Fintech Update: November 2017

In this update we navigate the varied and significant cryptocurrency and fintech developments in Australia and international jurisdictions. 

In relation to cryptocurrencies, the Reserve Bank of Australia (RBA) has discussed its risk assessment of digital currencies, there has been further regulation of initial coin offers (ICOs) and cryptocurrencies in many jurisdictions and a class action has been filed in the United States (US) against Tezos in relation to its recent ICO. 

Developments in fintech include the United Kingdom’s (UK) Financial Conduct Authority (FCA) reporting on the first year of operation of its regulatory sandbox, the Australian Securities and Investments Commission (ASIC) entering into fintech related agreements with regulators in Switzerland, Dubai and China and establishing a fintech bridge with the UK, and the introduction of mandatory consumer credit reporting in Australia.  There have also been setbacks for fintechs with the Productivity Commission (PC) endorsing a vendor collection model for low value GST collection, rather than adopting technology based solutions.

Finally, while not discussed in this update, the announcement of a Royal Commission into banks and financial services in Australia may have a significant impact for fintechs into the future.  The potential impact of this Royal Commission for innovative and disruptive financial services providers is at this stage uncertain but we will provide updates on this going forward.

Fintech fact: over 26,000 blockchain-related projects were created on code repository, GitHub, in 2016.

RBA presents on evolving payment system including digital currencies

Tony Richards, the department head, and David Emery, a senior manager, from the RBA’s payment policy department recently appeared before a parliamentary committee to present an overview of Australia’s evolving payment system.  They noted that the key trend in the retail payments system has been the move from paper-based payment methods to electronic methods.  The adoption of e-payment methods is likely to increase as consumers use contactless cards and mobile devices to make more payments.  This move will be accelerated with the introduction of the New Payments Platform (NPP).  The NPP will facilitate the inclusion of far more data with each payment, enhancing functionality for government agencies and improving e-invoicing and straight-through-processing. The NPP is also targeted for use by non-traditional members of the financial system such as fintechs.

Notably, Tony Richards stated that cryptocurrencies did not currently pose “pressing regulatory issues” for the RBA’s payments policy mandate.  While cryptocurrencies have been used as both a legal and illicit payment method, the RBA considers regulation of the core protocols of these systems “unlikely to be effective” due to their cross-border nature. In contrast, the RBA has been exploring the potential for distributed ledger and blockchain technology in the financial sector (previously discussed here). Tony Richards observed that the greatest areas of use for this technology are “sectors where workflows involve lots of different parties with no trusted central entity, and where current practices are quite inefficient”, such as correspondent banking and remittances, and trade financing.

Australia extends fintech focus with cooperation agreements and a ​​​​​​​fintech bridge

ASIC has signed a cooperation agreement with the Swiss Financial Markets Authority (FINMAand with the Dubai Financial Services Authority (DFSA) and an information sharing agreement with the China Securities Regulatory Commission (CSRC).  

Under its agreement with FINMA, ASIC is able to refer innovative businesses for support and vice versa.  Switzerland has long been regarded as a hub for fintechs in areas like wealth management, comparative consulting, crypto finance, data management, payment services and lending.

The cooperation agreement with DFSA enables both parties to refer innovative fintech businesses to each other for support through their respective fintech functions, creating a pathway for businesses to operate in the Dubai International Financial Centre, engaging with DFSA, and vice versa.  The agreement facilitates information sharing between the two regulators and also specifically recognises the importance of regulatory technology, providing that ASIC and the DFSA intend to deepen their partnership by sharing information on regtech trials.

The information sharing cooperation agreement with the CSRC strengthens the Australia-China trade and investment relationship by allowing the two regulators to exchange information on market trends and developments regarding financial services and innovation. This particular agreement also specifies certain forms of collaboration by sharing information on regulatory technology trials.  China is a global leader in relation to fintech investment and is Australia’s largest two-way trading partner.

These agreements follow similar agreements (discussed here and here) between ASIC and the Hong Kong Securities and Futures Commission, the Monetary Authority of Singapore, the UK’s Financial Conduct Authority, Canada’s Ontario Securities Commission, the Abu Dhabi Global Market Financial Services Regulatory Authority, the Capital Markets Authority of Kenya, and Indonesia’s Otoritas Jasa Keuangan.

