Introduction
Australia’s payments system is undergoing its most significant transformation in over two decades, moving away from a regulatory framework that has remained largely unchanged for more than 20 years. This payments system modernisation is driven by the rapid growth of new payment services and products, such as digital wallets and Buy Now Pay Later, which have rendered much of the old law obsolete and unsuitable for the modern digital economy.
In response, the Australian government is introducing a new, function-based licensing framework under the Corporations Act 2001 (Cth) to modernise the regulation of payment service providers. For fintech founders and Payment Service Providers (PSPs), navigating these changes is crucial, and this guide provides a foundational overview of the new regulatory framework, explaining how the updated Australian Financial Services Licence (AFSL) regime will apply to various payment products and services.
Why Modernise Australia’s Payments System?
Australia’s payments system is undergoing its most significant regulatory transformation in over two decades. The existing regulatory architecture has remained relatively unchanged for more than 20 years, rendering it unsuitable for the modern digital economy. This outdated framework has struggled to keep pace with the rapid evolution of financial technology and the emergence of new payment methods.
The rise of innovative products and services has exposed gaps and created uncertainty within the old system. These innovations include:
- Digital wallets
- “Buy Now Pay Later” (BNPL) providers
- Payment stablecoins
Regulators and policymakers have recognised that the previous laws, including concepts like “non-cash payment facilities” in the Corporations Act 2001 (Cth), are no longer fit for purpose.
This drive for modernisation is underpinned by the government’s Strategic Plan for the Payments System, which aims to create a regulatory framework that is safe, efficient, and competitive. The reforms are designed to replace fragmented and outdated concepts with a clear, technology-neutral, and function-based licensing regime.
Furthermore, this new approach ensures that all entities performing similar payment activities are regulated consistently, regardless of their business model or the technology they use.
Get Your Free Initial Consultation
Consult with one of our experienced ACL & AFSL Lawyers today.
Australia’s Core Payments Regulators & Their Roles
RBA: System Stability & Efficiency
The Reserve Bank of Australia (RBA), through its Payments System Board, is responsible for promoting the safety, efficiency, and competition of the Australian payments system. Its authority stems from the Payment Systems (Regulation) Act 1998 (Cth), which empowers the RBA to:
- Designate payment systems
- Implement standards or access regimes when it is in the public interest
The RBA’s oversight focuses on maintaining the stability of the overall financial system.
Historically, the RBA has overseen systemically important infrastructure, such as real-time gross settlement systems and major card networks. The recent payments system modernisation has expanded its reach, updating the definition of a “payment system” to include new and emerging platforms like digital wallets and BNPL services. This ensures the RBA can continue to regulate the evolving payments landscape effectively.
ASIC: Licensing & Conduct
The Australian Securities & Investments Commission (ASIC) serves as Australia’s primary corporate and financial services regulator, focusing on market conduct and consumer protection. A central part of its role is administering the AFSL regime under the Corporations Act 2001 (Cth).
Under the new regulatory framework, any PSP performing a defined “payment function” must obtain an AFSL from ASIC. This marks a significant shift from the previous, broader concept of a “non-cash payment facility.”
ASIC’s responsibilities now include:
- Licensing and supervising a wider range of PSPs, including those offering services like payment initiation and payment facilitation
- Enforcing consumer protection rules
- Ensuring PSPs provide their financial services efficiently, honestly, and fairly
APRA: Prudential Safety
The Australian Prudential Regulation Authority (APRA) is the prudential regulator, tasked with ensuring the financial safety and stability of banks, insurers, and superannuation funds. The payments system modernisation has formally extended APRA’s oversight to include major non-bank payment firms that hold significant amounts of customer funds.
Specifically, APRA’s prudential regulation is triggered when a PSP operates a “major stored-value facility” (SVF), which includes large digital wallets or prepaid card issuers. An SVF provider must register with APRA and adhere to its prudential standards if the total value of stored funds exceeds approximately $200 million. While these entities become subject to APRA’s supervision, they are not classified as authorised deposit-taking institutions (ADIs) or banks.
Other Key Bodies: AUSTRAC & The ACCC
Beyond the three main regulators, other bodies play crucial roles in the regulation of payment services:
| Regulatory Body | Role & Responsibilities |
|---|---|
| AUSTRAC | As Australia’s anti-money laundering and counter-terrorism financing (AML/CTF) regulator, it requires all payment providers offering designated services (e.g., remittance, digital currency exchange) to register and comply with reporting and compliance obligations to prevent financial crime. |
| ACCC | As the Australian Competition & Consumer Commission, it enforces competition and consumer law. It complements the RBA’s work by monitoring for anti-competitive conduct and enforcing consumer protections, such as rules against excessive surcharges on card payments. |
Speak with an ACL & AFSL Lawyer Today
Request a Consultation to Get Started.
