Show download pdf controls
  • Work out if you need to report

    If you are an administrator of an electronic payment system, the transactions you process for your business clients must be reported.

    An administrator is any entity that is involved in the management and/or control of the processing of payments in a payment system or part of a payment system. This includes any entity involved in the management and/or control of any instruments and procedures related to the payment system.

    Administrators of an electronic payment system can be:

    • acquirers
    • authorised deposit-taking institutions
    • specialised payment providers
    • third party processors.

    These organisations may have a reporting obligation if they facilitate payments for businesses including:

    • payments in the merchant acquiring system
    • BPAY payments
    • direct debit payments
    • payments from foreign payment systems.

    A payment system is defined by the Payment Systems (Regulation) Act 1998.

    Third party arrangements

    There are situations where both an acquirer or authorised deposit-taking institution (ADI) and a third party processor will participate in the processing of a transaction.

    The reporting obligation will be with the third party processor as they have:

    • the direct relationship with the business client
    • full visibility of the identity and transactional data that is to be reported.

    An acquirer or ADI is not required to report transactions initiated and reported by a third party processor.

    Example

    Learn to Sing engages a third party processor to process the direct debit agreements for their clients.

    The third party processor collects the information needed by their financial institution, and issues Learn to Sing with a unique reference ID. This reference ID identifies the Learn to Sing payments processed under their direct debit authority.

    The third party processor has the reporting obligation as they have full visibility of both the identity and transactional data of Learn to Sing.

    Example

    Align Building opens a merchant account directly with an acquirer. They are issued with a merchant ID and a hand-held card reading machine.

    The financial institution has the reporting obligation as they initiated the transaction and have full visibility of both the identity and transactional data of Align Building.

    Example

    Sarah sets up a direct debit agreement with a family member to whom she has loaned money through a third party processor. The loan is private in nature and not related to a business transaction so the third party processor does not have to report.

    End of example

    Transactions processed by a payment gateway

    An organisation that provides a business with software to enable the sale of goods or services but does not process the payment transaction is not required to report. The reporting obligation is held by the organisation that processes the payments.

    Example

    Sarah operates a website to sell her paintings. She has purchased software from Payment Plus that enables her to accept sales that are processed through her merchant account issued directly from her bank.

    The reporting obligation is with her bank as Payment Plus is a payment gateway and does not issue a merchant account or process the payment.

    If an organisation provides payment gateway and third party processor services, the payment gateway transactions should not be included in their report.

    End of example

    Advise third party arrangements

    Acquirers and ADIs providing merchant and/or BPAY facilities to third party payment processors will be asked annually to provide a list of their clients.

    We will use this information to contact third party payment processors who do not currently report to us and provide them with information on their potential reporting obligations. This aims to ensure a level playing field for all participants in the payment systems industry.

    Last modified: 02 May 2018QC 53125