The Definitive Guide to Open Banking in Australia
The Consumer Data Right and Open Banking is quickly changing the landscape of financial services in Australia.
In this informative article we explore the basics of Open Banking in Australia, looking at its benefits, the key players, accreditation, security and much more.
Open Banking represents a seismic shift in the fabric of financial services. It allows consumers to have greater control over their financial data, which stimulates competition, allowing smaller institutions, startups and fintechs to leverage financial data in order to compete with incumbent institutions who have dominated the industry for so long.
What is Open Banking?
Open Banking is an innovative and legislated financial services practice which gives consumers the option of sharing their personal information and financial data with accredited third parties, through the use of application programming interfaces (APIs). This creates an unprecedented ‘open’ network of shareable data between financial institutions, who hold consumer data, and service providers, who use the data to create new offerings under the express consent of the consumer.
Why does Open Banking matter?
Open Banking will change the way consumers and businesses interact with their finances, and increase the ease and efficiency of data sharing between financial institutions. Open Banking gives consumers more control over their financial data and makes it easier to share their data with companies they trust. This efficient transfer of data will also make it easier for companies to offer new products and services, powered by a technical and regulatory framework to allow consumers to securely share their information in a secure manner. Open Banking is the future of financial services – chat to the Basiq team about Open Banking access here.
What are the main benefits of Open Banking?
Open Banking gives accredited businesses access to valuable data that was previously siloed and held within larger financial institutions. In this sense, Open Banking ‘levels the playing field’ for businesses who wish to create new products and services without the overhead of manually integrating with a number of financial institutions. Consumers will now be able to access and share their banking data with trusted and registered third parties in order to improve their own financial situations, for example, by comparing accounts or accessing new products.
Open Banking is dictated by federal legislation known as the Consumer Data Right (CDR), providing a set of mandated APIs that will provide a stable and reliable connection to customer & financial data, reduce engineering effort, and ultimately improve the customer experience and efficiency of data sharing. These APIs also provide universal data standards across financial institutions, which allows for improved interoperability across financial institutions.
Value for Consumers
Open Banking will simplify switching banks and sharing information regarding your account information, transaction history and other financial details. This information can be used to analyse, optimise and enhance your financial situation. This concept also applies to a number of use cases, such as: ease by which you will be able to sign up for new credit or debit card, manage your joint accounts, apply for investment loans, and utilise financial products and budgeting tools which track and plan expenditures – ultimately making your money and general financial wellness a more enjoyable and interactive experience. As the Open Banking ecosystem continues to mature, more and more use cases will arise across a number of different segments.
Benefits for Fintech Companies
Open Banking is empowering for Fintech companies, creating a number of use cases within the financial services industry for those who are using financial data in a novel way. First and foremost, the Open Banking legislation creates competition, challenges the status quo, and levels the playing field of banking, allowing smaller companies and financial institutions equal access to a market which major banks have oligopolised for so long.
With the data sharing pipes laid, it will be much easier to initiate consumer data sharing between data holders (those that have traditionally held financial data such as banks) and data recipient (accredited third parties). Through easier access to financial data, this will encourage competition in the financial services sector, bringing with it a level of innovation that benefits consumers and businesses. It will also enable smaller banks and fintechs to compete with their larger counterparts.
Introduction to the Consumer Data Right
What is the Consumer Data Right?
The Consumer Data Right (CDR) is an initiative to drive competition and the development of new financial products and services. It gives consumers greater control over their data and the ability to securely share their data with third parties. CDR dictates a granular, consent-driven set of rules that allows consumers to share their data with accredited third parties in order for them to provide products and services. CDR exists as federal legislation at the Treasury level, while the Australian Competition and Consumer Commission (ACCC) is accountable for accrediting potential data recipients, co-regulating compliance with the Office of the Australian Information Commissioner (OAIC) and providing guidance to stakeholders about their rights and obligations.
CDR is an economy-wide reform that will be rolled out sector by sector. It has been rolled out for the Banking and Energy sectors with Telecommunications to come.
What are the steps to get access?
The government has mandated a number of ways to gain access to Open Banking data. There are a number of different models to get access to Open Banking data which brings with it different requirements. The Federal Government has incentivised smaller institutions and fintechs to drive innovation and competition in the market, which has led to the roll out of a number of access models to make Open Banking more accessible.
What are the Open Banking access models available?
Provides full unrestricted access to receive raw CDR data. Enables organisations to provide CDR services and act as a sponsor or principal.
The sponsorship model allows organisations to gain access to CDR data by using an unrestricted ADR as a sponsor. This model allows Sponsored Affiliates the same privileges and access to CDR data as an ADR, but at a lower cost and in less time
This is primarily a business arrangement between an unrestricted ADR and an organisation, however it differs from the Sponsored Affiliate Model as there is no official accreditation required. Under this arrangement, a CDR Representative may only disclose data to their principal (each CDR may have one principal only under this model). This arrangement would also place responsibility (and liability) of the data squarely on the ADR.