Key Legislation for Australian PSPs
The Corporations Act 2001 (Cth)
The Corporations Act 2001 (Cth) serves as the primary legislative foundation for the AFSL regime. Historically, this Act regulated payment services through the broad concept of a “non-cash payment facility,” which captured various payment products including:
- Stored-value cards
- Electronic bill payments
- Funds transfer services
Providers of these facilities were generally required to hold an AFSL unless a specific exemption applied.
The payments system modernisation reforms are now replacing this outdated concept. The term “non-cash payment” is being removed from the general definition of a financial product. In its place, the new framework introduces specific, technology-neutral definitions for payment activities, which are classified as either new financial products or financial services.
This function-based approach means that while the core requirement to hold an AFSL remains, the authorisations needed will be tied to the specific payment functions a provider performs.
The Payment Systems (Regulation) Act 1998 (Cth)
The Payment Systems (Regulation) Act 1998 (Cth) grants the RBA its formal powers to oversee Australia’s payment system. This Act allows the RBA to designate a payment system if doing so is in the public interest. Once a system is designated, the RBA can:
- Impose standards
- Establish an access regime to promote efficiency, competition, and safety
For example, the RBA has previously used these powers to set interchange fee caps for major card schemes.
As part of the payments system modernisation, this Act has been updated to broaden its scope. The definitions of “payment system” and “participant” have been expanded to ensure the RBA can regulate new and emerging systems, such as:
- Digital wallets
- BNPL services
- Payment stablecoin arrangements
The amendments also introduce a new ministerial designation power, allowing the Treasurer to designate a payment system if it is in the “national interest.” This provides an additional layer of oversight for services that may pose risks beyond the RBA’s traditional remit.
The Banking Act 1959 (Cth)
The Banking Act 1959 (Cth) regulates any entity conducting “banking business,” which primarily involves taking deposits from the public. Institutions engaged in banking business must be authorised by APRA as an ADI.
To avoid the stringent prudential requirements of becoming a bank, most fintech PSPs are structured to avoid taking deposits. Instead of operating as banks, many fintechs hold customer funds as SVFs under an AFSL.
The new reforms acknowledge this structure by giving APRA specific supervisory powers over large SVF providers without classifying them as ADIs. This allows for tailored prudential oversight for major non-bank payment firms that hold significant customer funds, ensuring financial stability without forcing them into the full banking framework.
Get Your Free Initial Consultation
Consult with one of our experienced ACL & AFSL Lawyers today.
The New AFSL Framework for Payment Services & Functions
Defining Stored Value Facilities & Payment Instruments
The payments system modernisation replaces the outdated concept of a “non-cash payment facility” within the Corporations Act 2001 (Cth). In its place, the new licensing framework introduces specific, technology-neutral definitions for new categories of financial products.
This function-based approach ensures that any entity issuing these products must hold an AFSL.
The new financial product categories include:
| Product Category | Description & Examples |
|---|---|
| Stored Value Facilities (SVFs) | A facility allowing a person to store funds without an immediate onward payment instruction, which can be redeemed later via a non-cash funds transfer. Examples include digital wallets holding a balance and physical or virtual prepaid cards. |
| Tokenised Stored Value Facilities (Tokenised SVFs) | A type of SVF designed to regulate payment stablecoins, where the right to redeem a fixed amount of a single currency is attached to a digital token. The regulated product is the facility that issues the token, not the token itself. |
| Payment Instruments | A facility that provides a method for a payer to make non-cash funds transfers using funds from an account. This covers instruments like debit/credit cards and online account facilities such as direct debit, BPay, and PayTo services. |
Regulating Payment Initiation & Facilitation Services
Alongside new financial products, the regulatory framework introduces new categories of financial services. Any PSP offering these services will be required to hold an AFSL.
These definitions focus on the specific actions a provider takes within the payment chain.
The key new financial services are:
| Service Category | Description |
|---|---|
| Payment Initiation Services (PIS) | A service where a third-party provider initiates a non-cash funds transfer on behalf of a customer. This function captures services like ‘PayTo’ and direct debit arrangements offered to merchants, allowing customers to authorise payments from their bank accounts. |
| Payment Facilitation Services (PFS) | A service provided when a provider receives funds under an arrangement with instructions to transfer them to a payee. This broad category covers merchant acquiring services for businesses and remittance services for customers sending money. |
Payment Technology & Cross-Border Transfer Services
The framework also defines additional financial services to capture other critical roles within the payments ecosystem. These services are essential for the functioning of modern payment systems, but may not involve the direct handling of customer funds in the same way as facilitation services.
