What are the sources of payments law in your jurisdiction?

Financial services regulation

The Corporations Act 2001 (Cth) (Corporations Act) regulates entities that carry on a financial services business in Australia. Financial services include financial product advice and dealing in financial products.

Financial products include a facility (an arrangement) through which a person makes a non-cash payment (NCP). A person who carries on a business of providing financial services that relates to a NCP facility in Australia must hold an Australian financial services licence (AFSL) unless exempt from the requirement (e.g. low value facilities, gift vouchers and loyalty schemes). A range of conduct and disclosure obligations apply to AFSL holders.

Prudential regulation

The Payment Systems (Regulation) Act 1998 (Cth) (Payment Systems Regulation Act) (as administered by the Reserve Bank of Australia (RBA)) requires entities that are holders of stored value in connection with a purchased payment facility (PPF) to be an authorised deposit-taking institution (ADI) authorised by the Australian Prudential Regulation Authority. A PPF is a facility (other than cash) where the customer is able to make payments up to the amount available under the facility and those payments are made by the provider of the facility (or another person acting in accordance with instructions) (eg, gift cards, prepaid cards). A PPF provider is a sub-class of ADI; there are currently only two authorised PPF providers in Australia.

The RBA has issued various declarations exempting certain PPFs from the application of the Payment Systems Regulation Act or exempting certain entities from the requirement to be an ADI. These broadly relate to loyalty schemes, gift cards, road toll devices, pre-paid mobile phone accounts, limited value and participant facilities or otherwise where the holder of stored value has its obligations guaranteed by an existing ADI.

Payment systems regulation

The RBA also regulates designated payment systems in accordance with the Payment Systems Regulation Act. A payment system is a funds transfer system that facilitates the circulation of money, and includes any instruments and procedures that relate to the system. The RBA has the power to ‘designate’ certain payment systems as being subject to regulation under the Payment Systems Regulation Act. This has occurred in relation to card schemes such as Mastercard, Visa and Eftpos. Once designated, the RBA has the power to issue access requirements and standards associated for that system. For example, setting limits on interchange fees, acceptance of other systems and limits on benefits provided to system members.

Anti-money laundering and counter-terrorism financing (AML/CTF)

Organisations that provide designated services with a geographical link to Australia (referred to as reporting entities) must comply with Australia’s AML/CTF Act and associated rules as administered by Australian Transaction Reports and Analysis Centre (AUSTRAC). This includes the requirement to enrol (and sometimes register) with AUSTRAC as a reporting entity and comply with various compliance, transaction monitoring and reporting obligations. Relevant designated services include a broad range of dealings in accounts with financial institutions, foreign exchange, digital currency exchange, stored value cards and remittance services. In particular, the broad wording of ‘remittance service’ in the AML/CTF Act means that an expanding class of digital payment and acquiring products are being captured as remittance services (eg, alternative acquiring services, marketplace and digital platform payment services, digital wallets). It is vital to understand whether your business may be operating a remittance service.

Future of payments regulation

In 2023, the Australian Government released its ‘Strategic Plan for Australia’s Payment System’ (Strategic Plan). The Government also initiated two consultations.

The first consultation relates to reforming the Payment Systems Regulation Act, including by expanding the definition of “participant” to capture more parties in a payment system and creating a Ministerial Designation power through which the Treasurer can designated a payment system if considered doing so is in the national interest. Consultation closed on 1 November 2023.

The second consultation relates to proposals to amend and modernise the licensing framework.

It is expected that legislation will be introduced in 2024.

Can payment services be provided by non-banks, and if so, on what conditions?

Some payment services can be provided by non-banks. Providers of financial services that relate to NCP facilities can be provided by non-bank entities that hold an AFSL or are able to rely on a licensing exemption. Holders of stored value can provide services relating to the operation of a PPF without being an ADI subject to an exemption. Only banks are permitted to carry on a banking business (ie, of accepting deposits and lending deposited funds).

What are the most popular payment methods and payment instruments in your jurisdiction?

Following the COVID-19 pandemic and advances in technology, non-cash payment methods are an increasingly popular payment method in Australia. The use of tap and go services continues to grow and cash and cheques continue to decline.

In addition to credit and debit cards, popular methods of payment in Australia include:

  • online transfers – customers transfer funds from one Australian bank account to another using the “New Payments Platform” (NPP) enabling real time payments;
  • online payment providers; and
  • stored value cards, including gift cards.

