Open Banking: The Brave New World
In August 2018, the Federal Government released the draft Consumer Data Right (CDR) legislation, which gives consumers more control over their own data.
This legislation will allow individuals and businesses the right to obtain certain types of their data, which they have already shared with their financial institution, as well as provide authorised third parties access to this data. The Australian government will apply this new legislation to the banking sector first with telecommunications and energy sectors to follow. The following is the approximate timeline for adoption of the new open banking framework:
|1 July 2019||Four major banks will be required to make credit and debit card data as well as deposit and transaction account data available under this new framework|
|1 February 2020||Four major banks will be required to make mortgage data available|
|1 July 2020||Four major banks will be required to make all other data covered under the CDR available
All other banks or Authorised Deposit-Taking Institutions (ADIs) will be required to make credit and debit card data as well as deposit and transaction account data available
|1 February 2021||All other banks or ADIs will be required to make mortgage data available|
|1 July 2021||All other banks or ADIs will be required to make all other data covered under the CDR available|
The Federal Government appointed CSIRO’s Data 61 group to advise and facilitate the creation of a set of technical standards that will underpin this consumer-driven data sharing. The access to the data will be made possible through the use of Application Programming Interfaces (APIs). All accredited parties will be required to build to these common standards in order to retrieve the authorised data. Data 61 recently released the first draft of these standards, which was open for industry feedback. The working draft standards are underpinned by four key principles: 1) the APIs are secure; 2) the APIs will use open standards; 3) the APIs will provide a good customer experience; and 4) the APIs will provide a good developer experience. As the foundation of the framework will be based on these common and fair objectives, it will certainly level the playing field for those willing to participate and reinforce a technical low barrier for entry.
Consumers in the Driver’s Seat
With the ability to control their own data and who can access their data, consumers will now be in a position of power. They can approach different financial institutions and be equipped with the knowledge that each institution can access relevant historical financial data (with the consumer’s permission) held on the consumer’s behalf. This consumer-authorised access will make the process of changing products and services across financial institutions much easier for the consumer. Prior to this new framework, a consumer would have to organise with the originating financial institution access to the relevant data and documentation and then proceed to engage other prospective financial institutions for available options with the relevant data at hand. Once this new regime is in force, it could be as simple as the consumer contacting multiple financial institutions, authorising access to the data and simply requesting their best offer. What was once cumbersome and prohibitive will now be a much more streamlined process.
With open banking, the industry will likely see the rise of the well-informed consumer. This type of consumer will recognise the benefits of having this data in making decisions on financial services or products that are right for them. They will question their current situation and will not simply maintain status quo due to indifference or idleness. This cohort can be split into two types – the negotiator or the sampler. The negotiators will leverage the fact that data can be made available to competitors and potentially drive their current financial institutions to offer better options. These customers still see the benefit of having most financial products with the one provider – economies of scale, convenience of a one-stop shop and potentially less fees. The samplers will not be concerned with having products and services across multiple financial institutions given they can shop around much more efficiently. They will be driven by the most attractive offer regardless of provider. Irrespective of type, the well-informed consumer will have more knowledge. Knowledge is power and the balance is about to be tipped towards the consumer.
Open Playing Field
With the ability for financial institutions or authorised third parties to access data more easily, open banking will stimulate unprecedented consumer-driven innovation. Banks will need to differentiate themselves from the competition by offering attractive incentives or new capabilities to enhance their existing product and services suite. However, financial institutions will not be the only entities that can access consumer data – any accredited parties will be privy to the information, which could include fintechs, start-ups, or the tech giants like Apple and Google.
With such a diverse set of bank and non-bank stakeholders, new areas of competition will be created and a new financial service ecosystem will be born. A small micro-lender may be authorised to review a customer’s credit card account history and discern the customer’s ability to pay off the loan based on account data. Equipped with this valuable information, the lender can tailor an appropriate loan with specific conditions for the customer. A prepaid card provider may access a customer’s account history held in another financial institution and offer a prepaid card with specific limits for certain spend types as a budgeting tool. Open banking will effectively remove the advantage that historically resides with the dataholder (in most cases – the financial institution).
Privacy & Fraud
One of the main concerns regarding open banking is the security and privacy of data. With an increased flow of data between parties, the challenge is to ensure that the transfer is secure and aligns with industry privacy standards. Under this framework, the consumer must provide their consent to who can access their data and for what purpose. In order to do so, they must have confidence in the system and how their data is stored, transferred and used. The Australian Competition & Consumer Commission (ACCC) has been tasked with developing rules and an accreditation scheme to govern the implementation of the consumer data right, approving technical standards, and taking enforcement action to ensure compliance by participants. Consumers and third parties need to trust the system if they are to use it in earnest and reap the benefits that open banking can provide the broader financial industry. Data privacy will be heavily scrutinised in the next few months.
Industry considerations will also have to be made on the impacts to financial crimes with the introduction of open banking. With the potential segregation of data to multiple third parties, individual organisations will no longer hold an all-encompassing view on a customer and as such not be able to detect anomalous patterns or behaviours as easily. The industry may also see a rise in fraudsters trying to impersonate accredited third parties to obtain confidential consumer account information. What is certain is the fact that financial crimes monitoring and data analytics will need to adapt to these changes in data source and data set to ensure that consumers continue to be protected from fraud exposure.
Preparing for the Storm
As the industry is targeting the first phase of open banking to be in force by the middle of next year, the industry must look to prepare for this new paradigm shift. Some suggested areas of focus:
- API – understanding existing API library and resources and what needs to occur to support the new industry standards
- Data analytics – explore options for extracting the most value out of current data or new types of data
- Strategic partnering – consider collaborations with other organisations that may be advantageous in the open banking world
- Banking platform – understand the implications of processing a larger data load, actioning data retrieval requests and presenting data to consumers
- Policy updates – look to commence updating internal policies relating to privacy, data storage, security and customer consent