Regulation in a digital environment


Technological innovation is a major driver of efficiency in the financial system and can benefit consumers. Government and regulators need to balance these benefits against the risks, as they seek to manage the flexibility of regulatory frameworks and the regulatory perimeter. Government is also well-positioned to facilitate innovation through coordinated action, regulatory flexibility and forward-looking mechanisms.

Technology neutrality

Government and regulators face ongoing challenges from the need to apply existing regulatory frameworks to new participants and products in a rapidly changing environment.

Preliminary assessment

Some Federal and state-based legislation and regulations require (implicitly or explicitly) the use of certain forms of technology. For example, they may specify certain delivery mechanisms or products, or use terminology that assumes a paper-based environment. That is, they are not technology neutral. In other cases, new technologies put in doubt the operation of certain provisions of legislation or regulations. These circumstances can prevent the uptake of new technologies that could provide better outcomes for consumers, businesses and Government. They can also prevent Government and regulators from managing risks appropriately.

Submissions suggest Government should aim to enable transactions and business to be carried out digitally end-to-end: regulation should not make it more difficult and expensive to conduct business through purely digital channels. Submissions mainly focus on the need to update disclosure and consent requirements to reflect both changing consumer preferences and the emergence of new technologies.

Stakeholders identified various requirements, conceived in a paper-based era, that are not technology neutral and may restrict digital services. For example, at the Federal level, both Chapter 7 of the Corporations Act 2001 and the National Consumer Credit Protection Act 2009 set out requirements for Financial Services Guides as to what must be on the “cover” or “at or near the front of” the “document”.31 At the state level, the Victorian Transfer of Land Act 1958 enables use of an electronic lodgement network for e-conveyancing. However, it contains requirements for retaining physical documents to authenticate electronic instruments,32 as well as requirements such as signature authorisation of instruments in writing.33

Government has taken some steps to better enable digital services, with amendments set out in the Electronic Transactions Act 1999. The Australian Securities and Investments Commission (ASIC) has also facilitated online financial services disclosures through its relief powers, as described in Regulatory Guide 221.34 However, not all issues have been addressed. One submission highlights the Electronic Transactions Regulations 2000 themselves are unclear on the form of customer consent required before documents can be sent out electronically.35

Submissions also note that, where changes in technology create difficulties in interpreting provisions, firms are likely to take a conservative view to minimise regulatory compliance risks. Consequently, they may be reluctant to change and improve systems or processes.

Legislators and regulators cannot anticipate all the new products and delivery mechanisms technology might enable. For example, s12DL of the Australian Securities and Investments Commission Act 2001 prohibits credit card issuers from sending out unsolicited cards. This provision was initially developed in 1975 to address the growth in unsolicited credit cards at the time.36 However, since then, many new developments in payments have brought the application of s12DL into doubt. For instance, today providers do not have to send a physical card to provide unsolicited access to credit accounts — they can simply provide NFC stickers or leverage mobile phone technologies.

At the time s12DL was first drafted, these dramatic changes could not have been foreseen, making it impossible to design amendments to address likely developments. Therefore, where possible, future legislation and regulation should aim to be technology neutral. Sometimes, technology-specific requirements may be necessary; for example, the voluntary Electronic Funds Transfer Code of Conduct (EFT Code), now the ePayments Code, was developed to assist with consumer confidence and uptake of non-cash payments.37 However, these should be the exception rather than the norm.


In pursuing technology neutrality, Government needs to consider the text of legislation and regulation, as well as the approach of regulators. Technology neutrality in regulation can provide flexibility to adapt to the future and reduce the need for constant change. However, it can also result in ambiguity and interpretation difficulties. For example, the definitions of ‘financial product’ and ‘financial service’ under the Corporations Act 2001 are designed to be broad, technology neutral and applicable to different business models. Consequently, although the law applies widely, ASIC also regularly has to deal with questions of interpretation — and often issues regulatory exemptions for certain classes of products.

