Financial Services Regulation 2025 Comparisons

The financial services framework in Australia is built on the Corporations Act 2001 (Cth), which governs licensing, conduct, disclosure, and market integrity for all financial services providers. It establishes obligations for dealing, advising, and operating financial markets, as well as for managed investment schemes, custodians, and individual financial products.

There are two key financial services regulators in Australia under its “twin peaks” model: (i) The Australian Securities and Investments Commission (ASIC), which deals with conduct; and (ii) The Australian Prudential Regulation Authority (APRA), which deals with prudential stability. The Australian Securities and Investments Commission Act 2001 (Cth) defines ASIC’s powers to regulate consumer protection and enforce fair trading in financial services, as does the Australian Prudential Regulation Authority Act 1998 (Cth) for APRA. They publish significant amounts of guidance which has the effect of law for regulated entities.

Complementary laws include the National Consumer Credit Protection (NCCP) Act 2009 (Cth) for retail credit providers, and specific legislation depending on the sectors – eg, banking, superannuation, insurance, etc. Examples include the Australian Insurance Act 1973, which sets capital and solvency requirements for insurers, and the Insurance Contracts Act 1984, which regulates most insurance contracts in Australia.

Other specific legislation also applies across multiple financial services firms. The Financial Accountability Regime Act 2023 (Cth) introduced a single accountability regime for all APRA-regulated entities, including banks, insurers and superannuation trustees, requiring clear governance and reporting responsibilities. The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) continues to underpin AML/CTF compliance, with Tranche 2 reforms extending its scope to lawyers, accountants and real estate agents (and modifying the existing regime in key ways). Unlike other markets, it has a separate regulator from ASIC/APRA in the Australian Transaction Reports and Analysis Centre (AUSTRAC), as well as separate licensing regimes.

Significant reforms are currently being advanced within Australian financial services, including under the Treasury Laws Amendment Bill 2025 (Digital Assets and Tokenised Custody Platforms) and the Payment System Modernisation Bill 2025. These measures will expand the Corporations Act to include new categories of regulated activities, such as digital asset platforms, tokenised custody arrangements, stablecoin issuance and payment services.

Australia regulates a broad spectrum of financial products and services, like the UK and US. The Corporations Act covers financial products including securities, derivatives, managed investment schemes, life insurance, general insurance and superannuation interests. Services regulated under the Act are generally considered “from the product up”, and include dealing, advising, providing custodial or depository services, making markets, and operating financial markets or clearing and settlement facilities.

Under forthcoming Treasury reforms, the regulatory framework will extend to digital and tokenised products, as well as payment functions such as stored value facilities, digital wallets, and cross-border transfer services. The Payment System Modernisation Bill 2025 defines new categories of regulated payment functions, including payment initiation, clearing, settlement and digital wallet provision. The framework also extends to financial advice and credit activities under the National Consumer Credit Protection Act, which applies to lenders, mortgage brokers, lessors, and debt management firms.

Large entities such as banks, insurers, superannuation/pension funds and major stablecoin issuers will be subject to APRA and ASIC licensing. Anyone engaged with a financial product (eg, advising, dealing, etc, which is defined broadly) will generally need a licence from ASIC. AML/CTF licences usually apply to these entities, and others (eg, commodities dealers). 

Australia has fewer exemptions than those which exist in other jurisdictions, such as reverse solicitation in the EU. It has adopted a broad approach to the timing of implementation of its financial services regulatory framework under ASIC RG 121.

Common exemptions from financial services licensing obligations include the wholesale client exemption, which removes the need for retail-level disclosure and conduct obligations when dealing with professional or institutional investors (but still requires a licence). Many firms rely on authorised representative arrangements, which allow them to provide services under another entity’s Australian Financial Services Licence (AFSL), subject to certain limitations (eg, around product issuance).

The incidental advice exemption permits professionals such as accountants, lawyers or engineers to provide limited financial advice when it is integral to their main service. Foreign financial service providers benefit from a tailored relief framework, enabling wholesale-only services to Australian clients without full domestic licensing.

ASIC also grants specific relief through legislative instruments, particularly for innovation and limited testing. However, ASIC expects all entities relying on relief to demonstrate sound governance, record-keeping and customer safeguards.