Buy now pay later has experienced a decline in popularity due to an evolving regulatory landscape that has caused some contraction in the sector.

Likewise, the availability of cryptocurrency-enabled payment methods has been challenged by an evolving regulatory landscape and a “regulation by enforcement” approach by the Australian Securities and Investments Commission.

What is the status of open banking in your jurisdiction (i.e. access to banks’ transaction data and push-payment functionality by third party service providers)? Is it mandated by law, if so, to which entities, and what is state of implementation in practice?

On 12 August 2019, the Treasury Laws Amendment (Consumer Data Right) Act 2019 (Cth) amended the Competition and Consumer Act 2010 (Cth), the Privacy Act 1988 (Cth) and the Australian Information Commissioner Act 2010 (Cth) to establish a Consumer Data Right (CDR). The CDR gives customers a right to require banks and other data holders to share their data with accredited data recipients (including banks, comparison services, fintechs, third parties and, in the future, non-bank lenders). The CDR also contemplates the introduction of action initiation which would allow accredited data recipients to transact and transfer accounts on the customer’s behalf. Accredited data recipients are accredited by the Australian Competition and Consumer Commission (ACCC) to receive consumer data to provide a product or service.

The CDR framework is being rolled out across a number of sectors. Each designated sector will be subject to CDR rules and technical data standards for that sector as made by the ACCC and Data Standards Chair respectively. Consumers will be able to exercise greater access and control over their data. These data sharing arrangements are intended to facilitate easier swapping of service providers, enhancement of customer experience based on personal and aggregated data, and more personalised offerings.

Data sharing

The banking sector was the first sector to be designated for data sharing under the Open Banking regime. The CDR rules for data sharing in the banking sector came into force on 6 February 2020 and consumers were able to consent to their bank sharing data with accredited data recipients from July 2020.

As of 1 July 2022, individual Australian bank customers have been able to direct data holders to share customer data with accredited third parties across a full suite of banking products. The major ADIs have also been required to facilitate data sharing by business consumers, partnerships, and secondary users and joint accounts. Non-major ADIs have been required to deliver the same requirements since 1 November 2022, at which stage the roll out of CDR in the banking sector reached completion and commenced in the energy sector.

The Government is still developing the CDR framework and has conducted a number of reviews and consultations over 2023 which have looked at the effectiveness of CDR’s rollout in the banking sector and proposed further changes to the CDR Rules including in relation to consent requirements and operational improvements. Therefore, further reforms should be expected.

Action initiation

The Treasury has consulted on a bill which will implement Action Initiation within the CDR. Action initiation will allow third-parties to act on behalf of a consumer (e.g. by making a payment or switching accounts on the customer’s behalf).

The intention to implement action initiation in open banking has been confirmed by the Inquiry into Future Directions for the CDR. However, at the time of writing, there has not been a designation or legislative change to require banks or other data holders to allow accredited data recipients action initiation.

If implemented, Action Initiation will be rolled out sector by sector in a similar way to the roll out of data sharing. It is proposed that the Minister will make a declaration designating new action types in particular sectors.

Following which the Minister will be able to make rules, data standards and guidelines for those action types.

This bill is not specific to Open Banking, but given Open Banking is the most mature CDR sector, it is likely that the government will begin implementing Action Initiation in the banking sector.

How does the regulation of data in your jurisdiction impact on the provision of financial services to consumers and businesses?

Some providers of financial services in Australia are subject to the Privacy Act 1988 (Cth).

In Australia, entities in all sectors with an annual turnover of more than AUD3 million have obligations under the Privacy Act. The Privacy Act also covers entities that earn AUD3 million or less if the entity is (among other things) a reporting entity under the AML/CTF Act, involved in trading in personal information or a credit reporting body.

Where data collected constitutes personal information, the provider must ensure that it is compliant with the Australian Privacy Principles. This includes, the following:

  • having a clearly expressed, up-to-date, and publicly available Privacy Policy;
  • only collecting personal information if the information is reasonably necessary for its functions or activities, and such collection is lawful and fair;
  • receiving consent to collect sensitive information (financial information is not generally sensitive information);
  • taking reasonable steps to notify end users of certain matters;
  • only using or disclosing personal information for the purpose for which it was collected. generally, not using or disclosing personal information that they hold to communicate directly with an individual to promote goods and services;
  • taking certain precautions before disclosing personal information across international borders;
  • taking reasonable steps to ensure that the personal information collected and held is accurate, up-to-date and complete;
  • taking reasonable steps to protect personal information from misuse, interference and loss and from unauthorised access, modification or disclosure and destroy or de- identify personal information when it is no longer needed; and
  • allowing individuals to access and correct their personal information.

