WA pilot program for eInvoicing gets underway

Main Roads WA is set to be the first State Government Department in Western Australia to start eInvoicing by undertaking a pilot with Access Point Provider, Link4. 

Electronic invoicing is the automated digital exchange of invoice information directly between a supplier’s and buyer’s software based on an agreed standard. 

Robin Sands, CEO of Link4, says, “eInvoicing is safer than emailing a pdf invoice. It’s great that we’re starting to see more state government departments going digital with their procure-to-pay processes. Departments that are adopting eInvoicing are also seeing benefits such as increased efficiency gains, automation and invoice error reductions.” 

The pilot commences early in 2022 and involves a Link4, KOFAX and Oracle ERP Cloud integration. 

About Link4 

Link4 is an award winning, Peppol certified Access Point that provides seamless eInvoicing services throughout Australia, New Zealand, Singapore and the UK. 

Not only is Link4 the most popular eInvoicing service used by Australian government departments (such as The Treasury, DISER, AOFM, Geoscience Australia, Sports Commission and APRA), other users include BOC Australia, the BGW Group, and thousands of Australian businesses that use Xero, MYOB or QuickBooks as their accounting system.

Third anniversary of Episode Six and HSBC’s partnership shows the power of banks and fintechs working together

PayMe, Hong Kong’s leading e-wallet, uses Episode Six’s payments platform

HSBC is an early-stage investor in Episode Six, which has raised US$40m of funding

Episode Six and HSBC are celebrating the third anniversary of a technology partnership that has played a role in helping PayMe from HSBC become Hong Kong’s leading e-wallet provider and proven how Episode Six’s platform, Tritium, can help banks quickly scale up products aimed at large customer bases and easily extend those products into new areas.

Since the partnership between PayMe and Episode Six started in 2018, PayMe’s user base has grown to over 2.5 million, while the app has gained the largest share of all e-wallet peer-to-peer fund transfers in Hong Kong and consistently expanded its merchant network across sectors in the city. Tritium is the industry’s most flexible and extensible technology of its kind with over 600 APIs and ready-to-launch product suites.

“The three-year milestone of our collaboration with Episode Six illustrates our dedication to nurture a strong ecosystem with the wider fintech community.” said Catherine Zhou, Global Head of Ventures, Digital Innovation and Partnerships at HSBC. “Partnerships like this are key to drive innovation within financial services and shape how the future of banking will look. With PayMe, we have re-imagined digital payments, enabling our customers and merchants to transact seamlessly within an engaging digital platform. Episode Six enables banks, fintechs and the broader business community to design effective digital journeys with efficiency.”

“We’re proud to be working with HSBC and growing our partnership while advancing financial technology,” said John Mitchell, co-founder and CEO of Episode Six. “Our platform is enabling traditional and digital first banks around the world to bring on-demand digital payment offerings to their customers, responding to the shifting needs of consumers and businesses globally. Our vision is for our extensible and adaptable platform architecture to empower all of our clients with unparalleled user-driven configurability to enable any payment transaction across any imaginable asset class, any time and in any way.”

#1 social payments app

PayMe from HSBC has quickly become Hong Kong’s most popular social payment app and a preferred channel for transferring money and connecting with friends and family since its launch in 2018. The roll-out of PayMe for Business, PayMe’s business solution, followed in early 2019, offering businesses in the city a new way to conveniently collect digital payments from consumers and manage cash flow.

Episode Six gives banks, fintechs and brands the freedom to design and bring winning payment propositions to market with unmatched speed across any asset class. The firm’s clients include global, regional, and domestic banks, neobanks, fintechs and insurtechs around the world. These organizations are drawn to Episode Six’s proven and high-performance technology, which can handle multiple thousands of transactions per second.

Tritium provides debit and credit wallet management, a native multi-asset ledger, payment processing and closed loop payment between merchants and consumers in one tech stack. By allowing HSBC to configure and reconfigure innovative payment offerings in real-time, the platform has supported PayMe’s efforts to respond quickly to changing consumer needs and merchant demand and become the leading digital payments app in Hong Kong.

Alongside institutions including Mastercard, SBI Investment Co., Ltd., and Anthos Capital, HSBC is also an investor in Episode Six, which has raised US$40m of capital since its foundation in Hong Kong in 2015.

PC: Fintech&Finance News

About Episode Six

Episode Six is a payments technology company that gives banks, fintechs and brands the freedom to design and bring to market leading digital payment propositions. It powers its clients’ payments journeys with the most flexible and adaptable platform on the market today, providing highly configurable products with user-driven tools and technology to optimize competitive response and customer demand. Episode Six’s platform, Tritium, and ledger enables the transfer of value of any kind – fiat currency, cryptocurrencies, brand value points, gold, and more. Episode Six operates globally across 23 countries with an expanding team located in the U.S., Europe, Japan, Singapore and Hong Kong. Investors include HSBC, Mastercard, SBI Investment Co., Ltd. and Anthos Capital. For more information, visit www.EpisodeSix.com or LinkedIn.

Media contact:

Ellin Choy
Ashbury Communications
(852) 98397442

Privacy Act Review: Submission Paper


Privacy Act Review 

January 2022 

This Submission Paper was prepared by FinTech Australia working with and on behalf of its Members; over 300 FinTech Startups, VCs, Accelerators and Incubators across Australia. 


Table of Contents 

About this Submission 3 Submission Process 3 Privacy Act Review Discussion Paper 4 Introduction 4 Personal Information, de-identification and sensitive information 4 Small Business Exemption 8 Notice of collection of personal information 9 Consent to collection and use and disclosure of personal information 10 Additional protections for collection, use and disclosure 12 Control and security of personal information 13 Overseas data flows and third party certification 15 Direct right of action/Statutory Tort 16 Notifiable Data Breaches Scheme 17 About FinTech Australia 18


About this Submission 

This document was created by FinTech Australia in consultation with its members, which  consists of over 400 organisation representatives.  

Submission Process

In developing this submission, we sought the views of our members to determine and discuss  

key issues relating to the Privacy Act Review Discussion Paper (“Paper”). 

We also particularly acknowledge the support and contribution of King & Wood Mallesons on  

the topics explored in this submission.


Privacy Act Review Discussion Paper 


We would like to thank the Attorney-General’s Department (“AGD”) for allowing us the opportunity to respond to the Paper.  

With data increasingly recognised as one of the most important resources in a modern economy, and as Australian organisations continue to innovate in how they can best harness data to provide better services for consumers, FinTech Australia considers it is of the utmost importance that Australia’s privacy regime is updated and refined to better address current, and  future, data practises. Any changes to the Privacy Act 1988 (Cth) (“Privacy Act”) must be carefully considered so as to effectively balance the need for consumers to be able to protect their personal information and ensure that organisations take responsibility for how they utilise  personal information while simultaneously empowering organisations to grow and innovate with  data in order to unleash the power of data across the Australia economy.  

