A month or so prior to the recent delay of “open banking” in Australia, one of the industry’s key global standard-setting bodies quietly aired its views about the seemingly ubiquitous rollout of what could apparently change banking as we know it.
And? Well, they mostly concur.
“Open banking has the potential to transform banking services and bank business models,” the Basel Committee on Banking Supervision concluded in a largely unreported paper on open banking and application programming interfaces, or APIs, in November.
That’s no small comment for the Switzerland-based body about something that is not widely known about in Australia but is consuming a lot of industry investment and attention, as seen in several of the more than 100 submissions to the Senate’s inquiry into Financial Technology and Regulatory Technology.
Open banking essentially involves making it easier for consumers to share their financial data with third parties to provide more competition around relative deals and products. In Australia, it centres around the newly legislated “Consumer Data Right”, which was set to ramp up in banking this month but was delayed by the competition regulator just before Christmas until July due to concerns around testing and ensuring the security and privacy protections would be in place.
The new timeline means customers of the major banks can request their credit and debit card, deposit account and transaction account data be shared with accredited service providers from July 1, with mortgage and personal loan data from November 1.
In the eyes of the Basel Committee, which counts Australia as a member jurisdiction, open banking offers several benefits, including more consumer-centric financial services products and services, and other efficiencies. But unsurprisingly, it also calls out key risks, namely that more data sharing potentially means more data misuse and that “growing connectivity” in the financial system could raise issues if third parties aren’t regulated and supervised the same as banks.
“Data sharing brings many benefits, but also results in a bigger surface area for cyber attacks,” states the report, which analysed 17 of the Basel Committee’s member jurisdictions, including Australia.
“Data collected by third parties, whether via screen scraping, reverse engineering or tokenised authentication methods through APIs, can be stolen or compromised. Furthermore, as more data is shared and with more parties, the possibility of a data breach increases and therefore effective data management has become more crucial.”
The commentary around “screen scraping” is timely amid heightened debate in Australia about the practice, whereby customers provide third parties, such as fintech companies, their internet banking authentication details, for example username and password, to access their data.
While the Basel Committee acknowledged the challenges for banks relating to screen scraping, including that customer credentials could be stolen or misused, it also notes issues relating to banks’ often preferred more secure methods for sharing data such as tokenised authentication through APIs, a form of software that provides for connection and communication.
“Some challenges associated with the universal use of APIs remain. The time and cost to build and maintain APIs (particularly when done on a bilateral basis with multiple organisations), the lack of commonly accepted API standards in some jurisdictions, and the economic cost for smaller banks to develop and adopt APIs,” it states.
In Australia, the open banking landscape remains dynamic, even if not yet being widely known about or understood (a Pureprofile survey of 1000 people last year found just 11 per cent knew about it).
Just last month, Treasurer Josh Frydenberg announced a fresh inquiry into the Consumer Data Right to examine further ways to build on initial progress, beyond plans to eventually roll it out in the telecommunications and energy sectors. It will include looking at potentially expanding the Consumer Data Right beyond just “read” access to also “write” access so consumers can apply for and manage products, which in open banking would include initiating payments, a move lobby group Fintech Australia has pushed for, like in the UK's regime.
In its paper, the Basel Committee noted Australia’s current “read only” framework for data aggregation and lack of ability to transfer funds, in contrast to elsewhere. But despite the different approach nations are taking to open banking, it appears many of the issues it presents remain the same.
“Open banking frameworks vary in scope and substance depending on national and regional factors, but they share many common risks and challenges,” the global regulator says. “Banks and bank supervisors will need to pay greater attention to the risk.”
Locally, regulators and major financial institutions have been supportive but also alert to the opportunities and risks open banking presents.
In a submission to the Senate’s fintech and regtech inquiry, The Australian Prudential Regulation Authority noted that it has taken part in the ACCC’s Data Standards Body Advisory Committee creating safeguards for the Consumer Data Right. Meanwhile, Westpac’s submission, dated January 16, says that investing in education on the Consumer Data Right will be critical to ensure consumers understand their data is within their control, but also how to securely share it, given heightened uncertainty about sharing data. The bank, added that its focus was on testing the open banking system “thoroughly” before consumer data is shared, wanting a regime that is “secure, flexible and easy to use for all Australians”.
Fintech Australia, while saying it was disappointed with open banking’s delayed rollout, also notes in its submission the importance of testing to ensure the Consumer Data Right system was “robust and resilient”. It adds that 85 per cent of fintech leaders believe open banking will be an "effective growth initiative" and 40 per cent of its members expect to become accredited when it is launched.
“Data, when used effectively, provides immense value to customers, industry, the government and society more broadly,” Westpac's submission says. “A mature open banking environment will open-up the market to new entrants, give customers more choice in how they choose new financial products, and drive intense competition.
“Smart consumers, particularly millennials, will actively seek new offers so financial providers will be forced to rethink opportunities and reshape how they deliver value to customers.”
Or as the Basel Committee puts it: “A data sharing economy could change the traditional banking business model.”
While only time will tell, everyone’s clearly had plenty of forewarning.
The views expressed are those of the author and do not necessarily reflect those of the Westpac Group.