On 16 February 2023 the Attorney General released a report detailing 116 proposals at a principles level on how the Privacy Act can be uplifted to best fit consumer privacy needs (Privacy Report). The principles are aimed at strengthening the protection of individual personal information and enhancing individuals control over their data. The Government formally responded to the Privacy Report on 28 September 2023 confirming it will be conducting a number of additional targeted consultations that will assist in the Government progressing work to enhance privacy protections including in the areas of small business, the private sector, employee privacy and privacy reforms affecting journalism and research.

CDR obligations

The CDR provides a secure and trusted method for ‘accredited data recipients’ to access consumers’ (both individual and business consumers) banking data.

Having access to banking data can provide greater insights into a customer’s financial situation and allow financial service providers to provide their services more efficiently.

The CDR’s impact on financial service providers is likely to increase over time with the roll out of the CDR economy wide. In particular, the Federal Government has announced that the CDR regime will be extended to “Open Finance”. That is, non-bank lending, insurance, superannuation and payments data. The rules for Open Finance have not been determined as the Government has only just completed its sectoral assessment for the sector. As set out in 'What is the status of open banking in your jurisdiction', these CDR obligations will require designated data holders to share data with accredited data recipients and may require data holders to allow Accredited Action Initiators to transact on behalf of their customers.

The expansion of the CDR is also likely to have tangential and unexpected impacts on the provision of financial services. For example, during the introduction of the CDR to the banking sector, it was the view of the fintech community that a ban on screen scraping would cripple the fintech industry. The Government released a Discussion Paper on 30 August 2023 which amongst other things, sought views on the comparability of data accessed through screen scraping with the CDR. The consultation closed on 25 October 2023 and insights discovered by the process are yet to be released.

What are regulators in your jurisdiction doing to encourage innovation in the financial sector? Are there any initiatives such as sandboxes, or special regulatory conditions for fintechs?

ASIC operates a regulatory sandbox which allows fintechs to operate small scale financial services or credit activities as pilot projects. The sandbox provides licensing relief, for a limited time, for a project. There are strict eligibility criteria for the type of businesses that can participate and the products and services that qualify, including that there must be a net benefit to the public and the product or service must be new and innovative.

Under the Business Research Innovation Initiative, ASIC has been working with six regtech firms to explore potential solutions in addressing poor corporate disclosure by listed companies. At the time of publication, five regtech entities have presented a feasibility study to ASIC and one regtech, with the support of ASIC is, developing a proof of concept for using technology to help identify and assess poor market disclosure by listed companies.2 ASIC promotes the application of regtech to deliver better regulatory compliance and consumer outcomes through information-sharing and problem-solving events within industry and hosting quarterly regtech liaison forums.

AUSTRAC also recognises that regtech plays an important role in assisting reporting entities to meet their AML/CTF obligations and provides general guidance about AML/CTF regulation through the AUSTRAC RegTech Engagement program. It has also published fact sheets for regtechs and reporting entities considering engaging regtechs.

Both ASIC and AUSTRAC committed to helping fintech businesses more broadly by streamlining access and offering informal guidance to enhance regulatory understanding and have established Innovation Hubs to assist start-ups in navigating the Australian regulatory regime. AUSTRAC’s Fintel Alliance has an Innovation Hub targeted at combatting ML/TF and improving the fintech sector’s relationship with Government and regulators. It also assesses the impact of emerging technologies such as blockchain and cryptocurrency.

Do you foresee any imminent risks to the growth of the fintech market in your jurisdiction?

The evolving regulatory landscape in Australia presents both risks and opportunities to the growth of the fintech market in Australia.

For payment providers, the current regulatory framework is no longer suitable or adaptable to the emerging technologies and participants involved in the delivery of payment services. Reforms to payment regulation will assist with legal certainty, which will support a growth in product offerings and increase competition. However, the reforms generally propose expanding the reach of regulation meaning participants not currently required to hold licences will be required to obtain licences and comply with conduct and disclosure requirements.

Buy now pay later providers are awaiting progress on a proposed licensing framework. In the interim, the sector has been on the radar of the Australian Securities and Investments Commission and the Australian Competition and Consumer Commission, which has challenged the growth of operators in Australia.