FinTech Australia considers that the Privacy Act Review Discussion Paper is an important step  in this direction and looks forward to future engagement and discussion on the future of the privacy law in Australia. 

Personal Information, de-identification and sensitive information 

FinTech Australia is generally supportive of changes to the Privacy Act that will increase the consistency between Australia’s privacy regime and the General Data Protection Regulation (“GDPR”). Given the increasingly interconnected nature of Australia’s economy, and the international nature of many organisations in the Australian FinTech Industry, it is important that  Australia is not perceived by international organisations as having an overall complex privacy regime that is out of step with international best practices. 

However, we also stress that it is important that any changes do not overly stifle future innovation. We are already seeing major movements in how data is processed, including but not  limited to artificial intelligence (“AI”) systems and algorithmic decision making, and innovative business must be empowered to use personal information responsibly as technology evolves rather than being subject to disproportionate compliance obligations that reflect the current technological environment. Countries that have successfully adopted GDPR elements into their local law do so by tailoring requirements to reflect local nuances and seek to evolve the law rather than to simply replicate the GDPR in a “drag and drop” exercise.  

Proposal 2.2: Include a non-exhaustive list of the types of information capable of being covered  by the definition of personal information. 

Proposal 2.3: Define ‘reasonably identifiable’ to cover circumstances in which an individual  could be identified, directly or indirectly. Include a list of factors to support this assessment. Proposal 2.4: Amend the definition of ‘collection’ to expressly cover information obtained from  any source and by any means, including inferred or generated information.

FinTech Australia generally supports proposals 2.2 and 2.3 as they will provide organisations with increased clarity as to what is, and is not, personal information. However, given the speed  of technological innovation compared to the process for amending the Privacy Act, it is vitally important that any codification of examples of personal information in the Privacy Act takes a cautious approach and only includes those types of personal information that are undisputedly  personal information to the average individual. If an overly expansive approach is taken to the list and, for example, technical information that has little to no bearing on the privacy of an individual is included, the list will have the impact of overly regulating information with no discernible privacy benefit. A supplementary non-exhaustive list may be better suited in guidance published by the Office of the Australian Information Commissioner (“OAIC”) which supports an overarching and timeless definition. 

FinTech Australia does not however consider that proposal 2.4 is necessary as the Privacy Act  already sufficiently captures technical and inferred information that relates to an individual who  is reasonably identifiable. Although we acknowledge that a number of international privacy regimes1 have sought to expressly include some types of technical and inferred information within their respective definitions of personal data, the preferable view for Australia (and a position that aligns with the position adopted in New Zealand) is to supplement the existing definitions with clear guidelines from the OAIC as to what is, and is not, considered to be personal information (including in relation to technical information, inferred information and obfuscated data). Given the speed of technological innovation, and the rapid changes that industries are already starting to see in relation to new ways of collecting and handling data (including but not limited to advancements in AI systems), it is important that there is sufficient flexibility in what organisations should (or should not) consider to be personal information without overly stifling innovation. Furthermore, by focusing upon easily updatable guidance, the OAIC has a greater ability to provide organisations with additional detail and more flexible assessment tools and examples. 

Proposal 2.5: Require personal information to be anonymous before it is no longer protected by  the Act.

FinTech Australia acknowledges that the replacement of de-identification with the concept of anonymisation will bring the Privacy Act closer in line with the GDPR and, as noted above, we  are broadly supportive of increased consistency between the Privacy Act and the GDPR.

However, noting that anonymisation is a spectrum, if Australia is to adopt an anonymisation standard it must do so in a way it: 

  1. aligns with the requirements of the GDPR (including the reasonably likely standard) to ensure consistency across the regimes; 
  2. expressly clarifies that anonymisation does not require that there must be “only an extremely remote or hypothetical risk of identification; and
  3. is supplemented by sufficient guidelines issued by the OAIC as to what methods of anonymisation will satisfy Australia’s anonymisation standard. For example, core techniques for anonymisation such as the utilisation of synthetic data and differential privacy could be expressly called out by the OAIC as being sufficient to meet the Privacy Act’s test for anonymisation.

We note that it is also important that any shift to an anonymisation standard must be carefully considered to avoid a repeat of the situation in Europe where there is conflicting regulatory guidance and positions being taken by regulators as to how organisations should approach anonymised data. That is, although the GDPR defines anonymous data as data that “…does not  relate to an identified or identifiable natural person or to personal data rendered anonymous in  such a manner that the data subject is not or no longer identifiable”, in practise there is conflicting regulatory guidance as to what anonymization means with the Article 29 Working Party (now the European Data Protection Board) stating in 2007 that anonymisation can be achieved if “appropriate technical measures” were put in place to prevent reidentification of data4 but then later suggesting that a significantly higher standard is required and that “Only if  the data controller would aggregate the data to a level where the individual events are no longer  identifiable, the resulting dataset can be qualified as anonymous.” With EU regulators still vacillating between which of these two positions to adopt when interpreting the GDPR,6it is crucial that the Australian approach clarifies that a residual risk of re-identification is acceptable  provided that there are sufficient protections in place to protect the individuals privacy and that it  clearly articulates the test that organisations must take in determining when the risk of re-identification is suitably remote.

Question: What would be the benefits and risks of amending the definition of sensitive  information, or expanding it to include other types of personal information

FinTech Australia strongly argues against expanding the definition of sensitive information to include financial information (including transactional data). Not only is the existing definition of sensitive information fit for purpose in that it captures types of information that are inherently sensitive but any expansion to the definition to capture information that is sensitive by context or  if it is processed in a particular way is likely to have a chilling effect on the utilisation of personal  information within the financial industry. This effect is a reflection not only of the significant increase such a proposal would have on the number of requests for consent issued to consumers (which will result in increased consent fatigue) but of the significant impact it will have on the delivery of services with minimal benefit to the protection of consumer’s privacy. For  example, if financial data was considered to be sensitive information, and noting that consent should not be bundled, requiring separate consent for each purpose of a financial transaction would impose a significant consent burden on the consumer given the complexity and the interaction between multiple entities to fulfil a single financial transaction. 

FinTech Australia acknowledges that the Californian Privacy Rights Act (CPRA) includes limited  financial details (that is a consumer’s account log-In, financial account, debit card, or credit card  number in combination with any required security or access code, password, or credentials allowing access to an account) within the definition of sensitive personal information. However,  we note that this inclusion: 

  1. does not apply to the finance sector; and 
  2. has significantly different impacts under the Privacy Act and the CPRA as the CPRA  

does not require organisations to seek the consent of individuals when collecting and  processing financial details. Rather, the CCPR instead allows a consumer to limit how an organisation collects and utilises sensitive personal information.

Small Business Exemption 

With regards to the questions posed by the Discussion Paper on page 49 in relation to the continued existence of the small business exemption, as FinTech Australia submitted in its Submission on the Privacy Act Review, all businesses that collect, use, disclose and maintain  personal information of individuals (such as their customers or clients) should be required to comply with the APP’s. In our view, the purpose of collection and the volume of the data collected as part of an organisation’s practices should be the focus rather than the revenue that  it generates. 

