Insights

The Legal 500: Fintech 2026 (Australia)

Date published 17 March 2026

Read time TBC

This guide provides a pragmatic overview of the law and practice of fintech law in Australia.

Related sectors

Related services

1. Who are the primary regulators overseeing fintechs in your jurisdiction, and how are regulatory boundaries evolving as innovation crosses traditional lines between payments, lending, wealth, and digital assets?

The primary regulators overseeing fintechs in Australia are as follows:

The Australian Securities and Investments Commission (ASIC) is Australia’s integrated corporate, markets, financial services and consumer credit regulator. ASIC administers various legislation including the Corporations Act 2001 (Cth), the Australian Securities and Investments Commission Act 2001 (Cth), the National Consumer Credit Protection Act 2009 (Cth), the Financial Accountability Regime Act 2023 (Cth), and parts of certain other pieces of legislation such as the Banking Act 1959 (Cth) and the Superannuation Industry (Supervision) Act 1993 (Cth). ASIC’s responsibilities include licensing, industry supervision and surveillance, administering and enforcing consumer protection provisions including the unfair contracts regimes, and enforcement.

The Australian Prudential Regulation Authority (APRA) is Australia’s prudential regulator of banks, insurance companies and most superannuation funds. Prudential regulation is concerned with maintaining the safety and soundness of financial institutions, and protecting the interests of depositors, policy holders and superannuation fund members. APRA works closely with ASIC, the Australian Treasury and the Reserve Bank of Australia.

The Australian Competition and Consumer Commission (ACCC) is Australia’s national competition, consumer, fair trading and product safety regulator. The ACCC administers the Competition and Consumer Act 2010 (Cth), which covers a range of relationships and responsibilities including product safety and labelling, unfair market practices, price monitoring, industry codes and regulation, and mergers & acquisitions. In the near future, the ACCC’s responsibilities will expand to administer a new Scams Prevention Framework, for which ASIC (and other regulators) will also have responsibility.

The Australian Transaction Reports and Analysis Centre (AUSTRAC) is Australia’s financial intelligence unit and anti-money laundering and counter-terrorism financing (AML/CTF) regulator. AUSTRAC’s responsibilities include receiving and processing suspicious matter and funds transfer reports in order to assist in detecting and disrupting serious and organised crime.

The Office of the Australian Information Commission (OAIC) promotes and upholds privacy and information access rights, including by administering the Privacy Act 1988 (Cth). The OAIC’s regulatory responsibilities are evolving with the development of a consumer data right and a national DigitalID framework.

As part of the Australian Government’s (Government) response to the 2017-2019 Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (Royal Commission), the Australian Law Reform Commission conducted an inquiry into simplifying Australia’s financial services regulatory framework to make it “more adaptive, effective and navigable for consumers and regulated entities”. As the financial sector continues to evolve through innovation, regulators and legislators are looking beyond the findings of the Royal Commission to modernise the regulation of financial services. At the date of writing, there are several live regulatory reviews and proposals for legislative reform in this space, such as reforms to the AML/CTF laws, payment regulation laws and digital asset laws.

2. As regulators adopt different rules for digital assets, AI, and consumer protection, what key regulatory and operational challenges could slow fintech innovation and growth in your jurisdiction over the next 12 months?

Notwithstanding occasional comments to the contrary, the Australian Government, legislators and regulators have been slow when it comes to providing regulatory certainty and paths to market for the digital assets sector, generally not keeping pace with comparable jurisdictions. ASIC’s recent approach to administering laws that may apply to digital assets businesses could be described as “regulation by enforcement”, creating an uncertain and at times hostile environment for digital asset businesses. Due in part to the regulatory treatment, it can be extremely challenging for digital asset fintech businesses to open Australian bank accounts, onboard with established payment rails and to obtain insurance. There is some optimism that this will change, with recent developments in the form of consultation packages and licensing relief for certain stablecoin service providers.

3. Are fintechs generally required to obtain licenses or registrations to operate in your jurisdiction, and if so, which activities typically trigger those requirements (e.g., lending, payments, digital assets custody)?