In late 2023, the Australian Government published its long overdue consultation on proposed regulation of cryptocurrency (digital asset) businesses in Australia. To date, cryptocurrency businesses have struggled in the Australian market due to factors such as regulation by enforcement and debanking. The market has welcomed the proposed regulation as the first step towards regulatory certainty, but it is expected to be a long journey through consultation and ultimately legislation.

What tax incentives exist in your jurisdiction to encourage fintech investment?

Investments in fintechs can potentially be made through Australian limited partnerships known as early-stage venture capital limited partnerships (ESVCLPs) and venture capital limited partnerships (VCLPs). Subject to satisfying certain eligibility criteria, investors in such partnerships may receive concessional tax treatment.

For example, investors in an ESVCLP may be exempt from tax on gains from the disposal of eligible investments. They may also be entitled to a 10 percent carry forward non-refundable tax offset on capital contributions made to the partnership. For VCLPs, benefits include tax exemptions for foreign resident investors on their share of any revenue or capital gains made on disposal of an investment by the VCLP.

Businesses which incur eligible expenditure on research and development (R&D) activities may be eligible for the R&D tax incentive. Under the incentive:

  • businesses with less than AUD$20 million aggregated turnover are entitled to a tax offset of 18.5 percentage points above the corporate tax rate (i.e. 43.5 percent in the case of a company that is subject to a 25 percent rate of tax). Any excess of the offset over tax payable is refundable;
  • other businesses with aggregated turnover of AUD$20 million or more are entitled to a non- refundable tax offset equal to the corporate tax rate plus an incremental premium. The offset will be equal to the corporate tax rate plus an 8.5 percent premium for R&D expenditure up to 2 per cent R&D Intensity, and the corporate tax rate plus a 16.5 percent premium for R&D expenditure above 2 percent R&D Intensity. R&D Intensity is the proportion of a company’s eligible R&D expenditure as a percentage of total business expenditure.

Incentives are available for eligible investments made in start-ups which qualify as Early Stage Innovation Companies (ESICs). Investments of less than 30% of the equity in an ESIC would generally qualify for a 20% non- refundable carry forward tax offset (capped at AUD$200,000 per investor and their affiliates combined in each income year, including any offsets carried forward from a prior year’s investment) and an exemption from tax on any capital gains arising on disposal of the investment held for between one year and ten years.

Which areas of fintech are attracting investment in your jurisdiction, and at what level (Series A, Series B etc)?

Fintech areas attracting investment in Australia include:

(i) blockchain and cryptocurrency; (ii) payments, including Buy Now Pay Later (BNPL); (iii) wealthtech (iv) lending; (v) digital banks (i.e neo banks) (vi) middle and back-office solutions (vii) data and analytics; (viii) insurtech; (ix) regtech and (x) capital markets.

Outside of founder funding, capital raising at the level of Seed investment and early Series are common. Capital raisings often come from venture capitalists, angel investors and strategic corporate investors.

If a fintech entrepreneur was looking for a jurisdiction in which to begin operations, why would it choose yours?

Australia’s fintech sector is one of the fastest growing in the world. It is connected and well aligned with global markets which makes the Australian market accessible and a great place to pioneer ideas or invest in fintech. As discussed in 'What are regulators in your jurisdiction doing to encourage innovation in the financial sector?' and 'What tax incentives exist in your jurisdiction to encourage fintech investment?', Australia offers initiatives (including by regulators) which encourage innovation in the fintech sector.

Access to talent is often cited as a key issue for fintechs – are there any immigration rules in your jurisdiction which would help or hinder that access, whether in force now or imminently? For instance, are quotas systems/immigration caps in place in your jurisdiction and how are they determined?

Migrants require working visas from the Department of Home Affairs (DOHA) to work in Australia, and each type has its own eligibility requirements. Businesses can nominate or sponsor such visas.

The Temporary Skill Shortage (subclass 482) visa (TSS visa) is the most common form of employer-sponsored visa for immigration to Australia. To be eligible for the TSS visa, an applicant’s occupation must:

  • be on the short-term skilled occupations list, with a maximum visa period of two years, or up to four years if an International Trade Obligation applies (Hong Kong passport holders are eligible for up to five years), with an option to apply for permanent residency subject to eligibility requirements;
  • be on the medium-and long-term strategy skills list or the regional occupational list, with a maximum period of four years (or five years for Hong Kong passport holders) and an option to apply for permanent residency, subject to eligibility requirements; or
  • have an employer that has a labour agreement with the Australian Government in effect, with a maximum period of up to four years (or five years for Hong Kong passport holders).

