Treasury's payments modernisation reforms: what payment service providers must do now

What legal and risk professionals need to know

What you need to know

• Treasury released the full package of Tranche 1 draft legislation in March 2026 for consultation. If passed, these will usher the most significant overhaul of Australia’s payment system regulation in over two decades.
• The reforms propose to replace the existing fragmented and product-based framework with a cohesive, activity-based regime that brings a substantially wider range of payment service providers (PSPs) under the Australian financial services licensing (AFSL) framework.
• In addition, prudential obligations will apply to PSPs which are stored value facilities (SVF) and hold over AUD 200 million, and designated payment facilitation service providers.
• Some entities that currently operate outside the AFSL regime will be brought in - in particular, merchant acquirers, remitters, pre-paid card operators, payment facilitators, e-commerce providers, and POS technology providers will likely need to either obtain an AFSL with appropriate authorisations, or restructure their arrangements to rely on exemptions, operate under the licence of an existing AFSL holder as an authorised representative, or change their business model. Similarly, PSPs that rely on exemptions from licensing should assess whether they could continue to do so, as not all exemptions will remain; in particular, telcos, e-tag providers, energy companies, operators of loyalty schemes and retailers should pay close attention.
• The reforms are expected to commence 12 months after Royal Assent, with implementation likely in 2027, subject to transitional arrangements. Given the breadth of the changes, entities that delay scoping work risk being unable to secure necessary licences or exemptions before the regime takes effect. Affected entities should monitor these developments closely, as the proposals remain subject to consultation, details may be settled during the parliamentary process and, once passed, supporting regulations and other instruments from regulators will be drafted.
  
   

What is changing?

Shift to activity-based regulatory framework

The current framework for regulating payments will be repealed and replaced with a modernised, technology neutral, activity-based regime focused on what entities do. This contrasts with our current framework which is built around the non-cash payment facility financial product in the Corporations Act 2001 (Cth) and purchased payment facilities in the Payment Systems (Regulation) Act 1998 (Cth).

The reforms introduce new types of financial products - SVFs, tokenised SVFs, and payment instruments - and three new categories of financial services - payment initiation, facilitation, and technology/enablement services. The key regulatory question shifts from whether an entity provides services in relation to a particular type of product to whether it performs one of the following regulated payment functions:¹

In short, any entity that touches a payment flow in a meaningful way should consider how it might be in-scope, regardless of whether it has traditionally been considered a financial services provider.

AFS licensing and registration with APRA

Many PSPs that are currently unlicensed or that operate as authorised representatives would need to obtain an AFSL. These entities will be supervised by ASIC and will need to comply with all relevant obligations. The regulatory burden for smaller or lower-risk entities can be managed by relying on an authorised representative. However, this carries its own compliance obligations and limitations, including reliance on the licensee's compliance framework and potential restrictions on the scope of authorised activities.

In addition, SVF providers who hold more than the proposed minimum amount of AUD 200 million,² and designated payment facilitation service providers, must register with APRA under a new prudential framework . Unlike the current PPF framework this will not be a form of ADI. Mid-tier SVF providers and growing payment platforms will need to continually assess whether they fall within APRA's supervisory perimeter.

Regulatory coordination and enforcement

The reforms clarify the respective roles of ASIC (as conduct regulator and licensor), APRA (as prudential regulator for designated payment facilitation service providers and major SVF providers), and the RBA (retaining its oversight of the payments system and designation powers under the PSRA). From an enforcement perspective, ASIC will have the power to take action against unlicensed entities and those in breach of their licence conditions, including through civil penalties, enforceable undertakings, and licence suspension or cancellation. The tripartite model places a premium on effective regulatory coordination, and entities subject to dual or triple oversight (e.g., by both ASIC and APRA, ASIC and the RBA, or ASIC, APRA and the RBA) should anticipate the need for robust internal governance and reporting frameworks.

New obligations for holding value in stored-value facilities

Providers of SVFs will be subject to specific obligations, including:

• safeguarding of customer funds, designed to address the risk that customer money may be lost if a provider becomes insolvent;
• framework for unclaimed money;
• restrictions on paying interest on stored value balances; and
• ongoing disclosure obligations for tokenised SVF providers.

Consumer protections – ePayments Code

The voluntary ePayments Code will be replaced by a mandatory code by Ministerial legislative instrument. A code may cover ADIs, APRA regulated PSPs, any participant in a payment system under the PSRA, or any entity acting on their behalf. A code could cover some entities who are not otherwise regulated, if the proposal is enacted without change.

An ePayments Code could include provisions relating to unauthorised transactions, terms and conditions on which services are offered, external dispute resolution, error resolution, and disclosure requirements. This is intended to ensure a baseline level of consumer protection applies across the same class of PSP rather than only those who voluntarily subscribe to the ePayments Code.

Who is captured?

The reforms adopt a broad, activities-based approach, meaning that many entities performing a regulated payment function will be captured. See above for a high level view of who is captured.

The draft legislation and regulations contemplate retaining many existing exemptions. Key exemptions and exclusions include intra-group arrangements, low-value SVF which hold less than $10 million and no more than $1,000 per person, loyalty schemes, gift facilities and prepaid mobile facilities.

This differs from earlier proposals which considered replacing many of these with a 'limited-purpose' exemption. However, the precise scope of these carve-outs remains subject to consultation.

Entities should assess whether any of their activities fall within an exemption before assuming they are in or out of scope.

What should I do now?

Although the reforms are still subject to consultation, the core architecture of the new regime is settled. Waiting for full regulatory certainty before acting would be a significant strategic risk. Any entity that touches a payment flow in a meaningful way should take proactive steps to understand the potential impact of the reforms on their business:

• Impact assessment – Conduct a detailed assessment of whether your entity's payment products and services fall within the scope of the reforms. Consider whether any exemptions or exclusions may apply, and assess the impact across licensing, prudential, conduct, and consumer protection obligations.
• Licensing strategy – If your activities will require a new or varied AFSL, or APRA registration, develop a strategy early. AFSL application processes are resource-intensive and can take considerable time; beginning now will be critical to meeting the expected 2027 commencement date. This should include an assessment of the licensing process and expected timeline, the operational and risk uplift required (including governance, compliance, and reporting frameworks), and whether the authorised representative pathway may be a viable alternative to direct licensing.
• Compliance framework review – Review existing compliance programmes to identify gaps against the new obligations, particularly in areas of consumer protection, fund safeguarding, disclosure, and data handling. Consider how the new payment-specific obligations interact with your existing obligations under the Australian Consumer Law, the Privacy Act, and the Consumer Data Right regime.
• Transitional planning – Monitor the progress of the legislation through Parliament and the development of supporting regulations, particularly the transitional arrangements, grandfathering provisions, and any exemptions that may be available. The fact that these settings are still being determined is itself a reason to act now; early engagement with industry bodies and regulators will be important both to influence outcomes and prepare for these to ensure readiness once final settings are confirmed.
• Cross-border assessment – For entities with cross-border payment operations or that provide services into Australia from overseas, assess the potential extra-territorial reach of the reforms and whether an AFSL or authorised representative arrangement will be required.

Want to know more?

• Modernising Australia's payments laws - Consultation on key definitions which will modernise Australia's payments laws commences – Tranche 1A released, lots more to come (22 October 2025)