Insight

Open Banking moving forward with rules released and fintechs chosen for testing

15/10/2019

Authors: Andrea Beatty, Chelsea Payne, Chloe Kim

Service: Banking & Finance | FinTech
Sector: Financial Services

Open Banking is on track to its highly anticipated February 2020 launch.

Open Banking is moving forward in anticipation of its February 2020 launch date with the passing of the Treasury Laws Amendment (Consumer Data Right) Bill 2019 and the trialling of the data share scheme. The ACCC’s release of Consumer data right (CDR) Rules, draft accreditation guidelines and assurance strategy also signifies Australia’s move towards a regulated Open Banking economy.

Trial Data Sharing

The ACCC are trialling data sharing as part as Australia’s incoming open banking regime. Open Banking will allow data holders and accredited bodies to share customer data with the customer’s consent in a machine-readable way. Prior to the launch, the ACCC invited data participants to test the CDR ecosystem. They received 40 expressions of interest but only 10 applicants were successful based on their intention and ability to meet the accreditation criteria prior to the launch of February 2020. These companies are:

  • 86 400;
  • Frollo Australia;
  • Identitii;
  • Procure Build;
  • Quicka;
  • Regional Australia Bank;
  • Verifier Australia;
  • Wildcard Money;
  • Intuit Australia; and
  • Moneytree.

These fintech companies and start-ups will participate in the CDR ecosystem following successful progression through testing, demonstrating their ongoing capability to meet eligibility criteria and comply with the Rules.[1]

Open Banking Rules

On 2 September 2019, ACCC released the Rules which outline the foundational rules necessary to implement CDR in banking.[2] They also outline three key concepts vital to Open Banking being consent, authorisation and authentication:

  1. consent which refers to the consumer consenting to the data recipient collecting and using the consumer’s data;
  2. authorisation which allows the consumer permitting the data holder to share data with the accredited data recipient; and
  3. authentication which is the process by which the data holder verifies the identity of the consumer directing the sharing of their data, and the identity of the accredited data recipient seeking to collect the consumer’s data. Authentication occurs as part of the authorisation process.

Rule 1.4 outlines the three ways to request CDR data:

  1. product data requests can be made by any person who requests a data holder to disclose CDR data which relates to the products offered by the data holder;
  2. consumer data requests made by CDR consumers where an eligible CDR consumer may directly request a data holder to disclose CDR data which relates to them; and
  3. consumer data requests made on behalf of CDR consumers where an eligible CDR consumer may request an accredited person to request a data holder to disclose CDR data that relates to the consumer.[3]

The Rules also cover disclosure, use, accuracy, storage, security and deletion of product data and CDR data for which there are CDR consumers. In addition, the Rules outline the process of accreditation of data recipients, report and record keeping requirements and incidental matters.

Draft Accreditation Guidelines

On 25 September 2019, the ACCC released their draft CDR accreditation guidelines to provide guidance to applicants who wish to lodge a valid application to become an accredited data recipient.[4] The guidelines outline what an accredited person can do and the specifics of how they may receive data at the request and consent of a consumer. It also contains the rules which specify the ongoing obligations for accreditation.

Accreditation decisions are reviewable by the Administrative Appeals Tribunal, with the Rules outlining the appeals process.[5]

Assurance Strategy

On 29 August 2019, the ACCC released the CDR assurance strategy to provide an outline of their high-level assurance and testing approach prior to Open Banking’s launch in February 2020, to ensure that:

  • each component is able to operate correctly, both individually and with other components;
  • each participant has tested that their componentry works to specification and assurance that ACCC has provided;
  • ACCC is able to validate other participants’ readiness through a selection of different assurance processes; and
  • ACCC defines and manages end-to-end test scenarios and supporting governance (defect, environments, data).[6]

Open Banking will be a significant change for consumers, data holders and new players in the market. Affected businesses should consider the impacts of the new regime on their systems and processes and determine what changes should be made.

Piper Alderman’s financial services team has developed a list of considerations for each type of business to transition to the new regime. Please get in contact with us if you would like more information.

[1] Justin Hendry, ‘ACCC names its open banking testers’, news article, IT news.
[2] ACCC, Proposed rules, August 2019.
[3] Ibid.
[4] ACCC, Consumer Data Right, 23 September 2019.
[5] ACCC, Proposed rules, August 2019, Div 9.2.
[6] ACCC, Assurance Strategy, 17 July 2019.