FinTechs trying to shirk CDR rules


Denham Sadler
National Affairs Editor

Current laws and regulations aren’t enough to stop FinTechs shirking the new Consumer Data Right rules, according to two major consumer groups.

In a joint submission to the Select Committee on Financial Technology and Regulatory Technology, the Financial Rights Legal Centre and Consumer Action Law Centre said consumer confidence was crucial to the growth of the FinTech sector, and this could only be achieved through improved laws and more effective enforcement.

The groups called for better consumer protections as part of open banking, updates to the Privacy Act, a legally binding artificial intelligence ethical framework, and the banning of screen scraping.

Sydney skyscrapers modern
FinTechs are trying to skirt around the law

The committee’s inquiry “fails to consider the risks and appropriate regulatory responses for FinTech industries”, the groups said, and should instead by focusing on how regulations can provide the best outcomes for consumers.

“While we support the development of innovative services and business models that meet the needs of consumers, we are concerned about the potential risks to consumers of some forms of innovation,” the submission said.

“Given the capacity for business models to be created and adapted to avoid regulation, it is our view that much of the existing legal and regulatory frameworks are no longer fit for purpose,” it said.

“The result of this is that many consumers, particularly those experiencing vulnerability or disadvantage, either do not benefit or suffer detriment from a quickly evolving marketplace.”

“We are concerned that providers invoking a halo of ‘innovation’ may fall through the gaps of consumer protection requirements. For this reason, we consider that robust regulatory protections need to be built into any framework that seeks to support the development of FinTech.”

In terms of the Consumer Data Right, to be launched later this year in the form of open banking, the groups argued that consumer voices had been “seriously underrepresented” in the development of the rules. Typically, there had been just one or two consumer advocates in the room with over 40 industry participants, the groups said.

In the submission, they also said they had regularly heard FinTechs trying to get around the CDR rules, attempting to find, confirm and exploit “loopholes” and develop user experiences that limit the ability of consumers to actually control their data.

“This approach from the FinTech sector is unsurprising: self-interest and pursuit of profit at the expense of consumers drives regulatory arbitrage in most sectors,” they said.

These concerns need to be met with legislative changes, the groups argued, including amending the Privacy Act and Australian Privacy Principles to make sure those protects exist under the CDR and to ensure that any entity handling CDR data is accredited and has clear obligations.

Another major reform they are pushing for is the banning of screen scraping, the practice of obtaining and translating a screen displaying data from one app to another. This is usually done by a consumer providing their login details to a service, usually a bank, to a third party service.

This practice promotes unsafe online practices, breaches bank terms and conditions and is slow, unstable and prone to errors, they said.

“For the government’s CDR to succeed and build high levels of consumer confidence and trust in a safe and secure FinTech sector, the outmoded and dangerous practice of screen scraping must be prohibited,” it said.

“Without a ban on screen scraping, there is very little incentive for businesses such as payday lenders and debt management firms to use CDR accredited software over screen scraping technology.”

In the submission, the leading consumer groups also called for a legally enforceable artificial intelligence ethics framework.

The government late last year unveiled a draft framework, but this will be voluntary for Australian businesses. According to the groups, “it is clear that this will not be enough moving into the future”.

Do you know more? Contact James Riley via Email.

Leave a Comment

Related stories