This model allows CDR data to be shared with trusted advisors, including financial advisors, mortgage brokers, accountants, tax agents and/or lawyers. Again, no external accreditation would be needed, just targeted access to specific data with the customer’s consent through an unrestricted ADR.
CDR Insights Model
This arrangement also does not require external accreditation, and can be utilised with any organisation who works with an unrestricted ADR. Under the CDR Insights Model, non-accredited parties would receive low-risk insights and data which would benefit their customers in specific ways. This could include verification and management of customer accounts, income, expenses and account balances.
To learn more about the various CDR Access models, click here.
Outsourced Service Provider
While not an access model, an ADR can disclose CDR data to a unaccredited Outsourced Service Provider (OSP) whom they choose to engage. An outsourcing arrangement must exist between the ADR and OSP. These services include the collection of CDR data on behalf of the ADR and the provision of goods or service using the CDR data that the OSP collected on behalf of the ADR.
How Open Banking works
Open Banking provides a secure method by which data can be shared by consumers to accredited third party organisations.
Mechanics of Open Banking
Open Banking was designed to promote ability for consumers to be in control of who and how they share their data with accredited third parties. As such, the process is stringent considering the privacy and security concerns related to sensitive data. For consumers to share their data via Open Banking, the following steps will likely occur:
Open Banking cannot exist without the consumers consent. Before anything happens, you must give permission for the provider to access your data, which you can do through the third party’s webpage or application. Equally as important is the concept of “ongoing consent”. The CDR has laid out key principles that must be abided by, and one of these is that consent must be “current”. Consent is only as current as the consumer’s original intent, so if attitudes and behaviours change over time, or are impacted by external events or consumer awareness, consumers can choose to revoke consent at their discretion.
Verification of identity is key when dealing with sensitive information. Consumers will be required to identify themselves in order to share data to chosen third parties.
Confirm data sharing
These checks and balances may seem tedious at first, but it is for the benefit of consumers. Consumers who use open banking will always be in charge of their data, and will need to provide granular consent whenever it is accessed by third parties. When consumers give access to a third party, the bank will confirm with the consumer the data to be shared, the intended purpose, and for how long, before they do so.
Data is shared and used
Once confirmed, the data will be transferred using an API to the third party and it can then be utilised in providing the service to the consumer. Again, this will all be consented to by the consumer, who will always have the option of stopping data sharing, deleting data stored by third parties or changing the process in any way they see fit. Open Banking exists enable consumers to be in control of their data.
CDR’s Open Banking rollout in Australia
Open Banking will foster innovation and competition which benefits businesses and consumers. What made the concept feasible in Australia was the Murray (2014) and Harper (2015) reviews, followed by the Federal Government’s 2017 commission’s inquiry into Data Availability, which later triggered the Farrell report the following year which proposed the establishment of the CDR. This sparked the beginning of the CDR rollout which has matured over the years with an increasing number of participants joining the Open Banking ecosystem.
The Open Banking Timeline:
- May 2017 – Government announces CDR commision
- May 2018 – Government accepts recommendations and approves the phased implementation of Consumer Data Right. Four major banks are approached to make their data available
- July 2019 – Major Banks provide product reference data on Phase 1 products, which include personal basic accounts, GST and Tax accounts, savings accounts and credit and charge cards. Visit the Australian government website for a full list of Phase 1 products
- February 2020 – Participating banks provide product reference data on Phase 2 products like home loans, investment property loans and personal loans. Visit the Australian government website for a full list of Phase 2 products
- July 2020 – Participating banks provide product reference for Phase 3 products, such as business finances, lines of credit and cash management accounts, as well as account and transaction data
- November 2020 – Participating banks provide access to mortgaged personal loans
- July 2021 – Other banks must join the participating banks in providing access to data for savings and transaction accounts (Phase 1)
- November 2021 – Other banks must join the participating banks in providing access to home and personal loan data (Phase 2)
- February 2022 – Other banks must join in providing access to business products, retirement accounts and foreign currency accounts (Phase 3)
- July 2022 – Major banks to implement joint accounts changes for primary brands
- October 2022 – Major banks’ secondary brands and other banks to implement joint accounts changes
- November 2022 – All major banks’ secondary brands and other banks to implement phase 3 products
Visit the ACCC website and to learn more about the project overview.
Which banks use Open Banking?
All the major Authorised Deposit Taking Institutions in Australia are required to operate under the Open Banking framework, and many of the smaller and mid-sized banks such as non-bank lenders expected to come on board. See the full list of current data holders and recipients on the Consumer Data Right website.
Current state of Open Banking
Over 100 data holder brands are now actively sharing data via Open Banking including Major banks and financial institutions. The Consumer Data Right website provides a view of who the Data Holders and their performance and availability.