The DOHA has created a Global Business & Talent Attraction Taskforce to attract high value businesses and individuals to Australia. The Taskforce facilitates the Global Talent Visa program and Global Talent Employer Sponsored program. To be invited to apply for a visa under the Global Talent Visa program, a candidate must be highly skilled in one of the ten target sectors (including digitech and financial services and fintech) and be able to attract a salary that meets the high income threshold (AUD167,500 as of 1 July 2023).

If there are gaps in access to talent, are regulators looking to fill these and, if so, how? How much impact does the fintech industry have on influencing immigration policy in your jurisdiction?

Government is working to fill gaps in access to talent and in the recent budget, announced its commitment to create 1.2 million tech-related jobs by 2030 and deliver programs to support tech skills and innovation in Australia (including in the areas of artificial intelligence and quantum technologies) over the next financial year. In September 2022, the Australian Government and Treasury hosted a Jobs and Skills summit which brought together a range of stakeholders to discuss the Australian labour market and economy. Following the summit, Treasury held a consultation on an Employment White Paper, in relation to which any person could make a submission regarding talent and needs. On 25 September 2023, the Government released the ‘Employment White Paper, Working Future’ final report, which presents 31 future reform directions that are intended to guide policymaking of government, and 9 immediate steps the government will take, towards creating an economy where any Australian wanting a job is able to find one without having to search for too long. Other than in relation to the Taskforce referred to in 'Access to talent is often cited as a key issue for fintechs – are there any immigration rules in your jurisdiction which would help or hinder that access, whether in force now or imminently?', the fintech industry has limited influence on immigration policy.

What protections can a fintech use in your jurisdiction to protect its intellectual property?

There are multiple layers of protection available to fintechs in Australia in respect of intellectual property (IP). Key forms of protection are outlined below.

Sophisticated fintechs have a strategy that leverages many, if not all of these:

Copyright: Copyright legislation in Australia protects many aspects of fintech innovation, including source code, visual features, application programming interface structures, and other works.5 Copyright arises automatically on creation of an original work. An important limitation is that it protects the material expression of an idea, rather than the idea itself. Human authorship is also required for copyright to subsist.

Patents: In Australia, it is challenging to secure patent protection for fintech innovations. There is uncertainty as to whether an invention that uses or features computer software or hardware will be patentable subject matter under the Patents Act 1990 (Cth) and courts will likely consider this issue on a case-by-case basis.6 Generally, a mere scheme, plan or discovery, or mere abstract ideas or information are not patentable subject matter.7

Confidential information: Trade secrets and know- how are particularly valuable in the fintech space, given the difficulties in securing patent protection for software. Confidential information is protected under common law. There is no statutory trade secrets regime. This means that robust contractual and practical protections in respect of confidential information are essential.

Trade marks: Establishing a unique brand and building goodwill in that brand is a key strategy for protection of fintech innovation in Australia, given the limitations of the other forms of protection. Australia recognises registered and unregistered trade mark rights, however registered trade marks are significantly simpler to enforce and commercialise.

Contractual protections (third party creation of IP): Where IP is created for a fintech by a third party, it is important to consider whether there is an effective assignment of the IP created by the third party and whether all of the relevant IP is captured within the agreement (e.g. including where any improvements to a fintech business’ intellectual property are made by the third party). Australia does not have a ‘work made for hire’ regime, so contractual assignment provisions are essential.

Employee created intellectual property: By default, IP created by employees is owned by the employer, where the creation of IP is within the scope of their engagement.8 However, to avoid disputes about ownership, it is important to ensure that employment agreements contain adequate assignment provisions.

How are cryptocurrencies treated under the regulatory framework in your jurisdiction?

Cryptocurrencies may be financial products under Australia’s financial services law. Consultation is underway on proposed reforms to Australia’s financial services law, to bring digital assets specifically within the financial services regime.

Financial services regulation

Persons or entities dealing with, or providing services involving cryptocurrencies should consider whether the cryptocurrency, or arrangements associated with the cryptocurrency, constitute a financial product. If so, this may trigger the requirement to hold an AFSL and obligations in relation to disclosure, registration and conduct. The definition of financial product is broad, and includes facilities through which a person makes a financial investment, manages a financial risk or makes an NCP and includes specific things that are financial products such as shares, derivatives and managed investment schemes (MISs) (i.e., collective investment vehicles).

