Payments system modernisation – licensing: defining payment functions

By John Bassilios

The Federal Government is seeking feedback on seven defined payment functions that will support a new tiered, risk-based licensing framework for payment service providers (PSPs). The proposed payment functions introduce stored-value facilities (SVFs), such as payment stablecoins, and SVF issuers would be regulated.

The proposed amendments were published on 7 June 2023 as one of three publications released by Treasury that day. You can read our updates the about the publications here: ‘Treasury releases strategic plan for Australia’s payments system‘ and ‘Reforms to the Payment Systems (Regulation) Act 1998‘.

The proposed amendments aim to:

1. ensure consistent and appropriate regulation of PSPs based on the payment function they provide;
2. improve regulatory certainty for PSPs by clarifying when a PSP is providing a payment service that requires a licence and what the associated regulatory obligations are;
3. support a more level playing field for PSPs seeking to access payment systems, promoting greater competition, diversity and innovation within the ecosystem;
4. better target regulatory obligations based on the level of risk posed to end users by PSPs, balancing protections for consumers and businesses (collectively referred to as ‘customers’ in the paper and within this article) with regulatory burden;
5. streamline the process for businesses that require multiple licences or authorisations to minimise the regulatory burden; and
6. better align Australia’s payments regulatory framework with international jurisdictions, helping to reduce barriers to entry for providers seeking to enter the Australian market.

With reference to the principles defined in the Review of the Australian Payments System, seven payment functions requiring regulation were articulated. Two payment functions fall under the category of SVFs and five have been articulated under Payment Facilitation Services (PFSs).

For each, the Government has outlined three main categories of risk posed by specific payment functions that can affect two stakeholders; the financial system or individual consumers and business:

1. financial risks encompass events of solvency and liquidity and can result in customers losing their funds and settlement risks;
2. operational risks relate to technical malfunctions, operational mistakes and cyber attacks that can lead to settlement issues;
3. misconduct risks arise when there is an inappropriate supply of financial services (eg wilful or negligent misconduct) and can lead to mis-selling products, high barriers to switching financial product, unfairly processed customer complaints, or collusion with criminals throughout service provision.

In this table, we summarise the seven proposed payment functions and their proposed definitions, potential entities, and associated risks.

Type	Payment function	Proposed definition	Potential entities	Associated risk
Stored-value facility	Issuance of payment accounts or facilities (‘traditional SVFs’)	Providers of payment accounts or facilities that store value for more than two business days and can be used for the purpose of making payments.	ADIs, including entities currently regulated as Purchased Payment Facilities, digital wallets that store value, and issuers of prepaid accounts.	Financial, operational, and misconduct risks.
	Issuance of payment stablecoins (‘payment stablecoin SVFs’)	Issuers of payment stablecoins that store value and control the total supply of payment stablecoins through issuance and redemption activities.	Payment stablecoin issuers.	Financial, operational, and misconduct risks.
Payment facilitation services	Issuance of payment instruments	Issuers of a payment instrument that is unique to a customer and can be used to make a transaction or provide instructions on their account or facility.	Issuers of payment instruments (such as cheques and digital and physical cards). This includes Buy Now Pay Later providers that issue a virtual card. Issuers of a set of procedures/credentials (such as a PIN, password, biometric data) to initiate a payment instruction order.	Operational and misconduct risks.
	Payment initiation services	Services that allow the instruction of a payment transaction at the request of the customer (payer or payee) with respect to a payment account or facility held at another PSP, or from some other source of value or a credit facility.	Services that allow a customer to request a payment transaction be initiated. Examples include recurring payment services and third-party payment initiation services.	Operational and misconduct risks.
	Payment facilitation, authentication, authorisation, and processing services	Services that enable payment instructions to be transferred (facilitation), provide the verification of customer credentials (authentication), payment authorisation, and/or processing of payment instructions.	Pass-through digital wallets, merchant acquirers, card issuers, payment gateways and processors, and payment routing.	Operational risks
	Payments clearing and settlement services	Services for clearing or settlement of payment obligations or for the exchange of payment messages for the purposes of clearing or settlement of payment obligations, including clearing and/or settling account to account payments.	Payments clearing and/or settlement providers.	Financial and operational risks
	Money transfer services	Services that send or receive money overseas or within Australia for a customer, including through the creation of a payment account or without a payment account.	Remittance service providers and domestic money transfer providers.	Operational and misconduct risks.

 

Due to presenting low risks, low-value payment facilities and limited purpose facilities (eg gift vouchers/cards, prepaid mobile phone accounts, loyalty schemes, and electronic road toll devices) will not be captured as a regulated payment function. Though it has been proposed that relief for these products be moved to primary legislation or regulation to provide greater certainty to the industry. Further, payments executed entirely in cash are excluded from the definition of non-cash payment. The Government proposes to add the exclusion to the list of payment functions and an exclusion be provided for the physical transport of cash and coins.

The consultation proposes to incorporate the listed payment functions into existing law by either replacing the existing concept of a facility through which an individual makes non-cash payments, add the list as a non-exhaustive list of inclusions under a new definition of ‘payment services’, or regulate SVFs as a type of financial product and PFSs as a financial service. The paper acknowledges that such reforms will imply that existing legislative requirements such as licensing, design and distribution, and disclosure obligations could extend to entities that are currently not subjected to these requirements.

