Digital markets, funding and payment servicesi Collective investment schemes
Collective investment schemes in Australia are generally referred to as managed investment schemes, which can be contract-based schemes, unincorporated vehicles (typically structured as unit trusts or unincorporated limited partnerships) or bodies corporate (which are incorporated and typically structured as companies or incorporated limited partnerships).
Depending on the structure, a platform or scheme operated by a fintech company may fall within the scope of the Australian collective investment scheme regulations. They may also be subject to AFSL, ACL, consumer law and financial services laws relating to consumer protection under the Australian Securities and Investments Commission Act 2001 (Cth) (the ASIC Act).ii Crowdfunding
In September 2017, a regulatory framework was introduced for crowd-sourced equity funding (CSF) by public companies from retail investors. The CSF regime enables companies to raise funds from large pools of investors by utilising a licensed CSF platform instead of listing on a stock exchange. While the regime reduces the regulatory barriers to investing in small and start-up businesses, the framework also created certain licensing and disclosure obligations for CSF intermediaries (i.e., persons listing CSF offers for public companies). ASIC has released Regulatory Guides 261 and 262 to assist companies seeking to raise funds through CSF and intermediaries seeking to provide CSF services, respectively.
In October 2018, the government passed the Corporations Amendment (Crowd-sourced Funding for Proprietary Companies) Bill 2017 (Cth), officially extending the CSF regime to proprietary companies. While there are a range of reporting requirements imposed on proprietary companies engaging in crowdfunding, there are also a number of concessions made with respect to restrictions that would otherwise apply to their fundraising activities.iii Marketplace lending
Providers of marketplace lending products, including those peer-to-peer lending services, are generally structured such that they need to hold an AFSL and comply with the relevant requirements outlined in the Corporations Act including appropriate disclosure and resourcing requirements.
Where the loans are consumer loans (e.g., loans to individuals for domestic, personal or household purposes), the provider will also need to hold an ACL and comply with requirements in the National Credit Act and the National Credit Code. Similarly, all loans (including loans for a business purpose that are not regulated under the National Credit Act) are subject to consumer protections provisions in the ASIC Act, including prohibitions on misleading or deceptive representations. Peer-to-peer lenders are generally structured as managed investment schemes, which must be registered with ASIC if the investment is offered to retail investors.
There are generally no restrictions on secondary market for trading such loans or financings; however, such activities may trigger licensing obligations for the provider of the market, market maker and market participants.iv Payment services
Payment services may be regulated as financial services, because this captures services relating to deposit-taking facilities made available by an ADI in the course of carrying on a banking business or a facility through which a person makes a NCP.
If an entity facilitates an NCP, the service provider must hold an AFSL or be exempt from the requirement to do so. ASIC has outlined a number of exceptions including general exemptions in relation to specific NCP products such as gift vouchers and loyalty schemes.
Any entity that conducts banking business, such as taking deposits (other than as part-payment for identified goods or services) or making advances of money, or provides a purchased payment facility, must be licensed as an ADI. APRA is responsible for the authorisation process and granting of ADI licences (as well as ongoing prudential supervision). Recently, APRA released the Restricted ADI framework, which is discussed in Section VIII.v Data sharing
In Australia there is no requirement to make client data accessible to third parties; however, this is often necessary for lenders and credit reporting agencies who must comply with obligations with regard to use, collection and disclosure of credit information (see Section II).
Currently, the Australian Privacy Principles (APP) dictate when APP entities may use or disclose personal information. They may do so where an individual could expect for the data to be shared or when an exception applies.
In Australia there has been significant change proposed in relation to how customer data is shared with third parties across every sector of the Australian economy. In 2018, the Notifiable Data Breaches scheme was introduced; this scheme mandates that entities regulated under the Privacy Act are required to notify any affected individuals and the Office of the Australian Information Commissioner in the event of a data breach (i.e., unauthorised access to or disclosure of information) that is likely to result in serious harm to those individuals.
Additionally, the Australian government announced that it will be implementing the national consumer data right (CDR) framework, which will give customers a right to share their data with accredited services providers (including banks, comparison services, fintechs or third parties). The CDR framework will first be applied to the banking sector under the Open Banking regime by which consumers can exercise greater access and control over their banking data. The Open Banking regime is slated to commence in February 2020.