ASIC consults on updates to the ePayments Code

  • By James Harradine

On Friday the 21st of May ASIC released a consultation paper (CP 341 – available here) seeking feedback on proposed updates to the ePayments Code.

The updates are designed to ensure the Code continues to be effective and relevant to consumers and subscribers. ASIC’s proposed updates primarily relate to the following areas of the Code:

• compliance monitoring and data reporting;

• mistaken internet payments;

• small business protections;

• unauthorised transactions; and

• complaints handling.

The review also considers options for modernising the Code, to reflect changes in the field of electronic payments since the Code’s last review.

The consultation paper is designed to assist ASIC to form its final positions on updates to the Code. ASIC welcomes submissions on CP 341 from all interested parties.

Most banks, credit unions and building societies in Australia, as well as a small number of other providers of electronic payment services, subscribe to the Code. 

ASIC is responsible for administering the Code, including reviewing it. The most recent comprehensive review of the Code was completed in December 2010. 

Subscription to the Code is voluntary. However, the Government has accepted recommendations to mandate the Code. Most recently, in 2019, the Council of Financial Regulators recommended that ASIC be given the power to make compliance with the Code mandatory, such as through a legislative rule-making power. ASIC’s current  review of the Code in its voluntary form is an interim measure ahead of the Code eventually becoming mandatory through legislation.

Submissions are due by Friday 2 July 2021.

Summary of proposed changes:

Compliance monitoring and data collection

"We propose to remove the requirement in the Code for subscribers to report annually to ASIC on the incidence of unauthorised transactions. Instead, the Code will include a power that will allow ASIC to conduct targeted ad hoc monitoring of compliance with the Code and other matters relevant to subscribers’ activities relating to electronic payments."

Clarifying and enhancing the mistaken internet payments framework

"We propose to extend the mistaken internet payments (MIP) framework in the Code to allow consumers to retrieve partial funds if the full amount of the payment is not available in the unintended recipient’s account. The Code would include a non-exhaustive list of examples of what a receiving ADI can do to meet the requirement to make ‘reasonable endeavours’ to retrieve the consumer’s mistaken internet payment (while acknowledging that what amounts to ‘reasonable endeavours’ depends on the individual case). There would be a number of additional responsibilities on ADIs to ensure that the process starts promptly and that consumers are made aware of their rights to lodge a complaint with the subscriber and then with the Australian Financial Complaints Authority (AFCA).

We also propose to:

• clarify the consequences for the sending ADI where the receiving ADI and/or unintended recipient do not cooperate in the process; and

• clarify the definition of ‘mistaken internet payment’, limiting it to situations in which the consumer has made a genuine mistake in typing the account identifier (and not extending it to scam scenarios); and

• enhance the content of the existing on-screen warning about mistaken internet payments so that it is clear to consumers that typing a correct account name will not remedy an incorrect BSB and/or account number"

Responsibilities of the sending and receiving ADIs

"We propose to amend the Code to:
(a) require the sending ADI to investigate whether there was a mistaken internet payment and send the request for return of funds to the receiving ADI ‘as soon as practicable’ and, in any case, no later than five business days after the report of the mistaken internet payment;

(b) require both the sending and receiving ADIs to keep reasonable records of the steps they took and what they considered in their investigations;

(c) require the sending ADI, when they tell the consumer the outcome of the investigation into the reported mistaken internet payment, to include details of the consumer’s right to:

(i) complain to the sending ADI about how the report about the mistaken internet payment was dealt with; and

(ii) complain to AFCA if they are not satisfied with the result; and

(d) clarify that non-cooperation by the receiving ADI or the unintended recipient is, by itself, not a relevant consideration in assessing whether the sending ADI has complied with its obligations"

On-screen consumer warning

"We propose to require ADIs to provide additional important information in the on-screen warning about mistaken internet payments required by clause 25 of the Code.

The messaging must:

(a) contain a ‘call to action’ for the consumer to check that the BSB and account number are correct; and

(b) in plain English, include wording to the effect that:

(i) the consumer’s money will be sent to somewhere other than to the intended account; and

(ii) the consumer may not get their money back, if the BSB or account number they provide is wrong (even if the consumer has given the correct account name)."

Modernising the Code

"We propose to:

• define biometric authentication in the Code and incorporate it into specific provisions of the Code where it is relevant;

• revise the Code’s use of the term ‘device’ and instead use the term ‘payment instrument’ to avoid confusion with consumer-owned smart devices;

• include virtual debit and credit cards in the definition of ‘payment instrument’;

• extend the Code’s protections to NPP payments; and

• include electronic receipts in the Code’s provisions relating to transaction receipts"

After receiving submissions on the consultation paper, ASIC will consider stakeholder feedback and issue a report outlining final positions. ASIC will also publish a draft updated Code for stakeholder feedback on the format and technical wording of the Code.