Independent Strategy Memo · Candidate Submission · June 2026

The Open Compliance Network

A structural case for industry-led procurement reform

Australia’s fintech sector is large enough to matter and broken enough to fix.

Prepared by Shourjo, for Rehan D’Almeida

The Deloitte 2026 report puts the sector’s direct value‑add at $13.6B today, on a trajectory toward $71B by 2035 . The trajectory is credible. The infrastructure to reach it is not yet built. This memo makes the case for building one piece of it.

Deloitte / FinTech Australia Industry Report, March 2026. The same source ranks the sector 6th globally and 2nd in Asia‑Pacific.

IThe structural problem

The sector’s growth is being taxed by a procurement process designed for a different era. A fintech seeking to integrate with a Tier 1 bank submits much the same package of security and compliance evidence to each institution separately, in different formats, on different timelines. The cycle runs 12 to 18 months, and it consumes scarce runway before a single dollar of commercial revenue is recognised.

SOC 2 reports, penetration‑test results, business‑continuity plans, cyber‑insurance certificates. The artifact count a member assembles (commonly cited near 40) is illustrative, not surveyed. Modelled / illustrativeThe per‑member runway cost (an estimated $200–250k for a Series B) is a working estimate, not a sourced figure. Source or cut before circulation.

This is not a risk‑management process. It is an administrative inheritance. The evidence is unambiguous:

Two barriers, one cause.
Metric	Current state
Fintechs seeking bank partnerships	70%
Fintechs reaching commercial deployment	<20%
Average procurement cycle (Tier 1)	12–18 mo
Members citing integration as top barrier	25%
Members citing capital access as top barrier	32%

Partnership appetite, deployment rate and barrier shares: Deloitte / FinTech Australia, March 2026. The 12–18 month cycle is widely reported across member interviews; treat as directional.

These two barriers are not independent. Capital burns while procurement stalls. The 32% who name capital as their primary constraint are, in many cases, describing the downstream consequence of the 25% problem.

IIWhy the existing solutions have not worked

Top‑down attempts to solve this have stalled. The reason is architectural: they were regulator‑owned and disconnected from the actual procurement appetites of the banks they were trying to influence. A regulator can mandate disclosure. It cannot manufacture trust.

VerifyThe FCA Regulatory Sandbox (2016) and MAS Veritas (2019) are cited from memory as comparators. Confirm dates and framing before relying on them in the room.

The Open Compliance Network is structurally different on three dimensions. It is industry‑led: the baseline is co‑authored by the banks’ own risk and security teams, so it reflects what banks actually need. It is peer‑vetted: validation sits with a rotating council of Associate Member security leads, so FinTech Australia convenes and governs but does not audit or certify, which keeps the liability off our books. And it is built on existing infrastructure: not a new regulatory regime, but a second layer on top of the CDR accreditation and Digital ID frameworks that already exist.

IIIThe architecture

The OCN operates as a tri‑layer assurance model. Each layer has a distinct owner and a distinct scope.

Layer 3 · StrategicIndividual bank
Proprietary product risk, credit appetite, competitive positioning. Bank‑specific. The OCN does not touch this layer.
Layer 2 · OperationalOCN / FinTech Australia
Business continuity, cyber‑insurance minimums, incident‑response protocols, key‑person risk, penetration‑test recency. Peer‑vetted annually.
Layer 1 · FoundationACCC / federal regulator
Data privacy, consent management, CDR accreditation, Digital ID compliance. Already mandatory, already standardised.

The OCN claims only the middle layer. Banks already agree on Layer 1; CDR forced that. The argument is that they can agree on Layer 2 as well.

The insight is deceptively simple. Operational safety is not a competitive differentiator. A breach anywhere in the fintech ecosystem damages every institution’s digital‑banking reputation at once. Banks have no edge to defend in agreeing on a shared operational floor, and a shared interest in raising it. This is the same logic the ACCC accepted when it authorised banks to collaborate on scam‑prevention standards. That authorisation is the OCN’s legal foundation, not a loose analogy.

ACCC authorisation permitting Australian banks to collaborate on shared industry standards to combat scams, 2024. The OCN’s scope — operational resilience, not pricing or market conduct — sits inside that harbour.

IVFrom documents to attributes

Current procurement is document‑based. A member sends a fifty‑page PDF; a bank analyst reads it, flags gaps, requests revisions, routes it through legal and risk; the cycle repeats for every institution. The OCN shifts this to attribute‑based querying.

ConceptThe “Digital Evidence Vault” and signed‑attestation mechanism describe a proposed build, not an existing system. Presented as design intent.

Instead of asking “do you have a disaster‑recovery plan?”, a bank’s system queries a specific, dated attribute and receives a signed binary response:

query → “Recovery‑Time Objective under 4 hours for Tier 1 data, verified within 12 months?”

response → [ YES ] / [ PENDING ]

No PDF, no analyst hours, no re‑formatting. The commodity 60% of vendor vetting becomes automated; what remains is Layer 3, where a bank’s judgment actually belongs.

RegTech

Primary query: Incident‑response SLA
OCN attribute: [RTO < 4h: YES]
Path to pilot: ~4 months

Payments

Primary query: PCI‑DSS Level 1 status
OCN attribute: [PCI‑DSS L1: YES]
Path to pilot: ~3 months

Lending infrastructure

Primary query: Credit‑model explainability
OCN attribute: [Model audit < 6mo: YES]
Path to pilot: ~5 months

Small multiples, three member archetypes. The per‑archetype hours saved and the aggregate (commonly modelled near 8,500 hours across a 50‑member cohort) are illustrative projections, not measured results.

