Open Banking is coming to Australia.
The initiative will exhume customer data buried in banks’ databases, enable seamless data sharing and drive the banking industry to be more competitive for the benefits of consumers.
To consumers, Open Banking is an opportunity to easily use their data, gain further insight to find themselves some better deals on financial services and to save money. For instance, Open Banking can provide an effective catalyst for consumers to make informed decisions to switch banks.
To financial organisations, Open Banking is a compliance and technical challenge of opening the data box, a business performance risk of losing customers and a business opportunity at the same time. Smaller banks, neobanks and other developing Financial Technology (FinTech) organisations are well placed to capitalise on the Open Banking business opportunity and take on further market share.
To be successful, Open Banking relies on a strong information security risk management underpinned by an effective accreditation process.
What is Open Banking?
In Australia, Open Banking is an initiative of the Australian Competition and Consumer Commission (ACCC). The initiative is inscribed in the Consumer Data Right (CDR) as its first application for the banking sector. Subsequent CDR initiatives will later apply to the Energy and Telecommunication sectors.
According to the ACCC, Open Banking will improve consumers’ ability to compare and switch between banking products and services. It will also encourage competition between banking service providers, leading not only to better prices for customers but also more innovative products and services.
“Open banking will involve consumers being able to control the data that banks hold on them, whether that be to send them to other financial institutions or other authorised organisations.” (finder)
The data in scope of Open Banking currently includes:
- Customer data, such as name, contact details and account level data;
- Transaction data, such as balances, transaction history and transaction details; and
- Product data, such as product description, fees, charges and terms and conditions.
The products in scope of Open Banking currently include:
- Credit and debit card data;
- Deposit and transaction accounts data;
- Mortgages data; and
- Personal loans, business loans, consumer leases and overdrafts data.
Under the rules of CDR and Open Banking, the data owner can be either an individual or a business, and is referred to as a Consumer in the CDR framework .
Consumers can access their data and they can authorise third-parties to access their data under the following key control principles (my own summary):
- Banks (data holders) must comply with the right of consumers to exercise their entitlement under the CDR. The entitlement is offered to current customers, but not to former customers;
- Consumers can specify the data in scope of access. There is sense of control and granularity. Only data in digital form is in scope of Open Banking;
- Consumers authorise third-party data recipients to access their data with explicit consents and to use their data in accordance with that consent;
- It must be quick & easy with APIs. In its current version, Open Banking is online-only. It is only available to customers who have access to and use online banking;
- It must be free (no cost to consumers);
- It must be secure; and
- Third-party data recipients must be accredited by the ACCC to qualify as trusted CDR participants.
Figure 1, from the ACCC CDR Rules Framework, provides an overview of the data sharing process.
Figure 1: Sharing data with an accredited third-party
When is Open Banking coming?
The banks, or “data holders”, in scope for Open Banking include:
- The Australian ‘four major banks’ for the initial phase, excluding their related brands to start with; and
- Other Authorised Deposit-taking Institutions (ADIs) for the second phase, including related brands of the four major banks and with the exception of foreign bank branches.
Open Banking is implemented in a phased approach. By the 1stof July 2019, all major Australian banks will be required to make available some of their customers banking data. All remaining ADIs in scope are also required to comply with a 12-month delay on the major banks as per Table 1.
|Data||Major banks||Other ADIs|
|Credit and debit card, deposit and transaction accounts data||1st of July 2019||1st July 2020|
|Mortgages data||1stFebruary 2020||1stFebruary 2021|
|Personal loans, business loans, consumer leases and overdrafts data||1st July 2020||1st July 2021|
Table 1: Open Banking Australia Data Availability Timeline
How is Open Banking tracking?
Scott Gregson, Executive General Manager at the ACCC, used startup-like terminology while reporting on the initiative progress during a panel session held at the annual Australian FinTech industry conference (intersekt) in Melbourne on October 30.
I took away the following thoughts from the discussion:
- Open Banking is being delivered as a startup-like and agile project;
- July 1 is the target launch date for an Open Banking Minimum Viable Product (MVP). It was suggested that to achieve the launch date, banks would need to complete their development by December 2018 and their testing by February 2019;
- The MVP is not fully specified yet, because consultations on the initiative were still on-going. I got a sense that the scope and some details could expectedly change. The wording of the ACCC CDR Rules Framework is also full of “The ACCC proposes to…”, which I suspect will need to change to mandatory clauses post consultation phase;
- The ACCC is prioritising building the third-party accreditation process and an address book of trusted CDR participants under Open Banking.
Based on the above, I would summarise that Open Banking is currently tracking with hope and pragmatism.
I will discuss the security implications of Open Banking in upcoming articles.