Open banking changes miss the mark

by Richard Atkinson 26 Apr 2021

Open banking is moving ahead, but Richard Atkinson from data firm illion, one of the few firms accredited to offer services under the Consumer Data Right, says the ACCC’s latest rule changes don’t quite get it right.

Australia’s eagerly awaited open banking system has lurched forward a few inches after the ACCC published a third set of amendments to the Consumer Data Right rules on 19 February, but it hasn’t gone far enough.

illion has made several submissions to the ACCC’s CDR Rules drafting processes, and we have long advocated for a system that makes it easy for individuals to securely share their data while providing mechanisms for businesses to securely access their CDR data, minimising barriers to entry at the same time.

We are already providing digital frameworks to more than 8,000 brokers across Australia, but what open banking will do is give us a common set of rules and a shared system at a time of significant challenge.

The ACCC’s latest amendments follow the release of a consultation paper a few months earlier, in which feedback was requested on a number of proposed rules changes. I’ll summarise these briefly below:

  • The introduction of new accreditation levels: Creating new pathways for service providers to become accredited data recipients. Proposals for new levels or “tiers” of accreditation are intended to lower barriers to entry and reduce compliance costs for service providers that do not require unrestricted access to CDR data. They also recognise that supply chains for data services regularly involve multiple service providers, and that CDR participants can appropriately manage risk and liability through commercial arrangements.
  • Providing customers with greater choice of who they share their data with: Permitting accredited data recipients to disclose CDR data with a consumer’s consent to third parties, including to their trusted professional advisers (such as accountants, tax agents and lawyers) and any third party on a limited “insights” basis.
  • Increasing consumer benefit: Allowing business and corporate consumers to access their CDR data, and adding flexibility and functionality to improve the consumer experience in relation to the management of consumer consents to collect and use CDR data, joint bank accounts and accounts that have additional cardholders.

Unfortunately, the latest amendments have addressed only one of the three changes – the component that will provide “increased consumer benefit”.

Don’t get me wrong – illion is strongly supportive of this particular change. We remain concerned, however, that the amendments don’t address the other two changes the ACCC proposed – the introduction of new accreditation levels, and the provision of greater choice for customers of who they share their data with.

Curiously, too, the latest amendments fail to meet the government’s own recommendations for tiered access to data – Recommendation 4.8 in the Government Inquiry into the Future Directions for the Consumer Data Right.

If you boil it all down, the ultimate goal of the CDR is to give customers the right to direct that their data is shared with others they trust so they can benefit from its value. To achieve this outcome, the rules framework must balance security and cost of accreditation against facilitated data sharing.

We are now only six months away from all ADIs having to expose transactional data to the CDR; however, the current rules still have a single model for accreditation of organisations to receive CDR data.

Based on the fact that we don’t have a view on what the next stage looks like, it’s likely that other players in the market will not be able to participate until at least 2022.

In our experience, the current model imposes a significant cost on an organisation to achieve accreditation. There is a clear and present danger that the benefit of CDR will not be realised, as the barrier to accessing the data (in the form of accreditation) is too high, evidenced by the fact that there are only six data recipients accredited after six months – two of which are illion.

All this is further complicated by responsibility for the drafting of future rules amendments passing from the ACCC directly to the Treasury this month. The enabling legislation for CDR is, as far as we can tell, still also waiting for parliamentary approval.

Ultimately, where this all leads now is not really clear. The ACCC has addressed the easy question, but what about the other, more difficult questions? It is vital that regulatory reforms in our sector satisfy consumer demands and continue to foster an environment that enables agile data solutions.

We know from the introduction of the UK’s open banking model that regulation was a big problem. The UK’s open banking system has been operational for two years now, but the legislation and rules haven’t provided a good foundation for it to be really successful.

Let’s make sure we learn from their issues and get it right in Australia – aligned to the original goals of the Consumer Data Right and the future direction that the government has articulated.

 

Richard Atkinson is the general manager of consumer product of illion .