The law to establish the Consumer Data Right (CDR) has been passed by the Australian Parliament. The way is now clear for Open Banking to start in Australia, as the first implementation of the CDR, according to kwm.com.
In Australia, Open Banking is the first part of the Consumer Data Right. The Consumer Data Right is a general right created for consumers to control their data, including who can have it and who can use it. It is to form a single customer-driven data sharing framework across the Australian economy.
After banking, more sectors of the economy (including energy and telecommunications sectors) will follow. Background on the Consumer Data Right is summarised in our recent Alert. The implementation of Open Banking as the first stage of Consumer Data Right follows the recommendations of the Australian Government’s Open Banking Review, which emphasised customer control, choice, convenience and confidence.
„After so much work has gone into the development of CDR and Open Banking, customers will soon have the right to ask for their data to be shared with others they choose to trust. Now is the time for businesses connected with the banking, energy and telecommunications sectors to work out not only what they will need to do for their customers, but also what new services they will be able to provide. Businesses in other sectors should also engage with what the implementation of CDR in their sector could mean.”, said
Scott Farrell, which led the Australian Government’s Review into Open Banking.
It is the first part, the legislation, which has been passed by the Australian Parliament. The Rules are being developed by the ACCC, as lead regulator of the CDR, and the standards are being developed by the Data Standards Body. The work on the Rules and the Standards have been substantially progressed, through multiple consultations.
In addition, there is a designation instrument, under which the banking sector is designated as a sector to which the CDR applies. This contains descriptions of the types of data to which Open Banking can apply. A draft of the designation instrument can be found here. The designation instrument describes to whom Open Banking is to apply.
The data standards provide for the Open Banking data to be shared using Application Programming Interfaces (APIs). This provides a mechanism for customers to authenticate themselves to a data holder and authorise the sharing of that data by that data holder with the nominated accredited recipient. Open Banking does not involve any central entity holding all of the data.
The use of APIs is consistent with the approach being taken in other countries, such as the United Kingdom, Hong Kong, Singapore and New Zealand.
The technological standards for the APIs have been created by the Data Standards Body, and are available here.
All Australian Authorised Deposit-taking Institutions (ADIs) must comply with Open Banking, including banks, credit unions and building societies. Other entities can also participate, for example by seeking accreditation to receive Open Banking information through the system. The accreditation requirements are to be set out in the Rules, and the Data Standards. Entities accredited to receive Open Banking data must also respond to customers’ requests to share Open Banking data.
The current timing for the commencement of Open Banking to different types of ADIs and different types of banking products is set out in the following diagram. The four largest Australian Banks are required to start before the other ADIs. However, other ADIs may choose to participate before they are required to.
The passing of the legislation is not the last rulemaking process needed for Open Banking to start in Australia. The ministerial designation of banking as the first sector of the CDR needs to be finalised and issued, rules need to be finalised by the ACCC and the data standards completed by the Data Standards Body. Also, a period of testing needs to be completed by the initial data holders and accredited entities. However, the passing of the legislation will allow this remaining work to now be completed.
Also, the work for the extension of the Consumer Data Right to the energy and telecommunications sectors is to continue. The ACCC has already engaged in consultation on its application to the energy sector, which can be found here.
„For more than a week now, ScoreRise enrolls daily hundreds of users through an innovative facial recognition interface. Enrollment takes less than a minute and it does not require presence of a human operator or video recording. And, of course, it stays fully GDPR compliant with help from Reff & Associates and Deloitte Romania.”