Reviewing Australia’s payment system review: the major recommendations

By Simun Soljo, Elyse Adams, Kerensa Sneyd, Virginia Wang

Expanded powers for Treasury 10 min read

The Final Report of the Treasury's Review of the Australian Payments System (Final Report) was released on 30 August 2021, following a consultation process with stakeholders from November to December 2020. Treasury has indicated that further consultation on the recommendations in the Final Report will be conducted ahead of the Government finalising a response.

In total, the Final Report includes 15 recommendations concerning the regulatory architecture of the Australian payments system. Most significantly, the Review recommends:

  • a greater role for the Government, through the Treasurer, to provide enhanced leadership of the payments system by setting the strategic direction of the payments ecosystem;
  • the development of a strategic plan for the payments ecosystem, which is supported by an enhanced payments policy function within Treasury and the appointment of a payments industry convenor;
  • expanding the scope of the Reserve Bank of Australia's designation power (by expanding the definition of a 'payment system' under the Payment Systems (Regulation) Act 1998 (Cth) (PSRA)) and introducing a new designation power for the Treasurer based on national interest;
  • the introduction of a single, tiered payments licensing framework based on a defined list of payment functions that require regulation, which replaces the need for providers to obtain multiple authorisations from different regulators;
  • mandating the ePayments Code for all payments licensees;
  • mandating compliance with technical standards set by industry bodies;
  • the development of common access requirements for payment systems to facilitate transparent access to payment systems; and
  • greater coordination between payments regulators, including with respect to AML/CTF issues.

We set out some further detail on the recommendations below.

1. Consumers and businesses should be at the centre of policy design and implementation

The Review considers that the regulatory architecture for Australia's payments ecosystem should be assessed against the four principles of service, strategy, safety and simplicity:

  • Service – means considering the users of payments ecosystems (including consumers, businesses and governments) and taking their perspective at every step of policy development and implementation. This includes recognising the important distinctions between the needs of consumers and businesses;
  • Strategy – means preparing the payments ecosystem for future innovation and addressing challenges in a holistic manner;
  • Safety – means protecting the businesses and consumers that use the payments ecosystem; and
  • Simplicity – means ensuring consumers and businesses can understand their rights and obligations, and reducing regulatory barriers to entry for new firms offering new services to consumers and businesses.

While the safety and service principles have been achieved, the Review notes that there are areas for improvement in the regulatory architecture on the principles of strategy and simplicity.

2. Leadership of the payments ecosystem

The Review considers that the Government, through the Treasurer, is best placed to provide enhanced leadership, vision and oversight of the payments ecosystem. This includes setting an overarching strategy for the payments ecosystem, coordinating system-wide innovations, providing a forum for regulators and industry participants to raise issues and responding to challenges beyond the remit of any individual regulator.

(Other options canvassed) The Review explored whether a number of other entities would be appropriate entities to take on a broader system-wide leadership role (these entities included the Payment Systems Board and the RBA, industry bodies such as the Australian Payments Council (APC) and AusPayNet, the Council of Financial Regulators (CFR) and a new lead regulator.)

Ultimately, the Review came to the view that the Treasurer was best placed to undertake this leadership function, due to the Treasurer's general oversight powers and responsibility over the financial system, accountability to consumers, businesses and the Australian community generally, ability to make quick decisions and involve other agencies and departments as required, and flexibility to respond to issues that fall outside the remit of individual regulators.

3. A strategic plan for the payments ecosystem

The Review recommends that the Government develop a strategic plan for the payments ecosystem in collaboration with regulators, industry and representatives of consumers and businesses. This plan should:

  • outline at a high level the key priorities for the coming years;
  • be dynamic and sufficiently flexible as circumstances change in the payments ecosystem;
  • be aligned with broader government digital economy objectives (such as the Consumer Data Right) and industry initiatives (such as digital identification frameworks); and
  • be reviewed frequently to ensure it remains relevant and up to date.

In particular, the Review considers it critical for the plan to detail a strategy to retire legacy payment systems such as the cheques system and the bulk electronic clearing system (BECS), which are less secure and increasingly costly compared with newer alternatives.

4. Enhance Treasury's payments policy function

To support the Treasurer's enhanced leadership role, the Review recommends enhancing Treasury's payments policy function. This will require additional resourcing with specialised payments capability. The Review envisages that Treasury's payments policy function would complement the work of regulators by articulating the Government's stance on payment issues, involving relevant stakeholders to identify trends in the market and providing the platform for regulators to work together to address key payments issues.

5. Establish a payments industry convenor

To further support Treasury, the Review suggests the Treasurer appoint a payments industry convenor, who could be an industry expert from the private sector or academia, with experience working in the public sector.

