintechs with a good regulatory understanding, minimise costs and build viable practices into the existing operational functions.

We will continue to monitor these initiatives and report on any new developments.


Jacqui Barrett

Jacqui Barrett

Partner & Head of US Desk

Jacqui assists clients with mergers and acquisitions, corporate structuring, capital raisings and managed investment schemes.

You might be also interested in...

Financial Services | 12 Sep 2017

ASIC Enforcement Review – Part 3

Increasing ASIC licensing powers
ASIC has previously raised concerns regarding its powers to regulate AFS and credit licensees, including concern over inconsistencies between the AFS and credit licensing regimes.

Intellectual Property | 12 Sep 2017

Australian Government responds to Productivity Commission’s report on IP arrangements

The Australian Government has recently released its response (which can be accessed here) to the Productivity Commission’s final report on Intellectual Property Arrangements in Australia.