The Government has recently proposed the introduction of a new ‘digital asset facilities’ financial product through the Australian Treasury’s October 2023 consultation paper which will expand the scope of existing financial services laws even further (see Consultations and token mapping section below).

ASIC has published regulatory guidance in Info Sheet 225 Initial coin offerings and crypto-assets (INFO 225), setting out ASIC’s approach to determining the legal status of cryptocurrencies, which is dependent on the rights attached to the cryptocurrency – ASIC has indicated this should be interpreted broadly – as well as their structure.

An entity that facilitates payments using cryptocurrencies may be required to hold an AFSL and the operator of a cryptocurrency exchange will be required to hold an AFSL or Australian market licence if the crypto assets traded on the exchange constitute financial products.


In early 2022, Treasury consulted on a proposed licensing framework for crypto asset secondary service providers (CASSPrs). This was generally targeted towards entities providing custody, brokerage, exchange and transmission services in relation to crypto assets that are not otherwise caught under the financial services regime. Following a change of Government in mid 2022, the current Government abandoned the CASSPr consultation in favour of a token mapping consultation paper in February 2023, which sought to identify the key activities and functions of crypto assets and map them against existing regulatory frameworks.

On 16 October 2023, Treasury released a consultation paper setting out proposals to regulate digital asset intermediaries under the existing financial services licensing framework. Under the proposals, entities operating and providing financial services in relation to ‘digital asset facilities’ (ie, multi-function platforms that hold client assets and allow clients to transact in platform entitlements) will be required to hold an AFSL. This will be introduced as a new type of financial product. The proposals also apply minimum standards for facility contracts and entities that provide ‘financialised functions’ for non-financial product tokens, including token trading, staking, asset tokenisation and funding tokenisation. The AFSL regime is well understood and it is expected that enhanced conduct obligations and consumer protections will be imposed in respect of digital asset facilities. The consultation process is open until 1 December 2023. Treasury anticipates draft legislation will be released in early 2024, with a 12 month transition period to follow implementation.

Consumer law

Even if a cryptocurrency is not a financial product, it will be subject to the Australian Consumer Law, set out at Schedule 2 to the Competition and Consumer Act 2010 (Cth) (ACL), relating to the offer of services or products to Australian consumers. The ACL prohibits misleading or deceptive conduct in a range of circumstances including in the context of marketing and advertising. Care must be taken in promotional material (including whitepapers) to ensure buyers are not misled or deceived and that the promotional material does not contain false information. Promoters and sellers are prohibited from engaging in unconscionable conduct and must ensure the crypto assets are fit for their intended purpose.

The protections of the ACL are generally reflected in the Australian Securities and Investments Commission Act 2001 (Cth) (ASIC Act), providing substantially similar protection to investors in financial products or services.

ASIC has delegated powers from the ACCC to take action against misleading or deceptive conduct in marketing or issuing cryptocurrencies (regardless of whether it is a financial product). A range of consequences may apply for failing to comply with the ACL or the ASIC Act.

Anti-money laundering and counter-terrorism financing (AML/CTF)

Digital currency exchanges (DCEs) that exchange digital currencies for fiat currencies and vice versa are required to register with AUSTRAC prior to operating. Registered exchanges are required to implement risk-based procedures in an AML/CTF Program that complies with content requirements including, know-your-customer processes, ongoing customer due diligence, reporting obligations and record keeping obligations. DCEs are required to renew their registration every three years.

The AML/CTF Regime is expected to be expanded in the future to cryptocurrency to cryptocurrency exchanges.


For income tax purposes, cryptocurrency is an asset that is held or traded rather than as money or a foreign currency (except for government-issued digital currencies). The tax implications for holders of cryptocurrency depend on the purpose for which the cryptocurrency is acquired or held.

Sale or exchange of cryptocurrency in the ordinary course of business

If a holder of cryptocurrency is carrying on a business that involves the sale or exchange of the cryptocurrency (e.g. trading or mining), the cryptocurrency will be held as trading stock and generally gains on the sale will be assessable and losses deductible (subject to integrity measures such as the “non-commercial loss” rules).

Isolated transactions

Profits or gains from an “isolated transaction” involving the sale or disposal of cryptocurrency (even when not in the ordinary course of carrying on a business) may still be assessable where the transaction was entered into with a purpose or intention of making a profit and the transaction was part of a business operation or commercial transaction.