Amending existing regulation and legislation requires significant Government and regulatory resources, and aiming for technology neutrality can be challenging. Frameworks often contain unintentional biases, which are only identified in hindsight. Lengthy regulatory processes can also create uncertainty for industry during the transition period. Yet, lack of consultation or rushed processes increase the risk of unintended consequences. However, failing to act may mean consumers, businesses and Government lose the benefits of potential innovation and competition.

A number of submissions also highlight that, although enabling electronic service delivery might improve efficiency and outcomes for some consumers, it may also exclude others. For example, various community segments such as senior Australians38 or those on lower incomes may have more limited ability to access the internet.39 As a result, they may be excluded in an environment where electronic service delivery is the default. Some of these issues may diminish over time; nonetheless, access issues must be carefully considered and managed — particularly through any transition period.

Policy options for consultation

Existing regulation

Existing regulation and legislation should be reviewed to amend references that are not technology neutral. Regulatory settings should enable electronic service delivery to become the default; however, opt-out provisions are required to manage access needs for certain community segments.

For example, amendments could include removing references to specific forms of payment. They could include updates to consumer disclosure requirements and methods of consumer consent to accommodate electronic delivery, digital signatures or voice authentication. Where the text of legislation has been put in doubt by new technologies, it could also be updated to clarify interpretation.

Future regulation

In preparing for future developments, Government and regulators should take a technology-neutral approach to legislation and regulation. On an exceptions basis, technology-neutral frameworks may need to be supplemented with technology-specific regulation. For example, this might include situations where certain technologies introduce new risks requiring specific protections, such as the circumstances surrounding the introduction of the ePayments Code.40

When technology-specific regulation is required, regulators should seek to be technology neutral within that class of technologies where possible. For example, in dealing with non-cash payments, regulation should not seek to favour one form of non-cash payment, such as credit cards, over another, such as direct debit.

The Inquiry would value views on the costs, benefits and trade-offs of the following policy options or other alternatives:

  • No change to current arrangements.
  • Amend regulation that specifies using certain technologies with the aim of becoming technology neutral. Amendments should enable electronic service delivery to become the default; however, they should include opt-out provisions to manage access needs for segments of the community.
  • Adopt a principle of technology neutrality, for future regulation recognising the need for technology-specific regulation on an exceptions basis. Where technology-specific regulation is required, seek to be technology neutral within that class of technologies.

The Inquiry seeks further information on the following area:

  • What specific regulatory and legislative requirements should be prioritised for amendment in relation to technology neutrality?

Regulatory perimeter

Technological innovation has enabled firms outside the traditional financial sector to perform financial-type functions. Some of these firms may not be regulated at all or regulated in a different way to financial institutions. This raises challenges for the regulatory perimeter, in terms of whether certain risks are being addressed appropriately by firms and regulators. It also potentially raises level playing field issues, where firms may be performing similar functions but not being regulated equivalently. Developments in payments exemplify these issues.

Preliminary assessment

Advances in technology have reduced traditional barriers to market entry in payments, such as the need to construct a dedicated network. New entrants can leverage high levels of internet connectivity, penetration of smart devices and pre-existing networks to connect users to payments services more easily and cheaply than incumbents. The payment hub, being developed by eftpos Payments Australia Limited, and the New Payments Platform (NPP), an industry project being developed as a result of the Reserve Bank of Australia’s (RBA’s) strategic innovation review, may further reduce barriers to entry and drive competition.

Incumbents in the Australian payments industry are facing competitive challenges from new market entrants, such as PayPal, POLi, PayMate and Stripe. Closed-loop pre-paid systems operated by companies outside the financial sector, such as Apple, Skype and Starbucks, are holding growing amounts of customers’ funds. Apple has also recently signalled its interest in mobile payments more broadly and recently developed fingerprint biometric authentication for its phones.41

Advances in cryptography42 and computer processing power have facilitated the development of virtual or crypto-currencies.43 A number of submissions note the potential risks these technologies present to the financial system:

  • The safety of funds stored in them may be at risk in the case of system collapse or fraud, which may also occur in a third-party provider associated with the virtual currency. For example, in the recent collapse of the Mt Gox bitcoin exchange, 850,000 bitcoins worth approximately US$474 million were lost.44
  • The highly speculative nature of virtual currencies may create investor protection issues, as demonstrated by bitcoin’s fluctuating values in relation to real-world currencies.45
  • The pseudonymity of payments makes them attractive for money laundering and other illegal activities.
  • Their cross-jurisdictional nature means coverage under any particular legal jurisdiction is unclear. Currently, use of virtual currencies in Australia is minimal, but regulators are monitoring developments in this area.

