A Discussion with Andrea Beatty on the Use of Open Banking

Andrea BeattyAndrea Beatty, Partner at Piper Alderman provides her insights into the launch of open banking. She will be chairing our upcoming seminar, the 4th Annual Credit Law Conference, where she will provide her commentary on a variety of topics facing the credit law sector, including open banking.

When will open banking be launched?

Following the passing of the Treasury Laws Amendment (Consumer Data Right) Bill 2019 and the trialling of the data share scheme, Open Banking is moving forward in anticipation of its February 2020 launch date. The ACCC’s release of the Consumer data right (CDR) Rules, draft accreditation guidelines and assurance strategy also signifies Australia’s move towards a regulated Open Banking economy.


Could you explain trial data sharing and how is this relevant to open banking?

The ACCC are trialling data sharing as part of Australia’s incoming open banking regime. Open Banking will allow data holders and accredited bodies to share customer data with the customer’s consent in a machine-readable way. Prior to the launch, the ACCC invited data participants to test the CDR ecosystem. They received 40 expressions of interest but only 10 applicants [1] were successful based on their intention and ability to meet the accreditation criteria prior to the launch of February 2020.

These fintech companies and start-ups will participate in the CDR ecosystem following successful progression through testing, demonstrating their ongoing capability to meet eligibility criteria and comply with the Rules.[2]


Would you be able to briefly outline the rules of open banking?

On 2 September 2019, ACCC released the Rules which outline the foundational rules necessary to implement CDR in banking.[3] They also outline three key concepts vital to Open Banking being consent, authorisation and authentication:

  1. consent which refers to the consumer consenting to the data recipient collecting and using the consumer’s data;
  2. authorisation which allows the consumer permitting the data holder to share data with the accredited data recipient; and
  3. authentication which is the process by which the data holder verifies the identity of the consumer directing the sharing of their data, and the identity of the accredited data recipient seeking to collect the consumer’s data. Authentication occurs as part of the authorisation process.

Rule 1.4 outlines the three ways to request CDR data:

  1. product data requests can be made by any person who requests a data holder to disclose CDR data which relates to the products offered by the data holder;
  2. consumer data requests made by CDR consumers where an eligible CDR consumer may directly request a data holder to disclose CDR data which relates to them; and
  3. consumer data requests made on behalf of CDR consumers where an eligible CDR consumer may request an accredited person to request a data holder to disclose CDR data that relates to the consumer.[4]

The Rules also cover disclosure, use, accuracy, storage, security and deletion of product data and CDR data for which there are CDR consumers. In addition, the Rules outline the process of accreditation of data recipients, report and record keeping requirements and incidental matters.


What draft accreditation guidelines did the ACCC release?

On 25 September 2019, the ACCC released their draft CDR accreditation guidelines to provide guidance to applicants who wish to lodge a valid application to become an accredited data recipient.[5] The guidelines outline what an accredited person can do and the specifics of how they may receive data at the request and consent of a consumer. It also contains the rules which specify the ongoing obligations for accreditation.

Accreditation decisions are reviewable by the Administrative Appeals Tribunal, with the Rules outlining the appeals process.[6]


What does the assurance strategy outline?

On 29 August 2019, the ACCC released the CDR assurance strategy to provide an outline of their high-level assurance and testing approach prior to Open Banking’s launch in February 2020, to ensure that:

  • each component is able to operate correctly, both individually and with other components;
  • each participant has tested that their componentry works to specification and assurance that ACCC has provided;
  • ACCC is able to validate other participants’ readiness through a selection of different assurance processes; and
  • ACCC defines and manages end-to-end test scenarios and supporting governance (defect, environments, data).[7]


Do you have any last remarks?

Open Banking will be a significant change for consumers, data holders and new players in the market. Affected businesses should consider the impacts of the new regime on their systems and processes and determine what changes should be made. Piper Alderman’s financial services team has developed a list of considerations for each type of business to transition to the new regime. Please get in contact if you would like more information.


[1] 86 400, Frollo Australia, Identitii, Procure Build, Quicka, Regional Australia Bank, Verifier Australia, Wildcard Money, Intuit Australia and Moneytree.

[2] Justin Hendry, ‘ACCC names its open banking testers’, news article, IT news,  https://www.itnews.com.au/news/accc-names-its-open-banking-testers-531463.

[3] ACCC, Proposed rules, August 2019, https://www.accc.gov.au/system/files/Proposed%20CDR%20rules%20-%20August%202019.pdf.

[4] Ibid.

[5] ACCC, Consumer Data Right, 23 September 2019, https://www.accc.gov.au/system/files/CDR%20draft%20accreditation%20guidelines.pdf.

[6] ACCC, Proposed rules, August 2019, https://www.accc.gov.au/system/files/Proposed%20CDR%20rules%20-%20August%202019.pdf Div 9.2.

[7] ACCC, Assurance Strategy, 17 July 2019, https://www.accc.gov.au/system/files/ACCC%20CDR%20Banking%20Assurance%20Strategy%20v1.1%20Final.pdf

Andrea Beatty is a commercial Partner at Piper Alderman focusing on financial services. She is a leading financial services lawyer who has been listed in Australia’s Best Lawyers every year since 2012 in the areas of financial institutions and regulatory practice. She has written five editions of the leading consumer law text ‘Annotated National Code’ published by LexisNexis, with the sixth edition currently in production. Andrea advises and represents clients including start-ups, Australian financial services licensees (AFSL) and Australian credit licensees (ACL) on all aspects of financial services regulation and corporate finance including licence applications, regulatory compliance projects and audits, regulatory enforcement defences, and regulator investigations and disputes. Andrea’s experience includes advising clients on financial products and channels, including peer to peer lending platforms, crowd funding, payment systems, crypto currency, reward programs, gift cards and financial services acquisitions, disposals and alliances. Andrea also has in-depth knowledge of privacy laws and regularly advises clients on data and privacy security and breach remediation. Andrea’s financial services blog and published articles can be found at www.andreabeatty.com.au. You may connect with Andrea via email: abeatty@piperalderman.com.au or LinkedIn