In addition, Treasurer Scott Morrison has announced a FinTech Bridge collaboration agreement with the UK. Extending beyond the power of ASIC’s current collaboration agreements, the Bridge will enable collaboration at the industry, regulator and government levels to “identify emerging trends, share policy developments and better position firms for the challenges of entering a foreign market.”  The Bridge will also allow Australian fintechs to expand into the UK or pursue partnerships with companies in the UK.

Tax law changes to support fintech investment

The Treasury has recently released draft changes (Exposure Draft - Treasury Laws Amendment (Measures for a later sitting) Bill 2017: Fintech and Venture Capital Amendments and accompanying Exposure Draft Explanatory Material) to the venture capital and early stage tax concession provisions in the Income Tax Assessment Act 1997 (ITAA) to ensure that start-up fintech businesses are eligible for venture capital investment tax concessions, in addition to making some other minor technical amendments to confirm the provisions of the ITAA are operating consistently with policy intent. 

Under the current ITAA, venture capital tax concessions are not available for investments into companies whose activities predominantly consist of finance or insurance activities (which includes banking, providing capital to others, leasing, factoring and securitisation). This has limited the extent to which venture capital investments are made in start-up fintech firms.  The proposed changes will remove such limitations by enabling early stage venture capital limited partnerships and venture capital limited partnerships to invest in early stage companies that have finance or insurance activities as their predominant activities.  Investments in unit trusts that have finance activities as the predominant activity will remain excluded from the venture capital tax concession. 

Comprehensive credit reporting regime

The Treasury has announced that a new mandatory comprehensive credit reporting regime will be in place on 1 July 2018. These new credit reporting rules are aimed at improving the ability of lenders to meet responsible lending obligations, as well as improving access for new and smaller entrants, such as newly established fintech companies, to data. These changes come after the Government had committed to implementing them if credit providers did not meet a 40% threshold for data reporting by the end of 2017, with the figure currently being less than 1%.

The Treasury has described these proposed changes as a ‘game changer’ for both consumers and lenders as it will increase lending competition and provide greater access to finance for households and small businesses. Although no draft legislation has been issued, Treasury has indicated how these changes will affect the big four banks.  For instance, the big four banks will be the first to face mandated reporting and be required to have 50% of credit data ready for reporting by 1 July 2018, with this figure increasing to 100% by 1 July 2019.  The new reporting system will require banks to provide a customer’s full repayment history instead of simply relying on loan applications and loan defaults being used to assess an individual’s credit rating.  

Although these changes have been generally welcomed, they create some questions which remain to be answered, such as how customer data will be protected from a privacy perspective and the specifics regarding to whom the mandate will be applied.

Collection models for GST on low value imported goods

The PC has released a report regarding the feasibility of incorporating a legislated model for extending GST to low value imported goods (less than $1,000).  Domestic retailers have historically claimed that exempting foreign goods from GST creates an unbalanced market, with concerns amplified by the growth of online commerce.  The Government has recently legislated to apply GST to low value imported goods from July 2018 by using a streamlined collection model which places responsibility for tax assessment, collection and remittance on foreign suppliers.

The current legislated model is based on a vendor collection model, which requires major businesses generally based overseas to register for and collect GST on low value goods sent from overseas to consumers in Australia.  Offshore supplies of low value imported goods (outside of alcohol and tobacco products) will be deemed a domestic supply and subject to the GST. Some suppliers can also opt for ‘limited registration’ rather than ‘full registration’, especially if their supplies are only connected to Australia because of the legislated model.          

Throughout the report, the PC also considered the viability of alternate models using technological solutions. For example, the report discussed the feasibility of using ‘purchaser’ and ‘financial intermediary’ collection models. Specifically, new technology-based purchaser models could enhance traceability of purchasers by using image scanning and data storage technology to enable tax authorities to identify when GST is due. Other potential advantages include avoiding delays in delivery associated with border collection and addressing the issue of fraud in undervaluing imported goods.

Despite these potential advantages, the PC considered that the lack of evidence on operational risks provided by these models means it is too early to judge their viability. However, the PC stated that upon review of the current legislated model in 5 years’ time, they would assess the experience of other jurisdictions in adopting a technology-based purchaser model.  There may, therefore, be scope for fintech solutions in GST collection in the future.