In particular, we note that start-up technology organisations are often exempt from the Privacy  Act by virtue of their revenue notwithstanding the sensitivity, volume and ease of disclosure of  personal information they facilitate. For example, even the smallest technology based businesses could have thousands of records of personal information and so pose a high risk to  individuals if the individuals’ personal information is not maintained in a compliant manner. However, noting the increased burden that compliance with the Privacy Act will have on small start-ups without data volume thresholds, consideration should also be given to promoting the development, and release, of privacy compliant technology by larger organisations that could be  pushed out to their (small) business customers to facilitate their compliance with the Privacy Act.  

Notice of collection of personal information 

Proposal 8.1: Introduce an express requirement in APP 5 that privacy notices must be clear, current and understandable. 

Proposal 8.2: APP 5 notices limited to [specified] matters under APP 5.2… 

Proposal 8.3: Standardised privacy notices could be considered in the development of an APP  code, such as the OP code, including standardised layouts, wording and icons. Consumer comprehension testing would be beneficial to ensure the effectiveness of the standardised  notices. 

Proposal 8.4: Strengthen the requirement for when an APP 5 collection notice is required – that  is, require notification at or before the time of collection, or if that is not practicable as soon as possible after collection, unless the individual has already been made aware of the APP 5 matters; or notification would be impossible or would involve disproportionate effort. 

As a general position, FinTech Australia supports a refreshed approach to privacy notices that  strengthens consumers’ awareness of how their personal information is being used and disclosed as transparency is key to a consumer’s continued trust in how organisations are dealing with their personal information.  

In particular support, our members support: 

  • changes that increase the suitability of collection notices and privacy policies for digital  channels. Internationally, layered notices and the inclusion of links that expand each section or otherwise link to further material that contains more detailed information are repeatedly called out as best practise by regulators.9 Expressly encouraging organisations to implement layered notices and, where appropriate, allowing organisations to provide a link to how personal information is to be dealt with will result in a significantly improved consumer experience and places the choice in the consumers’ hands as to whether or not they access the information in full;
  • increased standardisation of both privacy notices and privacy policies. Providing standardised formats for privacy notices, especially for smaller organisations, will be assistance to both organisations and the consumer in understanding the scope and content of the notices/policies. However, we would recommend that sufficient flexibility is included to provide organisations with the ability to innovate and adapt how they present information to their consumers as technology and service delivery evolves; and increased alignment between the privacy policy and notice requirements in the Privacy  Act and in the GDPR. Increasing alignment will have a beneficial impact on organisations that have cross-border operations and must comply with both regimes.

However, any amendments to Australia’s privacy notice regime should be approached carefully  such that they do not impose requirements that will result in consumer “notice fatigue”. To this end, we would suggest further consideration is given to:

  • when it is appropriate not to issue a collection notice (for example, where there is a deminimise collection of personal information in the course of providing services and a notice has previously been provided to the consumer for similar collection practises); and
  • clarifying what would be considered impossible or would involve disproportionate effort.  The concepts of impossibility and disproportionate effort cannot be approached in an  arbitrary manner – rather they should involve a balancing exercise based both on the effort for the organisation to provide the information and the effect on the data subject if they were not provided with the information.

Consent to collection and use and disclosure of personal information 

FinTech Australia recognises that meaningful consent to the processing of personal information  is an important basis for which organisations should be able to rely upon for the processing of personal information. However, we strongly caution against any changes to the Privacy Act that  increases the reliance of organisations on consent. As recognised by the United Kingdom government in the recent discussion paper “Data: a new direction”, the over-reliance on consent  as a basis for processing under the GDPR “may lower protections for individuals, who suffer from ‘consent-fatigue’ in the face of a large volume of consent requests which they might accept  despite not having the time or resources to assess them properly.” Similar positions have been  articulated in relation to the reliance on consent as the basis for utilising cookies under the ePrivacy Directive. The Privacy’s Act current acknowledgement that consent is only required  in limited circumstances has proven fit-for-purpose and any expansion of the situations in which  consent must be sought is not appropriate.  

Proposal 9.1: Consent to be defined in the Act as being voluntary, informed, current, specific,  and an unambiguous indication through clear action.

FinTech Australia supports an increase in the alignment between the definition of consent in the  Privacy Act and under the GDPR. However, any changes to how organisations are required to  approach consent must not be so narrow as to limit innovation. For example, requirements relating to de-bundling of consent should be flexible enough to allow: 

  • a proactive ‘one-click’ consent option for multiple purposes provided that individuals have the ability to de-select any of the options included within the ’one-click’ option; and/or
  • a “soft opt-in” similar to that under the Privacy and Electronic Communications Regulations (UK). Under the PECR, individuals who recently provided personal information to a company and did not opt out of marketing messages are presumed to be happy to receive marketing about similar products or services (even if they haven’t specifically consented) provided there is a clear chance to opt out at all times.

Proposal 9.2: Standardised consents could be considered in the development of an APP code,  such as the OP code, including standardised layouts, wording, icons or consent taxonomies.  Consumer comprehension testing would be beneficial to ensure the effectiveness of the  standardised consents.

FinTech Australia supports the increased standardisation of consent as it will assist in promoting  informed, and meaningful, consent. However, as noted above in relation to the standardisation  of notices, sufficient flexibility should be included to allow organisations the flexibility to innovate  and adapt how they present information to their consumers as technology and service delivery  evolves. It is also important that any standardisation requirements relating to consent must be  clearly distinguishable from the notice requirements. 

Question: Is it suitable for all APP entities (not just organisations subject to the Op code) to be  required to refresh or renew an individual’s consent on a periodic basis.

As noted above, any changes to the Privacy Act that would increase the frequency and circumstances in which consent must be sought from consumers will have limited privacy benefit to the consumer and will lead to consent fatigue. Rather than requiring periodic renewal, organisations should only be required to refresh consent where there has been a material change to the purpose for which the information is being used or disclosed.  

Additional protections for collection, use and disclosure 

Proposal 10.1: A collection, use or disclosure of personal information under APP 3 and APP 6 must be  fair and reasonable in the circumstances.

Proposal 10.2: Legislated factors relevant to whether a collection, use or disclosure of personal  information is fair and reasonable in the circumstances.

FinTech Australia supports these proposals in principle. However, in approaching what is “fair and reasonable”, we consider it very important to ensure that: 

  1. organisations have sufficient certainty as to what is fair and reasonable in the circumstances and that steps are taken to avoid the uncertainty in application that has been a feature of GDPR’s “legitimate interest” ground for lawful processing. For example, the UK Government has recently acknowledged that the significant uncertainty of data controllers in how to assess whether the organisation’s interests outweigh the rights of individuals (even in the face of UK ICO guidance on how to complete the Legitimate Interest Assessment) is a key factor in driving over-reliance in the UK on consent; and 
  2. the legislated factors must be approached in a method that ensures clarity and consistency with other obligations, and concepts, within the Privacy Act to ensure that there is no duplication, or inconsistency within the Privacy Act.  

