The introduction of 'open banking’, that is, the Consumer Data Right (CDR) regime applicable in the banking sector, was announced as part of the 2017-18 Australian Government budget.
The Australian Government then committed to rolling out the new CDR regime in the banking, energy and telecommunications sectors in November 2017. It confirmed that commitment in May 2018, when it released its full response to the Productivity Commission’s report of its Inquiry into Data Availability and Use and its response to the Review into Open Banking in Australia 2017.
The Government has foreshadowed that this legislative right may be rolled out in other sectors over time, as recommended in the Productivity Commission’s report.
Implementation in the banking sector is due to commence on 1 July 2019.
This article provides a brief overview of the CDR regime and looks at whether the Government is likely to meet this ambitious timetable.
We will be publishing more on the new regime, looking at key issues in greater detail. We are also hosting an International Institute of Communications seminar on 20 November on this topic. Click here for more information and to RSVP.
What is the Consumer Data Right?
The CDR has two key elements:
The intention of the proposed CDR regime is that, by providing customers with more control over their own data, and making product terms and conditions more transparent, competition in the relevant sector will be improved as businesses are forced to be more innovative, and price conscious, in the products that they offer to their customers.
What legislative change is required?
The legislative changes required for the CDR regime will be implemented via the Treasury Laws Amendment (Consumer Data Right) Bill 2018. The Treasury has undertaken two consultations on the exposure draft legislation, with the second consultation including the designation instrument for the application of the CDR to the banking sector. The second consultation period closed on 12 October 2018.
Key elements of the proposed legislation are:
Expectations are that the Bill will be introduced to Parliament this year, allowing the legislation to commence early next year.
Role of the ACCC
The ACCC has a key role in the implementation of the new regime. Reflecting this, the ACCC is also undertaking consultation, notwithstanding that it cannot formally make any CDR rules until the proposed legislation is passed. The ACCC is currently developing, and has undertaken consultation on, a “Rules Framework”.
The Rules Framework sets out the approach the ACCC proposes to take in implementing the CDR regime generally though, of course, given that banking is the first sector that will be subject to the CDR, the framework has a banking focus. Notwithstanding that it is stated to be a framework only, the Rules Framework contains extensive detail covering areas from the designation of customers who will be able to take advantage of the regime, the data holders who will be obliged to share data and the nature of the data to be shared to how data may be used, additional privacy rules and how disputes will be resolved (amongst other topics).
Of interest, and potential concern, is that the ACCC has indicated it does not propose to make all rules at the commencement of the regime (which as noted previously is proposed for 1 July 2019) but only those rules that are essential for the initial application of the regime in the banking sector. Further rules will be developed over time. This may mean there are important issues that are not initially dealt with under the rules. This could include, for example, the scope of any reciprocity arrangements (that is, whether an accredited recipient should be obliged to provide to other parties data equivalent to the data it has received, at the request of a relevant customer) and the application of the CDR regime to derived data (that is, data that has been enhanced by the data holder by analysis or other means, whether directly or indirectly).
The ACCC has engaged in a very open process in its consultation on the Rules Framework and has listened to stakeholders. It is expected that the revised framework, when issued, will reflect the input that it has received.
Will Australia be ready?
It seems very likely, given the interim Data Standards Chair has been appointed and the Data Standards Body established, as well as the advanced stage of the consultation processes for both the legislation and the ACCC’s Rules Framework, that the CDR regime will be ready for implementation in the banking sector from 1 July 2019. At that time it will apply only to the four major banks and a limited class of products, but will be implemented progressively for other applicable banks and products. The banking sector will need to continue to work quickly to develop the necessary systems to ensure it is also ready to implement the CDR regime.
Author: Angela Flannery
Angela Flannery, Partner
T: +61 2 8083 0448
Dan Pearce, Partner
T: +61 3 9321 9840
Andrew Hynd, Partner
T: +61 7 3135 0642
The information in this publication is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, we do not guarantee that the information in this publication is accurate at the date it is received or that it will continue to be accurate in the future. We are not responsible for the information of any source to which a link is provided or reference is made and exclude all liability in connection with use of these sources.
Published by Angela Flannery