Nearly four months after it lapsed in Parliament due to inaction, the passage of the Consumer Data Right (CDR) into law will give consumers unprecedented access to their financial information – as soon as the banks can get their acts together.
Pre-election delays to the long-awaited Treasury Laws Amendment (Consumer Data Right) Bill 2019 led to delays in implementation of the CDR, which will underscore an open-banking regime that will give consumers unprecedented access to the information that banks hold on them.
Banks have welcomed the new law, which the Australian Banking Association (ABA) said “charts the way forward for a more innovative and customer-focussed banking industry that will deliver better deals for Australians.”
Better control, better choice
Draft regulations, released in April and due to be finalised in August, confirmed that banks would be expected to offer consumer data through online portals.
The scheme, which was pushed back from 1 July and will now go live in February 2020, mandates standardised representations of product data, enabling more-consistent comparisons between institutions’ financial products and – in theory – easier moves from one bank to another.
Consumer-rights group Choice welcomed the change.
“Having access to your own personalised usage data will lower at least one of the barriers to switching,” the organisation said. “This data will make it easier to compare products and see which one is the best value.”
Yet theory and practice are often far removed, as was found in a recently released ACCAN report evaluating consumers’ access to telecommunications data.
“Access processes were convoluted and diverse and there was no clear standard across each product and/or service category,” ACCAN’s report concluded while strongly advocating for the passage of CDR to improve the situation.
ACCAN also called for an Australian equivalent to the European Union’s general data protection (GDPR), which it called a “foundational reform” that would not be duplicated by the “narrowly targeted” CDR.
That demand has been met after the government announced that it would soon legislate a ‘right to delete’, by which consumers can request that a particular company erase all of the information it stores about them.
That will bring Australia’s data-privacy regime closer to that of the GDPR, which includes a ‘right to be forgotten’ that functions in a similar way.
The CDR also provides strong privacy protections and expanded powers for the Australian Consumer & Competition Commission (ACCC), which will have its hands full as the CDR regime picks up speed.
The race is on – but who will trip first?
Competition in services industries, a recent Productivity Commission inquiry noted, had already produced “a kaleidoscope of new business models, products and insights”.
Analysts expect the introduction of open banking – which will steadily be extended to the utilities and telecommunications sectors –to do the same.
Deloitte Australia has called the regime a “seismic shift in retail banking”, while KPMG partner Brett Watson said that “open banking puts power in the hands of consumers… businesses who don’t realise this will lose out.”
“The race is on to get compliant,” Watson added, “and to benefit from the changes, businesses will need to quickly move beyond compliance and develop innovative products and services.”
CDR could be a shot in the arm for the fintech industry, which contracted globally – including a 50 per cent drop in Australia – during what KPMG’s Pulse of Fintech report called a “subdued” quarter in that saw just $US101.1m ($A146.2m) in investment.
That was down from $U223m ($A322m) a year earlier – stoking hopes that open data could be a shot in the arm for a sector that is craving a fresh start in the wake of the disastrous Financial Services Royal Commission.
Yet even as the echoes of the starter’s gun fade, financial-services giants will need to be careful their excitement to offer new services doesn’t backfire.
Recent months have seen both Westpac and NAB on the back foot after mistakes led to the compromise of thousands of users’ personal data.