Over 80 organisations are now able to access Open Banking data as an Accredited Data Recipient or under a CDR Representative arrangement.
Security considerations of Open Banking
How safe is open banking in Australia?
Open Banking is a carefully regulated government initiative which can only be used by ADRs registered with the ACCC. When sharing financial data, a consumer is not required to to disclose their login and password details to an ADR (as they log in via the interface of the financial institution), meaning it a very secure method of sharing data using the financial institutions’ security measures. Consumers also have full visibility of who they have consented to sharing their financial data with, for what purpose and for what duration, with the ability to revoke consent and have their data deleted at any time.
What data is shared under CDR Open Banking?
Open banking is used to provide insights into your financial data, and to allow ADRs to use your personal information in providing financial services products. This could involve providing services for lending, wealth and investing, personal finance management and many others. In order to do this, they need access to data related to your accounts, balance details and transaction details.
Learn more about the CDR data standards at Consumer Data Standards Australia.
What data guidelines does the CDR prescribe?
Stringent Consumer Data Standard (CDS guidelines) have been developed by the Australian Government to ensure that Consumer Data Right legislation gives Australians greater control over their data. These guidelines cover general standards, security profiles, consumer experience, banking, admin and common APIs, schemas, known issues and non-functional requirements.
Each organisation is also bound by the mandated security guidelines, and must have advanced security measures to ensure data can be shared without being compromised. These security protocols prevent security breaches, efficiently deal with breaches in the unlikely case that they occur, automatically review and prevent incidents happening in the future and optimise performance overall.
Open Banking on the global stage
Who are global Open Banking leaders?
The Competition and Markets Authority (CMA) initiated open banking in the UK to generate competition and innovation in a market heavily dominated by large financial institutions. A similar concept was formulated under the name Second Payment Services Directive (or PSD2, for short) which Governed the EU. In 2018, and, under their mandate, nine of the largest banks in the UK began to implement open banking and produce open APIs to assist with the process.
Open Banking in Australia does have some key differences compared to its earlier counterparts in the UK and the EU. The core principles of Open Banking are the same between the two regions, however there are differences in approach, mechanisms and scope. For instance licensing is different, with Australia not having an equivalent to the UKs Payment Services Regulations (2017), however the overall requirements in both regions accomplish similar outcomes regarding regulation.
There are also many similarities. Firstly, the reasoning behind Open Banking is the same — to encourage competition in the market. Like Australia, the Open Banking ecosystem and its participants in the UK are strictly registered, and there is a standardised and mandatory way of collecting and sharing data, as well as how banks and third parties connect. Both regions use a central authority to prevent mishandling of data, issue certificates to trusted affiliates and identify each other.
Looking to the future of Open Banking
Open Banking has created new ways for consumers interact with their data, change the way businesses operate and yield economy-wide benefits. The ecosystem has continued to accelerate with more participants leveraging Open banking data to deliver their products and services to market. The new pathways to access Open Banking data announced in February 2022 has encouraged more participation as evidenced by the number of CDR representative arrangements here.
To learn more about the future use case for Open Banking fill out the form to download the white paper.
Examples of Open Banking at work
Basiq allows customers all the tools they need to leverage financial data, access account and transaction data in real time, enhance transactions with merchant data, gain deeper insights into customer’s finances and, will eventually be equipped with insight-driven automation.
View Basiq partner showcases here to learn more about access to financial data in action.
Open Banking – Frequently Asked Questions
What is Open Banking in Australia?
Open Banking is an exciting initiative in Australia, and one which is primed to explode as more and more consumers uptake services with Open Banking-enabled capabilities and more companies realise the benefits for them and their customers.
Is sharing my financial data safe?
Yes. In sharing your personal and financial data you are afforded the utmost consumer protections, architected by years of regulatory policy, technical design with privacy at the forefront., This is a highly secure initiative which is just as safe as sharing your personal data with your financial institution. Authorised banks and third parties must adhere to strict accreditation criteria to be eligible, so there is absolutely nothing to worry about. Your data is safe.
It is also important to keep in mind that you are completely in control of what data you share, and can revoke consent to share it at any time. In this case, all personally identifiable data will be deleted.
What banks use Open Banking?
All the big banks now provide open banking, with many of the smaller and mid-sized banks quickly following suit. Over 200 Fintechs and banks rely on Basiq’s platform to share data and deliver innovative financial solutions across lending, payments, wealth and digital banking. The potential of Open Banking is generating huge growth and transition in the banking sector, and experts expect a boom in usage in the future.
See the full list of current data holders and recipients at the Consumer Data Right to familiarise yourself with the institutions involved in open data sharing.
What are some Open Banking examples?
All of your banking, including changing banks, signing up for new credit cards or applying for loans or mortgages, will eventually ALL be able to be done over the internet through sharing of CDR data.