This depends on the nature of the activities engaged in, and services provided by, the fintech. For example:

if the fintech is carrying on a business of providing a financial service (eg, a business of providing financial product advice, dealing in financial products, providing a custodial or depository service or making a market in financial products), the fintech may be required to hold an Australian financial services licence (AFSL).
if the fintech is carrying on a business of engaging in consumer credit activities, the fintech may be required to hold an Australian credit licence (ACL).
if the fintech is operating a financial market, the fintech may be required to hold an Australian market licence.
if the fintech is carrying on a banking business, the fintech may be required to be an authorised deposit-taking institution.
if the fintech is providing value transfer or virtual asset related services, the fintech may be required to be registered with AUSTRAC.

Additionally, if the fintech is carrying on a business of any kind in Australia, the business must register with ASIC as a foreign company.

4. Are there emerging cross-functional or omnibus licensing regimes, such as those inspired by the U.S. GENIUS Act, the EU MiCA/DORA frameworks, or similar integrated models, that allow a single license to cover multiple fintech activities?

While there is not yet a true cross-functional or omnibus licensing regime comparable to the EU’s MiCA passport or the U.S.’ GENIUS Act, Australia is moving towards a more integrated, efficient and navigable financial services regulatory framework. For example, as part of the Government’s Strategic Plan for Australia’s Payment System (Payments Strategic Plan), it is proposed that certain payment service related authorisations that are currently spread across several regimes and regulators will be consolidated into a graduated AFSL framework.

5. How have regulatory sandboxes, innovation offices, or digital-testing frameworks matured in 2025, and what measurable impact have they had on time-to-market or capital formation for fintech start-ups?

In 2020, an ‘enhanced regulatory sandbox’ (ERS) was established by the Government. The ERS creates a framework for an entity to test specific financial services and products, as well as engage in credit activities, without the requirement to hold an AFS licence or an ACL. On 21 March 2025, the Government released the “Statement on Developing an Innovative Australian Digital Asset Industry” where it announced that it would commence reviewing the ERS to ensure that it is fostering innovation.

On 17 December 2025, Treasury released a consultation paper in relation to the ERS which notes that since 2020, uptake of the ERS has been limited with only 19 entities from 103 applications accepted into the sandbox. Of those 19 entities, outcomes have been mixed: 15 entities have ceased using the ERS, with 3 becoming Corporate Authorised Representatives (now ceased) and 1 obtaining an AFSL, while 4 entities are currently participating in the ERS. The consultation asks for stakeholder views on:

sources of and barriers to financial innovation in Australia;
how effective the ERS is; and
how the ERS could better support financial innovation.

ASIC is engaged in an enhanced cooperation agreement with the United Kingdom’s Financial Conduct Authority. This agreement facilitates the mutual referral of innovative businesses to each other’s regulatory sandboxes, benefitting fintech start-ups through enhanced cross-border collaboration.

6. How are regulators adapting their supervisory approaches (e.g., RegTech-enabled supervision, API-based reporting) to oversee fintechs operating across jurisdictions or with embedded finance models?

Australia’s regulators are embracing more data-driven, technology-enabled supervisory arrangements tailored to cross-border fintechs and fintechs that operate embedded finance models. For example:

ASIC is deepening analytics-led oversight while using its Innovation Hub and sandbox to surface new models early. ASIC has stated that it adopts an ‘open mind’ approach that includes learning from industry input, international case studies and close collaboration and knowledge sharing with domestic and international regulators.
APRA’s migration to APRA Connect in 2021 signals a sustained shift to structured, machine-readable reporting that assists the oversight of fintechs operating across jurisdictions or with embedded finance models.
AUSTRAC is modernising the AML/CTF regime (including travel-rule implementation and expanding the scope of transfers of value) with reforms generally coming into effect on 31 March 2026.

7. How do your jurisdiction’s securities, commodities, and banking regulators interpret tokenization, DeFi, and stablecoin products under the current legal landscape, particularly in light of the U.S. state-level stablecoin acts and MiCA implementation in the EU?

Existing financial services laws will apply to tokenisation, decentralised finance and stablecoin products where the offering constitutes the provision of a financial service. Issuers and other service providers (eg, promoters; asset holders) may be required to hold an AFSL or be able to rely on an exemption, as well as comply with applicable conduct and disclosure obligations.

