Authors: Anthony Lloyd, Alex Horder
With the implementation of the Consumer Data Right (CDR) in the banking sector (known as ‘Open Banking’) well under way, the release of draft amendments to the CDR rules for the energy sector, and the continuing development of the framework for implementing the CDR in the telecommunications sector, the Australian Government intends to continue its incremental roll-out the CDR, sector-by-sector, with a view to implementing the CDR on an economy-wide basis.
On 22 July 2021, the Treasury released a consultation paper setting out the target industry sectors that are proposed to become subject to the CDR after the implementation in the energy and telecommunications sectors is complete. These sectors include:
- insurance (both general and health insurance);
- loyalty schemes;
- non-bank lenders;
- education; and
The Australian Treasury, in cooperation with the ACCC, is responsible for determining which sectors of the Australian economy should become subject to the CDR regime, based on factors set out in the Treasury Laws Amendment (Consumer Data Right) Act 2019 (Cth), including:
- the likely impact on consumers in the relevant sector and the sector itself, in terms of its efficiency, integrity and safety;
- the likely impact upon the privacy of individuals, and the confidentiality and intellectual property rights of businesses in the relevant sector;
- the potential regulatory impact of imposing CDR rules; and
- the potential for competition and innovation in the relevant sector and the Australian economy more broadly.
What does this mean for businesses?
Preparing for compliance with the CDR regime will require significant IT and regulatory efforts – we have seen that this has already been the case with clients in the banking sector. Further, the implementation of the CDR will present an opportunity for new, disruptive technologies and new sector participants to emerge, as players try to service customers through a single relationship that crosses multiple sectors.
In order to ready the battlements for CDR implementation and leverage the opportunities presented by it, clients may need to:
- develop a board-endorsed, fit-for-purpose CDR strategy;
- assess the type and extent of consumer data that they hold;
- perform a ‘readiness assessment’ of their technology landscape, including examining the need to bolster their existing data security measures and privacy controls;
- implement access and authentication controls in order to enable third party access to relevant data; and
- assess and implement required to changes to existing business processes and policy frameworks related to customer data.
All of this requires significant time, effort and investment that needs to be planned for now.
Clients may also wish to examine opportunities in the market in respect of collaboration with existing entities and innovation, with a view to creating the best regime-compliant customer experience.
How can DLA Piper help?
Having assisted clients in the banking sector in respect of the implementation of the Open Banking regime, DLA Piper is well-placed to assist you in understanding what will be required in implementing the CDR into your business, including in terms of the real-world issues arising with implementation. We can also work with your team to understand and deal with the legal, technical and regulatory challenges that you will likely face as you begin to navigate the high seas of CDR implementation.
Make no mistake, the technology, business process implementation, training and staffing effort to implement this regime is significant. It shouldn’t be viewed simply as a regulatory burden, but as an opportunity to grow your customer base and as an essential and key part of your strategy to retain the customers you already have. Please contact us for more information as to how we may help you and your business.