Proposal 10.4: Define a ‘primary purpose’ as the purpose for the original collection, as notified to the  individual. Define a ‘secondary purpose’ as a purpose that is directly related to, and reasonably  necessary to support the primary purpose.

It is important to our members that there is clarity for organisations about how to approach the concepts of primary purpose and secondary purpose in APP 6. Proposal 10.4 has the potential  to assist in creating this clarity. However, we note that it will be important that organisations maintain the flexibility to define what their primary purpose is. If organisations are overly limited  in how they may define primary purposes – there will be a disproportionate increase in the complexity of how organisations must approach the use and disclosure of personal information  and there is a risk that organisations will (similar to the situation in the UK in relation to legitimate interests – see above) default to consent (and thus again raise the risk of consent fatigue). If there are concerns that sufficient clarity cannot be obtained through proposal 10.4, a practical alternative may be to consider multiple “original” purposes (with further evolution of additional basis for processing similar to those under the GDPR). 

Control and security of personal information 

Proposal 11:

Option 1: APP entities that engage in the following restricted practices must take reasonable  steps to identify privacy risks and implement measures to mitigate those risks…

– Direct marketing, including online targeted advertising on a large scale

– The collection, use or disclosure of sensitive information on a large scale

– The collection, use or disclosure of children’s personal information on a large scale – The collection, use or disclosure of location data on a large scale

– The collection, use or disclosure of biometric or genetic data, including the use of facial  recognition software

– The sale of personal information on a large scale

– The collection, use or disclosure of personal information for the purposes of influencing  individuals’ behaviour or decisions on a large scale

– The collection use or disclosure of personal information for the purposes of automated  decision making with legal or significant effects, or

– Any collection, use or disclosure that is likely to result in a high privacy risk or risk of harm to  an individual.

Option 2: In relation to the specified restricted practices, increase an individual’s capacity to self manage their privacy in relation to that practice. Possible measures include consent (by  expanding the definition of sensitive information), granting absolute opt-out rights in relation to  restricted practices (see Chapter 14), or by ensuring that explicit notice for restricted practices is  mandatory.

In line with our support for increased alignment between the GDPR and the Privacy Act, FinTech Australia is broadly supportive of Option 1. 

Although not expressly considered by the Discussion Paper, we would also suggest that consideration is also given to how the Privacy Act can be amended to lessen the uncertainty as  to how organisations can ensure compliance with the Privacy Act when they are looking to deploy AI systems and/or to use personal information to develop and train AI systems.

In particular, we would be keen to see consideration in the Privacy Act that supports organisations utilising personal information to undertake monitoring and bias detection/correction within AI systems. That is, in order to reduce the risk of bias within an AI system, it is imperative that organisations undertake monitoring and bias detection/correction which requires the utilisation of current and historic personal information and often sensitive information. For example, personal information is required to identify whether an AI system is replicating societal and historic discrimination (e.g. red lining poorer neighbourhoods within the  insurance industry). However, it is currently difficult for organisations to utilise personal information for these purposes. For example, if an organisation needs to utilise existing sensitive information to check for bias, they must seek the consent of the individual. This in turn  has been well recognised in Europe as creating bias towards the demographic of individuals who were willing to consent to their information being used for bias mitigation. We note that the UK Government is currently proposing to introduce new clauses into the Data Protection Act  2018 that specifically address the processing of personal data for bias monitoring, detection and  correction in relation to AI systems. We would suggest that, when considering proposals 10 and 11, the AGD also considers similar clauses to ensuring that the Privacy Act does not overly  restrict how organisations may utilise data to undertake bias monitoring, detection and correction.  

Proposal 12.1: Introduce pro-privacy defaults on a sectoral or other specified basis.

Option 1 – Pro-privacy settings enabled by default: Where an entity offers a product or service

that contains multiple levels of privacy settings, an entity must pre-select those privacy settings  to be the most restrictive. This could apply to personal information handling that is not strictly

necessary for the provision of the service, or specific practices identified through further


Option 2 – Require easily accessible privacy settings: Entities must provide individuals with an  obvious and clear way to set all privacy controls to the most restrictive, such as through a single  click mechanism.

FinTech Australia is supportive of Option 2 as it empowers individuals to choose the privacy settings that best suits how they wish to control their personal information. However, noting the  speed of technological innovation, we stress that it is important that Option 2 does not overly restrict how organisations can present privacy settings. 

Overseas data flows and third party certification 

Proposal 22.1: Amend the Act to introduce a mechanism to prescribe countries and certification  schemes under APP 8.2(a).

Proposal 22.2: Standard Contractual Clauses for transferring personal information overseas be  made available to APP entities to facilitate overseas disclosures of personal information.

Proposal 22.3: Remove the informed consent exception in APP 8.2(b).

Proposal 22.4: Strengthen the transparency requirements in relation to potential overseas  disclosures to include the countries that personal information may be disclosed to, as well as  the specific personal information that may be disclosed overseas in entity’s up-to-date APP  privacy policy required to be kept under APP 1.3.

Proposal 22.5: Introduce a definition of ‘disclosure’ that is consistent with the current definition in  the APP Guidelines.

Proposal 22.6:Amend the Act to clarify what circumstances are relevant to determining what  ‘reasonable steps’ are for the purpose of APP 8.1.

Proposal 23.1: Continue to progress implementation of the CBPR system.

Proposal 23.2: Introduce a voluntary domestic privacy certification scheme that is based on and  works alongside CBPR.

FinTech Australia is supportive of additional mechanisms that will increase the alignment between the Privacy Act and international privacy regimes in relation to the cross-border transfer of personal information. In particular, we are supportive of the introduction of an independent certification scheme to monitor and demonstrate compliance with the Privacy Act.  The introduction of such a scheme could provide a simple means for foreign entities to engage or interact with the Australian market. It would also assist consumers in knowing which organisations they can trust in relation to their privacy practises and it will assist organisations by streamlining an organisations privacy due diligence with third party service providers. 

In addition, we note that if Standard Contractual Clauses (“SCCs”) are to be introduced into Australia – we recommend that an approach is taken that aligns with the EU Commission’s SCC’s to avoid organisations with a presence in Europe and the UK being placed into a position  where they are required to enter into multiple SCC’s. A potential option could be to take a similar approach to that currently under consideration by the UK ICO and develop an Australian  addendum to the EU Commissions SCCs.17 Alternatively, an approach could be taken whereby  the OAIC clearly specifies the minimum requirements for a data protection agreement with those requirements aligning with the EU Commission’s SCCs. 

Direct right of action/Statutory Tort 

Proposal 25: Create a direct right of action…

Proposal 26: Statutory tort of privacy

– Option 1: Introduce a statutory tort for invasion of privacy as recommended by the ALRC  Report 123.

– Option 2: Introduce a minimalist statutory tort that recognises the existence of the cause of  action but leaves the scope and application of the tort to be developed by the courts.