Some submissions argue that firms performing similar functions should be regulated in the same way. This position is often made by large incumbent players concerned about the capacity of new players to operate around the edge of the regulatory perimeter. Failure to apply equivalent regulation may result in an uneven playing field and regulatory arbitrage. It may also incentivise those within the current regulatory perimeter to lower their own standards of compliance to compete. However, applying the full weight of prudential or conduct regulation to small players and new start-ups, regardless of the materiality of the risk they represent, may stifle valuable innovation unnecessarily.

Policy options for consultation

Whether new entrants should be brought within a regulatory perimeter depends on the nature and scale of the risk they present and who bears the risk. Government needs to strike a balance that allows the benefits of innovation to flow through the financial system, while maintaining stability.

The Regulatory architecture chapter contains broader discussion of options for the regulatory perimeter.

Facilitating innovation

Technological innovation has the potential to improve financial system efficiency. It is a powerful force for competition, driving the development of products that better meet consumer needs and improve access. Firms can harness technologies to improve risk management and other internal processes. Although innovation has many benefits, it may also bring risks. Government must manage these risks, while enabling the benefits of innovation to flow through the system.

Many technological developments adopted by financial institutions start life outside the sector. For example, while banking apps have proliferated in recent years, early apps were typically video games or basic functions such as calendars.46 In many ways, this pattern of taking up new, but tested, technologies benefits the sector: it lowers the risk of innovation, while taking advantage of its benefits.

Preliminary assessment

Coordinated action

Government can play a role in facilitating technological innovation where there is a need to overcome divergent commercial interests and competitive forces. This is particularly the case where network benefits are involved. Government can assist industry to agree on standards for interoperability or to cooperate on developing common infrastructure.

For example, the RBA has facilitated industry cooperation to develop a real-time payments system: the NPP. The RBA’s strategic review of innovation in the payments system concluded that market forces were not sufficient on their own to produce cooperative innovation.47 This became evident when previous industry-initiated projects, such as MAMBO (Me and My Bank Online) intended to enable a wider range of payments, were abandoned due to rising costs, ongoing delays and differing commercial interests of the major banks.48 The NPP will provide basic common infrastructure that industry can build on to provide innovative customer-facing services. The project is expected to be completed in late 2016.49

Submissions raise other areas where Government could play a similar facilitation role. For example, one submission suggests Government could help coordinate development of a central utility to streamline superannuation administrative processes.50 Others suggest Government could assist with streamlining processes for online identity authentication. This is discussed further in the Digital identity section.

Regulatory flexibility

Government and regulators face challenges from the expected pace of change in technological developments. By its nature, regulation lags market developments. Consequently, Government and regulators need effective mechanisms for monitoring emerging trends, a flexible approach, and the ability to adapt and design regulation in a changing environment.

Where new, technology-enabled business models, products and delivery mechanisms emerge, regulators need to consider whether and how to regulate such developments. They may also need to be flexible in how they apply existing frameworks. For example, to enable industry innovation and competition, ASIC has provided relief to operators of investor-direct portfolio services (IDPS) and IDPS-like schemes (known as ‘platforms’ or ‘wraps’) from the legal requirements for managed investment schemes.51 The Corporations and Markets Advisory Committee recently released a report into equity crowd funding recommending regulatory changes to facilitate and stimulate industry development.52

ASIC has recently been working with peer-to-peer (P2P) lenders to develop appropriate regulation. Entrants in the nascent Australian P2P lending market submit that regulation is valuable in ensuring the industry begins with and maintains high standards.53 Existing regulation is not seen as an inappropriate barrier to entry, but rather as a mechanism for ensuring new entrants are competent. Regulation is perceived as lifting industry standards and enabling operators “to compete based on providing better products and services to customers”.54 Submissions from P2P lenders voice support for the current regulatory regime, noting its importance for protecting customers and providing industry with guidance. In this way, regulation can help develop a well-managed, innovative industry.

