.svg)
HSBC Australia has agreed to pay A$33,000 ($21,600) in penalties to settle two alleged breaches of the country’s new open banking laws, on credit card statements and mortgage interest rate data.
In the first case of its kind, the Australian Competition and Consumer Commission (ACCC) accused HSBC of providing inaccurate credit card balances in response to requests made under the Consumer Data Right (CDR) framework.
The alleged breaches took place between January and May 2023, and undermined the aims of the country’s open banking rollout, according to the ACCC.
“For the CDR to be effective, it is critical that CDR data is of high quality,” said ACCC commissioner Peter Crone. “This means that product data and consumer data — which a consumer has consented to share — must be accurate, up-to-date, complete and in the required format.”
Ensuring the quality of data shared under CDR rules is a priority area for the ACCC, Crone said, adding that the regulator will take enforcement action against financial institutions that share inaccurate data.
The value of CDR and the importance of data quality is particularly relevant in a climate where Australians are facing cost-of-living pressures and rising interest rates, said Crone.
Through the CDR, consumers should be able to access information and tools using their own data that help them compare products, manage their personal finances and make informed decisions about switching.
“Data quality within the CDR is a priority conduct area for the ACCC,” said Crone. “All CDR participants are reminded that failure to comply with the CDR rules will result in scrutiny by the ACCC and may result in enforcement action, with potentially serious consequences.”
The credit card infringement notice was combined with a separate notice against HSBC’s mortgage interest rate data.
In the second notice, the ACCC alleged that HSBC had failed to disclose fixed rate home loan interest rates when requested to do so via the CDR.
According to the ACCC, this means that some of the product data HSBC disclosed for its fixed rate home loan products did not include the corresponding featured interest rates advertised on the bank’s website.
“If accurate home loan rates are not provided, product data users, such as comparator sites and brokers, are unable to present accurate comparisons of home loan products to consumers,” said Crone.
“This has the potential to lead to consumers making decisions based on incorrect information about home loan interest rates on offer.”
The ACCC believes the home loan interest rate breaches took place between February and April 2023.
However, in both cases, the regulator notes that HSBC’s payment of penalties does not equate to an admission of guilt.
An HSBC spokesperson told Vixio: “We have been fully assisting the ACCC. We will continue to invest and enhance our CDR programme.”
Open banking teething pains in Australia
Australia’s CDR is an economy-wide programme that is being rolled out sector by sector. In the banking world it is also referred to as open banking, while in other sectors it is sometimes referred to as open data.
The CDR framework allows consumers to safely and conveniently share data about themselves between data holders and accredited providers.
The aim is that the free flow of data should help consumers to compare financial products and services, assist them in financial management and drive competition between providers.
The CDR framework was designed by the Australian government and is overseen by the ACCC and the Office of the Australian Information Commissioner.
Since 2020, when the first CDR rules came into effect for Australia’s "Big Four" banks, these two agencies have been responsible for ensuring that accredited providers and data holders comply with their CDR obligations.
From 2021 onwards, CDR obligations have been expanded to “non-major” banks and to a wider range of customer data streams.
This has led several banks to allegedly fall foul of the rules and ultimately agree to penalty charges with the ACCC.
As covered by Vixio, the first of these penalties was announced in July 2022, when the Bank of Queensland agreed to pay A$133,200 (US$90,544) to settle an ACCC infringement notice.
In that case, the bank was alleged to have missed the deadline for being able to share data on savings accounts, term deposits and credit cards by about five months during 2021.
Similarly, in December 2022, ING Bank paid A$53,280 (US$35,617) in penalties after allegedly missing CDR deadlines and making false or misleading representations to consumers.
According to the ACCC, ING Bank missed three deadlines in 2021 and misled consumers about the reliability and security of its CDR service.
“All CDR participants are warned that any claims about the CDR must be accurate and able to be substantiated,” said Crone.
“Otherwise, they risk breaching the Australian Consumer Law, which can attract significant penalties if the ACCC commences court proceedings.”