– Option 3: Do not introduce a statutory tort and allow the common law to develop as required.  However, extend the application of the Act to individuals in a non-business capacity for  collection, use or disclosure of personal information which would be highly offensive to an  objective reasonable person.

– Option 4: In light of the development of the equitable duty of confidence in Australia, states  could consider legislating that damages for emotional distress are available in equitable breach  of confidence.

FinTech Australia does not support the introduction of a direct right to action. We consider that it  is more appropriate, and effective for consumers to raise privacy concerns with the OAIC rather than to pursue court action (an outcome which will dramatically increase both the financial costs  and time frame required to reach an outcome).  

However, if a direct right of action was to be introduced: 

  1. processes must be implemented that will seek to ensure that only the most serious interferences with privacy (as determined by the OAIC) may progress to litigation, with the majority of matters instead addressed by the OAIC (through, for example, mediation or conciliation) to provide individuals and organisations with the opportunity to reach an amicable and less adversarial outcome; and 
  2. any legislated assessment of damages must be based on criteria that balances the harm with the amount awarded and recognises alternative ways to mitigate the harm (such as enforceable undertakings). 

FinTech Australia supports, in principle, the introduction of a statutory tort for the invasion of privacy that aligns with Option 1 on the proviso that any such tort is strictly limited to intentional  or reckless invasions of privacy.  

Notifiable Data Breaches Scheme 

Proposal 27.1: Amend subsections 26WK(3) and 26WR(4) to the effect that a statement about an eligible  data breach must set out the steps the entity has taken or intends to take in response to the breach,  including, where appropriate, steps to reduce any adverse impacts on the individuals to whom the  relevant information relates.

FinTech Australia supports this proposal as it will be an additional step in better equipping organisations with the ability to standardise their privacy incident responses and to increase transparency in relation to the management of privacy incidents. 

More broadly, we also support increased alignment between Australia’s Notifiable Data Breaches Scheme and similar international schemes. As a result, any changes to the Notifiable  Data Breaches Scheme should align with globalised standards and trends to support organisations that must comply with requirements across multiple jurisdictions, and as mentioned in the Discussion Paper, balance or negate the need for multiple notifications across  regulatory entities.

About FinTech Australia 

FinTech Australia is the peak industry body for the Australian FinTech Industry, representing over 300 FinTech Startups, Hubs, Accelerators and Venture Capital Funds across the nation. Our vision is to make Australia one of the world’s leading markets for FinTech innovation and investment. This submission has been compiled by FinTech Australia and its members in an effort to drive cultural, policy and regulatory change toward realising this vision. FinTech Australia would like to recognise the support of our Policy Partners, who provide guidance and advice to the association and its members in the development of our submissions: 

  • DLA Piper 
  • King & Wood Mallesons 
  • K&L Gates 
  • The Fold Legal 
  • Cornwalls


Transformd Appoints Kathy Thomas as New Global Head of Operations and Delivery

Australian Fintech company Transformd appoints new hire for global launch of customer experience platform. 

Transformd, welcomes Kathy Thomas as Global Head of Operations and Delivery. Kathy Thomas previously Wealth Portfolio Manager at Suncorp and brings 12 years of Fintech Product development experience to Transformd starting January 2022.

“As a customer-led business, Kathy brings the right balance of customer service and best in class operational and delivery management experience required by Transformd as part of their global program.” said Managing Director, Bruce Emery. 

In Kathy’s previous role as Business Improvement Partner for Suncorp, she was responsible for Strategic Analysis to provide recommended options for improvement of business processes to all business units within the organisation. She supervised the roll out of systems and software to business users, including initial implementation, set up of SLA’s, Vendor Management and ongoing support and development of application and software. 

“Kathy’s contribution to customer excellence and project delivery will be a huge asset to Transformd.” said Bruce Emery. 

Kathy Thomas is an IT professional with a depth of experience in program management, project management and people leadership. Kathy has worked predominantly in the Financial Services arena responsible for delivery teams using both waterfall and agile methodologies. She has worked for both clients and vendors and has an excellent understanding of both business and technology needs from both sides. 

Kathy will have ownership for the customer engagement team, digital delivery specialist and leading the roll out of Tranformd’s new customer engagement program.  This appointment will support the significant growth in new customers to Transformd and our international expansion.  As our customers accelerate their digital transformation, we are ahead of the curve in supporting their aspirations through our own digital consulting services.

About Transformd

15 years ago, founder Mic Fishpool had the vision to bring dream customer experiences to reality with truly customer-focused platforms that put the customer experience first.  Today, Transformd is powering financial services, superannuation funds, corporates, insurance companies and more with the best technology in customer onboarding automation, digital delivery, and end-to-end process workflow automation. Transformd’s no-code platform makes it easy to collect and distribute data whilst effortlessly connecting customers, staff and systems. Easy to use drag and drop interface, fully brand customisable with seamless integrations. A smarter, faster and easier way to deliver automated end-to-end processes.

Media Contact:
Bruce Emery
Managing Director
+61 2 9099 1066

Introducing Australian Data Exchange x NUAI

A first of its kind partnership that unites consumer privacy with the innovation of artificial intelligence 

Australian Data Exchange forms NUAI partnership to offer ethical AI services for leading Fintech, Health and Platform companies.  

NUAI.ai, a rising star in the global DeepTech space, announced that the Australian Digital Exchange (ADX) had chosen the company as an Artificial Intelligence partner.  

ADX selected NUAI for its unparalleled AI technology that provides customised adaptive AI+ solutions with no downtime and NUAI’s insightful business capability of developing use cases for fast-growing businesses, empowering businesses to scale effortlessly. ADX and NUAI’s partnership delivers robust Data-Centric AI+ solutions that integrate seamlessly with ADX’s clients.  

“ADX is disrupting the first party personal data market and is proving to be one of the most innovative Australian data companies with its focus on consumer-centric and decentralised technologies. We are excited to partner with ADX and promote its global endeavours through NUAI,” said Tick Jiang, CEO and Founder of NUAI. Tick Jiang continued, “The partnership with ADX is an organic fit. ADX is an early adapter of data ownership, data privacy, personal data sharing and data ethics, with the exclusive distributor of 

Digi.me’s data utility platform. This partnership enables easy access to high-quality consented personal data, AI-powered Data analytics and decision intelligence, all at the same time. Our clients will then be able to create Industrial 4.0 and Web 3.0 applications that are highly relevant and personal to their users from those deep data in banking, social, health.”

“We’re optimistic NUAI’s partnership would deliver more innovation to businesses. The decentralised merits of Digi.me is in ADX’s DNA. By providing business-centric ethical AI, it’s clear NUAI shares our vision of leveraging cutting edge technology to bring better, faster and in demand results to businesses. We’re excited to join forces to develop unique solutions that will stand the test of time,” said Joanne Cooper, CEO and Founder of ADX.