UK Financial Conduct Authority reports on regulatory sandbox

The UK’s FCA has released a report assessing the effectiveness of its regulatory sandbox following its first year of operation, in which two cohorts of firms have conducted testing in the sandbox.  The sandbox provides entities the opportunity to test financial services without being licensed.  The report provides an overview of the first year of operation, describes key outcomes of the sandbox, the impact on the market and limitations on testing in the sandbox.  The report considers that the sandbox has been generally successful but notes that there are limitations to the testing environment.

Structure of the FCA’s regulatory sandbox

There are some key differences between the FCA’s regulatory sandbox and those of other regulators, including ASIC’s sandbox.  The FCA’s regulatory sandbox accepts two cohorts per year, with each cohort receiving a six month testing period.  Firms that successfully apply to be included in a cohort receive a case officer to liaise with and submit a final report summarising outcomes of testing.

Importantly, the FCA’s sandbox is open to any firm (including large firms already holding financial services authorisations) to carry out testing or to support another firm that is carrying out testing in relation to regulated financial services activities.  The FCA implements bespoke safeguards for each firm that tests within its sandbox, tailoring capital requirements, systems penetration testing and, in relation to robo-advice, adopting a secondary review of robo-advice by a financial adviser. 

It’s worth noting that this structure is significantly different to ASIC’s regulatory sandbox which does not permit licensees to access the sandbox licensing exemption and imposes the same requirements in relation to insurance, external dispute resolution and other consumer protection obligations on all sandbox applicants regardless of the nature of the business.  ASIC’s regulatory sandbox is currently subject to legislative reform, which will address some of these differences.

Key findings

The FCA’s report details the composition of firms accessing the regulatory sandbox.  Fifty firms were selected for testing across two cohorts and 41 of those firms proceeded to testing.  The majority of testing firms across the two cohorts tested products to be used in the retail banking sector.  Some testing firms were large, authorised firms, however the majority were startups that would otherwise be unauthorised and ineligible to test their products.  The most popular technology employed by participants in the sandbox was distributed ledger technology (DLT), with 17 firms using DLT in some way. 

The report provides several key insights, identified by both participants and the FCA, into the reasons for the success of the FCA’s regulatory sandbox, including:

  • benefits of engagement with a case officer:  The report notes that testing firms were particularly assisted by having a case officer whom they could be in contact with who would explain the regulatory framework, accelerate the path to market and reduce expenditure on external regulatory consultants.
  • reduced time and cost of product launch:  Amongst the indicators of the success of the sandbox were that from the first cohort, 75% of firms successfully completed testing, 90% of firms are continuing towards a wider market launch of their products and a majority of firms have secured full authorisation following testing.
  • testing has facilitated access to finance:  Sandbox firms have indicated that testing provides reassurance to investors due to FCA oversight and increased regulatory certainty.  The FCA found that 40% of firms who completed testing in the first cohort received investment during or following the sandbox testing period.
  • testing has enabled products to be introduced to market:  The FCA identified various benefits associated with testing in a live environment including an opportunity to understand how receptive consumers are to various product features, testing the technology and cyber resilience of the underlying platform, and ensuring adequate controls are implemented to minimise risk of consumer harm.  Amongst the controls to ensure consumer protection are standard safeguards implemented across all products to minimise potential detriment (ie, implementation of an exit plan to ensure the test can be closed down) and bespoke additional safeguards where required.  The FCA found that around a third of firms tested in the first cohort used the testing environment to significantly pivot their businesses.

The report also discusses the market impact of the firms which are testing in the sandbox.  The report makes various findings in relation to the market impact of different technologies, such as the use of biometrics and application program interfaces (APIs) by testing firms, while also discussing the products that firms have tested in particular fields such as insurance mediation and mortgage businesses.  Particular technologies and products discussed at length include:

