While the government’s unveiling of a framework and timeline for an opening scheme marked an important milestone, the hard work is still to come, UK Banking Industry head of technology Chris Michael said.
Mr Michael has led the implementation of open banking in the UK, which went live in January, and said there are many lessons for Australia from this process.
“We’ve had some challenges during implementation and rollout in the UK. As long as the Australian government and the banks and FinTechs stay close to what we’re doing and learn then they can speed things up,” Mr Michael told InnovationAus.com.
The open banking scheme needs to be about much more than just a “regulatory tick-box exercise”, with a focus on customer benefits and trust required, he said.
“It’s not just about creating a standard – that’s the easiest bit. It’s more about how you get the ecosystem off the ground,” Mr Michael said.
“There are a lot of things you need to do to provide support in the ecosystem. If it’s just about defining functionality then that’s not good enough – you have to say why,” he said.
“That will make it easier to create a standard and then measure where it’s being implemented. You need to focus on customer benefits.”
The Australian government last week unveiled the framework and timeline for the open banking scheme, with big banks required to make credit and debit card, deposit and transaction accounts data available from July next year.
Mortgage data must be ready by February 2020, with the rest of the data going live by July 2020. The smaller banks will be running on a 12-month delay from that timeline.
Ensuring there is trust in the scheme and how the important financial data is handled is one of the most important aspects of ensuring the rollout is successful, Mr Michael said.
“There are a number of things you need in the ecosystem and one of the most important things is the concept of a trust framework.”
“You absolutely need something like this in Australia. If you don’t then it’s easier for the big banks to play and the smaller banks and FinTechs will be disadvantaged.
“To ensure trust in the ecosystem you need a seamless way that the banks and third parties can create or manage certificates, and everyone can see who’s regulated and who isn’t. Australia absolutely needs to do something similar.”
The ACCC will be overseeing the accreditation process for third parties looking to access customer data, and the list of certified companies will be made public.
Mr Michael said that when open banking went live in the UK, the big banks were ready but there were no accredited third parties to access the data. This is something that Australia needs to avoid, he said.
“It’s essential that you buy enough time in the process for banks and third parties to test things. We went live in the UK and had a number of issues – no-one was accredited.
“The banks were ready but there was no live market of third parties that were able to start testing. You can’t have a launch without having enough time to test and regulators have to be aligned to that,” Mr Michael said.
The Australian government said its open banking timeframe is “challenging but realistic” for the big banks, which have previously argued for a delayed rollout.
The major banks have also argued that the recent Facebook data harvesting scandal could also happen with open banking, and that the scheme should be delayed.
But Mr Michael said that is a “nonsense argument” and an effective open banking scheme can provide better data security.
“Everything about open banking is a step forward and a positive thing from a consumer protection point of view. At the moment you’ve got a market of screen-scraping, with unregulated companies and individuals behaving irresponsibly,” he said.
“People do silly things with quite sensitive financial data and there’s no visibility about who the unregulated third parties are.
“As soon as you start putting the rules in place then the banks will only give the data to regulated third parties and there’ll be visibility about who they are. That’s a massive step forward.
“That doesn’t guarantee that the data is safe but it significantly reduces the risk of unknown parties having access to customers’ data.”