For more information, please contact:

Joyce Zhang 


About NUAI

NUAI is an International Artificial Intelligence company that delivers AI+ solutions for real-world business challenges. NUAI designs and crafts business-centric AI+ solutions from AI strategies to state-of-art AI/ML deployment. 

NUAI has a team of world-leading AI scientists, AI business experts and professors, from Facebook (Meta) AI, Apple AI, Sumsang AI and Didi AI. We also actively collaborate with leading Artificial Intelligence professors and scholars from world-leading universities like ASU, UNC in the US.

Core Service 

  1. Customised AI+ Solution: NUAI will create an AI+ strategy for your business to build and customise the most time-to-value AI+ solutions, ready for petabyte-scale. Execute fully scalable AI+ solutions for your business and enterprises.
  2. End-to-end AI+ Solutions: Complete customised AI solutions that fit seamlessly with your business. End-to-end working pipeline with AI Models. NUAI will perform a full business assessment for you and find the most valuable and affordable solution that AI can do for your business. We build and train AI models that not only grow and evolve with your business but also empower your business that you can even register IP and apply to Patent with it.
  3. AI Consulting & Advice: Learn about how AI can accelerate your business growth. Help with your current AI strategies partnerships, or help you set up your AI strength in the marketplace. 

Specialised AI Technology 

  • Fintech & Open-Banking AI
  • Marketing & Platform AI
  • Gaming & Metaverse AI
  • Healthtech & Medical AI
  • Robotic Automation AI

About ADX

Australian Data Exchange (idexchange.me) develops, collaborate and represent world-leading privacy-enhancing or preserving technologies. 

Founded by Joanne Cooper, a leading female tech entrepreneur in Australia, ADX has pioneered the consumer data rights and privacy movement in Australia.

digi.me App: Consumer-centric data-sharing platform: Join the personal data economy to gain more value, services or rewards by increasing safe and consented multi-sector data exchange directly from a secure Digi.me data wallet.

Consentry App where business can get staff back to work safely through anonymised employee and visitor intelligence during accurate COVID Rapid Antigen screening. 

Temenos Launches Industry’s First AI-Driven Buy-Now-Pay-Later Banking Service on the Temenos Banking Cloud

Temenos (SIX: TEMN), the banking software company, today announced the launch of its Buy-Now-Pay-Later banking service. This offering will open up new revenue opportunities for banks and fintechs, help them reach new markets and cement their relationships with both consumers and merchants through alternative credit products.

Temenos BNPL, combined with patented Explainable AI, can help banks create ethically-driven lending programs by providing transparency into automated decisions and matching BNPL customers with appropriate credit offers based on their history.

As more consumers have turned to e-commerce amidst the pandemic, point-of-sale installment loans have grown in popularity and value. Consumer credit and installment loans have been revolutionized in the Banking-as-a-Service (BaaS) era by BNPL, which is seamlessly embedded into the customer buying journey to provide consumers a frictionless digital experience and easy access to finance at the point of sale. It also helps merchants improve retail customer acquisition, share of wallet, and retention. In 2021, online revenue through BNPL increased by 45% compared to 2019.McKinsey estimates fintechs have diverted up to $10bn in annual revenues away from banks over the past ~24 months with BNPL offerings.​

BNPL provides significant advantages for both fintechs and banks. Fintechs benefit from rapid customer and merchant acquisition with relatively lower credit risk and more payments transactions. At the same time, banks can strengthen engagement with their customers, increase wallet share and loyalty by creating seamless, convenient purchasing experiences. BNPL can be profitable for incumbent banks that can build on their strengths, such as providing greater flexibility of loan terms and conditions and higher capital utilization due to faster loan turnover and lower regulatory capital requirements. Furthermore, BNPL presents cross-sell opportunities with potentially more engaged bank and non-bank customers.

The Temenos Buy-Now-Pay-Later banking service is independently consumable via the Temenos Banking Cloud. It’s agnostic of the underlying core banking system, being deployed alongside Temenos Transact or any other core banking solution and incorporates industry best practices while offering responsible lending capabilities to help providers adapt to evolving regulations. By offering the BNPL banking service, Temenos provides a fully flexible, pay-as-you-go solution that enables banks to rapidly introduce BNPL at scale without having to provision new IT infrastructure, so that they can focus on the customer experience.

By embedding XAI, Temenos enables clients to pre-approve loan applications or propose variable installments in real-time based on pre-determined criteria, including soft and hard credit scoring, while providing transparency into how decisions are made. This enables banks and fintechs to lend ethically, provide transparency into recommended payment schedules during the application process, and ensure that consumers can afford the repayments.

A global payments provider launched its Buy-Now-Pay-Later service on the Temenos Banking Cloud, growing to 22 million loan applications in just nine months, the fastest and most successful product launch in the company’s history. 70% of its customers are repeat users who love the product, with 50% using it again within three months.

Ginger Schmeltzer, Strategic Advisor, Retail Banking and Payments, Aite-Novarica Group:

Buy-Now-Pay-Later continues to grow in popularity, and this is reflected in increased adoption by retailers like Target and Amazon as well as a growing number of small and mid-sized merchants. The Temenos SaaS solution for BNPL, combined with embedded AI, brings together proven technology with increased speed, efficiency, scalability and decision-making transparency. Temenos’ robust and flexible BNPL as a Service will make this new business model available to companies of any size from the credit unions and the challengers, to global payments providers and Tier 1 banks.”

Max Chuard, Chief Executive Officer, Temenos, said:

“In an extremely competitive market, financial services providers need to evaluate new business models to drive revenue. As the strategic technology provider for over 3,000 banks worldwide, we are committed to empowering our clients to pioneer and adopt those new, profitable business models. Buy-Now-Pay-Later has shown the industry that we can come up with new solutions to old problems. It has challenged the way we think about customer engagement, acquisition and retention. We are very excited to launch this new solution to enable our clients to offer alternative financing that is fast, seamless, and scalable.”

Temenos Press Contacts

Jessica Wolfe & Scott RoweTemenos Global Public Relations
+1 610 232 2793 / +44 20 7423 3857
press@temenos.comAlistair Kellie & Andrew Adie

Newgate Communications for Temenos
+44 20 7680 6550

Five Fintechs on Friday – January 21, 2022

The new edition of the five fintechs on Friday is here!

Welcome back and wishing you a happy and prosperous new year. This is the first newsletter on Five FinTechs on Friday for 2022, as we kickstart the year with new announcements and initiatives.

But first, news from the industry…

Verrency, one of the fastest-growing fintechs in payments services goes global. DiviPay raises $20 million Series A to fortify its full-stack spend management suite for SMEs.

Also, Fundsquire partners with Railz to offer an integrated, quicker, and transparent funding platform and Wisr appoints new Non-Executive Director, Cathryn Lyall, to the Board.

Below are five fintechs to know about this fortnight!