ASIC has also recently adapted its market integrity rules to mitigate emerging risks related to technology-driven developments in financial markets, including high-frequency trading (HFT) and dark pools.55 In recent years, there has been significant growth in HFT and off-market trading facilities such as dark pools. Flexibility in ASIC’s regulatory framework and approach has enabled it to mitigate resulting market integrity or fairness concerns.56 However, the dynamism of financial markets means ASIC will need to continue monitoring developments closely and adapt as required.

Government can also facilitate innovation through implementing regulation. For example, the EFT Code (now the ePayments Code) played an important role in developing the electronic payments market.57 The ePayments Code protects consumers using electronic payment methods, such as ATMs, EFTPOS, debit and credit card transactions, including contactless transactions, online payments, internet banking and BPAY. By setting rules on allocating responsibility for losses, the Code boosted consumer confidence in electronic payments, leading to their mainstream adoption.

Forward-looking mechanisms

Submissions argue for Government to facilitate innovation through a variety of forward-looking mechanisms. Proposals include:

Setting up a strategic body to oversee technology policy and promote innovation in Australia’s financial system.

Various bodies, such as the Council of Financial Regulators (CFR) and the Financial Sector Advisory Council (FSAC), already monitor developments in the financial system. However, while CFR and FSAC consider the efficiency and effectiveness of regulation, they do not have particular mandates to consider innovation. The International integration chapter discusses these bodies further.

In the United Kingdom, the Financial Conduct Authority (FCA) has recently announced ‘Project Innovate’, an initiative to support industry innovation by smaller start-ups through to established firms with new models.58 The FCA’s policy unit is engaging with firms developing innovative approaches not explicitly covered by regulation, or for which application of regulation is ambiguous. Its intent is to support innovators in three ways: first, by providing firms with compliance advice on new models and products; second, by proactively seeking out areas of the framework that need adaptation for new technologies or broader trends; and third, by launching an ‘incubator’ to support innovative small financial businesses as they prepare for regulatory authorisation.

Developing a comprehensive Government strategy, in consultation with industry, to ensure the regulatory framework supports technological innovation, while managing risks.

Government already has various technology-related policies and strategies on issues such as e-Government and the digital economy,59 cloud computing60 and the uptake of mobile technologies.61 However, it does not have a single overarching technology strategy in place.

As a significant participant in the financial system, Government can influence the uptake of technology through decisions it makes for its own services. For example, adding the Australian Taxation Office (ATO) to the myGov site — a secure single sign-on site that allows users to access a range of Australian Government services — will double its 2 million registered members by mid-2014.62 This type of uptake would facilitate the shift to digital delivery of services becoming the default position for the broader Australian economy.

Submissions propose a comprehensive strategy driven from a financial services perspective. Stakeholders suggest such a strategy could consider issues including requirements for electronic disclosures, consumer protection, regulatory perimeter, maintaining a flexible principles-based framework, and updating and implementing the National Cyber Security Strategy.

Policy options for consultation

The Inquiry would value views on the costs, benefits and trade-offs of the following policy options or other alternatives:

  • Establish a central mechanism or body for monitoring and advising Government on technology and innovation. Consider, for example, a public–private sector collaborative body or changing the mandate of an existing body to include technology and innovation.
  • Establish a whole-of-Government technology strategy to enable innovation.

The Inquiry seeks further information on the following areas:

  • Are there specific areas in which Government or regulators need to facilitate innovation through regulation or coordinated action? For example, by facilitating the development of central utilities?
  • Are there ways to improve how regulators monitor or address emerging technological developments? For example, through adopting new technologies or mechanisms for industry intelligence gathering?

31 Refer, for example, to ss942A(1) and 942D(2) of the Corporations Act 2001.

32 Refer, for example, to s44B(2)(b) of the Transfer of Land Act 1958 (VIC).

33 Refer, for example, to s44C(b) of the Transfer of Land Act 1958 (VIC).

34 Australian Securities and Investments Commission (ASIC) 2010, Regulatory Guide 221: Facilitating online financial services disclosures, ASIC, December.

