How is fintech regulated and have we got it right?

One of the big questions yet to be answered when it comes to fintech is: how do we effectively regulate the industry?

Normally, banks, credit unions or any other company that lends money comes under Responsible Lending regulations, and any institution that accept deposits need to be on the government’s list of Authorised Deposit-taking Institutions (ADIs). But fintech is all about innovative solutions and new ideas - which makes regulating it without stifling it a tricky thing to do.

Here’s how a couple of the big regulatory players in the market are dealing with fintech at the moment:

Australian Securities and Investment Commission (ASIC)

AISC is responsible for not only helping fintech companies to work out which licences and regulations apply to them through its Innovations Hub , but also for making sure consumers and investors are protected when dealing with these fintechs.

ASIC has a fintech “regulatory sandbox”, which is designed to help fintechs maintain their flexibility to test new products and services for up to 12 months without an Australian financial services or credit licence. There are even plans to bump this up to 24 months, and expand what can be tested under this exemption.

Eventually, if a fintech wants to keep operating in financial services, it needs to meet the same licensing requirements as any other company and get a full licence.

Australian Prudential Regulation Authority (APRA)

Many fintechs won’t fall directly under APRA’s regulations, but they will often work with other institutions which do, like banks.

At the moment, APRA is hashing out its own approach to fintech regulation in collaboration with a number of fintech industry players. What they’ve come up with to date is a framework for a phased approach to licencing ADIs, which gives fintechs (and other small financial institutions) the chance to enter the regulatory framework under a Restricted ADI licence. This puts them on the path to become a fully regulated ADI, much like any other bank, without the limitations of a full licence.

What that means for you

Regulations around fintech are relatively flexible to allow for innovation. So what does that all mean for you when you download a mobile wallet app, or sign up for a loan with a neo-lender?

Many established fintechs either have their own financial licences, or their parent companies do. Others choose to partner with licensed financial providers to take care of that part of their business.

If you’re signing up to a newer service, it may be working under a restricted license. But don’t panic - to qualify for these restricted licences, fintechs still need to meet certain security standards designed to keep users safe.

What you can do to keep your banking safe

  • Check out a fintech’s credentials before signing up. Some fintechs, particularly those that lend money or invest your savings, will likely have an AFSL or credit licence. Even if they don’t have their own licence, many fintechs are associated with companies who do, or have a parent company which you can check out. By seeing who a fintech has partnered with or is owned by, you can get an idea of how well-regulated they may be.
  • Look at the security measures. Even without a license, fintech companies should take your security seriously and have a number of measures in place to make sure your data and money is kept safe. So make sure you check not only what technology or systems a service uses, but also how seriously their approach to security is - you want to know you’re in safe hands.
  • Use secure passwords. If you manage any of your financial set up online - even if it’s just checking your bank balance online - you should make sure you’re using secure passwords. Using passwords with a combination of numbers, lowercase and capital letters can help keep your information safe. And try not to go for obvious combinations - like a birthday or anniversary.
  • Understand what you’re signing up for. We know, we know, no one reads the terms and conditions. But it’s a good idea to do your research and know exactly what your rights and obligations are before signing up to a new app or service - especially when you’re being asked to share your bank details or other personal information.
  • Keep track of who knows what. It also pays to keep careful track of which fintech services have access to what information, so that if something ever does go wrong, you’ll be able to track down the problem a little easier. And if you stop using a service, make sure your old account is deleted and any banking details you’ve provided are no longer accessible.

Want to read more about fintech in Australia? Head over to our fintech hub for more handy articles and information.


Mozo provides general product information. We don't consider your personal objectives, financial situation or needs and we aren't recommending any specific product to you. You should make your own decision after reading the PDS or offer documentation, or seeking independent advice.

While we pride ourselves on covering a wide range of products, we don't cover every product in the market. If you decide to apply for a product through our website, you will be dealing directly with the provider of that product and not with Mozo.