Anchored by its merchant origins, Zepto creates real-time, data-driven, account-to-account merchant payment solutions for the on-demand economy. In 2021, Zepto was the first Australian non-bank payments provider to become an Accredited Data Recipient under the ACCC’s Consumer Data Right, and the first non-bank FinTech to connect directly to the New Payments Platform [NPP] as a Connected Institution. Zepto’s composable API lets merchants acquire, receive, disburse, identify parties, establish consent, create virtual accounts and reconcile automatically. Zepto’s payment messaging is granular & real-time, supporting smarter, data-led business decision making and customer experiences.



OnMarket is a capital raising platform and advisory business that uniquely pairs retail and sophisticated investors with Australian businesses – covering a wide-breadth of industries and simplifying the opportunity to invest in SMEs in all stages of growth – from Seed to IPO and beyond. The end of 2021 saw OnMarket achieve the milestone of raising over $170m for 220 Australian businesses from 66,000 investors – positioning them as the leading capital raising platform in Australia. OnMarket welcomes all types of investors to support the Australian start-up space and invest with impact. Learn more about your opportunity with OnMarket here.


Assurance Lab

AssuranceLab is a cloud-native audit partner using supporting Regtech and specialising in the “SOC” standards. We help our tech clients unlock Open Banking (ASAE 3150), support publicly listed enterprises (SOC 1), and satisfy security and compliance for global enterprise sales (SOC 2). We launched our Open Banking accreditation services this year with our first audit and application completed last month. We’re now offering no fees until accreditation to kick-start the next wave of innovative, data-driven fintech’s!


Ignition Advice

Ignition is a leading global advice technology specialist for financial institutions seeking to help more customers access financial advice in a fast and scalable way. We help clients combine the power of digital intelligence with a human touch to enable smarter, more flexible and secure advice delivery. We partner with banks, insurers and wealth managers worldwide. Our SaaS platform integrates seamlessly into existing systems enabling clients to deliver a customer-centric experience that brings a customer and adviser together into a single advice workflow. We have been featured in global media including Australian Financial Review and UK Financial Times and have released a series of Insights papers. Our latest paper discusses Social Responsibility and Digital Advice. Check it out here: Insights – Ignition Advice | Digital advice. Made human.


Binance Australia

Binance Australia is a digital currency exchange platform that enables Australian customers to easily buy and trade cryptocurrencies with Australian Dollar (AUD). Binance Australia offers users deep liquidity and convenient deposit and withdrawal methods while leveraging cutting-edge technology from Binance.com’s advanced trading platform. For more information, visit: https://www.binance.com/en-AU/

Check out our previous issues here

Sandstone Technology recognised as ‘Company of the Year 2021- BANKING’ by APAC Business Headlines

Having the vision to see beyond the contemporary and identify possibilities for the future is a rare skill. Bob Hall and Violet Yu were two such promising individuals who saw the endless possibilities that the internet had to offer to the banking and financial industry. However, taking this idea forward was not easy in the day. Online banking as a concept was still new, and even the most progressive banks were hesitant and apprehensive of shifting online because of the uncertainty and risks associated with it.

Not many have had the conviction to turn an idea so infantile and immature in its respective field into a tangible and marketable product that withstands the screening and harshness of the finance world. But, Bob Hall and Violet Yu, ex-employees of IBM, brought the best of both worlds- finance and technology-together, to launch one of the first ever fintech enterprises in the Australian landscape.

Shortly in 1996, Sandstone Technology was founded in a garage with the mission of providing digital solutions to banks and financial institutions. The company’s aim was to eradicate as many pain points as they possibly could to enhance the day-to-day banking operations and provide digital solutions through their products and services. Today, the company has not only removed the unnecessarily lengthy and complex procedures from traditional banking, but has also made finance accessible, frictionless and a better experience for the banking staff as well as the customers.

The journey

Sandstone Technology achieved its first breakthrough when Adelaide Bank of Australia subscribed to their solutions. Bob and Violet travelled to Adelaide and convinced Adelaide bank to select them. The ideas they expounded looked promising enough for Adelaide Bank of Australia to take their chance upon this bubbling new start up for their internet banking.

The company’s growth has only been upward since then attracting customers from across the globe. However, in order for any business to prosper, boundaries need to be set and direction of growth and expansion needs to be determined to establish a name and identity in the market. And Sandstone Technology knew this.

As success followed, Sandstone made sure that they did not get lost in the attractive yet fatal web of expanding into every marketable domain that came along the way. They narrowed down their products and created a platform focussed on what they did best: digitising banking operations and replacing the complexity from traditional banking processes with AI and automation.

25 years down the lane, Sandstone has expanded in the UK and New Zealand in addition to Australia, catering to over 35 customers based in APAC and the UK, and providing digital products and services in a plethora of areas including mobile banking apps, internet banking, end-to-end origination, AI and machine learning.

The work culture at Sandstone

The secret to Sandstone’s success has been their approach to problem identification and solving. It has enabled the company to come up with solutions that go beyond the ordinary to provide the most optimal of solutions.

Today, under the leadership of CEO, Michael Phillipou, the company’s primary focus is to differentiate by executing on a ‘best people’ strategy. That is, Sandstone Technology is focused on ensuring that it has a highly-engaged team of the most capable and experienced people in banking, financial services and technology, in order to provide its global customers with market leading digital banking platforms. Accordingly, the staff at Sandstone are some of the best from their area of expertise and demonstrate deep knowledge of their respective domains. This helps Michael Phillipou and the Sandstone executive team build an ecosystem that encourages deep market research, collaboration and analytics-based understanding of the future trends, to allow for an informed and well-analysed solution for the customer.

Sandstone follows a customer-first approach in their working model and there is also an active attempt to keep an eye out for customer interest in trying times. For instance, as the firm realised the need for self-service tools very early in the pandemic, they were quick to develop tools to help consumers manage their loans, mortgages etc., ensuring that their customer banks sail easy though one of the worst crises of the century.

The three guiding principles that make Sandstone stand out from its competitors are:

  • Giving the best customer experience,
  • An exceptional product experience, and
  • Creating an ideal space for employees to work

Their approach to products and services

Sandstone is one of the few companies in the Australian landscape that provides financial institutions with an omni-channel end-to-end digital banking solution. Being a business transformation partner, they realise the stakes that banks put at risk and the horrors of a failed or ill-executed plan. They hence conduct multiple test runs and trials and boast a 100% implementation success rate.

With a focus on taking the complexity out of traditional banking operations, they enhance end-to-end customer experience through the use of AI and automation, thereby making it easy for the consumer as well as the internal banking staff. Their focus lies in the automation of low value tasks that are time consuming. This will eventually allow bank employees to focus their time on the more developmental aspects of the job.

Today, the range of products, services and end-to-end solutions offered by Sandstone have become so diverse that they have emerged as a one stop solution to the challenges of digitisation in the finance industry. Customer banks need to figure out only their core operations and the rest of the specifics in their digital transformation can all be taken care of by Sandstone.

Vision and future

For a company that is invested in digitisation, automation and AI, the future holds great promise for growth and abundance of opportunities. As more banks turn to expanding their digital operations, Sandstone Technology, under Michael Phillipou’s leadership, looks forward to partnering with financial institutions across the globe and assisting them with a smooth and viable transformation with their expertise and experience.

