On July 20, the Government announced that an independent review has been set up to consider the best process for implementing an open banking data regime in Australia. Open banking requires banks to share product and customer data with customers and, with their consent, third parties.
By Dr. Drew Donnelly, Compliance Quarter
An open banking regulatory regime is a key part of the Government’s financial technology (fintech) commitments, and something that we have written about before. So far, the Government has established a review panel and released a terms of reference.
An issues paper for public comment will be released in due course, but in the meantime, it would be useful to think about the key areas signposted in the terms of reference, in light of the Productivity Commission’s Inquiry Report, Data Availability and Use.
The terms of reference set out four areas for examination by the review panel. We consider each in turn.
(1) Scope of the banking data sets to be shared, who shall do the sharing and who will receive them
Under this banner, the panel will need to consider how much of the great wealth of data held by banks should be shared.
For example, currently under the National Consumer Credit Code an individual struggling to meet repayment obligations can apply for a hardship variation to the loan and a credit provider is prohibited from disclosing such an application. The review panel will need to consider the costs and benefits of a law change to include this type of data in a standard data set.
(2) Existing and potential data transfer mechanisms
The review panel will need to consider how a financial data set should be transferred. One way of doing so, is setting up an ‘Application Programming Interface’ (API). An API This is a standardised set of methods or instructions for creating software that would use and transfer the financial data. An API might be voluntary or it might be Government-mandated. The Productivity Commission report listed some useful software or applications that could be created using an API, including programmes that would allow comparison of different financial products, and ones that would automatically transfer bank transactions to a business’s accounting records (p550).
(3) Key risks including customer usability, trust and privacy and security safeguards.
This will include the need for the review panel will need to consider how the open banking regime would interact with the privacy law framework in Australia. For example, the Australian Privacy Principles provide that personal information cannot be used or disclosed for a purpose other than what it was collected for, unless a specified exclusion applies.
Open banking data sets will either need to be shared in accordance with general privacy and data laws, or those laws would need amending.
(4) Costs of implementation, including the costs that may be imposed on industry
There would be costs to introducing an open-banking regime. For example, if a compulsory API is introduced it will require building a technical infrastructure and ongoing compliance costs (see Productivity Commission report, p571). The review panel will need to consider whether industry charges should be introduced or whether that may end up a disincentive for use.