Crypto-assets are transitioning from partial regulation to a comprehensive national framework. At present, ASIC regulates crypto-assets that fall within the definition of a financial product, such as those structured as derivatives, managed investment schemes, or tokenised stored value facilities. ASIC’s Information Sheet 225 provides guidance on when crypto-asset activities trigger licensing or disclosure obligations.

The Digital Assets and Tokenised Custody Platforms Bill 2025 introduces two new classes of regulated activities: Digital Asset Platforms (DAPs) and Tokenised Custody Platforms (TCPs). DAPs will require licensing where they hold, control or facilitate trading in digital assets for Australian clients, while TCPs will be regulated when providing custody, wallet or redemption services linked to tokenised instruments. Stablecoins are dealt with separately, as “Tokenised Stored Value Facilities” under the Treasury Laws Amendment Bill 2025: Payments System Modernisation legislation. Given their global nature, crypto exchanges, issuers and funds need to carefully understand the local frameworks, as they differ from comparable jurisdictions – eg, the EU’s MiCA – and will be triggered, for example, when an overseas stablecoin issuer permits redemptions offshore to Australians.

ASIC is the primary conduct and consumer protection regulator for financial services. It supervises financial markets, enforces the Corporations Act and National Consumer Credit Protection Act, and issues Australian Financial Services Licences (AFSLs). ASIC’s focus areas include disclosure, product governance, crypto-asset offerings, ESG integrity, and financial advice standards.

APRA oversees the prudential regulation of banks, insurers, and superannuation trustees. It sets and enforces prudential standards on capital, governance, outsourcing, risk management and operational resilience.

The Reserve Bank of Australia is responsible for monetary policy and payment systems oversight under the Payment Systems (Regulation) Act 1998 (Cth). It ensures stability and efficiency in clearing and settlement systems and plays a leading role in CBDC research.

The Australian Competition and Consumer Commission (ACCC) enforces competition law and consumer data access under the Consumer Data Right (CDR), which covers the banking, energy and non-bank lending sectors. AUSTRAC oversees Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) compliance for reporting entities.

The Australian Transaction Reports and Analysis Centre, or AUSTRAC, enforces AML/CTF legislation across the financial services sector, and is responsible for ensuring that AML/CTF obligations are adhered to and that participants are acting within the boundaries of their AML/CTF licences.

The Council of Financial Regulators coordinates cross-agency policy on systemic issues, digital assets and payments modernisation.

ASIC issues Regulatory Guides, Consultation Papers and Information Sheets that interpret legislative obligations and set compliance expectations. Key documents include RG 146 on financial advice training, RG 78 on breach reporting, RG 166 on financial requirements, RG 271 on internal dispute resolution, RG 274 on product design and distribution, and INFO 225 on crypto-asset regulation. Financial services regulatory advisers are expected to know them verbatim in Australia.

ASIC also publishes reports following thematic reviews, such as REP 814 on investment fund disclosure and REP 770 on how issuers of retail OTC derivatives are meeting their obligations. Consultation Paper CP 381 addresses proposed clarifications to guidance on crypto-assets.

APRA’s prudential standards (APS, CPS, SPS) and practice guides (CPG) are the core soft-law instruments governing capital, governance, outsourcing and risk management. CPS 230 on operational risk management, which took effect in July 2025, will materially increase expectations for service continuity and board accountability.

AUSTRAC provides AML/CTF Rules, typologies and guidance notes. The Treasury publishes exposure drafts and explanatory memoranda for proposed reforms, such as the Payments System Modernisation and Digital Assets Bills. In practice, firms are expected to cross-reference all relevant soft-law materials when designing compliance frameworks.

Australia has already implemented most elements of the Basel III framework through APRA’s capital adequacy standards. In this regard, APRA has conducted several consultations on proportionality, particularly for smaller authorised deposit-taking institutions. Implementation involves recalibrating risk weights, introducing output floors to limit variability in model-based capital outcomes, and enhancing disclosures.

APRA has also consulted on the prudential treatment of tokenised assets and digital exposures, aligning with Basel Committee guidance on crypto-asset risk weightings. Practical challenges include ensuring data quality, integrating stress testing across digital and traditional assets, and aligning accounting and prudential definitions of capital.

Australia has not yet transitioned to a T+1 settlement cycle. Both the ASX and Cboe Australia exchanges have announced their intention to move to T+1 settlement, aligning with global practice following the US adoption of T+1 in 2024.