Cryptocurrency investments

If cryptocurrency is not acquired or held in the course of carrying on a business, or as part of an isolated transaction with a profit-making intention, a profit on sale or disposal should be treated as a capital gain.

Capital gains may be discounted under the capital gains tax (CGT) discount provisions, so long as the taxpayer satisfies the conditions for the discount.

Although cryptocurrency may be a CGT asset, a capital gain arising on its disposal may be disregarded if the cryptocurrency is a “personal use asset” and it was acquired for AUD10,000 or less. Capital losses made on cryptocurrencies that are personal use assets are also disregarded. Cryptocurrency will be a personal use asset if it was acquired and used within a short period of time for personal use or consumption (e.g. to buy goods or services).

The ATO’s views on the income tax implications of transactions involving cryptocurrencies is in a state of flux due to the rapid evolution of both cryptocurrency technology and its uses. The Board of Taxation has been reviewing and consulting on the taxation of digital assets and transactions in Australia. In August 2022, the Board of Taxation published a consultation guide. The date the Board of Taxation is required to report back to the Government has now been extended to 29 February 2024.

Staking cryptocurrency

Cryptocurrency holders who participate in proxy staking or who vote their tokens in proof of stake or other consensus mechanisms may be rewarded with additional tokens and the value of such tokens should be treated as ordinary income at the time they are derived.

Goods and services tax (GST)

Supplies and acquisitions of cryptocurrency made from 1 July 2017 are not subject to GST on the basis they will be input-taxed financial supplies. Consequently, suppliers of cryptocurrency will not be required to charge GST on these supplies, and a purchaser would prima facie not be entitled to GST refunds (i.e. input tax credits) for these corresponding acquisitions. On the basis that cryptocurrency is a method of payment, as an alternative to money, the normal GST rules apply to the payment or receipt of cryptocurrency for goods and services.

How are initial coin offerings treated in your jurisdiction? Do you foresee any change in this over the next 12-24 months?

As noted in ''How are cryptocurrencies treated under the regulatory framework in your jurisdiction?', a cryptocurrency may be a financial product, depending on its characteristics. Where an initial coin offering (ICO) relates to a coin that is a financial product, a person involved in the issuance, distribution or marketing will require an AFSL and need to comply with the financial services laws.

Even if an ICO is not a financial product, it may still be subject to regulation, including under the ACL, which prohibits misleading or deceptive conduct (see, ''How are cryptocurrencies treated under the regulatory framework in your jurisdiction?'). As such, whitepapers and ICO promotional material must not mislead or deceive customers or contain false information. Promoters and issuers are also prohibited from engaging in unconscionable conduct and must ensure the coins or tokens issued are fit for their intended purpose. The protections of the ACL are generally mirrored in the ASIC Act, providing substantially similar protection to investors in financial products or services.

A coin issuance by an entity that is an Australian tax resident, or acting through an Australian permanent establishment, may be assessable for tax purposes in Australia.

If the new licensing requirements proposed by the Treasury’s October 2023 Consultation Paper are implemented, an entity holding customer coins as part of an arrangement to offer or sell coins (i.e. an ICO) will need to hold a licence. Equally, if the proposed expansion of the AML/CTF regime to cover the provision of financial services related to an issuer’s offer and/or sale of a digital currency (eg, ICOs) is implemented, then an entity will need to register with AUSTRAC and comply with the AML/CTF Act (see 'What are the sources of payments law in your jurisdiction?').

Are you aware of any live blockchain projects (beyond proof of concept) in your jurisdiction and if so in what areas?

Live blockchain projects in Australia include:

  • In August 2022, the ASX completed a successful test pilot with Melbourne based digital custody provider Zerocap, demonstrating that ASX listed companies could leverage a blockchain to store and trade digital assets on the exchange.
  • The International Bank for Reconstruction and Development (an arm of the World Bank) and the Commonwealth Bank of Australia (CBA) issued A$110 million worth of bonds on a blockchain, coining the new blockchain operated debt instruments a “BOND-I”. The bonds were governed by New South Wales law and were the first bonds to be created, allocated, transferred and managed using blockchain.
  • Three of Australia’s major banks partnered with IBM and Scentre Group to issue the first digital bank guarantee for retail property leases on blockchain, with the intention to reduce the issuance period for a bank guarantee from up to a month to the same day.
  • Synthetix, a blockchain-based platform that, through smart contracts with ranging functionality, allows users to collateralise and gain synthetic exposure to assets in self- issued derivative-like products.

ell-known companies and individuals are utilising non-fungible tokens (NFTs). Penfolds has offered NFTs tied to a physical barrels and bottles of Penfolds wine and other rights including wine-tasting and a vineyard tour.