VThe versioning problem

A static standard is a liability. ISO 27001 evolves; threat vectors change; insurance markets reprice. Any baseline that does not update becomes, within eighteen months, a false signal of safety. The OCN answers this with a versioned evidence system. An OCN‑26 attestation is valid for the 2026 baseline; when the council updates the standard, members get a 90‑day transition window to refresh their vault. Directory status updates automatically.

Member directory — a living signal, not a one‑time audit (illustrative entries).
Member	Status	Note
WeMoney	OCN‑26 ✓	Renewed March 2026
Swyftx	OCN‑26 ✓	Renewed January 2026
Member X	OCN‑25 ⚠	Renewal due June 2026
Member Y	PENDING	Insurance lapsed February 2026

Member‑status rows are illustrative. WeMoney and Swyftx appear because they are real members profiled in section VII; their OCN status is hypothetical.

VIWhy the banks say yes

The OCN only works if banks participate. This is the load‑bearing assumption, and it deserves direct examination. There are three reasons to believe it holds.

The efficiency argument. Each Tier 1 procurement team processes hundreds of vendor submissions a year. Standardising the commodity 60% frees their most experienced risk analysts for the assessments that actually require judgment. This is resource optimisation, not altruism.

The legal argument. The ACCC’s 2024 scam‑prevention authorisation established that banks can co‑author shared safety baselines without tripping competition law. The OCN’s scope sits squarely inside that precedent.

The talent argument. The Associate‑in‑Residence model asks each participating bank for a single six‑month secondee to serve as Protocol Coordinator. In return, that person gets early sight of Australia’s highest‑growth fintechs. For an innovation lead at NAB or Westpac, that is deal‑flow, not a compliance chore.

VIIMember value: the evidence

The OCN is not a theoretical proposition. The member data already shows what happens when a structural barrier is removed.

WeMoney

Built directly on the CDR infrastructure FinTech Australia helped shape. Raised a $12M Series A at a $64.2M valuation in 2025, Mastercard‑backed; the platform saves users an average of $4,419 a year; three Finnies in 2025, including FinTech Organisation of the Year.

Finnies 2025 and company disclosures. A reported ASX ambition is omitted here as unverified; reinstate only with a source.

“CDR wasn’t just a policy win. For WeMoney, it became the product.”

Birchal

Holds 80% of Australia’s equity‑crowdfunding market: $347M raised across 489 campaigns, connecting 120,000+ investors to emerging ventures. That market depth would not exist without the regulatory clarity FinTech Australia’s advocacy produced.

Swyftx

Australia’s second‑largest digital‑assets brokerage, 1.5M+ clients across three countries, having acquired Easy Crypto in March 2025 and added 1.1M customers in a single move.

Company disclosures, 2025. A reported headcount‑growth figure is omitted as unverified.

These outcomes share one upstream cause: policy infrastructure that lowered the cost of doing business. The OCN applies the same logic one layer up — to operational procurement.

VIIIExecution: the first 100 days

The OCN does not need a new budget line, a regulatory approval, or a multi‑year working group. It needs a decision.

ReconcileThe deck quotes a 90‑day pilot, 3 banks and 6 fintechs. This plan reads 100 days and 10 members. Pick one set of numbers so the spoken and written versions agree.

Days 1–30

Convene

Appoint interim Peer‑Vetting Council (one major bank, one challenger, one founder)
Brief the pilot members
Commission the “compliance delta” audit: CDR baseline vs actual bank requirements

Days 31–60

Build

Draft the Layer 2 evidence standard
Launch the Digital Evidence Vault beta
Place the Associate‑in‑Residence (a Westpac or NAB secondee)

Days 61–90

Test

Pilot cohort assembles first OCN packs
Two banks run live attribute queries against the vault
Measure time‑to‑response against the traditional baseline

Day 100

Launch

Present the first OCN‑ready cohort at Intersekt
Release impact data: hours saved, pipeline unlocked, conversion to paid pilots

IXThe strategic claim

Most industry bodies spend their time asking government to change. The OCN asks the industry to change itself. It does not wait for a new law or a ministerial mandate. It uses the relationships, the legal precedent, and the member infrastructure FinTech Australia already has, and turns them into a piece of national commercial infrastructure.

The sector reaches $13.6B today with roughly a one‑in‑five integration success rate. Lifting that rate is the single highest‑leverage move available to the body that convenes both sides of the table. That is the size of the opportunity sitting inside the procurement process of four banks.

Modelled / illustrativeHeadline GDP‑contribution figures (an oft‑quoted $4–6B) are scenario estimates. Frame as “in the order of,” or omit, unless a model is attached.

Sources & notes

Sector value, growth trajectory, partnership and barrier figures: Deloitte / FinTech Australia Industry Report, March 2026. Member outcomes: Finnies 2025 and company disclosures. Legal precedent: ACCC authorisation for bank collaboration on shared industry standards (scam prevention), 2024. The tri‑layer model, attribute‑based vault, versioning scheme and 100‑day plan are this author’s proposed design. Figures marked modelled / illustrative are working estimates, not surveyed data, and are labelled as such so the argument can be examined honestly. Prepared by Shourjo, June 2026.

Disclaimer. FinTech Australia and the FinTech Australia logo are trademarks of FinTech Australia Ltd. This document is an independent portfolio piece prepared by a candidate, visually inspired by but not affiliated with, endorsed by, or licensed by FinTech Australia. All trademarks are the property of their respective owners. Reproduced here under fair use, to demonstrate strategy and design fluency for a job application.