On 18 September 2025, ASIC granted the first-of-its-kind relief through the ASIC Corporations (Stablecoin Distribution Exemption) Instrument 2025/631 (Instrument 2025/631), exempting intermediaries engaging in the secondary distribution of a “Named Stablecoin” from holding a separate Australian financial services, Australian market, or clearing and settlement facility licence. On 25 September, ASIC proposed amending Instrument 2025/631 to include another named stablecoin.

On 29 October 2025, ASIC released a class no action letter alongside an updated Information Sheet 225: Digital Assets: Financial products and services (INFO 225). ASIC defined a ‘digital asset’ to mean a digital representation of value or rights, the ownership of which is evidenced cryptographically and that is held and transferred electronically by a type of distributed ledger technology or another distributed cryptographically verifiable data structure. The updated INFO 225 follows ASIC’s December 2024 consultation (CP 381) and provides an enhanced suite of worked examples to illustrate how existing Australian financial services concepts apply to digital assets as well as setting out ASIC’s operational expectations for licensees.

In parallel, ASIC invited public feedback on a draft legislative instrument, ASIC Corporations (Stablecoin and Wrapped Token Relief) Instrument 2025/XX. The draft instrument proposes class relief for distributors of “eligible stablecoins” and “eligible wrapped tokens”. The relief would exempt distributors from the need to hold a separate AFSL, Australian market, or CS facility licence and provides limited disclosure and transaction confirmation relief, subject to strict eligibility criteria and safeguards. Comments on the draft instrument closed on 12 November 2025.

On 26 November 2025, Parliament introduced the Corporations Amendment (Digital Assets Framework) Bill 2025 (Digital Assets Bill). The Digital Assets Bill designates Digital Asset Platforms and Tokenised Custody Platforms as financial products under the Corporations Act, requiring operators of these platforms to hold an AFSL.

Even if a crypto asset is not a financial product, it is still subject to regulatory oversight in Australia. This includes under the Australian consumer law (ACL), which contains consumer protection provisions that include a prohibition on misleading or deceptive conduct and restrictions on referral selling arrangements.

The AML/CTF Act will apply to operators of digital currency exchange services. From July 2026, the AML/CTF Act will apply to other virtual asset service providers, including on and off ramp providers, transferors of virtual assets, providers of asset holding or administration services and providers of offer or sale services.

8. What are the AML/CFT and travel-rule obligations for virtual asset service providers currently, and how do they apply to “non-custodial” or “self-hosted wallet” models?

If an entity provides a designated service in Australia and has a geographical connection to Australia, the entity is a reporting entity and has obligations under the AML/CTF Act. These obligations include to:

enrol (and, if required, register) with AUSTRAC;
adopt and maintain a compliant AML/CTF Program that includes risk based procedures for carrying out customer due diligence and a program for monitoring transactions;
report suspicious matters and international funds transfer instructions to AUSTRAC, as well as an annual compliance report; and
record keeping requirements.

From 31 March 2026 (and subject to transitional provisions), the travel rule will apply to value transfer service providers where there is a transfer of value (including virtual assets), requiring collection, verification, transmission and monitoring of payer/payee information and role-specific duties for ordering, intermediary and beneficiary institutions.

Specific exemptions recognise that transfers of value involving self-hosted wallets do not always allow secure transmission of relevant data. In these instances, virtual asset service providers must still collect and verify payer/payee information.

9. What new prudential or reserve requirements are being imposed on stablecoin issuers or custodians?

Refer to the response to question 7 above.

As a general comment, we note that there are various legislative and regulatory reforms underway and matters before Australian courts, the outcomes of which will impact the operations of cryptocurrency and blockchain business in Australia. For example, the Tranche 1a exposure draft legislation released on 9 October 2025 as part of the Payments Strategic Plan proposes the introduction of tailored requirements for stored value facilities including digital wallets and stablecoin issuers.

10. How focused are regulators in your jurisdiction on data privacy, cybersecurity, and operational resilience for fintechs, and what enforcement or inquiry trends are emerging?

Australian regulators are highly focused on data privacy, cybersecurity and operational resilience across financial services, with fintechs very much in scope. In 2023, the Government released its 2023-2030 Australian Cyber Security Strategy which described cyber security as an urgent national problem and established a plan for a suite of legislative reforms. This included the introduction of the Cyber Security Act 2024 (Cth) and amendments to the Security of Critical Infrastructure Act 2018 (Cth).

