Australia’s Consumer Data Right scheme has received a further $20 million after the opening banking regime’s slow start this month, with only one FinTech signed up as a data recipient so far.
The Consumer Data Right (CDR), a broad set of laws aiming to give consumers control over their own data, was put into action for the first time at the start of July with the launch of open banking, a scheme allowing consumers to request that data on them held by banks by transferred to accredited third parties, primarily FinTechs.
Despite much fanfare, only one FinTech was accredited with the scheme at launch, with a number of tech companies waiting in the wings and battling a complex and “onerous” accreditation process.
Treasury and the competition watchdog, which are jointly responsible for overseeing the CDR, say the lack of accredited participants is largely due to the ongoing COVID-19 pandemic, while a number of new initiatives are in the works to make the process easier for smaller startups.
The scheme also received a funding boost in last week’s budget update, with Treasury and the Australian Competition and Consumer Commission (ACCC) sharing in $19.2 million. Of this, $12.6 million will be going towards Treasury in 2020-21 for an “information and awareness campaign to introduce CDR to consumers and businesses and drive uptake” while the rest will go to the ACCC to “continue to progress key elements of the CDR”.
But according to FinTechs, much more needs to be done to make the scheme more accessible and financially viable for the data recipients, including allowing intermediaries to access data and a tiered approach to accreditation.
As of July 1, the big four banks have been required to share some customer data, including in relation to deposits, transaction accounts and credit and debit cards, with accredited third parties upon request by the customer.
From November, the banks will also be required to share data relating to home loans, investment loans and joint accounts.
But there are currently only two accredited data recipients able to receive this data from the big four banks: personal financing FinTech Frollo and customer-owned bank Regional Australia Bank.
To be able to receive consumer banking data from the big banks, a company must be accredited by the ACCC via the Register and Accreditation Application Platform, which involves a range of security and compliance checks.
Accreditation via this portal opened in May, but only the one FinTech was able to complete the process in the time before launch. This was Frollo.
According to Frollo Chief Information Officer Tony Thrassis, the accreditation process for a FinTech is not straight-forward and may prove to be too difficult for many small firms.
“It’s quite troublesome for small FinTechs to comply because you do need to look at the system, people and processes, including the governance process. For a FinTech, it’s not quite becoming a bank but it’s making you think like a bank in terms of security and all of your governance processes,” Mr Thrassis told InnovationAus.
Finding an auditor to assist with the accreditation process was difficult, Mr Thrassis said, and insurance costs increased by 300 per cent for the company.
“The government has underestimated it on every step along the way. Everyone has. It’s a big job – it’s an infrastructure change that takes time to get through. We want it tomorrow, but it does take time,” he said.
According to the competition watchdog, 70 businesses have now been granted access to the portal, and 23 have begun an application but not yet finished it.
The ACCC signalled that new data recipients may be accredited from September this year.
“All businesses accredited by the ACCC go through a rigorous process to ensure they meet appropriate security and privacy standards and must also demonstrate that their technology solution complies with the CDR rules and standards,” an ACCC spokesperson told InnovationAus.
“Each data recipient must demonstrate that they have a secure technology environment to protect consumer data, and that they are a fit and proper person.”
The ACCC has advised FinTechs that the application process may take up to three months.
There are a number of initiatives in the work to make this process easier for FinTechs. Treasury is planning to launch a largely automated Conformance Test Suite by November, which will “significantly reduce the costs and time taken for prospective participants to test their systems as secure and compliant with the regime”, a spokesperson said.
The ACCC is also currently consulting on allowing intermediaries to be accredited, allowing FinTechs to access the data without having to handle it, and for a tiered approach to accreditation.
Currently there is only the “unrestricted” level of accreditation, while a multi-tiered approach would make it easier for FinTechs to become accredited to access some data from the big banks.
“The ACCC is also consulting on rule changes which will improve the ability for data recipients to use outsourced service providers for establishing and maintaining CDR compliant systems – further reducing costs and the time to enter the regime. An increasing number of firms are offering software or services to support data recipients’ participation in the regime,” a Treasury spokesperson told InnovationAus.
Industry group FinTech Australia has raised concerns over the difficult and costly accreditation process for FinTechs for several months. It is calling on draft legislation allowing accreditation for intermediaries to be expedited, and for the public awareness campaign to be launched.
“Despite the fanfare this policy received when it launched earlier this month, the hard work has only just begun. There is only one registered FinTech in the CDR regime, FinTech Australia chief executive Rebecca Schot-Guppy told InnovationAus.
“This shows that as it stands the policy isn’t as accessible as it could be and that needs to change,” she said. “We need to consider allowing intermediaries into the system, who will play a role in helping FinTechs easily and cost-effectively attain and leverage the data.”
There’s already draft legislation to this effect. However, this needs to be expedited and changed including a tiered accreditation model if we hope to see the real impact of the CDR in financial services this year.
“We would also encourage the government to run a well-timed awareness campaign to help encourage consumer adoption of CDR-related services offered by the industry,” Ms Schot-Guppy said.
“It’s not enough to just celebrate the policy’s launch, most Australians still don’t understand how the CDR benefits them, and that needs to be addressed.”
Do you know more? Contact James Riley via Email.