Virtually all banks, credit unions and building societies currently subscribe to the EFT Code along with a number of non-banking subscribers. The ePayments Code continues to be a voluntary code of practice.
Re-subscription of EFT Code subscribers to the ePayments Code commences from the Codes release date (20 September 2011). ASIC strongly encourages organisations that provide electronic payments who have not previously subscribed to the EFT Code to subscribe to the new Code.
The ePayments Code plays an important role in the regulation of electronic payment facilities in Australia.
It complements other regulatory requirements, including financial services and consumer credit licensing, advice, training and disclosure obligations under the Corporations Act 2001 and the National Consumer Credit Protection Act 2009.
Among other things, the ePayments Code:
requires subscribers to give consumers clear and unambiguous terms and conditions,
stipulates how terms and conditions changes (such as fee increases), receipts and statement need to be made
sets out the rules for determining who pays for unauthorised transactions, and
establishes a regime for recovering mistaken internet payments.
There are more limited requirements for low value facilities that can hold a balance of no more than $500 at any one time.
As the administrator of the ePayments Code, ASIC may exempt or declare that the application of the Code is modified in a specified way. A written instrument will be created to give effect to the exemptions or declarations, and published on this website.
Subscribers who would like to make an application for an exemption or declaration under the Code should follow the procedures set up for the application process.
Code subscribers must report to ASIC information about unauthorised transactions annually. Information Sheet 195 ePayments Code: Reporting data on unauthorised transactions sets out the scope of the reportable data, as well as some guiding principles and definitions to be used in preparing the compliance report.
Each data collection period starts on 1 January and ends on 31 December of that year. The report needs to be lodged with ASIC by 1 March the following year. The first data collection period commences on 1 January 2015, ending 31 December 2015. The first report is due to be lodged with ASIC by 1 March 2016. Reports should be lodged by email to email@example.com.
An Excel template is available for download from this webpage for subscribers to use in preparing their report on unauthorised transactions.
ASIC may also undertake targeted compliance monitoring of specific obligations under the Code. The focus of targeted monitoring may change from time to time.