On 20 December 2019, the Australian Competition and Consumer Commission (ACCC) announced that the implementation of certain aspects of the Consumer Data Right (CDR) would be delayed from 1 February 2020 to 1 July 2020. Under the CDR, consumers will be able to direct the four major banks to share certain information, including credit and debit card, deposit account, and transaction account data, with accredited service providers.
The use of CDR is expected to unlock the potential of Open Banking in Australia. Open Banking is not a product or service in its own right. Instead it is a secure process that allows consumers to give permission to their banks and other financial institutions to share their financial data with third parties.
Introduced by the competition regulator in the United Kingdom in conjunction with the second European Payment Services Directive, Open Banking in the UK resulted in a whole range of innovate new products and services provided by FinTechs and other firms. These services ranged from utilities switching products, online dashboards of accounts and services to initiate payments with merchants without involvement of any card scheme provider.
The CDR was introduced into Australian law on 1 August 2019 by the Treasury Laws Amendment (Consumer Data Right) Act 2019 which amended the Competition and Consumer Act 2010 and the Privacy Act 1988.
The delay announced by the ACCC follows a prior delay in which the implementation of certain CDR requirements was moved from the initial 1 July 2019 start date to 1 February 2020.
The ACCC have stated that the need for resilient systems and security in the implementation of Open Banking are the main drivers for the delay. It has identified that there is a lack of sufficient testing in order to ensure the effective operation of the necessary security and privacy protections.
ACCC Commissioner Sarah Court identified that robust privacy protection and information security were core features of the CDR, and establishing appropriate regulatory settings and IT infrastructure “cannot be rushed”. The ACCC Commissioner further stated that the “CDR is a complex but fundamental competition and consumer reform and we are committed to delivering it only after we are confident the system is resilient, user friendly and properly tested”. Banks had expressed concerns in relation to the potential of the new system to introduce weaknesses into IT defence systems.
FinTech groups have noted that the delay had not come as a surprise. The General Manager of FinTech Australia, Rebecca Schot-Guppy, stated that members of FinTech Australia expressed doubt about the ability of the major banks to have data formatted and prepared in time for February 2020. FinTech Australia, in a submission to the Senate Select Committee has pointed out that the process and costs associated with accreditation are a considerable hurdle to many FinTechs becoming involved in Open Banking.
The ACCC has indicated that it will conduct further consultation on whether any further changes will need to be made to other phases of the rollout of CDR, including beyond the big four banks.
Experiences of Open Banking in the UK
The delay in the implementation of the CDR reflects the need to maintain cybersecurity, data and privacy protections. These necessary components of Open Banking are key for consumer confidence. The experience of the implementation of Open Banking in the United Kingdom, where legislation has been in force since 13 January 2018, may provide insight in consumer behaviour, issues and successes in the Open Banking framework and legislation.
Open Banking in the UK has struggled to gain consumer recognition and acceptance. As at 20 January 2020, Open Banking in the UK surpassed the one million participating consumers mark for the first time. A recent survey conducted by Splendid Unlimited of 2000 people indicated that 78% of were unaware of Open Banking. Of those who were aware, understanding of Open Banking remained ‘simplistic’.
Consumer uptake of Open Banking may be hampered by concerns over privacy and data security. Andrew Hagger, a personal finance expert at MoneyComms, suggests that there is fear amongst consumers in respect to the privacy and security of their personal data. Consumers are more aware of the value of their financial data and accordingly more hesitate to give access to non-bank FinTechs which may be relatively new to the industry.
Given the UK experience, the priority of the ACCC to ensure that systems are resilient, user friendly and properly tested is welcome. Strong privacy and cybersecurity protections will be essential to ensure that there is consumer confidence and ultimately uptake of the services of Open Banking in Australia.