  • distributed ledger technology:  The report notes that there has been particular use of DLT by sandbox participants to facilitate cross-border payments.  The report finds that while DLT can be used to reduce costs, improve security, create trust and enable services to be provided at greater speed, sandbox participants offering DLT have also encountered challenges.  These challenges include execution time uncertainty, digital currency volatility, liquidity issues, transaction fees and issues around the availability of exchanges.  The report notes that these risks are to be carefully managed if such services are to be provided on a wider scale.
  • increasing access and improving experiences for vulnerable customers:  A number of firms tested innovative business models to address the needs of vulnerable customers.  The FCA has a positive view of these fintech businesses as it considers these businesses address issues of financial exclusion.  The FCA indicated it will be welcoming applications for sandbox entry from such firms.
  • personal savings tools and the use of consumer information:  This has involved the use of innovative methods in personal financial management, savings and investments to incrementally improve users’ saving habits, with the FCA considering that using these tools over a long period of time has the capacity to improve consumers’ future financial positions significantly.  In this area, particularly, the FCA highlighted that data sharing between large firms and fintechs can be mutually beneficial for the firms involved (with the fintech accessing the data of the large firm and the large firm having the benefit of new technology), while also delivering significant benefits for consumers.
  • robo-advice:  The FCA considers that robo-advice is still an emerging field.  Testing firms have had the assistance of the FCA’s Advice Unit, which provides guidance to firms seeking to deliver automated advice and guidance.  Testing firms were also required to build in additional safeguards (ie, qualified financial advisers review the advice produced in a robo-advice context).

Despite the generally successful outcomes delivered by the regulatory sandbox, the report notes that there are certain limitations on what the sandbox can facilitate. 

Key limitations facing firms in the sandbox

In relation to the limitations of testing in the regulatory sandbox, the report particularly notes that:

  • access to banking services:  The FCA found that it was common for testing firms in the sandbox to face denial of banking services, with issues particularly faced by businesses seeking to offer DLT solutions or become payments or electronic money institutions.  The FCA found some applicants faced blanket refusals from certain banks, while there were also inconsistencies within individual banks for dealing with applications from testing firms.  The FCA recognised that this problem was not unique to testing firms and impacted startups generally, but that the effects of such issues could be particularly problematic.  For instance, lack of access to banking facilities could lead to some firms being unable to enter the sandbox to conduct testing, let alone enter the market. 
  • customer acquisition and governance processes:  Acquiring customers for firms testing in the sandbox was a particular issue for small firms without a well-established customer based.  Some firms overcame this by having large firms enter into partnerships with start-ups in the sandbox to provide the start-up with access to a larger pool of potential customers who could test the start-up’s products.  Both large firms and start-ups identified benefits that accompanied such partnerships, with large firms benefitting from innovative technology and improved on-boarding and governance processes from dealing with start-ups in the sandbox (which the FCA considered could be implemented in subsequent partnerships). 
  • consumer data and API integration:  The FCA found that it was difficult for testing firms to go directly to financial institutions and securely gain access required for sharing consumer data.  Additionally, smooth integration with APIs often took longer than expected, with one firm struggling to integrate APIs during the testing period.  The FCA is optimistic this issue will be resolved in the next year as the UK’s Open Banking initiative develops APIs.

The FCA noted that after testing in the sandbox, testing firms are to meet relevant conditions for authorisation (ie, licensing) for activities which they seek to conduct.  This requires that testing firms meet certain regulatory requirements, such as competence and financial viability.  The FCA noted that it can be more complex to assess testing firms against existing authorisation conditions but that, generally, testing firms have been able to clearly demonstrate their capacity to meet the FCA’s conditions.  Some types of businesses (ie, testing firms proposing to be insurers and operate multilateral trading facilities) have had greater difficulty meeting regulatory requirements due to higher levels of regulatory capital being required and more onerous controls needing to be implemented.  Businesses faced with such conditions to authorisation have generally pivoted their business models so that lower regulatory requirements apply.


The FCA’s report highlights how key features of the FCA’s regulatory sandbox have facilitated access and use of its testing environment.  Key features such as the bespoke approach to authorisation conditions imposed on testing firms, the engagement of a dedicated case officer and the encouragement of partnerships between large firms and testing firms have contributed to the success of the FCA’s regulatory sandbox.  The success of the FCA’s regulatory sandbox is reflected in 41 of 50 firms proceeding to test and 40% of those testing firms obtaining finance during or following tests.  There are undoubtedly lessons to be learned from the FCA’s approach to its regulatory sandbox. 

