The Australian banking industry is dominated by the big four banks – Commonwealth Bank of Australia Limited (CBA), Westpac Banking Corporation (Westpac), National Australia Bank Limited (NAB) and Australia and New Zealand Banking Group Limited (ANZ). The big four banks make up four of the seven largest entities by market capitalisation listed on the Australian Stock Exchange. Other institutions, including mutual financial institutions, local operations of foreign banks and specialist financial services providers, also carry on banking business in Australia. The Australian banking industry is globally connected, with the big four banks (and Macquarie Group Limited) having operations overseas and most global banking groups having operations in Australia.
The regulatory regime applicable to banks
The Australian Constitution grants the national (federal) legislature legislative power with respect to banking, other than state banking within the boundaries of the state concerned. Banking business has long been held to be the taking of deposits from customers on loan, to be repaid on demand or as otherwise agreed between the lender and the customer, and the utilisation of that money in the interim by the lending of it.2 Deposit-taking is the essential element of banking. This definition is substantially replicated in legislation.3 This limited concept of banking business is relevant when considering the Australian regulatory environment.
Australia has a twin peaks approach to financial sector regulation: the Australian Prudential Regulation Authority (APRA) is responsible for financial system stability and depositor protection, and the Australian Securities and Investments Commission (ASIC) is responsible for market conduct and consumer protection.
The Reserve Bank of Australia (RBA) is also involved as the central bank, lender of last resort and facilitator of interbank settlements, and in regulating payment systems.
A person may only carry on banking business in Australia if authorised by APRA to do so.4 Unless it otherwise determines, APRA may only authorise bodies corporate (and not other kinds of corporate structures) to engage in banking business.5 Bodies corporate authorised by APRA are called authorised deposit-taking institutions (ADIs).
Banking business is regulated separately from the provision of financial services. Financial services are regulated separately by ASIC, and in most cases require an Australian financial services licence (AFSL). ADIs must obtain an AFSL to provide financial services, although the power to impose or revoke conditions on the AFSL that would affect the ADI's ability to carry on its banking business are removed from ASIC and vested in the Minister for Financial Services personally.6
For most purposes, the provision of credit is not a financial service and does not require an AFSL. Consumer credit activities are regulated separately by ASIC. Persons who wish to provide credit to consumers require a credit licence issued by ASIC. ADIs must hold a credit licence to lend to consumers, which ASIC is required to grant provided the ADI includes in its application a statement to the effect that it will comply with its obligations as a licensee.7
In considering whether to grant ADI authorisation to an applicant, APRA will consider the following factors:8
- capital: applicants must be able to comply with the capital adequacy requirements imposed by APRA;
- ownership: applicants (or their holding companies) must comply with the ownership restrictions in the Financial Sector (Shareholdings) Act 1998 (Cth) (discussed below), and all substantial shareholders must be fit and proper in the sense of being well-established and financially sound entities of standing and substance;
- governance: applicants must satisfy APRA prudential standards concerning corporate governance, and have policies in place to ensure that key office holders are fit and proper persons;
- risk management and internal controls: applicants must satisfy APRA that these are adequate and appropriate for limiting risk exposures from their operations;
- compliance: applicants must have compliance processes and systems in place that are adequate and appropriate for ensuring compliance with APRA prudential standards and other regulatory requirements;
- information and accounting systems: these must be adequate to maintain up-to-date records of all transactions, to keep management continuously and accurately informed of the ADI's condition and to comply with reporting obligations;
- audit: internal and external audit arrangements must satisfy APRA prudential standards; and
- for foreign bank applicants, the standard of supervision in their home jurisdiction and the consent of their home supervisor.
In an effort to increase competition in the banking industry, APRA allows applicants to apply to be authorised as a restricted ADI (RADI). RADIs are required to hold significantly less capital than full ADIs (the higher of 20 per cent of adjusted assets or A$3 million plus a winding-up reserve) and are subject to less stringent prudential standards. However, RADIs may only accept protected deposits up to A$250,000 per customer and up to A$2 million in aggregate. RADI authorisation is only valid for up to two years, after which the RADI must either obtain full ADI authorisation or exit the industry.
The provision of a purchased payment facility (PPF) – a facility purchased from another person that is able to be used for making payments up to the amount standing to its credit from time to time, and under which payments are made by the provider of the facility rather than the purchaser9 – or being the holder of stored value for a PPF is deemed by legislation to be carrying on banking business.10 Consequently, providers of PPFs (e.g., digital wallet services) are required to obtain ADI authorisation from APRA. However, the authorisation granted to PPF providers is typically subject to a condition limiting them only to providing PPFs and preventing them from lending money (other than incidental advances to customers in the course of providing a PPF).