Following the passing of the Treasury Laws Amendment (Consumer Data Right) Bill 2019 and the trialling of the data share scheme, Open Banking is moving forward in anticipation of its February 2020 launch date. The ACCC’s release of the Consumer data right (CDR) Rules, draft accreditation guidelines and assurance strategy also signifies Australia’s move towards a regulated Open Banking economy.
The ACCC are trialling data sharing as part of Australia’s incoming open banking regime. Open Banking will allow data holders and accredited bodies to share customer data with the customer’s consent in a machine-readable way. Prior to the launch, the ACCC invited data participants to test the CDR ecosystem. They received 40 expressions of interest but only 10 applicants [1] were successful based on their intention and ability to meet the accreditation criteria prior to the launch of February 2020.
These fintech companies and start-ups will participate in the CDR ecosystem following successful progression through testing, demonstrating their ongoing capability to meet eligibility criteria and comply with the Rules.[2]
On 2 September 2019, ACCC released the Rules which outline the foundational rules necessary to implement CDR in banking.[3] They also outline three key concepts vital to Open Banking being consent, authorisation and authentication:
Rule 1.4 outlines the three ways to request CDR data:
The Rules also cover disclosure, use, accuracy, storage, security and deletion of product data and CDR data for which there are CDR consumers. In addition, the Rules outline the process of accreditation of data recipients, report and record keeping requirements and incidental matters.
On 25 September 2019, the ACCC released their draft CDR accreditation guidelines to provide guidance to applicants who wish to lodge a valid application to become an accredited data recipient.[5] The guidelines outline what an accredited person can do and the specifics of how they may receive data at the request and consent of a consumer. It also contains the rules which specify the ongoing obligations for accreditation.
Accreditation decisions are reviewable by the Administrative Appeals Tribunal, with the Rules outlining the appeals process.[6]
On 29 August 2019, the ACCC released the CDR assurance strategy to provide an outline of their high-level assurance and testing approach prior to Open Banking’s launch in February 2020, to ensure that:
Open Banking will be a significant change for consumers, data holders and new players in the market. Affected businesses should consider the impacts of the new regime on their systems and processes and determine what changes should be made. Piper Alderman’s financial services team has developed a list of considerations for each type of business to transition to the new regime. Please get in contact if you would like more information.
[1] 86 400, Frollo Australia, Identitii, Procure Build, Quicka, Regional Australia Bank, Verifier Australia, Wildcard Money, Intuit Australia and Moneytree.
[2] Justin Hendry, ‘ACCC names its open banking testers’, news article, IT news, https://www.itnews.com.au/news/accc-names-its-open-banking-testers-531463.
[3] ACCC, Proposed rules, August 2019, https://www.accc.gov.au/system/files/Proposed%20CDR%20rules%20-%20August%202019.pdf.
[4] Ibid.
[5] ACCC, Consumer Data Right, 23 September 2019, https://www.accc.gov.au/system/files/CDR%20draft%20accreditation%20guidelines.pdf.
[6] ACCC, Proposed rules, August 2019, https://www.accc.gov.au/system/files/Proposed%20CDR%20rules%20-%20August%202019.pdf Div 9.2.
[7] ACCC, Assurance Strategy, 17 July 2019, https://www.accc.gov.au/system/files/ACCC%20CDR%20Banking%20Assurance%20Strategy%20v1.1%20Final.pdf
Andrea Beatty is a commercial Partner at Piper Alderman focusing on financial services. She is a leading financial services lawyer who has been listed in Australia’s Best Lawyers every year since 2012 in the areas of financial institutions and regulatory practice. She has written five editions of the leading consumer law text ‘Annotated National Code’ published by LexisNexis, with the sixth edition currently in production. Andrea advises and represents clients including start-ups, Australian financial services licensees (AFSL) and Australian credit licensees (ACL) on all aspects of financial services regulation and corporate finance including licence applications, regulatory compliance projects and audits, regulatory enforcement defences, and regulator investigations and disputes. Andrea’s experience includes advising clients on financial products and channels, including peer to peer lending platforms, crowd funding, payment systems, crypto currency, reward programs, gift cards and financial services acquisitions, disposals and alliances. Andrea also has in-depth knowledge of privacy laws and regularly advises clients on data and privacy security and breach remediation. Andrea’s financial services blog and published articles can be found at www.andreabeatty.com.au. You may connect with Andrea via email: abeatty@piperalderman.com.au or LinkedIn