The rollout of Australia’s ‘open banking’ regime has been postponed for six months over security and privacy concerns.
In a statement, the Australian Competition and Consumer Commission (ACCC) said the delay from February to July 2020 “will allow additional implementation work and testing to be completed and better ensure necessary security and privacy protections operate effectively”.
Open banking enables customers to give third parties access to real-time data feeds from their bank accounts through open Application Programming Interfaces (APIs). The technology improves access to financial services, and has been used in public service delivery: the UK government-owned bank National Savings & Investments, for example, uses APIs to manage the delivery of tax-free childcare and savings services.
Australia’s government announced it would introduce an open banking regime in its 2017-18 Budget. The country’s banking sector is widely considered to be lacking in competition, and open banking should enable smaller and newer market entrants to better compete.
For the past few months, the ACCC has been working with Australia’s biggest four banks – Commonwealth Bank, Westpac, NAB and ANZ – as well as nine entities selected to be the initial data recipients to test and refine the system.
According to the revised implementation timeline, Australia’s major banks will now be required to make available credit and debit card, deposit account and transaction account data to ‘accredited’ service providers from 1 July. Consumers’ mortgage and personal-loan data will be covered by the open banking rules from 1 November.
“We’re not surprised [by the delay] given that in November some quite significant issues still needed to be resolved, and they were foreshadowed then as having the potential to threaten the timetable,” Robyn Chatwood, partner in the Melbourne office of global law firm Dentons, told Global Government Forum.
“These issues have been well ventilated at many meetings. The six-month delay is also probably expected in light of the facts that, first, having a successful controlled ‘go live’ system is important to building trust in the new data-sharing regime and, second, the systems supporting the new regime are very complex. Having teething problems will not help – especially given that, after banking, the plan is for the regime to be rolled out to the utilities and the telecoms sectors. A good launch for the banking industry will be critical to the government’s and the ACCC’s credibility for reforms in those other sectors.”
Consumer Data Right application
Australia’s move towards open banking is part of the country’s Consumer Data Right (CDR), which aims to provide greater choice and control for Australians over how their data is used and disclosed. Banking will be the first sector to which the CDR applies.
After banking the CDR will be rolled out sector-by-sector, with energy and telecommunications next in line. The aim is to encourage greater competition.
ACCC commissioner Sarah Court said in the statement: “The CDR is a complex but fundamental competition and consumer reform and we are committed to delivering it only after we are confident the system is resilient, user friendly and properly tested.”
Global open banking progress
Other countries are also moving to realise the potential of open banking. The driving force across Europe, for example, is the European Union’s revised Payment Services Directive, PSD2.
In the UK, the country’s Competition & Markets Authority issued a ruling in 2016 that required the nine biggest UK banks to allow licensed organisations access to their data. This came into force in January 2018 using standards and systems created by Open Banking Ltd, a newly created non-profit body. At the most recent count, the UK has 198 regulated providers, made up of 130 third-party providers and 68 account providers.
Asked how she would assess Australia’s moves towards open banking in comparison with other countries, Chatwood told Global Government Forum: “Australia’s approach is generally broader and more ambitious – it is more than just being about technical standards for data sharing or seen as a privacy initiative. And it will cover more than payment accounts – its reach will be into loans, mortgages and investments accounts. We understand that other jurisdictions such as Canada, Singapore and India are considering the Australian approach rather than the less expansive approach as has been initially taken in the UK.”