On 15 December 2016, the Australian Securities and Investments Commission (ASIC) released Regulatory Guide 257 Testing fintech products and services without holding an AFS or credit licence (RG 257), which details ASIC’s framework for FinTech businesses to test certain financial services, financial products and credit activities without holding an Australian financial services licence (AFSL) or Australian credit licence (ACL).

Consultation process

In June 2016, ASIC released Consultation Paper 260 Further measures to facilitate innovation in financial services (CP 260). CP 260 proposed options to enable some FinTech businesses to test certain financial services and financial products with relief or variations from some of the conditions and requirements that would otherwise apply to new entrants.

Options included a conditional 6-month regulatory sandbox exemption from the requirement to obtain an AFSL, with conditions including restrictions on financial services (advice and arranging for other persons to deal in a financial product only), restrictions on financial products (listed or quoted Australian securities, simple managed investment schemes and deposit products only) and client exposure limits (no more than 100 retail clients with a maximum exposure limit of AUD10,000 per retail client). CP 260 also proposed developing better guidance on how ASIC assesses knowledge and skills under Option 5 of Regulatory Guide 105 Licensing: organisational competence (RG 105).

Generally, submissions made in relation to CP 260 supported the regulatory sandbox exemption, however submitted that a longer testing period, with broader financial services and financial products, and greater client exposure limits were necessary to truly test the viability of a FinTech business.

RG 257

Following the CP 260 consultation, ASIC has released RG 257 which details the options available to FinTech business looking to test the viability of a business ahead of applying for an AFSL or ACL (as necessary), being:

  1. reliance on existing exemptions under the Corporations Act 2001 (Cth) (Corporations Act) and National Consumer Credit Protection Act 2009 (Cth) (NCCP Act) (eg, authorised representative and credit representative appointments);
  2. applying to ASIC for individual relief from obligations under the Corporations Act or NCCP Act (as necessary); and
  3. new FinTech licensing exemptions provided under ASIC Corporations (Concept Validation Licensing Exemption) Instrument 2016/1175 and ASIC Credit (Concept Validation Licensing Exemption) 2016/1176 (FinTech Exemption Instruments), which apply to certain products and services

The FinTech Exemption Instruments are broader than the exemption proposed under CP 260, including that each provide for a 12-month testing period, with a broader scope of financial services and financial products, the addition of a testing environment for certain consumer credit services, and increased limits on client exposure. However, conditions still apply (summarised below).

Conditions to FinTech Exemption Instruments

Condition Details
Testing business relying on exemption must be an “eligible person”

The testing business must not:

  • be banned from providing financial services or engaging in credit activities;
  • already hold an AFSL or ACL;
  • already be an authorised representative or credit representative of an AFSL or ACL holder; or
  • be a related body corporate of an AFSL or ACL holder.
Testing business must relate to specified financial services, financial products and credit services

The FinTech Exemption Instruments cover the following financial services and credit services only:

Financial services

  • providing financial product advice; and
  • dealing in financial products (other than issuing financial products),

in relation to:

  • listed or quoted Australian securities;
  • simple managed investments schemes (being certain types of registered schemes);
  • deposit products;
  • some types of general insurance products; and
  • payment products issued by authorised deposit-taking institutions.

Credit services

Acting as an intermediary or providing credit assistance in relation to a credit contract that:

  • has a maximum amount of credit of no more than AUD25,000;
  • has a maximum annual cost rate of 24%;
  • is not subject to tailored responsible lending obligations; and
  • is not a consumer lease.
Testing period


RG 257 states that ASIC considers the 12-month testing period as sufficient time to test the viability of a FinTech business, and that a business relying on a FinTech licensing exemption should plan ahead to manage the impact of the testing period expiring (such as by applying for an AFSL or ACL during the testing period). Note that ASIC proposes to treat an application for extension of the testing period as it would any other application for relief.

Client and exposure limits

Testing businesses relying on the exemptions can provide services to up to 100 retail clients, and only if:

  • the exposure of each retail client to which testing services are provided does not exceed AUD10,000;
  • the amount of credit under a credit contract to which testing services are provided does not exceed AUD25,000; and
  • the sum insured under a general insurance contract in relation to which testing services are provided does not exceed AUD50,000.

Note that, while there are no individual exposure or client limits for wholesale clients, the total maximum exposure of all clients taking part in testing must not exceed AUD5 million.


A testing FinTech business must comply with conditions relating to consumer protection, including disclosing that it does not hold a licence, that the service being provided is being tested under the FinTech Exemption Instruments and some of the normal protections associated with receiving services from a licensee will not apply.

A testing FinTech business must also provide some of the information normally contained in a Financial Services Guide and a Credit Guide (as applicable). Where credit services are provided, the FinTech business must also provide a quote and proposal document, as ordinarily required under the NCCP Act.

Adequate compensation arrangements A testing FinTech business must have professional indemnity (PI) insurance cover with a limit of at least AUD1 million for any one claim and for aggregated claims and run-off cover for a period of at least 12 months.
Dispute resolution A testing FinTech business must implement internal dispute resolution procedures and obtain membership of one or more ASIC approved external dispute resolution (EDR) schemes, with a run-off period of 12 months.

Notification of intention to rely on FinTech Exemption Instruments

A FinTech business wishing to rely on one or both of the FinTech Exemption Instruments must notify ASIC of its intention to do so. Note this is not an application process. Provided the entity satisfies the conditions to the instrument(s) and submits the required deliverables to ASIC, the testing period will begin 14 days after ASIC is notified. The notification to ASIC must include the entity’s website (if available), certified copies of bankruptcy checks and criminal history checks for all directors and controllers, evidence of EDR membership and PI Insurance, and a short description of the entity’s business model.

ASIC is also requesting entities provide a report within two months of the end of their testing period, setting out details of the experience of the testing business during the testing period. ASIC will use this information to review the operation and effectiveness of the exemptions and identify key risks or issues faced by testing businesses.

Potential limitations of FinTech Exemption Instruments

  • The FinTech Exemption Instruments allow for a relatively narrow scope of financial products, particularly as interests in managed investment schemes (other than simple schemes) and unlisted securities are not covered by the exemption. RG 257 notes that ASIC considers some products and services are “not suitable for unlicensed testing without an individual review of all of the circumstances”. Whether this limitation impacts the utility of the regulatory sandbox for FinTech businesses, which (at least during testing) may involve the provision of financial services in relation to interests in a managed investment scheme and unlisted securities, will be of interest.
  • While the 12-month testing period is an advancement on the 6-month period proposed in CP 260, FinTech businesses relying on the exemptions should nevertheless apply for an AFSL or ACL as early as possible during the testing period once there is sufficient certainty around the viability of the business. This is particularly important given ASIC’s assessment of an AFSL application will typically take at least 4 months (see Report 503 Overview of licensing and professional registration applications: January to June 2016).
  • The client and exposure restrictions potentially limit a testing business' ability to properly test scalability and capacity to generate funds necessary to grow the business.

Revised RG 105

In conjunction with RG 257, ASIC has released a revised RG 105, containing more detailed guidance on how ASIC will assess a nominated responsible manager’s knowledge and skills in a heavily automated/digital business. In relation to a small scale, heavily automated business, ASIC may accept as a responsible manager a person who will provide a regular sign-off on the AFSL holder’s processes and systems and the quality of financial services provided. ASIC recognises such person does not need to have day-to-day involvement in the business, but must be available as needed. RG 105 also now contains examples of FinTech businesses in relation to which ASIC may accept a responsible manager nominated under Option 5.