The Council of Financial Regulators is coordinating readiness among clearing houses, custodians, and intermediaries. ASIC has advised that market participants should begin operational reviews now, particularly in relation to pre-settlement funding, reconciliation processes and cross-border trade coordination.

Transition to T+1 is expected to reduce counterparty risk, but will require substantial investment in technology, automation and liquidity management by market participants.

Australia has incorporated ESG oversight through disclosure and governance frameworks. ASIC’s Information Sheet 271 sets expectations for sustainability-related claims, requiring that they be accurate, verifiable and aligned with investment objectives. ASIC has taken several enforcement actions against fund managers and superannuation trustees for misleading ESG representations.

APRA’s CPG 229 (and, arguably, CPS 511) on climate risk management require boards to consider climate-related financial risks as part of overall risk frameworks. The Treasury has released draft legislation for mandatory climate-related financial disclosures, based on the IFRS’ ISSB standards, to commence from the 2026 financial year for large entities and progressively extend to others.

From a practical perspective, entities must ensure that investment mandates, marketing materials and compliance reporting are internally consistent. ASIC expects documentation to show that ESG considerations are embedded in governance and decision-making, not merely reflected in marketing language.

Regulators acknowledge AI’s potential while focusing on governance and consumer outcomes. ASIC’s Corporate Plan 2024–2028 identifies AI as a strategic priority.

It expects firms using AI in advice, trading, underwriting or risk assessment to ensure explainability, oversight and model governance within existing conduct rules. ASIC’s view is that existing obligations under the Corporations Act, including those on fairness and efficiency, already cover algorithmic decision-making.

Practical concerns include model bias, data quality, privacy, and the risk of opaque or unexplainable outcomes. In addition, AI-generated specialist legal advice is largely not fit for purpose given the complexity of the financial services regulatory regime. Financial institutions are implementing AI governance policies aligned with APRA’s CPS 230 and CPS 220 to manage operational and reputational risks

Regulators maintain a constructive attitude toward fintech innovation while prioritising consumer protection and systemic stability. ASIC’s Innovation Hub assists start-ups in understanding licensing requirements and offers a regulatory sandbox that allows limited testing of financial services without an AFSL for up to 24 months, subject to strict thresholds.

The Treasury’s recent reforms support payments modernisation, data portability and digital identity initiatives. The RBA continues to explore a wholesale central bank digital currency, and other use cases – eg, tokenised bonds and stablecoins – following its pilot with the Digital Finance Cooperative Research Centre. The project identified potential use cases in atomic settlement, programmable payments and tokenised government securities.

In practice, fintechs must manage concurrent obligations across ASIC, APRA, AUSTRAC and ACCC regimes, including data security, AML/CTF compliance, and consumer protection. The regulatory sandbox does not exempt entities from privacy, AML or responsible lending laws, and ASIC expects participants to have exit plans and client restitution mechanisms.

ASIC and APRA require firms to identify and support vulnerable customers. Regulatory Guide 271 on internal dispute resolution sets out minimum standards for fair and accessible complaint handling. There are also specific rules relating to financial hardship under the National Consumer Credit Protection Act. ASIC’s supervision of hardship and collections practices has intensified following concerns about cost-of-living stress.

The Australian Banking Association’s Code of Practice imposes obligations to provide additional support to customers facing vulnerability due to illness, financial abuse, age, disability or language barriers. ASIC’s Consumer Insights Strategy promotes product design that accommodates different consumer capabilities and ensures fair treatment.

From a governance perspective, boards are expected to oversee customer outcomes and monitor data on hardship requests, arrears and complaint resolution as part of their product governance frameworks. Breaches can lead to enforceable undertakings or licence conditions requiring remediation programmes under RG 277.

The shadow banking sector, including non-bank lenders and private credit funds, has grown significantly in Australia. The Council of Financial Regulators monitors this sector for potential systemic risks. APRA has proposed expanded data collection on non-Authorised Deposit-Taking Institution (ADI) lenders, warehouse facilities and securitisation trusts to improve visibility of leverage and liquidity.

Shadow banking entities are not prudentially supervised but remain subject to conduct regulation under the Corporations Act, credit licensing under the NCCP Act (for retail consumers, and strata corporations) and AML/CTF compliance obligations. The Treasury’s CDR expansion will increase data transparency across non-bank lenders, improving competition and oversight.