The Privacy Act 1988 (Cth) (Privacy Act) regulates the handling of personal information by Government agencies and private sector organisations with an aggregate group revenue of at least A$3 million with a jurisdictional link to Australia. The first tranche of Privacy Act reforms commenced in December 2024, with a second tranche of amendments expected at a later time.

The Notifiable Data Breaches (NDB) scheme was implemented in 2018. The NDB scheme mandates that entities regulated under the Privacy Act are required to notify any affected individuals and the Office of the Australian Information Commissioner in the event of a data breach (ie, unauthorised access to or disclosure of information) which is likely to result in serious harm to those individuals. The NDB scheme applies to agencies and organisations that the Privacy Act requires to take steps to secure certain categories of personal information. Therefore, entities will also need to ensure that any blockchain implementations are sufficiently protected from security issues such as unauthorised access and operational failure, and in the case of a data breach, ensure that they have adequate processes in place to comply with the NDB scheme.

ASIC and APRA have flagged cyber risk management as priorities to drive industry standards. In particular, since 1 July 2025, APRA-regulated entities have been required to comply with Prudential Standard CPS 230 (Operational Risk Management), raising expectations for governance and incident management in relation to cyber breaches.

11. What practical steps should cryptocurrency and blockchain companies take to detect and prevent fraudulent transactions, and how can they prepare for regulatory audits, inquiries, and enforcement actions?

This depends on the nature of the activities engaged in, and services provided by, the fintech. Generally, Australian cryptocurrency and blockchain companies should build a fraud-focused financial crime framework that meets AUSTRAC, ASIC and, where relevant, APRA expectations, while maintaining records and decisions for audits, inquiries and potential enforcement. We recommend a fintech work with local counsel to determine and understand the legal and regulatory landscape that is applicable to the proposed offering. This work should include operational and tax efficient structuring advice, as well as identifying any applicable licensing, registration, approval or exemption requirements. Conduct and disclosure requirements will generally flow from any required licenses, registrations, approvals or exemptions.

12. How are fintechs adapting to changing immigration frameworks, such as revisions to U.S. H-1B and digital nomad visas in the EU and Asia, to attract tech and compliance talent globally?

Refer to the response to question 14 for an overview of Australia’s immigration framework. Australia’s repositioning of itself as a globally competitive destination for technology talent provides an opportunity for Australian fintechs to expand through increased resources and more efficient outputs. Parallel to this, fintechs must navigate substantive compliance obligations that govern the employment of international talent, particularly in regulatory and compliance roles subject to heightened supervisory scrutiny.

13. What new geopolitical or sanctions-related risks (e.g., digital asset restrictions, AML screening mandates) have emerged that affect fintech operations in cross-border markets?

This depends on the nature of the fintech and the services provided by the fintech. If the fintech is the provider of a regulated service such as a financial, consumer credit or banking service, the fintech will likely have regulatory capital requirements to support financial stability and consumer outcomes. Similarly, a provider of a regulated service will likely have licensing, conduct and disclosure requirements that will need to be integrated into operations and generally require some level of onshore human, financial and technological resourcing.

We recommend seeking local advice to understand the applicable risks.

14. How do immigration and workforce-mobility policies—like work visas, remote-work permits, and intra-company transfers—affect fintechs’ ability to move key staff into new markets, and what practical steps can companies take to avoid talent shortages or delays?

Migrants require working visas from the Department of Home Affairs (DOHA) to work in Australia, and each type has its own eligibility requirements. Businesses can nominate or sponsor such visas. In 2026, the Temporary Skill Shortage visa was replaced by the Skills in Demand (subclass 482) visa (SID Visa). The SID Visa is the most common form of employer-sponsored visa for immigration to Australia, utilising a tiered approach with three distinct streams each calibrated to address Australia’s skill shortages in key sectors such as technology, engineering and healthcare. The streams and corresponding qualifications of an SID Visa are as follows:

