.svg)
In only the second case of its kind, ING Bank has agreed to pay a penalty fee for an alleged breach of Australia’s open banking rules, known as the Consumer Data Right (CDR).
After being accused of non-compliance with CDR rules and making false or misleading representations to consumers, ING Bank has paid A$53,280 (US$35,617) in penalties to the Australian Competition and Consumer Commission (ACCC).
According to the ACCC, ING Bank was alleged to have missed three deadlines related to CDR and misled consumers about the reliability and security of its CDR service.
From July 2021 onwards, ING Bank was required to be able to share consumer data for certain financial products by specific deadlines.
These deadlines, which applied to all non-major authorised deposit-taking institutions, included the ability to share data on residential home loans by November 2021 and joint accounts by October 2022.
The ACCC alleges that ING Bank did not meet these obligations as required, and was therefore unable to service consumer data requests from accredited data recipients acting on behalf of consumers.
As such, the ACCC alleged that ING Bank denied its customers the full benefits of the CDR to which they were entitled.
“Under the CDR, consumers have a right to safely and securely share certain data with accredited providers, including fintech firms and other third parties, who in turn can use that data to create better customised products and services for the consumer,” said Peter Crone, ACCC commissioner.
“Allowing consumers to share CDR data relevant to these services, including those relating to financial management and comparison tools, is important, especially given current cost of living pressures and rising interest rates.”
The ACCC also alleged that ING Bank breached the Australian Consumer Law by making false or misleading representations on its website.
Between October 2021 and February 2022, ING Bank represented that its accredited person request service had been fully operational since July 1, 2021, and was therefore a reliable and secure system for customers to use to share data.
According to the ACCC, however, the service was not fully operational and, at the time of writing, ING Bank is still unable to facilitate the sharing of joint account data.
After the ACCC raised its concerns to ING Bank, the regulator said this claim was removed from the website.
“All CDR participants are warned that any claims about the CDR must be accurate and able to be substantiated,” said Crone.
“Otherwise, they risk breaching the Australian Consumer Law, which can attract significant penalties if the ACCC commences court proceedings.”
ACCC watching carefully
The complaint filed against ING Bank follows a similar case the ACCC pursued against the Bank of Queensland.
As reported by VIXIO in July this year, the Bank of Queensland was the first company to receive an infringement notice from the ACCC for an alleged breach of the CDR rules.
In that case, the Bank of Queensland was alleged to have missed the deadline for being able to share consumer data on savings accounts, term deposits and credit cards with accredited third parties.
The deadline for this was set at July 1, 2021, but the ACCC alleged that the bank had failed to make the required service available until five months later.
In July this year, the ACCC announced that the Bank of Queensland had paid a A$133,200 (US$90,544) penalty fee in relation to the infringement notice.
However, as in the case against ING Bank, the ACCC pointed out that the payment of a penalty specified in an infringement notice is not an admission of wrongdoing.
Two years under CDR rules
With 2022 coming to an end, Australia’s banking sector has been subject to CDR Rules for nearly two and a half years.
In July 2020, when CDR rules first came into effect, banking was the first sector to which the rules were applied.
The requirements for banks began with Australia’s "Big Four" — ANZ, NAB, Westpac and Commonwealth Bank — and then gradually spread out to encompass “non-major” authorised deposit-taking institutions, such as ING Bank.
At first the requirements were narrow in scope, applying only to basic services such as savings accounts and term deposits, but over time these have been broadened to include services such as joint accounts, closed accounts, direct debits and credit cards.
By February 2021, the four major banks were expected to be able to share data on all banking services, including overdrafts and business finance, which was expanded in July 2021 to encompass non-major banks too.