These service categories include:
| Service Category | Description |
|---|---|
| Payment Technology and Enablement Services (PTES) | This function covers providers that enable a non-cash funds transfer without possessing the funds. Activities include identity verification for payments or transmitting payment instructions. Examples include payment gateways and pass-through digital wallets. |
| Cross-border Transfer Services | This service specifically regulates the transfer of funds from Australia to an overseas payee, or from overseas to a payee in Australia. It is designed to capture international remittance providers and is technology-neutral. |
Speak with an ACL & AFSL Lawyer Today
Request a Consultation to Get Started.
Prudential Oversight & Safeguarding Customer Funds
APRA’s New Role Supervising Major SVFs
APRA will have its role expanded to include prudential regulation of major non-bank payment firms. This new oversight specifically targets providers of “major SVFs”, which includes large digital wallets or prepaid card issuers holding significant customer funds.
APRA’s supervision is triggered when specific thresholds are met:
- When a PSP’s total stored value across all SVFs exceeds $200 million on a group aggregate basis
- Once this threshold is reached, the provider must register with APRA and comply with its prudential standards
It is important to note that while these entities become subject to APRA’s prudential regulation, they are not classified as ADIs or banks. Furthermore, they will not be required to hold an APRA licence.
New Requirements for Safeguarding Payment-Related Money
The payments system modernisation introduces new requirements for PSPs to safeguard customer funds. These rules build upon the existing client money regime found in the Corporations Act 2001 (Cth), with specific adjustments to accommodate various payment models such as:
- SVFs
- Payment facilitation services
The primary requirement mandates that PSPs must segregate payment-related money by holding it in a separate trust account with an Australian ADI. This critical measure ensures that:
- Customer funds are protected and available to be returned to the person legally entitled to them
- Client money is not mixed with the PSP’s own operational funds
This safeguarding approach is designed to protect consumers and ensure the security of their money when held by a non-bank PSP.
Get Your Free Initial Consultation
Consult with one of our experienced ACL & AFSL Lawyers today.
Navigating the Transition to the New Payment System
The Phased Implementation Timeline
The Australian government is rolling out the payments system modernisation reforms through a phased implementation. This staged approach allows the industry to adapt progressively to the new regulatory framework.
The implementation is broken down into the following stages:
| Implementation Stage | Details & Timeline |
|---|---|
| Tranche 1a | This initial phase covers core licensing obligations for PSPs. The exposure draft legislation was released on 9 October 2025, with consultations closing on 6 November 2025. |
| Tranche 1b | Scheduled for consultation in early 2026, this tranche will introduce further details, expected to cover:
|
| Tranche 2 | Following the enactment of Tranche 1, further reforms are planned for 2026 and beyond. This stage will address common access requirements for payment systems and the potential creation of an industry standard-setting body. |
Once the new legislation is passed, a proposed transition period of 18 months will commence. This period is designed to give new entrants and existing businesses sufficient time to obtain the required AFSL, provided they submit their application within the first six months of the transition window.
The Shift to a Mandatory ePayments Code
A significant change under the payments system modernisation is the move to make the ePayments Code mandatory for all PSPs. Previously a voluntary set of standards, the code will become a binding requirement, establishing a consistent baseline for consumer protections across the entire payments ecosystem.
The reforms grant the Minister a new rule-making power to implement and enforce this mandatory ePayments Code. This ensures that all providers, including ADIs and other payment system participants, adhere to minimum standards of conduct. The code specifically addresses critical consumer issues such as the handling of unauthorised transactions and mistaken payments, ensuring a uniform approach to resolving these common problems.
Speak with an ACL & AFSL Lawyer Today
Request a Consultation to Get Started.
Conclusion
Australia’s payments system modernisation is establishing a clearer, function-based regulatory framework, requiring PSPs to navigate new licensing and compliance obligations. This risk-based system introduces specific definitions for payment services, enhances prudential oversight, and mandates consistent consumer protections through the ePayments Code.
Navigating this new regulatory landscape requires specialised guidance to ensure your fintech is prepared for the updated licensing and compliance requirements. To leverage our trusted expertise and turn these regulatory challenges into strategic opportunities for your business, contact our expert AFSL application lawyers at AFSL House today.
