When the federal Treasury released its fintech regulatory reform package in September 2025, the response from industry was cautiously optimistic. After years of complaints that Australia’s financial services regulation hadn’t kept pace with technology, the reforms promised a modernised framework: clearer licensing pathways, an expanded regulatory sandbox, updated consumer protections for digital financial products, and stronger Buy Now, Pay Later (BNPL) oversight.

Six months later, the picture is more complicated. Some reforms have landed well. Others are stuck in implementation. And a few critical areas remain conspicuously unaddressed.

What’s Actually Changed

The most tangible reform is the enhanced regulatory sandbox. Prior to 2025, ASIC’s sandbox was widely criticised as too narrow and too slow—restrictive eligibility, applications taking four to five months, and a 24-month testing cap that many companies found insufficient.

The revised sandbox, effective January 2026, is meaningfully broader. Testing periods extend to 36 months. Eligible product categories now include digital asset custody, embedded finance, and AI-driven financial advice. The customer cap has risen from 100 to 500 retail clients. And ASIC has committed to processing applications within 30 business days.

Early signs are encouraging. ASIC reported 14 applications in the first two months of 2026, compared to 23 for all of 2024. Several fintechs that had looked to Singapore or the UK are now reconsidering Australia as a launch market.

The BNPL reforms have also progressed. As of February 2026, all BNPL providers must hold an Australian Credit Licence and comply with responsible lending obligations. Two smaller providers exited in late 2025 citing compliance costs, but the major players—Afterpay, Zip, and Humm—have absorbed the requirements. Consumer complaints to AFCA about BNPL dropped 22 percent in the December 2025 quarter, though it’s early to attribute that solely to regulatory changes.

Where Implementation Has Stalled

The most significant stall is in digital asset regulation. The 2025 reform package flagged a comprehensive framework for cryptocurrency exchanges, digital asset custody, and tokenised financial products, but the detailed rules were deferred to a separate consultation process. That consultation, originally scheduled to conclude in December 2025, has been extended twice. The current timeline suggests draft legislation won’t be introduced before mid-2026.

This matters because it’s the area where Australia’s regulatory gap is most visible internationally. Singapore, the UK, the EU (through MiCA), and Hong Kong have all implemented comprehensive digital asset frameworks. Australian crypto businesses operate in a grey zone—not explicitly prohibited, but without clear rules governing custody, capital requirements, or consumer protections. Several Australian-founded crypto companies have established their primary operations offshore as a result.

The AI-specific provisions have been equally slow. The Treasury proposed principles for AI-driven financial advice and automated lending, including algorithmic transparency requirements. But the implementation details—what “transparency” means for a credit-scoring model, how regulators audit it—remain unresolved. ASIC’s working group on the topic missed its February 2026 reporting deadline, with consumer advocates and industry reportedly at odds over how much algorithmic disclosure is appropriate.

The Consumer Data Right Expansion

Closely connected is the ongoing expansion of the Consumer Data Right (CDR). Launched in banking in 2020 and extended to energy and telecommunications, the 2025 reforms added provisions for “action initiation”—allowing accredited third parties to not just read financial data but initiate transactions on a consumer’s behalf.

This is the feature that could transform Australian financial services. A budgeting app could automatically switch a customer to a cheaper energy provider. A mortgage broker’s platform could submit loan applications to multiple lenders directly. It’s the difference between open banking as data-sharing and open banking as a functional marketplace.

But the technical standards are still being finalised, and the consent framework has proven more complex than anticipated. The original July 2026 target for action initiation is now expected to slip to early 2027.

What’s Missing Entirely

Several areas that industry stakeholders expected the reforms to address remain untouched.

Embedded finance has no specific regulatory framework. Products integrating financial services into non-financial platforms—insurance through ride-sharing apps, point-of-sale lending—sit in regulatory ambiguity. Existing rules weren’t designed for digital platform distribution.

Cross-border regulatory cooperation was mentioned but hasn’t produced outcomes. Australian fintechs operating across Southeast Asia still face a patchwork of regimes with no passporting arrangements.

Regtech was notably absent. Submissions argued that regulators themselves need modern surveillance capabilities. ASIC’s tools for monitoring algorithmic trading and AI-driven advice remain limited compared to European and North American counterparts.

The Broader Question

Australia’s 2025 fintech reforms represent genuine progress after years of stasis. The enhanced regulatory sandbox, BNPL licensing, and CDR expansion are real improvements that bring the country closer to the regulatory clarity that the tech ecosystem has been requesting.

But regulatory reform in financial services doesn’t end with legislation. Implementation—the detailed rules, technical standards, supervisory capacity, and enforcement practice—is where reforms succeed or fail. On that front, the work is far from finished.

The risk is that Australia ends up with a framework that looks modern on paper but operates slowly in practice. If the digital asset rules take another year, if AI governance guidance remains stuck in committee, and if action initiation slips further into 2027, the reforms will have improved the starting position without addressing the fundamental challenge: keeping regulatory pace with technological change.

That’s been Australia’s fintech regulation story for the better part of a decade. The 2025 reforms were supposed to change the narrative. Whether they’ve actually done so remains to be seen.