Unfortunately, the report also highlights the particular challenges which innovative businesses face, particularly in relation to the barriers to accessing banking services.  This is particularly problematic as such an issue could stymie innovative businesses from ever testing their products, let alone launching.  It suggests that regulators and fintech industry bodies may need to educate banks and other account providers on the risks posed by start-ups to ensure that these businesses can access banking services.

International developments for ICOs and cryptocurrencies

Since our last update, regulators in more jurisdictions around the globe have released guidance or warnings in relation to ICOs.

Despite warnings from some Asian, European and North American regulators, the continued development of regulatory guidance in different regions and even an open government-led consultation suggests that ICOs are being increasingly legitimised.

Token offerors should seek legal advice before their seed funding round or ICO to consider not just whether securities laws apply but other obligations including consumer protection obligations and anti-money laundering and counter-terrorism financing (AML/CTF) regimes. 

The latest developments are set out below:

  • New Zealand: The New Zealand Financial Markets Authority (FMA) has released guidance on whether ICOs fall within the existing regulatory regime. In line with the Australian approach, the FMA has noted that tokens with the characteristics of a financial product (debt securities, equity securities, managed investment products and derivatives) will need to comply with the Financial Markets Conduct Act 2013 (NZ) or apply for an exemption from the relevant requirements.  Regardless, all tokens whether offered in or out of New Zealand will need to comply with consumer protection obligations under the Fair Trading Act 1986 (NZ).
  • Singapore: The Monetary Authority of Singapore (MAS) has published guidelines on when tokens offered in ICOs may constitute securities under the Securities and Futures Act (Cap. 289) and Financial Advisers Act (Cap. 110).  This includes when tokens represent shares, debentures or units in collective investment schemes. MAS has indicated that it will examine the “structure and characteristics of, including the rights attached to, a digital token” to determine the token’s status.  ICOs captured within MAS’ regulatory scope will need to comply with relevant requirements, including prospectus and authorisation or recognition requirements.
    MAS also emphasised that the money laundering and terrorism financing (ML/TF) regime may apply to virtual currencies, including obligations to report suspicious transactions. MAS indicated that, moving forward, it would establish a new payments services framework for virtual currency intermediaries to implement policies, procedures and controls to address ML/TF risks.  MAS has indicated that its jurisdiction extends to persons both in and outside of Singapore.
  • United Kingdom: The UK Treasury has released its second national risk assessment of ML/TF. Notably, the report stated that the risks of ML and TF for digital currencies is low, however the risks are expected to increase as digital currencies become more popular. The assessment supported bringing digital currency exchanges and wallet providers into the remit of the anti-money laundering and counter-terrorism financing regulation. The risk assessment also recommends increased investment in research, horizon scanning and training for law enforcement agencies in order to address to address one of the key findings of the first risk assessment, namely the risks created by the lack of interaction between the regulated sector and digital currencies.
  • India: Three justices from the Supreme Court of India have issued a notice to India’s central bank, market regulator and tax department, to respond to a petition calling for urgent regulatory direction in relation to Bitcoin trading. Currently, Indian authorities have not issued any guidance on cryptocurrencies and ICOs, other than a warning issued by the Reserve Bank against virtual currencies in late 2013. The Indian Government formed a committee to study cryptocurrencies earlier in the year, but the committee has yet to report on its findings.
  • France: The French financial regulator, Autorité des Marchés Financiers (AMF), has released a consultation paper on the development of a framework for ICOs and the launch of its support program, the Universal Node to ICO Research and Network (UNICORN).  Identifying the risks involved with investing in ICOs, the AMF has put forward three methods of monitoring ICOs: promoting a guide to good practice, extending the scope of existing guidance to apprehend ICOs as offers of securities to the public and proposing new legislation in relation to ICOs. The consultation closes 22 December 2017.
  • Japan: The Financial Services Agency (FSA), Japan’s financial regulator, has issued a warning to investors regarding the risks of investing in ICOs.  Highlighting the potential for fraud and the price volatility attached to tokens, the FSA also noted that businesses involved in ICOs should check whether relevant legislation such as the Payment Services Act and Financial Instruments and Exchange Act may apply.
  • Malaysia: The Chairman of the Securities Commission Malaysia (SC) has indicated that the SC is working with Malaysia’s central bank to create a regulatory framework for cryptocurrencies. This will include guidelines for functional token use cases such as secondary market trading of digital assets. The framework is due to be released in the first half of 2018. Malaysia’s central bank, Man Negara Malaysia, is also planning to bring cryptocurrencies within its AML/CTF regulatory framework by including currency exchanges within the scope of “reporting institutions”.
  • Germany: The Federal Financial Supervisory Authority (BaFin) has released a consumer warning on the risks of investing in ICOs. BaFin identified the key risks as being significant token price fluctuations, the experimental nature of the projects being financed, insufficient information provided in contrast to regulated prospectuses and systemic vulnerability to fraud and ML/TF risks.  Following this, BaFin has released a more in-depth article examining the risks and how investors should behave.  Broadly, BaFin recommends researching the identity, reputation and credit standing of the token offeror, verifying whether supervision has been provided by a relevant authority and investigating the benefits and risks of projects. Currently, BaFin is analysing ICOs on a case-by-case basis to determine whether they fall within BaFin’s regulatory scope.
  • Netherlands: The Netherlands Authority for Financial Markets (AFM) has followed in Germany’s footsteps in alerting investors to the risks relating to ICOs. Key risks identified include the possibility of scammers, overestimations regarding returns on projects, a lack of transparency around projects and the teams behind projects, and speculative investors causing price volatility.
  • European Union: The European Securities and Markets Authority (ESMA) has issued two statements on the risks of ICOs for investors and considerations for start-ups wishing to conduct an ICO.  ESMA warned that tokens constituting financial instruments need to comply with legislation including the Prospectus Directive, the Markets in Financial Instruments Directive, the Alternative Investment Fund Managers Directive and the Fourth Anti-Money Laundering Directive.
  • United States: The Chairman of US Securities and Exchange Commission (SEC) recently made unscripted remarks that suggested the SEC would potentially be more aggressive in its approach towards regulating ICOs.  Stating that many of the ICOs he had seen bore strong resemblance to securities, the Chairman also asserted that the cryptocurrency market lacked transparency and was vulnerable to market manipulation. This comes after the SEC’s market-shaping report on the DAO (discussed here) and is significant as regulators around the globe begin examining the enforcement of securities law and ICOs.

