Consumer Data Rights rollout now a full-blown crisis

The Federal Government’s new standards around Data Sharing Rights (CDR) was created with little consultation from the fintech and data sectors with a problematic rollout now based mostly on advice provided by the big banks.  

Representatives of new digital banks and Fintechs have told the NE that special closed-door consultations were held with a ‘select group of participants’ to create the new standards in support of CDR. 

The legislation which initially required the four big banks to share customer data with other providers has been fraught with implementation problems and delays. 

The banks missed the January 2020 deadline that required them to share customer information with other providers and have been given an extended deadline to July of this year. 

However, there are already doubts the banks will meet the new cut off, leading to another extension or the launch of a badly flawed scheme. 

The ACCC is overseeing the rollout of the scheme with a lengthy list of tasks that include: establishing rules and regulations, accrediting participants, and educating consumers about their data rights. 

Industry feedback

Open Data Australia has told the NE that they are receiving concerning industry feedback. 

Jamie Leach, CEO of Open Data Australia

“We’re hearing that a number of the big banks may not meet their new July deadline and are struggling to overcome data governance and privacy concerns along with legacy system issues,” said CEO, Jamie Leach. 

“Then there’s the ‘tier-two banks’ that haven’t even begun to work on the software interfaces or APIs, required to share data,” she said. 

And, at a recent meeting of Pyrmont Fintechs, outraged participants raised a myriad of concerns suggesting there had been minimal consultation around CDR framework and standards.  

Many complained that they haven’t been considered in a process that has heavily favoured the banking sector. 

One senior member of the data community, who asked not to be named, contacted the NE to point out that the banks had the government regulator, and Data61, in a deliberate state of confusion. 

“Banks are already sharing information via an intermediary fintech whose customers include the likes of Intuit, Wise, Sage and SuperConcepts,” he said. 

“They are already doing it. It begs the question as to whether they are serious about complying with the government regulations to share their data.” 

Costs of participation

Smaller fintechs have previously complained that they won’t be able to participate in the convoluted CDR scheme because of the prohibitive costs, which will far exceed $100,000

Open Data Australia is similarly concerned about excessive registration costs. 

“Australia has a wealth of fintech innovation and revolutionary ideas, but it’s important that everyone is able to participate. These costs will make it impossible for smaller data and fintech companies to get on board,” she said. 

Leach said that ODA believes it’s crucial that the government also assists the new Open Banking regime with the creation of a campaign to educate consumers about the new data-sharing legislation and their rights. 

“Given the slow uptake of Open Banking in the UK, a public education campaign here will only serve to build momentum and leverage the true potential envisioned for CDR in Australia,” she said. 

“When they rolled this out in the UK there were no coordinated communications to alert customers to the fact that they can simply opt-out of data sharing,”  said Leach. 

Leach said against a backdrop of software failures and unfounded fraud concerns; consumers lost trust in the scheme from the moment it was launched. 

“In the case of fintech apps that crashed due to bank API’s failing to work properly, it was the fintech that bore the brunt of their frustration, rather than the bank involved,” she said. 

Screen scraping ban

In Australia frustrations with the slow rollout of CDR, and concerns it will not invigorate the data economy, have been compounded by the banks’ recent calls to end screen-scraping immediately

Screen-scraping is the process where customers provide their login and password details to a competitor bank or fintech for a comparison quote. 

It’s a call described as ‘hypocrisy’ by those in the fintech and data sectors. 

Joanne Cooper, a data rights advocate, and the founder of ID Exchange said that she is “bemused’ by the proclamation given the banks themselves often engage in screen scraping practices.

“Banks are adamant that screen-scraping should be halted, yet at the same time they are not moving quickly to implement the Open Banking API software interfaces envisioned by the CDR,” she said. 

And, founder of Finder.com.au, Fred Schebesta agrees. He said that a ban on screen scraping will set the fintech industry back a decade and that consumers would be the “real losers.” 

Finder.com.au uses screen scraping to provide a host of comparison quotes for credit cards, loans and other products. 

“Even by July 2020, if that’s when Open Banking launches, only the big four banks will be required to provide data (the first stage of implementation), and that’s just for a limited number of products,” said Schebesta.

“The reality is that people are multi-banked and they want to be able to see all of their money in one place,” he said.

“And, we know from our data that Australians have on-average five accounts, credit cards or loans with at least two different banks, so screen-scraping will be valuable even when Open Banking is rolled out.”

Schebesta said that he supports the Consumer Data Rights, but that screen-scraping is “the unlock” for both innovation and competition.

“If screen-scraping technology is blocked, this will massively limit the number of personal finance apps and tools available to consumers in the coming years,” he said. 

Cooper says it’s time to move forward. 

“Rather than the sector pointing fingers at each other to ban screen scraping without any alternative, they should accelerate Open Banking implementations through well-formed APIs, so that screen scraping is no longer required,” she said. “It’s an absolute no brainer.”

Cooper’s and her UK based partner, Julian Ranger, the founder of Digi.me claim that consumer-controlled data is the solution to the government’s woes. 

“If CDR legislation was to operate as originally intended as a consumer right not as a Bankers right it would promote returning data to the customer, safely and securely. 

“But in reality, little concrete action has been taken to implement it through the vehicle of data portability by leveraging intermediaries which are the holy grail to an economic boom,” said Cooper.  

Ranger agrees:

“Banks can turn on CDR-compatible API’s, which returns banking data to individuals at the flick of a switch today. Why wouldn’t they do that to improve security and utility for individuals immediately?” said Ranger.

Ranger’s company had invested more than $50M to build military-strength data utility infrastructure in a CDR-ready solution. 

“If banks were to authorise personal data feeds, in addition to business feeds, with the plug and play infrastructure they already have, operators would achieve compliance at a fraction of the cost,” he said.Related articles:

Related articles