Home Open Banking & Finance Australia’s Consumer Data Right sandbox goes live

Australia’s Consumer Data Right sandbox goes live

Australia: CDR legislation went live two years ago and is due to expand beyond the banking sector into fields such as energy | Credit: Simon; Pixabay

The Australian Competition & Consumer Commission (ACCC) has launched its sandbox to help companies to develop and test solutions that seek to capitalise on the country’s Consumer Data Right (CDR): a regulatory framework to give citizens greater control over their consumer data.

Sandboxes allow businesses to experiment with new services under regulatory supervision. They are becoming increasingly popular worldwide as authorities look to encourage innovation, such as fintech-enabled products and services.

Australia’s CDR legislation went live two years ago, with the country’s four major banks mandated to share access to consumer data for a range of personal accounts (with the customer’s permission) – the launch of open banking in Australia. Smaller authorised deposit-taking institutions came under CDR one year later.

The ACCC has various roles under CDR – which is due to expand beyond the banking sector into fields such as energy – including accrediting what are known as data recipients, as well as monitoring compliance.

The sandbox, for which plans were announced more than six months ago, enables current and prospective CDR participants to ‘better test and improve their CDR solutions, reducing time and cost in the process of becoming an active CDR participant or updating their CDR offering.’ The free-to-use sandbox will allow participants to set up their own software solutions and communicate with existing mock solutions and other participants within a secure test environment.

‘Important that flexible testing options available’

The CDR Sandbox will provide pre-live development support to aid participants’ processes of becoming active, and to help in improving data quality for data shared between participants. The sandbox will also remain available to participants after they become active, to help them in refining and developing services and products. 

Mock solution tools, which help businesses to develop and test CDR-related solutions within their own IT environment, released by the ACCC include a mock solutions source code available from a CDR GitHub. In addition a Conformance Test Suite (CTS) process allows participants to test their conformance with the CDR data standards and register design. Participants need to pass CTS testing before becoming an active CDR participant.

“Creating a sandbox to complement our existing mock solutions tools is just one of many steps we are taking to make the process for businesses joining the CDR easier and more affordable,” said ACCC commissioner Peter Crone in the authority’s announcement about the sandbox’s launch. “The sandbox will also help participants improve the effectiveness of their data-sharing offerings.”

“As the CDR develops, it is important that flexible testing options are available for participants wanting to become active in the Consumer Data Right, so that the ecosystem can expand, and consumers can have more and more choices,” he added.

CDR expanding to energy sector

CDR’s expansion is proceeding in stages. In January the government announced that the next priority area for CDR would be open finance, running a consultation on expanding the CDR to non-bank lending in March-April. In April the deadline for smaller banks to begin sharing joint account information was pushed back to October.

Beyond financial services the government is aiming to implement the CDR for energy in late 2022. The telecoms sector is next in line.

Australia’s Treasury, the ACCC and Australia’s Data Standards Body (DSB) have set up a temporary monthly forum to engage with data-holders and government agencies on issues related to CDR’s implementation in the energy sector.

According to a Treasury CDR newsletter (26 July), the Energy Implementation Advisory Committee, which supplements a CDR Implementation Advisory Committee (which covers issues across all sectors), recently discussed topics including the release of the sandbox, voluntary facilitation of product reference data by energy retailers and a DSB workshop on historical data-sharing.

First CDR fine issued

In a separate CDR-related development, the ACCC has issued its first infringement notice for an alleged breach of the CDR rules.

The authority, which can issue an infringement notice when it has ‘reasonable grounds’ to believe a person or business has contravened certain provisions in the CDR rules, announced on 13 July that Bank of Queensland (BoQ) had paid a penalty of $133,200 (about £77,000).

Under the CDR rules, the bank was required to be in a position to share data for financial products, including savings accounts, term deposits and credit cards, by 1 July 2021. The Brisbane-headquartered retail bank did not make the required services available until 13 December, which meant that customers were unable to share their CDR data for more than five months after the date by which this service was required to be available to them.

A number of banks were delayed in implementing their CDR solutions, in part due to issues related to the Covid-19 pandemic and a shortage of skilled IT resources, the ACCC pointed out in its announcement. But in deciding to issue the infringement notice to BoQ, the ACCC states that it took into account a number of factors, including the period of alleged non-compliance, the number of customers potentially impacted, the resourcing constraints BoQ faced in developing its CDR infrastructure and the steps it took to limit the duration of its non-compliance.

BoQ has acknowledged in a statement that it was delayed in implementing the first phase of the CDR regime and ‘has worked with the ACCC on a rectification schedule’. In its statement sent to Global Government Fintech it said the delay was ‘largely due to the complexity of adapting BoQ source systems to the open banking requirements and third-party testing issues. Those issues have now been addressed and BoQ commenced data sharing from 13 December 2021.’


Global Government Fintech’s open banking / open finance topic section

‘Australian government consults on first phase of open finance’ – our news story (21 March 2022) about the consultation on expanding the CDR to non-bank lending

‘Open to possibilities: governments bank on opening up financial services data’ – report on a Global Government Fintech webinar ‘Open Banking and Open Finance: What Role – And Benefits – For Governments?’, held on 15 March 2022: our panel featured the Australian Treasury’s Jessica Robinson

‘Australian competition watchdog preps Consumer Data Right sandbox’ – our news story (5 January 2022) on the ACCC’s plans for the sandbox

‘Australia’s open banking regime enters next phase’ – our news story (14 July 2021) on new CDR legislation coming into effect extending the number of banks expected to share consumer data

Open banking gets off to slow start in Australia’ – our news story (9 July 2020) on open banking becoming a reality after the CDR legislation went live