(Role of the payments industry convenor) The Review envisages that the payments industry convenor would:

  • as a priority, work with Treasury and industry to develop the strategic plan for the payments ecosystem;
  • ensure the Government has access to expert advice from the private sector;
  • collaborate widely with the private sector and bring together different industry representatives on key emerging issues in the payments ecosystem;
  • provide a platform through which payments issues that require both private and public sector involvement can be brought to the attention of the Treasurer; and
  • provide an avenue for the Government to form and sustain close links with industry.

A potential approach could be to appoint the industry convenor as a non-statutory office holder.

(Role of the APC) The Review considers that the Treasury's payments policy function and the payments industry convenor would supersede the APC.

6. Expand the definition of payment system in the PSRA

The Review found that the definition of 'payment system' in the PSRA may no longer adequately capture the full suite of payment systems within the payments ecosystem. The Review recommends expanding the definition of 'payment system' to broaden the RBA's ability to designate new and emerging payment systems, based on the 'public interest' test in the PSRA. This would provide additional flexibility for the RBA and allow it to better respond to risks posed by new innovations in the payments ecosystem.

7. Introduce a ministerial designation power

The Review noted that the RBA's designation power is confined to issues that are in the 'public interest' and the RBA is precluded from exercising its powers based on considerations broader than the public interest, such as national security and consumer protection.

The Review recommends that the Treasurer should have a broader designation power to:

  • designate payment systems and participants of designated payment systems based on 'national interest' (which includes, but is not limited to, cybersecurity, national security, data-related issues, resilience of infrastructure, crisis management and consumer protection);
  • direct regulators to develop regulatory rules or standards to apply to payment systems or participants; and
  • give binding directions to operators of, or participants in, payment systems.

The Review noted that this approach is consistent with that of other jurisdictions such as the United Kingdom and Canada, which have vested designation powers in their responsible Minister.

The Review considers that a set of principles should be developed to guide the Treasurer's decision-making, and that ahead of any decision to use the power, appropriate consultation will take place (similar to what is required for the exercise of the RBA's designation power).

8. Introduce a list of payment functions that require regulation

The Review found that the current definition of 'non-cash payment' (NCP) facility under the Corporations Act 2001 (Cth) is wide, captures all payment-related services and is dependent on regulatory discretions and piecemeal exemptions. The Review considered that payment system providers (PSP) should have greater clarity as to the types of activities that require a licence.

The Review recommends that a defined list of payment functions that require regulation should be developed, based on the functions or activities that PSPs perform (rather than the technology or business model they use). For example, the Review considers that the provision of stored-valued services should be regulated in the same way, irrespective of whether the service is provided through a card or digital wallet, or by a bank, retailer or utilities company.

According to the Review, this approach to payments regulation would align with international regulatory frameworks, such as those of Singapore, the United Kingdom and Canada, which have included (or are in the process of implementing) functional definitions of payment services in their legislative frameworks.

The Review suggests that the Government should be responsible for decisions around the defined list, given they are matters of policy. The Review also proposes that the functional definitions should be outlined in subordinate legislation rather than put into primary law to ensure the list can change and remain fit for purpose as technological advancements occur.

9. Introduce a single, tiered payments licensing framework

The Review recommends introducing a single, tiered licensing framework that is based on a defined list of payment functions.

In particular, the Review recommends:

  • separate authorisations for the provision of payment facilitation services (PFS) and stored-value facilities (SVF). The separate authorisations would reflect the different types of risk associated with the transfer and storage of value;
  • two tiers of authorisations based on the scale of activity that a PSP performs. The higher tier of authorisation would involve more extensive regulatory obligations than the lower tier. The Review suggests that large SVF providers be prudentially supervised by APRA, and small SVF providers and all PFS providers be regulated by ASIC;
  • enabling applicants to apply for a payments licence through ASIC, as the single point of contact. The Review considers that this would leverage ASIC's expertise in financial services licensing and avoid the need for applicants to approach multiple regulators; and
  • integrating the licensing framework for payment services with the proposed accreditation under the Consumer Data Right regime and the current authorised deposit-taking institution (ADI) authorisation from APRA.

(Interaction with AFSL regime) The Review indicated that the new payments licensing framework could be implemented:

  • under the AFSL regime – which would involve defining the payments authorisations as financial services that require an AFSL; or
  • by establishing a regulatory framework separate from the AFSL regime – which would require significant legislative change and involve inherent complexity in untangling the regulation of the payment system from other aspects of the financial system.

However, the Review noted it 'does not make recommendations on the details of implementation' and this would be a matter 'to be determined by the enhanced Treasury function'.

(Interaction with the Treasurer's designation power) The Review considers that the proposed payments licence would complement the Treasurer's designation power. The designation power would apply to payment systems and their participants, while the payments licence would be entity-based.

