“Massive” blowouts in the cost and complexity of implementing consumer data right (CDR) standards have hampered open banking’s adoption, according to a government review that has prompted a “reset” of a data access regime slammed as “a good idea, badly executed.”
The new report, which was produced by former APRA executive Heidi Richards, found that the cost of CDR compliance costs had been “substantial” since the standard – an enabler for open banking that allows consumers and their authorised agents to securely access their banking, energy, and other data and transfer it between providers – went live in mid 2020.
Participation in the scheme is mandatory for banking providers, who have been fined for noncompliance and collectively spent more than $100 million implementing CDR before a recent Australian Banking Association (ABA) review found that just 0.31% of Australian banking customers were actually using it – leading CEO Anna Bligh to call for “a new pathway forward” before banks commit any more resources to it.
Richards’s Consumer Data Right Compliance Costs Review reached similar conclusions, noting that CDR technical standards – which are set and maintained by the Data Standards Body (DSB) – suffered from limited consistency in the way customer data is defined, and required extensive development and high ongoing maintenance costs because they “did not always align fully with international standards” and couldn’t be supported with less expensive, off the shelf commercial solutions.
The government must “do much more to justify the substantial public and private investment in the CDR,” Assistant Treasurer and Minister for Financial Services Stephen Jones said in a recent speech to the Committee for Economic Development Australia (CEDA) in which he noted that CDR had imposed a “too high” regulatory burden and compliance costs – discouraging businesses from using CDR for “key use cases” like simplifying comparison of mortgage, savings, energy plans, and other services.
“The CDR has the potential to be a transformational piece of economic reform and drive better outcomes for consumers,” he said, “however the design of the CDR established by the previous government is not delivering.”
“It’s a good idea, badly executed,” he said – a point that Manager of Opposition Business Paul Fletcher rebutted by arguing that the previous Coalition government’s investment of $111.3 million in CDR’s rollout had stalled after the Albanese government “applied the handbrake” to its expansion to superannuation, telecommunications, and other industry sectors.
Yet much of CDR’s inertia is due to the fact that data holders “have made it difficult for businesses to access their own data,” Jones said in embracing the observations of the Richards review and announcing that the government will “reset” CDR through a series of changes that, he said, “will reduce friction within the CDR to improve cost effectiveness, takeup, and deliver better financial outcomes for consumers.”
Those changes include proposed changes to consent and operational rules – which have been floated in a consultation paper that will be open for submissions until 9 September – as well as expanding the CDR to non-bank lending next year.
Delivering the promise of open banking at last?
With even basic use cases having failed to launch, easing CDR adoption will not only benefit consumers by helping them switch providers more easily, but will make it easier for fintechs to more readily access consumers’ data to support new, innovative services.
Fintechs “are struggling to uncover compelling use cases and gain traction with consumers,” the ABA review found in noting that CDR-powered services such as Frollo, WeMoney, Flamingo, Beforepay, and Cashngo – which account for 75 per cent of CDR signups – have collectively signed up just 65,000 customers so far.
Most consumers were stuck using far less secure options like screen scraping – which requires them to provide their online banking password to intermediaries that automatically download their banking details to support mortgage and other finance applications.
“Clearly CDR is not the data-sharing platform of choice for businesses,” Jones said. “This means screen scraping – with all its potential consumer harms – has continued to be used.”
And while Jones has not yet moved to ban screen scraping altogether, its elimination will be a desirable side effect of greater CDR adoption.
That adoption, he believes, will come once a “clear path forward” has been codified – including more discipline around standards development that has been relatively haphazard in the past.
To this end, Jones is engaging with the chair of the DSB to ensure technical alignment with the changes, as well as imposing more discipline around standards updates that will be limited to a “small, fixed number of scheduled releases per year” and offer longer lead times to give banks enough time to update their systems.
Jones “has hit the nail on the head” by both recognising the problems with CDR and moving to overhaul its implementation, Michael Blyth, general manager for policy and advocacy with consumer lending association Arca said in calling the changes “an encouraging step in the right direction [that] acknowledges the work being done by the industry to improve the system.”
“Arca recognises the important changes to the CDR announced today, which if properly designed will benefit both consumers and credit providers.
“We have advocated for changes like these for several years.”