NFT marketplaces are popular. Immutable X offers a trading solution for NFTs by aggregating multiple transactions into a single smart contract using zero knowledge proofs.

To what extent are you aware of artificial intelligence already being used in the financial sector in your jurisdiction, and do you think regulation will impede or encourage its further use?

The rising cost of compliance has prompted many companies in the financial sector to use artificial intelligence (AI) and natural language processing technologies and invest in regtech solutions for example, to automate regulatory reporting, manage compliance and ensure clarity in the way regulation is interpreted.

There are no specific laws applicable to the use, development and adoption of AI or machine learning in Australia. However, other data protections apply (e.g. Privacy Act requirements apply to AI technologies that use personal information). Importantly, the Privacy Act does not contain a specific principle related to automated decision making (such as is available under the General Data Protection Regulation) however, privacy reforms may introduce a similar principle in the future.

Fintechs should consider any discrimination or biases that may arise from their use of AI and monitor their AI products to ensure discriminatory outcomes are not experienced. Further, where AI solutions are implemented to provide financial services or undertake credit activities, the business must train and monitor its AI solution to comply with the applicable laws and ensure there are no negative consumer outcomes.

Whilst not currently a legal requirement for the private sector, the Government has designed 8 AI Ethics Principles, which provide a voluntary framework designed to complement (but not substitute) current AI practices. It has also hosted two consultations relating to the identifying the risks and responsible use of AI including one which concluded in May 2022 and one which concluded in August 2023. The findings of either of these consultations may provide insight into how AI may be regulated in Australia in the future. Regardless, given the Government is generally supportive of driving innovation in the technology and financial services sectors we expect regulation to encourage AI’s further adoption.

Insurtech is generally thought to be developing but some way behind other areas of fintech such as payments. Is there much insurtech business in your jurisdiction and if so what form does it generally take?

Australia has a steady insurtech market.

Insurtech has been disrupting individual sections of the insurance value chain, augment the existing processes of underwriting risk and predicting loss, and improving the existing capabilities of insurers, reinsurers, intermediaries and service providers. However, in Australia, insurtechs tend to collaborate with incumbent insurance companies more often than they compete against them, focusing on forging cross-sector alliances to embed legacy insurance offerings into alternative value propositions. Among other things, insurtechs may undertake this complementary approach owing to the more complex and heavily regulated nature of insurance products.

The regulation relevant to insurance businesses applies to insurtechs in a technologically agnostic manner. There are no regulations that specifically target insurtech.

Are there any areas of fintech that are particularly strong in your jurisdiction?

Areas of fintech that are particularly strong in Australia are:

  • payments and wallets; regtech;
  • wealth and investment (particularly digital advice and micro-investing); and
  • data analytics and information management.

What is the status of collaboration vs disruption in your jurisdiction as between fintechs and incumbent financial institutions?

Competition and collaboration between Australian fintechs and incumbents is strong, however the trend is slightly leaning towards collaboration rather than competition. In the rise of digitalisation, incumbent financial institutions are proving to be nimble and motivated to self-disrupt often through collaboration with fintechs. There remains a steady population of fintechs preferring to capitalise on their points of differentiation with traditional financial institutions and compete against them.

To what extent are the banks and other incumbent financial institutions in your jurisdiction carrying out their own fintech development / innovation programmes?

Banks and other incumbent financial institutions are carrying out their own fintech development and innovation programs. In addition, they are collaborating and partnering with fintechs and investing in fintechs via venture capital arms.

Are there any strong examples of disruption through fintech in your jurisdiction?

Australia’s banking and lending sector is heavily regulated making it difficult for new players to enter. Customers are sticky (even where the prevailing customer sentiment is one of dissatisfaction) and it can be difficult for disruptors to capture market share.

However, 2023 has seen a strong example of fintech disruption in banking and lending.

A customer-owned Australian bank made a strategic investment in an Australian fintech company. The bank and fintech entered into a partnership to develop a new digital banking solution for small business customers.

Under the arrangement, the bank with offer the fintech’s digital platform with a goal of launching a new digital banking proposition targeted at Australia’s 2.4 million small and medium-sized businesses.

Expertise Area