As the market slowly transforms to an API and SaaS based economy, there is an emerging need for highly consumable digital offerings, where the company is planning to invest its main focus in the coming future. For a short-term goal, Sandstone is all set to launch a single platform that caters to both consumers as well as small business customers in 2022.

Sandstone Technology, as the name itself suggests is representative of a robust and strong presence in the Australian fintech landscape and has proved itself to be a powerful ally that financial institutions can rely upon for their transformation projects.

Shift grows merchant team

Brings finance on demand to more Australian businesses

Shift, a provider of credit and payment platforms, has announced the expansion of its merchant team.

As part of the expansion, Paul Barker has joined the team in the newly created leadership role of Merchant Sales Director, while Elizabeth Vella has taken on the also newly-created role of National Manager, Go-to-Market and Projects.

Paul’s pedigree includes several roles across technology and payments, having led high growth sales and partnerships teams in several of Shift’s key target markets including trades and services, franchise, FMCG and retail.

According to Paul, the team will work closely with merchants, enabling their customers to multiply their spending power by taking advantage of Shift’s credit, payment, and trade solutions.

“What I’ve experienced over the last couple of years is a rapid acceleration in merchants focused on ensuring they deliver a frictionless customer journey as a means of attracting, retaining and increasing the value of each customer,” said Paul.

“Shift, hands down, has the most seamless customer experience I’ve seen and the funding capacity to deliver at scale. The opportunity in front of us is to enable more merchants to provide a customer experience advantage over their competitors.

“With the product roadmap for Shift Trade and payment solutions, I can confidently say we’re set to make life easier for businesses wanting flexible options for themselves and their customers in 2022.”

In her role as National Manager, Go-to-Market and Projects, Elizabeth Vella will focus on merchant enablement and relationship management, assisting merchants new to the Shift network to implement and run their new trade and payment facilities.

Elizabeth joined Shift following various financial services and fintech roles, where she established and grew key partner relationships.

“With buyers increasingly savvy regarding different trade and payment options, I look forward to working with Paul and the Shift team to bring the same flexibility and choice to merchants across Australia,” said Elizabeth.

About Shift
Originally established as GetCapital in 2014, the company rebranded as Shift in October 2021 as part of its mission to provide businesses with finance on demand. Enabled by streaming data, Shift offers a better way for Australian businesses to trade, pay and access funds.  Winner of the IDC 2020 Digital Disruptor and Omni Experience Innovator awards for Australia and New Zealand, Shift has also been named to the Deloitte Fast50 list four years in a row, the Smart50 awards, the AFR Fast 100 List and voted by LinkedIn as one of the Top 25 Australian Startups to work.  www.shift.com.au

For queries

Ged Mansour
Corporate Communications Lead

T: 0411 349 476
E: ged.mansour@shift.com.au
A: Level 21, 177 Pacific Hwy, North Sydney NSW 2060
W: www.shift.com.au

The big opportunity for Open Finance: Majority of SMEs say financial integrations increase their efficiency

  • Research shows SMEs welcome Open Finance.
  • These businesses believe it’s more important for financial apps to integrate with their accounting software than their bank account.
  • New report explains why Open Finance regulation must prioritise the right data for SMEs

London: 19 January 2022 – New research from Codat has revealed SMEs’ strong appetite for the benefits of Open Finance. As the debate around Open Banking and Open Finance gathers pace, 7 out of 10 of businesses say financial integrations make their business operations faster and more efficient.

However, these integrations must focus on the right data. Businesses think it is more important for a financial app to connect to their accounting software than their bank 21% more respondents stated that they would not use an application that didn’t integrate with their accounting software. Sharing data via a portal is also seen as more secure than via email, with 82% in agreement. Furthermore, nearly two-thirds (63%) of businesses believe that time spent on accounting admin takes them away from growing their business.

The findings are revealed in Codat’s Open for Business report which explains the case for a fresh approach to Open Finance that will benefit SMEs and their financial service providers, and in turn fuel economic growth.

Currently, policy conversations around extending Open Banking into a broader form of Open Finance are concerned with consumer interests and are not taking into account the needs of small businesses. Opening up datasets such as pensions, mortgages, investments, energy, and telecoms ignores the most vital financial data to small businesses.

It’s time to rethink

The framework for judging which datasets should next be incorporated into Open Finance and Open Data policy must take into consideration the frequency with which the data is shared or moved between systems and the value the sharing process offers.

Gavin Littlejohn, Chair of FDATA Global (Financial Data and Technology Association), said: “Open Banking regimes to date have focused on consumer needs as default. As the conversation develops to address finance more broadly rather than banking, the needs of these two groups will diverge further and therefore, it’s critical that lawmakers consider the distinct requirements for small businesses when designing Open Finance policy.”

The way forward

To best benefit small businesses, policymakers should next consider accounting and sales data, versus for example, mortgage, investment, or utilities data. 

“The advantage of fit for purpose Open Finance for SMEs is evident,” said Peter Lord, CEO at Codat. “We firmly believe that small businesses own their financial data and they should be able to share it freely with whomever they like – no matter which system holds that data. Although many small business financial platforms already have open APIs, the reality is that there are significant hidden barriers that make accessing and sharing data difficult. Appropriate regulation should work for all parties and ensure that small and medium-sized businesses everywhere can benefit from Open Finance.” 

The Open for Business report summarises three recommendations:

  1. The needs of small businesses and consumers will diverge further when it comes to Open Finance than Open Banking. When the Financial Conduct Authority in the UK, the CFPB in the United States and other regulatory bodies address and consult on Open Finance, small business needs should receive separate consideration.
  2. The next data sources for Open Finance should be prioritised based on the value of the data sharing process and frequency.
  3. Unquestionably for businesses, accounting data should be next.

Download the full report here.

About the research and report

Codat used a combination of publicly available research and private survey findings to substantiate the Open for Business report. The independent survey was carried out by Attest on behalf of Codat in November 2021. The survey involved a total sample size of 1,200 small-medium sized businesses based in the United States, United Kingdom, and Australia, of 0-500 employees.

About Codat

Codat is the universal API for small business data. The real-time connectivity that Codat provides enables software providers and financial institutions to build integrated products for their small business customers.

Codat clients range from lenders to corporate card providers and business forecasting tools and use cases include automatic reconciliation, business dashboarding, and loan decisioning. Codat was founded in 2017 and has offices in London, New York, San Francisco, and Sydney. 

The company has raised over $60M to date from investors including Tiger Global, PayPal Ventures, Index Ventures, and American Express Ventures. 


Upcoming Events

There are no upcoming events at this time.


Ep 2: Fintechs Acceleration of Growth Since COVID

Ep 1: The Evolution of Payments

Scaling Product Globally


Lee Hatton – Afterpay: FinTech Australia Podcast

Anthony Jones – Visa AUS/NZ

Tim Cameron – TransferWise