|
|
| Regulator |
Australian Payments Network / NPP Australia |
| Jurisdiction |
AU |
| Status |
live |
| Applicability |
Platform |
The New Payments Platform (NPP) is Australia's real-time low-value payments infrastructure,
operated by NPP Australia Limited. Participation rules set obligations for ADI participants
covering: payment processing standards (Osko — below 60 seconds clearing, 24/7 availability);
PayID addressing service (phone number, email address, ABN); message format standards (ISO 20022
via Basix); liability allocation for unauthorised and erroneous payments; and dispute resolution.
All ADI participants must connect through NPP Australia. The bank connects to NPP via a Sponsoring
Participant (a major ADI) under a sponsorship arrangement. Sponsoring Participant obligations are
imposed on the major bank; the bank as a Connected Institution retains first-line obligations to
its customers for payment accuracy, PayID management, and dispute handling.
Compliance register
This register maps every material obligation under the NPP Rules to the platform control or
institutional process that satisfies it. It is the static traceability layer for the Totara
compliance report — dynamic data (module build status, test evidence, control test dates) is
overlaid at runtime.
Scope legend
| Symbol |
Meaning |
| 🤖 Automated |
Platform enforces or performs the obligation. Primary control mode is GATE, AUTO, CALC, or ALERT. Human action is not required in the normal case. |
| 📊 Evidenced |
Platform captures the evidence trail automatically. Human compliance decision sits on top. Primary control mode is LOG. |
| 🏛 Institutional |
Obligation is met by a process entirely outside the platform — training programmes, board governance, HR, legal. Platform may generate evidence inputs but does not own the process. |
| N/A |
Obligation does not apply to this deployment configuration. |
Build legend
| Symbol |
Meaning |
| ✅ |
Module built and deployed |
| 🔨 |
Module planned — not yet built (build_status: Not started) |
| ❌ |
Uncontrolled gap — no module attributed |
Osko overlay service — payment processing
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| NPP Rules 4.1 |
Process outbound Osko payments and clear below 60 seconds; 24/7/365 availability |
🤖 Automated |
PAY-001, PAY-002 |
MOD-120 (AUTO) — PayID and Osko integration handles real-time payment processing; MOD-020 (GATE) — pre-payment validation applied before submission to NPP; MOD-022 (LOG) — full payment audit trail from instruction to settlement |
🔨 |
| NPP Rules 4.4 |
Apply ISO 20022 message format (Basix); include all mandatory data elements (originator, beneficiary, payment purpose) |
🤖 Automated |
PAY-001 |
MOD-120 (AUTO) — ISO 20022 message construction and submission automated; mandatory field population enforced by message schema; no manual message building |
🔨 |
| NPP Rules 5.2 |
Maintain payment records for NPP transactions; retain for required period |
📊 Evidenced |
PAY-002 |
MOD-022 (LOG) — immutable payment audit trail captures all NPP transactions; MOD-002 (LOG) — settlement records permanent |
🔨 |
PayID addressing service
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| NPP Rules 6.1 |
Allow customers to register a PayID (phone number, email address, or ABN) linked to their account |
🤖 Automated |
PAY-001 |
MOD-120 (GATE) — PayID registration validated and linked to account; PayID existence verified before any PayID-addressed payment is committed |
🔨 |
| NPP Rules 6.3 |
Validate PayID ownership; prevent fraudulent PayID registration (PayID must be controlled by the customer) |
🤖 Automated |
PAY-001, PAY-005 |
MOD-120 (GATE) — PayID registration requires confirmation via verified contact detail (SMS/email OTP); fraudulent registration prevented; MOD-020 (GATE) — all outbound PayID-addressed payments pass pre-payment validation including PayID lookup |
🔨 |
| NPP Rules 6.5 |
Display the account holder name from PayID lookup to the customer before payment confirmation (confirmation of payee) |
🤖 Automated |
PAY-001, PAY-005 |
MOD-120 (AUTO) — resolved account holder name displayed to customer on PayID lookup before payment confirmation; consistent with Scam-Safe Accord confirmation of payee obligation. See au-scam-safe-accord. |
🔨 |
| NPP Rules 6.7 |
Close or transfer a PayID when the customer closes the account or requests de-registration |
🤖 Automated |
PAY-001 |
MOD-120 (AUTO) — PayID closure triggered automatically on account closure event |
🔨 |
Liability allocation
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| NPP Rules 8.1 |
Participant is liable for losses arising from its own system failures, unauthorised payments, or processing errors |
📊 Evidenced |
PAY-002, PAY-005 |
MOD-022 (LOG) — payment audit trail provides the evidentiary basis for liability attribution; MOD-149 (AUTO) — unauthorised payment reimbursement workflow applied; liability determination is platform-supported but human-reviewed |
🔨 |
| NPP Rules 8.3 |
Dispute resolution between participants follows NPP Australia dispute process; timelines mandated |
📊 Evidenced |
PAY-002 |
MOD-053 (LOG) — dispute case management captures NPP inter-participant disputes; MOD-022 (LOG) — payment audit trail provides the evidence base for NPP dispute submission |
🔨 |
| Obligation |
Owner |
Platform evidence input |
| NPP Australia Connected Institution agreement and annual certification |
Head of Payments / General Counsel |
— |
| Sponsoring Participant agreement maintenance |
Head of Payments |
— |
| NPP participation fee payment |
Finance |
— |
| Participation in NPP Australia governance (consultation, rule changes) |
Head of Payments |
— |
Coverage summary
| Area |
Total obligations |
Platform automated 🤖 |
Platform evidenced 📊 |
Institutional 🏛 |
N/A |
| Osko processing |
3 |
2 |
1 |
0 |
0 |
| PayID addressing |
4 |
4 |
0 |
0 |
0 |
| Liability |
2 |
0 |
2 |
0 |
0 |
| Total |
9 |
6 (67%) |
3 (33%) |
0 |
0 |
All attributed modules are currently build_status: Not started — the compliance position will update as modules are built and deployed.
| Policy |
Title |
| PAY-001 |
Payment Operations Policy |
| PAY-002 |
Settlement Risk Policy |
| PAY-005 |
Payment Fraud Prevention Policy |
Official documentation
Policies referencing this standard
Compiled 2026-05-22 from source/entities/regulations/au-npp-rules.yaml