Preparing for payments licensing reforms: A practical checklist for payment service providers (PSPs) and fintechs
The Australian Government is modernising the regulatory frameworks for payment service providers (PSPs). These updates have the potential to reshape licensing, consumer protections, money‑handling, and prudential oversight across the payments value chain.
Two key reforms underpin the shift in how payments are regulated in Australia. The first is the modernisation of the Payment Systems (Regulation) Act 1998 (PSRA), which commenced on 19 December 2025. The second is Treasury’s Tranche 1 draft legislation (released for feedback), which proposes a function-based licensing framework for payment service providers, along with a proposal to make the ePayments Code mandatory.
For fintechs operating in the payments space, the impact may be considerable. While some will benefit from regulatory clarity and fairer competition, many PSPs will face higher compliance costs and licensing hurdles, so early preparation is key.
What changes are already in place?
In late 2025, Parliament passed legislation modernising the Payment Systems (Regulation) Act 1998. The changes expand the Reserve Bank of Australia’s regulatory reach to better reflect how payments now operate in practice. Digital wallets, buy now pay later (BNPL) arrangements, and payments involving stablecoins are captured within the expanded definitions of potential regulation.
Regulators have also been given stronger enforcement tools, including civil penalties and enforceable undertakings, alongside a new power for the Treasurer to designate payment systems that are considered to be of national significance.
What changes are proposed for the future?
Building on changes to the Payment Systems (Regulation) Act 1998, the Government has released draft legislation proposing a new licensing framework for payment service providers.
At the centre of the proposal is a move away from outdated concepts such as ‘non-cash payment facilities,’ towards a function-based approach. Under this model, regulation is triggered by what a business does, rather than how it describes itself.
The draft framework captures a broad range of payment functions, including:
- Stored‑value facilities (SVFs), such as digital wallets and prepaid accounts
- Payment initiation and facilitation services
- Payment instruments and payment enablement technology
- Tokenised SVFs (payment stablecoins).
Many providers performing these functions are expected to require an Australian Financial Services Licence (AFSL), subject to exemptions or exclusions and final legislation, bringing them into the financial services' regulatory regime.
The impact on fintechs
For many fintechs, the practical impact will be felt in their operating models rather than in the products they offer to market.
Licensed PSPs would be expected to meet familiar financial services obligations similar to other AFSL holders, including robust governance arrangements, effective risk management, dispute resolution processes, and compliance with consumer protection standards. In addition, the Government intends to make the ePayments Code mandatory, lifting the baseline for consumer protections across the payments ecosystem.
These changes reflect a broader objective to ensure consumers receive consistent protections regardless of whether they are dealing with a bank, a large technology platform or a fast‑growing fintech.
Specific impacts on stored value and wallet providers
Fintechs that hold customer funds, even temporarily, will face the most significant operational change under the draft reforms.
The proposed framework introduces explicit safeguarding requirements for payment‑related money, including segregation of funds and stronger controls around reconciliation and reporting, within a graduated, risk-based regulatory approach.
- Lower value SVFs (including limited purpose wallets, low value prepaid or gift card program and early-stage fintech products) are expected to fall within the AFSL based licensing framework, unless a specific exemption applies.
- ‘Major’ SVFs are explicitly defined in the draft legislation as providers with total credit across all stored-value facilities meeting or exceeding $200million, calculated on a group aggregate basis. Once this threshold is reached, providers remain non-banks but must register with APRA, which is empowered to impose prudential standards relating to capital and liquidity, governance, risk management, and operational resilience.
A practical readiness checklist for payment service providers and fintech leaders
Australia’s payments reforms may still evolve, but the direction of travel is clear towards greater regulatory clarity, stronger safeguards for customer funds, and higher expectations around governance and consumer protection.
The following checklist is designed to help leaders take practical steps now to strengthen their position in an increasingly regulated environment. While the detail and timing of the proposed reforms may evolve, the practical list below reflects enduring expectations for payment service providers and fintechs operating in Australia’s payments ecosystem.
| CHECKlist | |
|---|---|
| Map your activities to the proposed payment functions | |
Consider your AFSL coverage:
|
|
| Implement client‑money safeguarding arrangements for payment‑related money | |
| Assess potential APRA impact if you operate or scale an SVF | |
| Prepare for a proposed mandatory ePayments Code by reviewing your existing consumer‑protection framework to uplift policies, systems, and customer communications | |
| Identify and reassess any exemptions or exclusions relied upon and assess how Treasury’s draft regulations may narrow, amend, or repeal their application | |
| Review disclosure and reporting readiness for SVFs and tokenised SVFs | |
| Develop an internal transition plan and implementation roadmap. Anchor planning milestones to the Tranche 1 consultation materials and build flexibility to adjust as timelines and details are finalised | |
| Confirm whether your organisation, key partners or payment rails fall within the expanded scope of the Payment Systems (Regulation) Act 1998, as amended in 2025, including digital wallets, BNPL-related payment arrangements and payments involving stablecoins | |
| Monitor Tranche 2 developments and RBA consultations and respond proactively to emerging access or technical‑standards obligations |
How BDO can help
As payments regulation continues to evolve, payment service providers and fintechs need advice that is practical, proportionate, and grounded in how payments businesses operate in practice.
BDO works with financial services organisations across the payments and fintech ecosystem to support risk management, governance, and assurance readiness, helping leaders navigate regulatory change with confidence. Our focus is on strengthening safeguarding, controls, and operating models in a way that scales with the business and supports sustainable growth.
If you need support with this evolving legislation, contact our financial services experts today.
