Exclusive interview with Scott Farrell on Open Banking in Australia

Friday 13 December 2019 08:30 CET | Editor: Oana Ifrim | Interview

The Paypers sat down with Scott Farrell, Chair of the Australian Government’s Open Banking Review, to take the pulse of the global phenomenon that is Open Banking at this stage of its evolution, with a penchant for the Australian system

The Australian Government has been moving towards implementation of the operating model and regulatory framework for Open Banking in Australia based on the recommendations in February 2018 – The Review into Open Banking in Australia. On July 2017, the Hon Scott Morrison MP commissioned the Open Banking Review, chaired by Scott Farrell who was asked to recommend the most appropriate model for Open Banking in Australia. The report endorses a model for the introduction of Open Banking as part of the broader Consumer Data Right initiated by the Government, and it follows the Productivity Commission’s recommendations in their Data Availability and Use Report to give consumers a ‘comprehensive right’ with greater access to and control of their data. 

The report makes 50 recommendations on the regulatory framework, the type of banking data in scope, privacy and security safeguards for banking customers, the data transfer mechanism, and implementation issues. The recommendations were adopted by the Australian Government.

How is Open Banking in Australia different from other parts of the world, such as Europe, and what were the challenges in building a good framework for the system in this space?

Open Banking in Australia is different from Open Banking in the UK, and different from PSD2 in the European Union because, in Australia, it is the first part of an economy-wide Consumer Data Right. This Consumer Data Right aims to do more than improve payments and banking. It is based on considerable research conducted by the Australian Productivity Commission and is intended to improve market competitiveness and innovation in the Australian economy. This difference in foundation has led to a difference in features between Australia and both the UK and Europe. For example, Australian Open Banking:

  • Is read-only, in that it allows a customer to share their data, but not the operation of their accounts from which that data is generated;  
  • Applies to all Australian Authorised Deposit-taking Institutions, which not only include all Australian banks, but building societies and credit unions too; 
  • Is based on a principle of reciprocity, so that anyone accredited to receive data must also respond to requests from their own customers to share data;
  • Has a clear liability framework which is focussed on liability being based on fault, rather than being based on the initial customer relationship.

Also, through the Consumer Data Right, the principles of Open Banking will be applied next to the energy sector and then the telecommunications sector. Other sectors of the Australian economy are to follow. Although Australian Open Banking had a very different starting point and different objectives, there are still some significant similarities with Open Banking in the UK, including the use of APIs, the authentication mechanisms, and a number of the data standards.

What is the progress of Open Banking in Australia and what are the learning points so far?

There are three main components of the Australian Open Banking regime: the law, the rules, and the standards. The law has just been passed the Australian Parliament after a year-long consultation process. The rules, which are produced by the lead regulator for the Consumer Data Right – the Australian Competition and Consumer Commission – are currently in consultation. The standards, which are produced by the new Data Standards Body, are substantially progressed. Key learnings so far include the benefits of involving stakeholders from many industries, and not just banks and fintechs, and consumer groups; the need to focus on workable outcomes and the need to make it work for customers first, not the holders and recipients of data first.

Who is involved in Open Banking, or will be involved in a later stage?

Under Open Banking, which is the first part of the Consumer Data Right, all Australian banks, building societies, and credit unions are required to respond to customer requests to transfer data. Also, all accredited recipients (which includes, but is not limited to, fintechs) have to transfer data at their customers’ requests. This creates the reciprocity which is a foundation of the regime. In Australia, the concept of reciprocity was introduced in the Open Banking Review; the Review noted that a system in which all eligible entities participate fully – as both data holders and data recipient – would be ‘more vibrant and dynamic’ and promote greater competition. Both the Review and the Consumer Data Right support the principle that an accredited data recipient in a designated sector should also be obliged to provide equivalent data, and in an equivalent format, in response to a direction from a customer.  

At the next stage, it will apply to the energy sector, which will require energy companies to participate too. After that, it applies to the participants in the telecommunications sector. The reciprocity principle applies across all sectors added to the Consumer Data Right. It is intended that a customer can request that data from a data holder in one sector (such as energy), and can be provided to a data recipient in another sector (such as banking) if all of the security, technology, and accreditation requirements are met.

What type of propositions do you expect banks to develop, both jointly and individually?

