Australia’s imminent open banking regime should include lower tiers of accreditation for data receivers and easier ways for third-parties to gain access to banking data, according to ANZ.
The big four bank used its submission to the Select Committee on Financial Technology and Regulatory Technology to call for the inclusion of more tiers of accreditation in the open banking scheme, which has been delayed until mid-year.
Open banking will see data holders (the banks) having to make data available to accredited third parties (the FinTechs) on request from customers. To be eligible to receive data, the third parties will have to receive accreditation.
Under the current rules, there is only one accreditation level – unrestricted – which grants access to all data to be transferred under the Consumer Data Right (CDR). But ANZ argues that there should be lower tiers to make it easier for companies to access some of that banking data.
“To help lower barriers to entry and foster innovation across the economy, additional tiers of accreditation could be introduced. These additional, lower tiers could allow accredited persons to receive different types of CDR data or insights based on that data,” the ANZ submission said.
“These lower tiers could impose fewer restrictions on an accredited person because the risk of the data would be lower.”
The big bank also argued for a new rule to allow for third parties to provide services using the data from unrestricted accredited data receivers, relying on their security precautions.
“The benefit of having multiple levels of accreditation is that the level of regulation is calibrated to the level of risk. Where entities are posing less risk to customers, then they would be subject to lower levels of regulation. This would decrease barriers to entry to markets that use CDR data,” ANZ said.
But PivotNine managing director Justin Warren said ANZ’s motivation for arguing for such a change should be scrutinised.
“I am, I think with some justification, suspicious of ANZ’s motives. Particularly in light of the recent Royal Commission into the banking sector. It is fine to design systems for use cases, but one should also design for misuse cases,” Mr Warren told InnovationAus.
“There is nothing stopping ANZ, or any of the other banks, from providing secured API access to customer data when customers authorise it. They have only done so on a very limited basis, and this is one reason the CDR came into being.”
The introduction of different tiers of accreditation and third-party access to data could actually increase ANZ’s control over its customers’ data, Mr Warren said.
“I do think ANZ is proposing this as a way for them to maintain control over customer data. Instead of having to provide a copy of the data, they can instead mediate access to it. That’s a prime opportunity for them to charge rent to access your data, which goes against the idea of a CDR,” he said.
“I remain sceptical of commercial entities and governments when it comes to data privacy and security.
“Their track record is abysmal so it would require something fairly extraordinary to convince me that the result will be dramatically different from what we normally experience.”