While the regulation of ICOs and cryptocurrencies continues to evolve in many jurisdictions, the enthusiasm for widespread application and use of blockchain technology continues to grow.  The European Commission has put out a call for tenders for a study assessing the opportunity and feasibility of using blockchain technologies across the European Union.  The overall objective is to create “conducive environments for implementing more effective public policies, easing private sector engagement with the authorities, developing innovative ecosystems and applications, showing leadership and reinforcing the competitive edge of Europe and its blockchain innovators at a global level”.  The use of blockchain technology across many different applications appears likely to continue.

Class actions filed against ICO offeror, Tezos, in United States

Two class actions have been initiated in the US against blockchain startup, Tezos, in relation to its US$232 million ICO earlier this year.  Filed in California and South Florida, both actions focus on allegations that Tezos violated US securities law by offering tokens that represented securities, despite failing to register with the SEC. Additionally, there are allegations that Tezos made misleading statements to token purchasers regarding the internal operations of the company, misrepresenting the development of the project and falsely marketing Tezzies as charitable contributions.

Both suits cite the SEC’s report on the DAO, indicating that many tokens offered in ICOs are securities and are subject to applicable law. The inherent nature of the Tezzie token is such that it derives its value from the usefulness and popularity of Tezos’ underlying technology.  It is alleged that the recent disclosure of the delay in development of the technology caused the value of the Tezzie token to be reduced by half, to the detriment of purchasers. The plaintiff and class members of both suits argue that Tezos is not protected by the ‘safe harbour’ defence, which is usually granted for forward-looking statements.

The plaintiffs are seeking a remedy which will allow purchasers to rescind their token purchases, in addition to damages. The reaction to ICOs has varied significantly around the world, with some financial regulators adopting starkly different positions. As one of the first suits to be initiated in relation to ICOs, the outcome of this action will hopefully provide some clarification as to the legal status of ICOs within the US.


Subscribe to receive the FinTech Update


*We will not share your email address with third parties