Initially, banks might be expected to produce similar propositions that are seen in Open Banking in the UK– aggregation functionality, comparisons, and budgeting etc. However, this should expand significantly once additional data from other sectors are available; participants will be able to offer services which are not limited to any particular sector. Instead, they can be genuine data services related to a cross-section of a customer’s interaction with service providers, rather than data-related services linked only to banking products, for example.

How does Australia deal with GDPR and consent management? What type of security is used? How is customer data accessed, what authentication steps are currently in place?

Fortunately, Australia does not need to deal with GDPR, as it is not part of Australian law. However, there are new privacy safeguards and protections in the Consumer Data Right frame-work. These are an important part of the framework because they enhance the protections available under Australian privacy laws. 

Different authentication methods are still being tested as part of the implementation of the Australian regime. This testing is being conducted on decoupled and redirect authentication methods. Information on this is publicly available on the Australian Data Standards Body website.

For third party providers, is there a specific accreditation system with corresponding licenses? Is there a restriction for companies to become a third party, and who is the assigned accreditor?

Yes. Accreditation under the Consumer Data Right requires third party providers to be able to receive data under Open Banking and the other sectors too. The accreditation regime is to be overseen by the Australian Competition and Consumer Commission, which is the lead regulator for the Consumer Data Right. They are to be set out in the ACCC’s Rules, and complemented by the Data Standards. Currently, there are criteria relating to the security systems, dispute resolution processes, insurance or financial support and appropriateness to manage the data. It is intended that the accreditation regime is tiered, so that recipients who do not need to receive, hold or have direct access to sensitive data (for example, because they just require insights from it) may not need to meet the same standards as those who do. This tiering is intended to be risk-based.

Can you tell us more on the key differences and similarities when it comes to New Zealand and Australia working together on Open Banking?

The Australian and New Zealand approaches are quite different. The current approach being taken in New Zealand is a voluntary, standards-based, payment-focussed regime. It is being conducted by Payments NZ and it looks to be powered by bilateral APIs. These are not the same principles as those which apply to Australia’s Consumer Data Right and Open Banking in Australia. For example, Open Banking is to be mandatory for Australian banks and does not facilitate payments. As we noted in Australia’s Open Banking Review, the approach taken in each country reflects important features of the country, as its laws and industry structure. At present, New Zealand is following a different approach.

Looking broadly at Open Banking globally, what is the future roadmap and where do you see the major initiatives going forward?

With the Smart Data review in the UK and the report of the Canadian Senate Committee on Open Banking, it seems that there is growing momentum in data sharing regimes which either include, or which are similar to, Open Banking. It could be the case that in some places, like Australia, Open Banking is the name given to the application of the data sharing regime in banking. Because of the differences in the culture, industries and laws in various countries, we should not expect that Open Banking systems will be the same across borders. However, some principles may be similar, if they reflect shared values – such as reciprocity, for example. That being said, it seems to me that there would be significant benefit in having some element of cross-border consistency in the technical standards. This would start to form a common language between systems that should not only enhance efficiency but also effectiveness of the different Open Banking frameworks. That would be to the benefit of the consumers and businesses in the emerging data economy.

The editorial was first published in the Open Banking Report 2019, which offers insightful editorials, interviews and expert analyses that paint an exhaustive picture of the Open Banking regulatory shifts and the important extents in which this impact the industry.

About Scott Farrell

Scott Farrell is a senior partner of King & Wood Mallesons with more than 20 years’ experience in financial markets and financial systems law, advising market participants, exchanges, clearing and payment systems, regulators and governments in Australia and Asia. He has advised both government and industry sectors on the use, risks, and impact of fintech in financial services, systems, and markets. Scott was appointed to be the co-chair of the Australian Government’s FinTech Advisory Group. He led the Australian Government’s review into Open Banking in Australia, the recommendations of which are now being implemented as Australia’s Consumer Data Right.

About King & Wood Mallesons

 Recognised as one of the world’s most innovative law firms, King & Wood Mallesons is a leading   international law firm headquartered in Asia. KWM helps clients to open doors and unlock opportunities as   they look to Asian markets to unleash their full potential. Combining an unrivalled depth of expertise and   breadth of relationships in our core markets, we are connecting Asia to the world, and the world to Asia.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Interview, Scott Farrell, Open Banking, Australia, fintech, regulation, consent management, security, authentication, APIs, banks, data
Categories: Banking & Fintech | Online & Mobile Banking
Countries: Australia
This article is part of category

Banking & Fintech