Core Skills Stream: an applicant’s occupation must be on the Core Skills Occupation List, with a maximum visa period of up to 4 years, or up to 5 years for Hong Kong passport holders, with an option to apply for permanent residency subject to eligibility requirements;
Specialist Skills Stream: an applicant’s occupation must be in Major Groups 1, 2, 4, 5 or 6 on the Australian and New Zealand Standard Classification of Occupations list where the nominated salary for the position meets the Specialist Skills Income Threshold, with a maximum visa period of up to 4 years, or up to 5 years for Hong Kong passport holders (with an option to apply for permanent residency subject to eligibility requirements);
Labour Agreement Stream: the applicant must have an employer that has a labour agreement with the Government in effect, with a maximum period of up to four years (or five years for Hong Kong passport holders).

The DOHA has created a Global Business & Talent Attraction Taskforce to attract high value businesses and individuals to Australia. The Taskforce facilitates the National Innovation Visa (subclass 858) (NIV) and Global Talent Employer Sponsored program. Candidates are invited to apply for a NIV based on the priority attributed to their sector with the financial services and fintech sector included in the Tier Two Priority list. We recommend seeking local advice to understand how to mitigate talent shortages or delays.

15. How do immigration rules and visa limitations influence the speed and strategy of fintech market entry, particularly when launching operations in multiple jurisdictions?

Refer to the responses to questions 12, 13 and 14.

As a general comment, Australia’s repositioned immigration policy can function as an accelerator for fintech market entry, with the Skills in Demand framework designed to expediate job entry and retain talent.

16. How can fintechs protect their proprietary algorithms and smart-contract code, balancing open-source use with trade-secret protections and any AI-related disclosure rules?

In Australia, it is challenging to secure patent protection for fintech innovations. There is uncertainty as to whether an invention that uses or features computer software or hardware will be patentable subject matter under the Patents Act 1990 (Cth) and courts will likely consider this issue on a case-by-case basis. Generally, a mere scheme, plan or discovery, or mere abstract ideas or information are not patentable subject matter.

If the fintech company makes its own open-source software available to third parties:

There is a risk that another person may use that open-source software to develop another product or service, notwithstanding any restrictions in the open-source licensing agreement. In our experience, it is difficult to enforce contraventions of terms that restrict use of open-source software.
The terms of the licensing agreement should contain appropriate limitations on liabilities and disclaimers on fitness and propriety (to the maximum extent permitted by law).

If the fintech company is the consumer / user of open-source software, the fintech company should:

Ensure that it complies with the terms of the licensing agreement, particularly insofar as terms restrict the fintech’s ability to use, modify or redistribute the software.
Undertake due diligence testing on the code to ensure it is fit for purpose (especially in relation to security vulnerabilities).
Undertake due diligence to identify any third party IP risks in using the software.

17. What strategies are most effective for safeguarding trademarks and digital brands in an era of AI-generated impersonation, deepfakes, and synthetic media fraud?

There are multiple layers of protection available to fintechs in Australia in respect of intellectual property (IP). Key forms of protection are outlined below. Sophisticated fintechs have a strategy that leverages many, if not all of these:

Copyright: Copyright legislation in Australia protects many aspects of fintech innovation, including source code, visual features, application programming interface structures, and other works. Copyright arises automatically on creation of an original work. An important limitation is that it protects the material expression of an idea, rather than the idea itself. Human authorship is also required for copyright to subsist.

Confidential information: Trade secrets and know-how are particularly valuable in the fintech space, given the difficulties in securing patent protection for software. Confidential information is protected under common law. There is no statutory trade secrets regime. This means that robust contractual and practical protections in respect of confidential information are essential.

Trade marks: Establishing a unique brand and building goodwill in that brand is a key strategy for protection of fintech innovation in Australia, given the limitations of the other forms of protection. Australia recognises registered and unregistered trade mark rights, however registered trade marks are significantly simpler to enforce and commercialise.

Contractual protections (third party creation of IP): Where IP is created for a fintech by a third party, it is important to consider whether there is an effective assignment of the IP created by the third party and whether all of the relevant IP is captured within the agreement (e.g. including where any improvements to a fintech business’ intellectual property are made by the third party). Australia does not have a ‘work made for hire’ regime, so contractual assignment provisions are essential.