10. Mandate the ePayments Code for payments licensees

The Review envisages that the licensing framework would be complemented by mandating the ePayments Code for all payments licensees. Amongst other things, the ePayments Code sets out rules for determining who pays for unauthorised transactions and establishes a regime for recovering mistaken internet payments.

According to the Review, bringing the ePayments Code into regulation would ensure Australian consumers and businesses are better protected, and level the playing field between current signatories to the Code and other PSPs.

The Review noted that mandating compliance with the ePayments Code is consistent with the CFR's recommendations on SVFs, the recommendations by the Productivity Commission and the 2014 Financial Services Inquiry.

11. The single payments licensing framework should facilitate access to transparent payment systems

The Review considers there should be a simple, fair and transparent way for non-ADI PSPs to determine what is needed to access core payment systems in Australia. Improved access would allow non-ADI PSPs to compete on a more level playing field.

The Review suggests that the RBA should develop common access requirements for all payments systems in Australia, in consultation with the owners of those systems.

In addition, the Review envisages that the common access requirements should form part of the payments licence. For example, the common access requirements could be part of the licensing requirements for the higher tier of authorisations (for large PFS providers and large SVF providers) and made optional for the lower tier of authorisations (for small PFS providers and small SVF providers).

12. Align industry standards

To further complement the licensing framework, the Review recommends mandating compliance with core industry standards for all payments licensees. The Review considers that entities responsible for setting industry standards should be authorised by the RBA so that they are subject to appropriate levels of oversight and accountability. In addition, industry standards should align with broader payment policy objectives.

13. Better align regulator approaches and regulatory requirements

The Review considers that the approaches of payments regulators should be better aligned. In particular, the Review recommends closer coordination between AUSTRAC and other payments regulators.

The Review noted it was 'not within its terms of reference to recommend the consolidation of the AML/CTF policy functions into the Treasury portfolio', but there was merit in considering this as an option in the future. The Review also highlighted the known uncertainty around the definition of a 'designated remittance arrangement' and that this was leading to ambiguity with PSPs as to their AML/CTF obligations. This is not a new issue; the 2016 Statutory Review into the AML/CTF Act found that the definition was overly broad and should be narrowed, however the definitions have not yet been amended as a result of the Statutory Review. AUSTRAC has provided some guidance for entities that otherwise provide a designated service (ie where remittance is a secondary service to the entity's core business), but this provides little comfort to entities that are otherwise not reporting entities under the AML/CTF Act, which is often the case with PSPs or PFSs.

The Review suggests that the enhanced Treasury function should take steps to improve coordination between payment regulators and the alignment of payments regulatory requirements.

14. Educating consumers and businesses

(Consumers) The Review recommends that more comprehensive payments-related education should be provided to consumers, not only by the Government through regulators, but also by industry directly to consumers. For example, the Review noted that consumer education is critical in relation to new financial products such as buy-now pay-later (BNPL) arrangements and new and emerging digital currencies such as cryptocurrencies.

The Review considers that the refresh of the National Financial Capability Strategy provides an opportunity to ensure that consumers are well-equipped for future payment changes. In addition, consumer bodies should be equipped with an understanding of payments issues and the way they impact consumers.

(Businesses) The Review recommends increasing transparency and the awareness of businesses in relation to key payments issues such as merchant cost routing and merchant service fees, to ensure they understand their options and are empowered to make choices that best meet their needs. The Review suggests that industry and regulators coordinate the development of a business education programme in relation to payments.

15. Leverage the position of government as a large customer of the payments ecosystem to support broader objectives

The Review notes that governments are significant customers that rely on the payments ecosystem to administer tax and welfare systems, pay employees and procure goods and services. Changes in the way governments pay for goods and services can create network effects and drive change in the payments ecosystem.

The Review recommends that governments consider how to move more government payments to newer systems such as the NPP and accelerate the take-up of these new innovations by becoming early adopters.

Other points to note

In addition, the Review goes on to highlight some further challenges facing the payments ecosystem that are not canvassed in the recommendations noted above. These include:

  • the lack of regulation or standards imposed around the use of digital wallets (including in relation to the transaction data generated through use of the service), and the significant stronghold Big Tech players like Apple and Google have over these payment access methods;
  • whilst not currently high on the agenda of Australian policymakers, new forms of money such as cryptocurrencies, stablecoins and Central bank digital currencies are likely to become the next frontier in payments, and the regulatory landscape, as well as the underlying payments systems, need to be ready to adapt to these possibly inevitable new entrants; and
  • financial inclusion, particularly around de-banking, will continue to be a challenge for the broader economy until, in particular, more clarity is gained around the risk posed by certain payments ecosystem participants.