Proposed definitions and regulation of traditional and payment stablecoin SVFs

The Government proposes to define an SVF as ‘a facility that can store value and be used as a means of making payments for goods and services or transferred to another person. A traditional SVF issuer makes payments, usually on behalf of the customer, up to the amount of stored value that is available for use under the conditions applying to the facility’. Credit facilities and facilities that store value but cannot be used as payment (eg debentures) are excluded from this definition. SVFs are divided into two payment functions; traditional SVFs and payment stablecoin SVFs.

Traditional SVFs capture payment accounts, facilities or instruments that store funds that will be used to make payments (eg pre-paid cards). Services that store crypto assets are excluded, except for payment stablecoins that will be regulated under a distinct category. The Government proposes to regulate traditional SVFs to assure customers that their funds are well protected. This will be achieved through either prudential standards prescribed by APRA or requiring providers to store customer funds in trust accounts with an ADI separate from the provider’s own resources or working capital.

Payment stablecoin SVFs differ from traditional SVFs in that providers usually do not supply customers with underlying accounts for the purposes of making payments. They can be used without the direct participation of issuers and are a bearer instrument that enables transfers on a peer-to-peer level. Functional similarities to fiat currencies held in traditional SVFs and bank deposit accounts include the possibility to be accepted as a form of payment or held as store of value. Issuers often hold cash or cash-equivalent reserves to back the stability of the stablecoin’s value. The Government proposes three limbs to defining a payment stablecoin, namely:

1. a digital representation of monetary value intended or purported to maintain a stable value relative to a fiat currency;
2. issued by a payment stablecoin issuer (‘issuer’); and
3. capable of being redeemed for Australian dollars (AUD) or another fiat currency that has an active marketing or selling in Australia, at face value through a claim provided by an issuer to a customer.

The issuer controls the complete supply of payment stablecoins through issuance and redemption and is responsible for the stability of the stablecoin. Due to being less stable and thus less useful for payments or stored value, the regulation does not intend to encompass stablecoins collateralised or stabilised by other crypto assets or other commodities such as gold. Any stablecoin arrangement that does not meet the above definition may be captured by a different type of financial product that is regulated under the financial services regime. Otherwise, it is likely that most stablecoin issuers in Australia will require an AFSL and be subjected to various regulations based on the function of the offered product.

The Government’s rationale for regulating stablecoins under the SVF category is because similar to traditional SVFs, users transfer funds in exchange for stored value that can be used to pay for transactions and transfer to other persons. The main risks are also similar, in particular risk of losses due to the conduct on the issuer’ side (eg failure to protect customer funds and insolvency), operational risks, cyber attacks, fraud, and other financial crime-related risks.

The regulatory approach for SVFs is consistent globally with the regulatory framework of the EU, UK, Singapore, and Canada as well as domestically with the recommendations found in the Regulation of Stored-value Facilities in Australia report by the CFR and the Competition in the Australian Financial System report by the Productivity Commission.

The proposed SVF regulatory framework covering traditional SVFs and payment stablecoin SVFs will replace the existing Purchased Payment facilities regulatory framework. Further, a two-tier regulatory approach is proposed for SVFs, with standard SVFs to be regulated by ASIC and major SVFs to be regulated by ASIC and APRA. Regulation will govern management of reserve assets to ensure the stability of payment stablecoins. PFSs relating to payment stablecoins will fall in the scope of the payments licensing framework.

Proposed definitions and regulation of PFSs

Five payment functions have been proposed under this category.

Issuance of payment instruments

This payment function captures payment instruments issued that are unique or personalised to a customer and can facilitate a transaction or provide instructions on their account or facility. Examples include cheques, cards, or procedures or credentials such as passwords or customer consent procedures that allow a payment instruction to be initiated.

The regulation would be aligned with the frameworks of the EU, UK, and Singapore.

Payment initiation services

Payment initiation services are defined as services that allow the instruction of a payment transaction at the request of the payer or payee through a payment account or facility held at another PSP, or from some other source of value or a credit facility. Examples include recurring payment requests by customers and third-party initiation services such as future Consumer Data Right (CDR) requests.

The regulation would be aligned with the frameworks of the EU and UK, and similar to Canada’s definition which includes ‘initiation of an ‘electronic funds transfer’ at the request of an end user’.

Payment facilitation, authentication, authorisation and processing services

Under this category, services that transfer payment instructions, verify credentials, authorise payments, or transmit payment instructions are captured. The definition captures services that support the transfer of funds to enable the payment of a receipt or payment by way of either:

• direct debits (including one-off direct debits);
• payment transactions through a payment instrument;
• credit transfers (including standing orders); or
• payment transactions where the funds are covered by a credit line.

In addition, PSPs such as pass through digital wallets, card issuers, merchant acquirers, payment gateways, payment processors, and payment routing are included.