35 For example, the regulations refer to the debtor, mortgagor or guarantor providing ‘written consent’ to receiving communications electronically.

36 Australian Securities and Investments Commission (ASIC) 2014, First round submission to the Financial System Inquiry.

37 Australian Securities and Investments Commission (ASIC) 2011, 11-205MR ASIC releases new ePayments Code, media release 20 September, Sydney.

38 Research by the Australian Communications and Media Authority cited in Joint Select Committee on Cyber-Safety 2013, Cybersafety for Seniors: A Worthwhile Journey — Second Interim Report, Parliament of the Commonwealth of Australia, March, Canberra.

39 Australian Bureau of Statistics (ABS) 2014, Household Use of Information Technology, 2012–13, cat. no. 8146.0, ABS, Canberra.

40 Australian Securities and Investments Commission (ASIC) 2011, 11-205MR ASIC releases new ePayments Code, media release 20 September, Sydney.

41 Edwards, J 2014, ‘Apple Is Building Its Next Massive Business And No One Seems To Have Noticed’, Business Insider Australia, 23 February, viewed 10 April 2014.

42 Cryptography refers to techniques for securing communications from third-party access.

43 Elwell, C K, Murphy M M and Seitzinger, M V 2013, Bitcoin: Questions, Answers, and Analysis of Legal Issues, US Congressional Research Service, Washington, 20 December.

44 Hornyak, T and Kirk, J 2014, ‘10 things you need to know about Mt. Gox’s Bitcoin implosion’, PCWorld, 6 March.

45 Colombo, J 2013, ‘Bitcoin may be following this classic bubble stages chart’, Forbes, 19 December.

46 Clark, J F, ‘History of mobile applications’, Presentation for MAS 490: Theory and practice of mobile applications, University of Kentucky, viewed 16 June 2014.

47 Reserve Bank of Australia (RBA) 2012, Strategic Review of Innovation in the Payments System: Conclusions, RBA, Sydney.

48 Australian Associated Press 2011, ‘Banks axe BPAY identity project’, Sydney Morning Herald, 26 August.

49 Reserve Bank of Australia 2014, First round submission to the Financial System Inquiry.

50 Association of Superannuation Funds of Australia 2014, First round submission to the Financial System Inquiry.

51 Australian Securities and Investments Commission (ASIC) 2014, First round submission to the Financial System Inquiry.

52 Corporations and Markets Advisory Committee 2014, Crowd sourced equity funding — Report, Australian Government, Canberra.

53 See, for example, RateSetter Australia 2014, First round submission to the Financial System Inquiry.

54 SocietyOne 2014, First round submission to the Financial System Inquiry.

55 Australian Securities and Investments Commission (ASIC) 2013, 13-213MR ASIC makes rules on dark liquidity, high-frequency trading, media release 12 August, Sydney.

56 Australian Securities and Investments Commission (ASIC) 2013, Report 331: Dark Liquidity and High Frequency Trading, ASIC, Sydney; and Australian Securities and Investments Commission (ASIC) 2014, Report 394: Review of recent rule changes affecting dark liquidity, ASIC, Sydney.

57 Australian Securities and Investments Commission (ASIC) 2011, 11-205MR ASIC releases new ePayments Code, media release 20 September, Sydney.

58 Wheatley, M 2014, Making innovation work for firms and customers, address at Bloomberg, London by Chief Executive, Financial Conduct Authority, 19 May, London.

59 The Coalition’s Policy for E-Government and the Digital Economy 2013, September, Canberra, viewed 30 April 2014.

60 Department of Broadband, Communications and the Digital Economy (DBCDE) 2013, The National Cloud Computing Strategy, DBCDE, Canberra.

61 Australian Government Information Management Office 2013, Australian Public Service Mobile Roadmap: Adopting mobile technology across government, Department of Finance and Deregulation, Canberra.

62 National Commission of Audit 2014, Report of the National Commission of Audit, Australian Government, Canberra.