At GNGB, one of the most common questions we receive is: What is a Gateway Operator, and what do they do? As the governing body of the Superannuation Transaction Network (STN), GNGB works closely with Gateway Operators to ensure the smooth, secure, and reliable exchange of data across Australia’s superannuation system. This article explains what gateways are, the critical services Gateway Operators provide, and how they align with key prudential standards such as CPS 230 and CPS 234.

What is a Gateway?

Every week, millions of transactions take place to support Australia’s superannuation system. Whether it is an employer contributing to their employees super, or a member rolling their superannuation from one fund to another, essential information describing the transaction needs to travel between the initiating party and the destination fund.

To ensure that this information gets to where it is needed promptly and securely, Australian employers and superannuation funds use the Superannuation Transaction Network. Think of the STN as a superhighway for data, with specific on-ramps and off-ramps for messages to get on or off. These on-ramps and off-ramps are provided by the Gateways. Every superannuation transaction message gets on to the STN superhighway via their gateway on-ramp, and travels the network to the recipient’s off-ramp, provided by another gateway. Within the STN, gateways are responsible for:

• Gathering data from source systems
• Formatting or validating message to ensure they conform to standardised formats
• Routing and securely transmitting the data to its intended destination

What is a Gateway Operator?

Gateway Operators are organisations that run and maintain these gateways. They are the facilitators of data exchange in the STN, enabling communication between employers, payroll providers, the ATO, superannuation funds, and SMSFs. Each gateway operates 24/7, ensuring encrypted and fault-tolerant data transmission. Currently, there are nine accredited Gateway Operators within the STN.

Depending on their focus, some Gateway Operators work primarily with employers, helping them submit contributions, while others support super funds and SMSFs in receiving contributions and processing rollovers. Every super fund that participates in SuperStream must work with at least one Gateway Operator to ensure seamless compliance with the SuperStream Data and Payment Standard.

How Gateways Support Superannuation Transactions

The STN handles two primary types of transactions: contributions and rollovers.

• Contributions start with an employer submitting a Contribution Transaction Request message. This message includes essential data such as employee identification, contribution amount, and payment type. The employer’s Gateway Operator submits this message onto the STN, delivering it securely to the fund’s Gateway Operator, who ensures it reaches the destination super fund for processing.
• Rollovers, which involve moving super between funds or SMSFs, follow a similar process. The sending fund uses its gateway to place the message onto the STN, and the receiving fund’s gateway completes the delivery.

This infrastructure is vital to the secure, real-time exchange of millions of superannuation data messages each year.

Why Are Gateways and the STN Important?

Gateways are essential to maintaining the confidentiality, integrity, and availability of data within Australia’s superannuation ecosystem. The STN itself is the digital backbone of the system, ensuring that the right data reaches the right destination at the right time — all while complying with regulatory requirements.

Gateway Governance, CPS 230 & CPS 234

In line with evolving regulatory expectations, Gateway Operators must meet stringent standards for operational risk and information security. The Australian Prudential Regulation Authority (APRA) requires regulated entities to assess the capabilities of their material service providers — which includes Gateway Operators — under:

• CPS 234 – Information Security: Gateways must adhere to GNGB’s information security framework, which outlines a baseline of mandatory controls. Annual independent audits assess control effectiveness, with findings submitted to GNGB for review.
• CPS 230 – Operational Risk Management: Gateways are expected to have business continuity plans, robust incident response protocols, and appropriate third-party management strategies in place. These requirements align with APRA’s expectations for regulated superannuation funds.

GNGB supports this framework by actively governing the STN and its operators, ensuring continuous compliance and network resilience.

Got questions? We’d love to hear from you. Email us at gomadmin@gngb.com.au