Payments clearing and settlement services

This function applies to entities that clear and settle financial obligations between financial institutions where customer transactions have been processed within a payment system. Such services are pivotal to an accurate and efficient transfer of funds from payer to payee customers. Examples of such PSPs include clearing services involving transmitting, reconciling, and confirming information regarding financial obligations that require settling between direct participants in a payment system, and settlement services involving the actual exchange of funds to execute the obligations agreed upon between parties.

Money transfer services

Money transfer services refers to services that send or receive money internationally or domestically for customers and captures the business of remittance service providers. While AUSTRAC regulates remittance service providers, it does not extend to ensuring customer protection, conduct, prudential or competition regulation. The consultation paper proposes giving the option to remittance dealers to become an authorised representative of a licensee instead of directly holding a licence, which would be an attractive option for smaller remittance dealers.

The regulation would conform to the frameworks of the EU, UK, Singapore, and Canada.

Exclusions and exemptions proposed to be removed or amended

For consistency, the Government proposes to remove or amend the following:

• the current definition of ‘financial product’ under the Corporations Act (see s 765A(1)(k)) excludes facilities for the exchange and settlement of non-cash payments between providers of non-cash payment facilities which is inconsistent with the proposed ‘payments clearing and settlement services’ function;
• an exclusion (see reg 7.1.07G) relating to remittance service products of certain products from requiring an AFSL in the Corporations Regulation is inconsistent with the proposed ‘ money transfer services’ function;
• non-cash payment facilities are excluded as financial products if payments are debited to a credit facility (see s 765A(1)(h)(ii) of Corporations Act) which is inconsistent with the intention to cover providers of PFSs such as payment initiation services;
• currently there is an exemption in the Corporations Act (see s 911A(2)(b)) which allows product issuers to issue financial products without a licence if the issuer relies on a licensed intermediary that it has authorised to make offers to arrange for the issue of the product. This exemption is inconsistent with the proposed intention to capture SVF providers and establish specific requirements to ensure customer funds are protected; and
• ASIC exemptions relating to specific entities and non-cash payment facilities that are inconsistent with the payment functions captured by the new licensing regime.

Regulatory obligations

The Government proposes that separate regulatory authorisations for PFSs and SVFs should be provided to reflect the various risks associated with each category. The following regulatory obligations have been drafted:

Category		Definition		Regulated by		Regulatory obligations
Major SVFs		Facilities that store more than $50 million in customer funds, offer individual customers the ability to store more than $1,000 for more than 31 days, and allow their customers to redeem their funds on demand in Australian currency		ASIC, APRA and RBA		Obtain an APRA licence. APRA’s prudential requirements could include: safeguarding customer funds; holding high-quality liquid assets; meeting minimum capital requirements including an operational risk capital charge; and complying with all relevant prudential standards (such as governance and risk management requirements, including in relation to IT risks). Obtain an AFSL; Report the total value stored and transaction flow amounts to ASIC and APRA; Comply with technical standards set by industry bodies authorised by the RBA; and Comply with a legislatively mandated and revised ePayments Code.
Standard SVFs		A facility that stores customer funds, can be used for making payments, and is not a major SVF. It is proposed that the storing of value in transit (value that is paid into a facility together with an instruction to initiate payment or a transfer of the value to another person or account) would be excluded from SVF obligations and instead regulated as a PFS. It is proposed that this exclusion would apply for storing value for up to two business days		ASIC and RBA		Obligations relating to the holding of value on behalf of clients, which includes: be required to protect the stored value to ensure standard SVFs operate effectively and client funds cannot be used as the provider’s working capital. This could be achieved through applying the client money provisions in the Corporations Act which are intended to ensure that funds are held in a trust account with an ADI for the benefit of the customer and cannot be co-mingled with the provider’s own funds or working capital; and report the total value they store and transaction flow amounts to ASIC Obtain a licence; Comply with technical standards set by industry bodies authorised by the RBA; and Comply with a legislatively mandated and revised ePayments Code.
PFSs		All PFSs regardless of size		ASIC and RBA		Obtain a licence and complying with general AFSL obligations (including client money provisions where applicable); Comply with technical standards set by industry bodies authorised by the RBA; and Comply with a legislatively mandated and revised ePayments Code (where relevant).

 

In relation to payments clearing and settlement providers, the Payments System Review recommended that the RBA should develop a set of common access requirements for payment systems to enable direct access to Australian payment systems in relation to non-ADI PSPs. Recently the RBA has been working on regulatory obligations that will balance the playing field for non-ADI PSPs that wish to pursue direct access to the payment system.

The Review also suggested that the common access requirements should form part of the payments licence, and that major SVFs and PFSs should comply with them. However, it is now proposed that the obligation should be based on whether the payment system is seeking access for the purpose of clearing and settlement activity, which would void the need to categorise PFSs based on size.

Given prudential regulation would apply to major SVFs and ADIs, it is proposed that there would be streamlined or no additional common access requirements for these entities performing clearing and settling of payments. Payment systems are not obliged to grant access to licensees that meet these requirements, but should assess each individually – based on their system-specific requirements and risk profile. However, Australian payment systems would be expected to grant access – as they currently do for ADIs – to PSPs that meet the common access requirements.