Employee created intellectual property: By default, IP created by employees is owned by the employer, where the creation of IP is within the scope of their engagement. However, to avoid disputes about ownership, it is important to ensure that employment agreements contain adequate assignment provisions.

18. When fintechs collaborate with outside developers, partners, or open-source communities, how can they make sure they retain ownership of their technology and avoid disputes?

A fintech should develop a confidentiality / non-disclosure agreement that can be agreed with counterparties prior to entering into commercial or legal discussions.

We recommend seeking local legal advice to assist in negotiating any IP licence terms or terms of use.

19. What steps should fintechs take to detect, prevent, and respond to competitors or third parties who might copy or misuse their technology, algorithms, or branding, and how do enforcement strategies differ across jurisdictions?

Refer to the protections set out in question 17.

20. How are jurisdictions addressing cross-border IP enforcement for fintech products involving distributed infrastructure and decentralized code bases?

Australian law recognises multiple layers of IP protection and enforcement including copyright, confidential information and registered trademarks. However, these protections are inherently domestic in nature meaning that Australian IP registrations provide no protection nor enforcement rights in foreign jurisdictions.

We recommend seeking local legal advice to assist in IP protection and, if necessary, enforcement.

21. How should fintechs approach IP protection when licensing or selling software, smart contracts, or AI models to ensure ongoing control and compliance with different countries’ laws?

Refer to the protections set out in question 17 for how to ensure ongoing control and compliance with Australia’s IP laws.

22. Under emerging AI-governance frameworks, such as the EU AI Act and U.S. GENIUS Act, what legal obligations apply to fintechs using AI in underwriting, robo-advisory, and fraud protection?

Whilst not currently a legal requirement for the private sector, the Government has designed 8 AI Ethics Principles, which provide a voluntary framework designed to complement (but not substitute) current AI practices. It has also hosted two consultations relating to the identifying the risks and responsible use of AI including one which concluded in May 2022 and one which concluded in August 2023. On 21 October 2025, the Government Department of Industry, Science and Resources published the Guidance for AI Adoption which outlines six essential practices for safe and responsible AI governance.

More specifically, Australian regulators had made statements expressing general support for the use of AI but reminding the regulated population to be mindful of obligations.

23. How can fintechs evidence algorithmic fairness, explainability, and bias mitigation in compliance with new supervisory expectations for automated credit and AML decisioning systems?

Fintechs should consider any discrimination or biases that may arise from their use of AI and monitor their AI products to ensure discriminatory outcomes are not experienced. Further, where AI solutions are implemented to provide financial services, undertake credit activities, or assist with AML decisioning, the business should train and monitor its AI solution to comply with the applicable laws and ensure there are no negative consumer outcomes.

If a fintech is regulated (eg, as an AFSL holder because it carries on a business of providing financial services), the fintech must ensure its use of AI is consistent with its regulatory obligations.

There are no specific laws applicable to the use, development and adoption of AI or machine learning in Australia. However, other data protections apply (e.g. Privacy Act requirements apply to AI technologies that use personal information). Importantly, while the Privacy Act does not contain a specific principle related to automated decision making (such as is available under the General Data Protection Regulation) it has been amended to require transparency about automated decision-making in privacy policies from December 2026 and further privacy reforms may introduce additional obligations in the future.

24. What are the IP and data-protection considerations around training proprietary AI models on financial data, and how can fintechs structure data-sharing agreements to minimize risk?

Regarding protecting AI technologies, refer to the response to question 17.

Regarding the use of proprietary AI models, use will be governed by the terms of the data-sharing agreement with the AI service provider. We recommend seeking local legal advice to assist in structuring a data-sharing agreement but as a general comment, we note that it would be beneficial to favour a clear purpose definition, appropriate governance and proportionate safeguards in the agreement.

25. How are regulators treating AI-driven investment or credit-decisioning tools for purposes of fiduciary duty, fair lending, and disclosure obligations under updated consumer protection frameworks?

Refer to the responses to questions 22 and 23.

On 29 October 2024, ASIC released Report 798 which contained the regulator’s analysis of 23 AFS licensees and credit licensees’ uses of AI. While the report found that the way licensees used AI was quite cautious in terms of decision making and interactions with consumers, ASIC expressed a concern that not all licensees were well positioned to manage the challenges of their expanding AI use.

