Fintech Regulation Guide

Does your jurisdiction regulate Fintech services under the traditional Financial Services laws or does it have any ad hoc regulatory frameworks for fintech services? (Financial Services Laws/Ad Hoc Framework/Hybrid)

Fintech services in Australia are regulated by existing financial services laws, including the Corporations Act 2001, National Consumer Credit Protection Act 2009, Australian Services and Investments Commission Act 2001, Anti-Money Laundering and Counter-Terrorism Financial Act 2006, and Competition and Consumer Act 2010. Fintech providers may require an AFSL or Credit Licence if their offering is deemed a ‘financial product’. ASIC and the ACCC oversee and monitor Fintech providers.

Make a list of fintech services that may obtain a licence in your jurisdiction? 

Fintech services which may require a license include: AFSL (Australian Financial Service Licence): financial product advice, dealing in financial products, market-making, operating investment schemes, custodial services, trustee services, crowdfunding, superannuation trustee services, claims handling, corporate collective investment vehicles. Credit Licence: providing credit, acting as intermediaries. ADI Licence (Authorised Deposit-Taking Institution): neobanking businesses handling deposits.

What is(are) the name(s) of the regulatory authority(ies) responsible to grant licences and regulate fintech service providers? If there is more than one, please list which fintech services are regulated by which authority.

ASIC: Grants and monitors AFSLs and Credit Licences, enforces consumer protection laws, ensures compliance. APRA: Licenses and supervises banks, credit unions, insurance companies, etc., grants ADI licences for banking. AUSTRAC: Administers AML laws, imposes reporting obligations on designated service providers. ACCC: Oversees consumer and competition laws, enforces trade practice restrictions, tackles misleading conduct. RBA: Central bank which oversees payment services market.

Are there any specific restrictions on the types of fintech services that can be offered in and/or from your jurisdiction?

There are currently no specific restrictions on the types of Fintech services that can be offered. Fintech services in Australia are subject to any relevant restrictions in the laws regulating financial services and credit activities. For example, as discussed above, it may be necessary for a Fintech service to have an AFSL and/or a Credit Licence. It may also be subject to certain reporting obligations to AUSTRAC if it provides ‘designated services’ and may need to be licenced by APRA.

Is reverse solicitation allowed in your jurisdiction, for fintech firms licensed in other reputable jurisidictions? (Meaning that a third-country fintech firm can offer services to clients in your jurisdiction providing its at the exclusive initiative of the client).

Generally, if a foreign financial services provider (FFSP) is approached at the exclusive initiative of a consumer, it can provide financial services and advice to the client. However, while reverse solicitation is allowed in Australia, FFSPs are generally subject to the same obligations as domestic Fintech service providers. For example, if they carry on the relevant activities described above in Australia, they may be required to hold a AFSL and/or a Credit Licence.

Are there any specific requirements for companies providing fintech services in your jurisdiction?

There are currently no requirements in Australia‚ or laws that are specific to companies providing Fintech services. The requirements set out in the laws described above which Fintech service providers may be subject to apply equally to other businesses carrying out credit activities or dealing in financial services.

Are there any specific consumer protection measures that apply to fintech services in your jurisdiction?

There are currently no consumer protection measures in Australia which only apply to Fintech services. The consumers protection measures described above, which are set out in the Competition and Consumer Act 2010 (Cth) and the Australian Securities and Investments Commission Act 2001 (Cth) apply equally to other businesses and industries. For example, the prohibitions on misleading and deceptive conduct, false or misleading representations, unconscionable conduct and unfair contract terms.

Are there any other legal issues that companies should be aware of when providing fintech services in your jurisdiction?

Fintechs in Australia must adhere to privacy obligations outlined in the Privacy Act 1988 (Cth). This includes implementing a compliant privacy policy, reporting data breaches to the OAIC, and complying with the Australian Privacy Principles. These principles apply to acts and practices conducted overseas by organizations with an Australian link, such as an Australian-incorporated body corporate or an external Territory.

Are virtual assets (such as cryptocurrencies and) permitted in your jurisdiction? (Yes/No)


If the answer is Yes, is there any licensing /authorisation/notification process that needs to be followed for a person to issue a new virtual asset? (Yes/No)


If the answer is Yes, please provide a summary of the process that needs to be followed by a person to issue a new virtual asset).

An entity proposing to issue a new virtual asset in Australia should consider whether or not it is a financial product. If it is a financial product, the entity needs to comply with the capital raising provisions set out in the Corporations Act 2001 (Cth), including the provision of relevant disclosure documents to investors, and have an AFSL. Entities issuing a new virtual asset would also be subject to various other laws, depending on the specific asset.

Are Virtual Asset service providers regulated in your jurisdiction? (Yes/No)


If the answer to your previous question is Yes, please provide a summary of the framework that regulates such service providers explaining which licence(s) need to be obtained from which authority(ies).

Virtual asset service providers in Australia may require an AFSL, a Credit Licence, or a market licence from ASIC, depending on their activities. Operating a digital currency exchange requires a market licence under the Corporations Act, unless exempted. If virtual asset service providers engage in designated services under the AML/CTF Act, they must comply with registration, reporting, and customer due diligence obligations, as well as safekeeping and administration requirements.

Are you as a firm providing services and advice relating to Virtual Assets? (Yes/No)


Please feel free to add any pertinent comments in addition to your answers.

The information contained in this guide is intended as general commentary only and should not be regarded as legal advice. Should you require specific advice on the topics discussed, please contact Russell Kennedy Lawyers directly.


Russell Kennedy
Level 12
469 La Trobe Street
Victoria 3000
Tel +61 3 9609 1555

Russell Kennedy Aitken Lawyers
Level 6
75 Elizabeth Street
New South Wales 2000
Tel +61 2 8987 0000

Gareth Kerr

Senior Associate