Questions and Answers about the regulation of AusPayNet’s services
AusPayNet is a member organisation and the self-regulatory body for the payments industry. We manage and develop regulations, procedures and standards governing various payments clearing and settlement systems in Australia.
AusPayNet does not own nor operate the underlying infrastructure or rails used in the movement of funds across various clearing systems. Rather, we administer the rules that apply to framework participants when they use the various “rails” and associated infrastructure to conduct transactions with other framework participants.
Australian Securities & Investments Commission (ASIC), Reserve Bank of Australia (RBA) and the Department of Home Affairs
Is AusPayNet classified as Financial Markets Infrastructure (FMI)?
No. FMIs include financial market operators, clearing and settlement facilities and derivative trade repositories and benchmark administrators. AusPayNet does not provide these services. More information on FMIs can be found on ASIC’s and the RBA’s websites respectively.
Are the frameworks administered by AusPayNet Critical Infrastructure Assets within the meaning of the Security of Critical Infrastructure Act 2018 (Cth) (SOCI)
No. AusPayNet develops and maintains enforceable framework regulations, procedures and standards governing our Framework Participants’ domestic exchanges (and in some cases clearing and settlement) in relation to the following payments: cheques (APCS), direct entry (BECS), cards (IAC), high value (HVCS) and cash (ACDES), together with the COIN infrastructure. None of these frameworks are critical infrastructure assets within the meaning of the SOCI Act.
AusPayNet does not own nor operate the underlying infrastructure or payment system scheme (including any payment system prescribed by SOCI as critical financial market infrastructure assets) across which our members move funds or execute transactions.
Is AusPayNet regulated by ASIC, RBA or the Department of Home Affairs?
The RBA is responsible for the regulation of payments in Australia. The RBA does not regulate AusPayNet directly, but it has designated some payment systems which operate under the frameworks administered by AusPayNet. Also, the RBA has declared the BECS framework as a prominent payment system and is monitoring the wind down of the BECS framework in that capacity.
AusPayNet is not licensed by ASIC (but it is subject to ASIC’s normal regulatory oversight from a corporate governance perspective).
AusPayNet is not regulated by the Department of Home Affairs.
Australian Transaction Reports and Analysis Centre (AUSTRAC)
Is AusPayNet subject to Anti Money Laundering (AML) and/or Counter Terrorism Finance (CTF) supervision and regulation?
No. AusPayNet does not provide a designated service within the meaning of the AML/CTF Act 2006. We are therefore not an entity which is subject to supervision or regulation by AUSTRAC.
More information on AML/CTF designated services and reporting entities can be found on AUSTRAC’s website.
Cybersecurity and Privacy
What data and cyber security standards does AusPayNet adopt?
AusPayNet does not collect any information relating to individual financial transactions that occur under the frameworks it administers.
AusPayNet collects some confidential and/or personal information of members and their individual representatives (in relation to their capacity as members, eg contact details). In recognition of this, AusPayNet takes both cyber security and data privacy seriously.
AusPayNet follows the National Institute of Standards and Technology Cyber-Security Framework (NIST CSF) for its cyber security controls. To assist in managing data privacy, AusPayNet adopts various practices including technological and physical measures. A copy of our privacy policy is available on our website.
APRA Prudential Standard CPS230 (Operational Risk Management) (CPS230)
Is AusPayNet an APRA Regulated entity?
AusPayNet is not regulated by APRA.
Is AusPayNet a vendor or supplier for the purposes of compliance with APRA standards?
AusPayNet is a member organisation. Members comply with framework regulations and procedures which are administered by AusPayNet but have been agreed upon by the members themselves (as a form of self-regulation). In that capacity, we are not a third-party supplier or a vendor of services to any of our members.
Is AusPayNet a service provider for the purposes of CPS230?
The services AusPayNet provides to our members are likely to be classified as “services” for the purposes of CPS230, but these are not classified as “material services”. Therefore, AusPayNet is not a material service provider for the purposes of CPS230 – See below for further information.
Is AusPayNet a “material service provider” or relied on for a “material arrangement” for the purposes of CPS230?
No. As a member organisation, AusPayNet is the administrator of the rules for various frameworks. However, AusPayNet is not responsible for operationalising those rules. Rather, each member separately decides how to implement these various rules as they pertain to the specific payment services which each member provides. Given that the services provided by AusPayNet are removed from operational matters and are not of a nature that an APRA regulated entity must rely upon to undertake a critical operation, AusPayNet is not classified as a “material service provider” for the purposes of CPS230.
Further, AusPayNet does not operate the underlying infrastructure relied upon to make payments. We do not initiate, clear, settle, oversee or otherwise have involvement in payment transactions conducted by members.
How does AusPayNet support APRA regulated members with their obligations under APRA’s CPS230?
AusPayNet maintains systems and processes to facilitate members’ communication with each other during any major disruption to payments clearing or settlement system(s). It also enables members to react quickly to disruptions and mitigate adverse impact on payments clearing and settlement.
Australian Consumer and Competition Commission (ACCC)
Is AusPayNet regulated by the ACCC?
AusPayNet is established to create confidence in payments including by setting enforceable industry standards for a safe, reliable and effective payments system; leading transformation in payments to drive efficiency, innovation and choice; and being the home for ecosystem collaboration and strategic insight.
To achieve these corporate objectives and as the industry self-regulator, we manage the inherent risks which arise under the Competition and Consumer Act 2010 (Cth) (CCA) through various measures including competition protocols to support our member’s communications and interactions with one another and seeking authorisation from the ACCC when considered appropriate.
