.svg)
Australia has introduced the first of new reforms that are intended to "reset" the country’s open banking rollout, in an effort to reverse low uptake among consumers.
On Tuesday (November 12), the Treasury announced that new changes to the Consumer Data Right (CDR), the legal framework that underpins open banking in Australia, have been introduced with immediate effect.
The changes are focused on streamlining the consent process, which describes when a data recipient asks a consumer for permission to use, collect and/or disclose their data.
Under previous CDR rules, consumers may have been required to give multiple consents through separate actions, which the Treasury identified as leading to “consumer fatigue”.
In response, the Treasury proposed rule changes in August this year that would allow a data recipient to bundle collection, use and/or disclosure of consents, where they are “reasonably needed” for the provision of the requested good or service.
Although each consent remains independent under the new rules, this effectively allows consumers to give multiple CDR consents within a single action.
However, the CDR rules will continue to prohibit the bundling of direct marketing, de-identification or any other non-CDR consents.
Stephen Jones, assistant treasurer and minister of financial services, welcomed the changes, noting that they will make it easier for consumers to make use of the CDR.
“By allowing consents to be bundled, consumers would be able to provide multiple consents through one single action. This will improve the consumer experience and increase uptake,” he said.
The minister described the previous process as “complex” and “confusing” for consumers, often resulting in abandoned data-sharing interactions.
“The government is removing friction within the CDR to improve cost-effectiveness by amending the CDR rules to make consent and operational enhancements,” he said.
“The CDR has the potential to be a transformational piece of economic reform, giving consumers the right to unlock the value of their data.”
The changes will also remove barriers for banks by simplifying requirements that apply when an accredited bank seeks data from a consumer.
Under the previous rules, an accredited authorised deposit-taking institution (ADI) was only able to hold CDR data in cases where the consumer had acquired a product from the bank and had agreed to the bank holding the data.
However, banks raised concerns that this prevented them from using the CDR to provide services to those who are seeking to apply for new products.
They also argued that the practices required by the CDR rules ran counter to their usual data management practices for fraud control and analytics.
In response, the Treasury proposed to broaden (but not replace) the existing circumstances in which an accredited ADI is permitted to hold CDR data as a data holder.
Under the new rules, ADIs are permitted to hold CDR data where a consumer has applied, or is applying, to acquire a product from the ADI.
However, the ADI must notify the consumer before the first collection of their data, and must make clear that the ADI intends to hold the data.
The Treasury’s intention is that ADIs will be able to collect and hold CDR data in scenarios such as when a consumer has completed an online application for a banking product.
Another scenario is when a consumer has contacted a bank with the intention of acquiring a banking product, but is unable to complete their application without the ADI first receiving CDR data.
For example, this may be where a consumer has started an application for a loan product, but the bank requires the consumer’s transaction data for the application to be completed and assessed by the bank.
The changes are not intended to apply where a consumer has contacted a bank only to make preliminary inquiries.
The reset begins
The changes are the first to be implemented since Jones called for a “reset” of Australia’s open banking rollout in August this year.
As covered by Vixio, Jones admitted that the CDR has failed to deliver its intended benefits, and that the compliance costs associated with the regulation are "too high".
“Costs are high, uptake is low,” he said. “It’s a good idea, poorly executed, and so we need to reset.”
Since the CDR rollout began in 2020, the minister said there has been some innovation in financial products and services for consumers, but not as much as was promised by those who designed the CDR.
Businesses are not being incentivised to use CDR data for key use cases such as lending and energy switching, he said.
Meanwhile, restrictions on using and holding CDR data have prevented or discouraged uptake among businesses, which in turn has led to low consumer uptake.
“You can’t look at these outcomes and think that if we do more of the same, we’ll get a different outcome,” he said. “We won’t.”
In his announcement of the latest changes, Jones also said the Treasury will undertake further consultation on proposed amendments to improve business and consumer participation in the CDR.
However, he did not specify when the Treasury intends to open these consultations and what proposals they may include.