A practical issue for non-bank lenders is balancing flexible product innovation with compliance. ASIC expects adequate risk frameworks and responsible lending controls even where entities operate outside traditional prudential regulation.

Entities that provide financial services to Australian clients must hold an AFSL or rely on an exemption. Applications are made online to ASIC and must include very detailed proofs demonstrating analysis of organisational competence, compliance arrangements, financial resources, IT capacity and responsible manager experience. ASIC assesses whether the applicant can comply with general obligations under section 912A of the Corporations Act.

Applicants must provide supporting documents such as business descriptions, compliance policies, risk management frameworks, financial statements and governance charts. ASIC often requests clarification or meetings to test management understanding of obligations. Descriptions need to be accompanied by proper analysis. For APRA-regulated entities, parallel approval processes apply for prudential licences such as banking or insurance authorities.

Practical challenges include ensuring consistency between licence authorisations and business activities, maintaining compliance evidence, and aligning IT, AML and governance documentation. Firms with complex group structures often require coordinated engagement with both ASIC and APRA.

ASIC’s current indicative timeframe for complete AFSL applications is four to eight months, though complex or novel business models, such as complex digital asset platforms, can take longer. Incomplete proofs - eg, failure to delve into the product design, operations, trading mechanics, financial resources, marketing and distribution, governance, delegations, skills and experience, policies/procedures/controls – are the most common cause of delay.

Generally, for a robust AFSL application which is straightforward there will be at least 60 pages of detailed information to be provided to ASIC. The latter’s recent licensing portal has assisted in the streamlining of applications, though the specialised “proofs” it requests require detailed information and technical knowledge. These applications are usually not successfully obtained without specialist knowledge and assistance, or otherwise can take years.

Application fees vary by authorisation type but typically range from AUD1,500 to AUD10,000 (separate to any legal fees). Ongoing annual levies apply under ASIC’s industry funding model, calculated based on regulated revenue. APRA licensees also pay supervisory levies.

From a practical standpoint, early engagement with ASIC, well-prepared proofs, and evidence of operational readiness are essential to reduce delays. Firms must also plan for post-licence obligations such as annual financial audits, breach reporting, and compliance reviews. It is highly recommended that potential advisers’ experience be tested closely, as Australia arguably does not have the financial services regulatory experience seen in the UK, the US, Hong Kong and Singapore.

Senior executives and directors are personally accountable under the Financial Accountability Regime (FAR), being Australia’s equivalent of the UK Senior Managers’ & Certification Regime. The regime imposes obligations to act with honesty and integrity, exercise due skill, care and diligence. It applies to all APRA-regulated entities, and is administered by both ASIC and APRA.

In addition, senior individuals can be subject to direct regulation through their directors’ duties, which ASIC also monitors. Failure to meet personal obligations can result in civil/criminal penalties, or disqualification.

In practice, firms must map responsibilities clearly and maintain governance documents that evidence oversight and “reasonable steps” undertaken to discharge their personal duties. APRA expects boards to review accountability statements regularly and ensure that individual responsibilities align with prudential standards.

The coming year will see extensive reform. The Digital Assets and Tokenised Custody Platforms Bill 2025 will introduce licensing for digital asset exchanges, custody providers and tokenisation firms. The Payment System Modernisation Bill 2025 will create a new licensing regime for payment service providers, integrating oversight of stored value facilities, digital wallets, stablecoins and cross-border payment operators. It is critical to note that these reforms are bespoke to Australia compared to other jurisdictions – eg, the EU’s Markets in Crypto-Assets Regulation (MiCA) Regime.

The Delivering Better Financial Outcomes Act 2025 will simplify financial advice rules and aim to reduce red tape for personal guidance, taking into account a consumer’s personal objectives and retaining existing commission exemptions for life insurance under the Life Insurance Framework. The AML/CTF Tranche 2 reforms will extend coverage to lawyers, accountants and real estate agents, introducing new reporting obligations and governance requirements.

The Treasury will also finalise mandatory climate-related financial disclosure standards and expand the Consumer Data Right to non-bank lenders and energy comparison services. APRA will continue implementing CPS 230 on operational risk and outsourcing, while ASIC’s focus will remain on crypto-assets, AI governance, greenwashing and advice quality.

A key practical issue for firms will be managing overlapping transition periods and ensuring cross-functional coordination between legal, compliance, IT and risk teams. Early readiness, and internal mapping of products and activities caught will be essential.