Limited functionality available
Open Banking continues to be ‘one of the biggest changes in financial services in a generation’, impacting strategy, customers, pricing, Application Programing Interfaces (APIs), data analytics, data architecture, privacy, conduct, cyber security and ecosystems.
Since the Consumer Data Right (CDR) and Open Banking were announced in May 2018, CDR legislation has been introduced into Parliament, the Rules Framework has been released by the Australian Competition and Consumer Commission (ACCC), and Data61 has led ongoing work to develop standards for APIs, information security, consumer experience and, recently, engineering.
While not all of the standards have been finalised - a source of frustration for some financial institutions - the pathway is sufficiently clear for organisations to be well progressed.
The revised timetable for the introduction of open banking, announced in December 2018, now requires Australia’s big four banks to provide standardised product information for credit and debit cards, deposit and transaction accounts from 1 July 2019. Other banks can choose, but are not required, to provide this information.
The accreditation process for data recipients will also start from 1 July 2019.
The big four banks will be required to provide access to consumer, account and transaction data for credit and debit cards, deposit accounts and transaction accounts by 1 February 2020 (a delay from the original date of 1 July 2019).
The big four banks will need to provide access to product, consumer, account and transaction data for mortgage accounts from 1 February 2020, and for personal loans and other relevant accounts from 1 July 2020. These dates are unchanged from the original timetable.
All other banks will need to provide access to product, consumer, account and transaction data for credit and debit cards, deposit accounts and transaction accounts from 1 July 2020, and for other accounts, 12 months after the date from which the big four banks are required to provide access.
These dates are also unchanged from the original timetable.
So where should organisations be now?
Strategy: Whether you think open banking is a ‘Kodak moment’ for banking, or a ‘Y2K’ moment, it is important to develop a vision and have a plan to respond. The vision may change, but thinking about how open banking could impact customers will facilitate a series of incremental changes.
At a minimum, there will be compliance obligations for data holders and data recipients. One of the lessons from the implementation of open banking in the United Kingdom was, that a lot of money can be spent on technology and compliance, without creating any value for customers. The lack of customer focus was one of the reasons for the slow initial adoption of open banking in the UK.
In Australia, leading organisations are thinking about how they can protect and enhance their relationship with their customers. They are thinking about customer journeys – about home ownership, travel, mobility, and starting and running a business. They are assessing where and how they deliver value to customers.
Pricing: The additional information available from customers may, and is even likely to, result in the provision of CDR data becoming a pre-requisite to obtaining a loan. Organisations will need to be capable of using this information (together with data from comprehensive credit reporting) to enhance their pricing decisions. If they don’t, there is a risk that they lose their lowest risk customers, and see a gradual deterioration in the average credit quality of their loan book.
Data: Another key lesson from the UK’s open banking implementation was to ‘start early on data’. For data holders, it will be important to make sure their data is accurate and able to be extracted from multiple product systems. Accredited data recipients need to make sure they can capture the customer information received, including meta-data of the purpose for which the customer has provided data and the time-period for which the data can be used.
APIs: Whether building an API platform, buying one, or having a compliant API platform provided as a service, organisations should be well progressed with developing and testing the API platform that they will use to share and receive data under open banking.
Compliance and conduct: The new legislation, rules and standards will introduce new compliance obligations. Organisations will need to ensure that they are meeting these obligations. As they review processes for loan origination and pricing, organisations will need to be on the lookout for any inadvertent conduct issues. These can impact fairness, vulnerable customers, transparency, or the suitability of a product for a customer, based on the (expanded) knowledge they have of the customer from the data shared.
Ecosystems: As organisations’ strategies evolve, they will need to learn to operate in a shared ecosystem, moving away from the currently closed environment, to one where they work more closely with third parties to provide a broader range of services to customers. As they think through their strategic response to the introduction of open banking, organisations will need to consider which potential third parties fit their brand, their values and their customers’ needs.
Change: Implementing any new legislation requires change in an organisation - whether building new technology, complying with new regulations, or changing internal processes to reflect the new operating environment. Leading organisations are undertaking external reviews of their open banking programs to check for completeness and to look for points of vulnerability. It also means that organisations, and their boards and management, will have to ensure that they have earmarked adequate funds in budgets for 2019 and 2020 for the requisite changes.
We’re now more than half way since the release of the Farrell Report towards the latest date by which customer account and transaction data first needs to be made available.
Incumbents’ strategy development and change programs should be well advanced. They should have moved from design and build, to testing. Challengers should also be thinking about the advantages of becoming an accredited data recipient early, along with the obligations doing so will create for them as data holders under the reciprocity principles.
It’s time to get cracking!