26. What emerging liability theories (e.g., negligent model governance, failure to supervise AI) could expose fintechs to enforcement or civil litigation in the next 12 months, and how should firms build defensible risk management frameworks?

This depends on the nature of the business and the way that AI is deployed by the fintech. At a minimum, the fintech should apply its risk management methodology to identify, assess, mitigate and monitor the risks associated with the use of any AI technologies. Effective risk management may require additional human resources with specific expertise in AI technologies, and disclosure of risks to clients.

27. What notable examples of fintech-driven disruption or embedded finance adoption have reshaped your jurisdiction’s financial landscape in the past year

Australia has a very active and innovative payments sector, with lots of businesses looking to make non-cash payments more affordable, accessible and fast. An evolving regulatory landscape makes these offerings complex but also creates opportunities for disruption.

Fintech disruption in offerings related to cost of living and housing affordability are particularly prevalent. There are various successful operators of fractionalised and tokenised property investment or ownership models, and various providers of fast and convenient liquidity for specific purposes such as funding deposits or bridging finance.

28. Looking ahead, which regulatory reforms or global coordination efforts—such as cross-border licensing passporting or stablecoin reserve interoperability—hold the greatest potential to accelerate fintech innovation?

The regulatory landscape for fintechs in Australia is undergoing significant reform. Australia’s financial services policy and regulatory context continues to be informed by the findings of the Royal Commission. In parallel, regulators and legislators have engaged in several targeted reviews and regulatory reforms in this space to modernise the regulation of financial services:

Digital asset platform regulation: On 26 November 2025, Parliament introduced the Corporations Amendment (Digital Assets Framework) Bill 2025 (Digital Assets Bill). The Digital Assets Bill designates Digital Asset Platforms and Tokenised Custody Platforms as financial products under the Corporations Act, requiring operators of these platforms to hold an AFSL.
Payment systems modernisation: On 29 October 2025 the Government invited public feedback on exposure draft regulations under the Payment Systems Legislation Amendment (2025 Measures No. 1) Regulations 2025. The draft regulations support the legislation in Schedule 1 of the Treasury Laws Amendment (Payments System Modernisation) Act 2025 to clarify the scope of ministerial designation and directions powers, prescribe ‘special regulators’ and their functions, as well as persons authorised to use or disclose information relating to special payments systems. The draft regulations also propose to introduce protections from civil liability offences for special regulators and other prescribed persons. Submissions on the draft regulations were published on 16 December 2025.
AML/CTF reform: On 10 December 2024, the Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2024 (AML/CTF Bill) received Royal Assent. The AML/CTF Bill made sweeping reforms to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) to modernise Australia’s AML/CTF regime in line with international standards, with reforms set to commence on 31 March 2026. On 29 August 2025, AUSTRAC released the final AML/CTF Rules.

With multiple interconnected reform initiatives reshaping the operational landscape for financial services, optimism for accelerated fintech innovation in Australia should be high.

Upholding standards, pushing boundaries.

A rigorous process of pushing boundaries and uncovering insights.

Cookies Disclaimer

The Legal 500: Fintech 2026 (Australia)

Subject matter experts

Innovative thinking

The next chapter for LNG: why CCS could transform Australia's energy advantage

Melbourne Airport shareholder dispute: practical takeaways from Dexus v APAC

ASX’s proposed shareholder approval rules for major scrip-funded M&A: what listed bidders need to know

APRA and ASIC announce welcome reforms to the Financial Accountability Regime

APRA's governance overhaul: implications for regulated entity boards

Regulatory enforcement spotlight 2026: key trends so far and what to expect next

The Competitive Edge with Gilbert + Tobin

Boardroom Brief | Week commencing 15 June 2026

Gilbert + Tobin defeats NSW Court of Appeal challenge of arbitral stay

AI governance: existing obligations, regulatory expectations and increased scrutiny

Financial Services: Regulatory Recap - Week commencing 8 June 2026

Mythos-class AI and operational technology: why OT-heavy businesses need a faster legal response

Corporate Advisory Update | June 2026

Boardroom Brief |Week Commencing 8 June 2026

How to protect your business when your IT vendor fails