Federal Treasurer Scott Morrison has just released the final report from the Coalition government's Open Banking Review, an initiative designed to give bank customers greater control of their personal information and to generate insights from large data pools.
As the terms of reference for the review explain, consequently, “customers will have greater access to and control over their banking data. Open banking will require banks to share product and customer data with customers and third parties with the consent of the customer."
While the government's review is focused on the banking sector, its 50 recommendations have broad application across the economy.
The recommendations set out which bank products the regime applies to, and its scope – for instance, a carve-out applies to aggregated data. They also outline the structure of the regulatory framework, which the Australian Competition and Consumer Commission (ACCC) will oversee. The regulations will apply to the big four banks first, followed by other financial institutions.
The report also makes it clear bank customers need to be fully informed about how their data is treated. An assessment will take place once the new regime is in place.
The future for data
Adrian Lawrence, a Partner with law firm Baker McKenzie and Head of the firm's TMT Group in the APAC region, says widespread availability of banking data will be one of the main outcomes of the review.
“It means a pool of data can be used by an entity other than the original collector of that data. The information may be provided to another business aside from the customer's primary bank, to allow it to provide goods and services off the back of that data," Lawrence explains.
"The idea is to open up innovation in the sector, to acknowledge the data assets that have been built up by large financial institutions would be more valuable to the ecosystem as a whole if they were made available," he adds.
The report lists a range of actions that must occur before the recommendations can be implemented. These include “amending existing laws and regulations, determining the roles of regulators and agencies, settling and promulgating rules, establishing an accreditation framework and setting criteria, establishing a Data Standards Body and setting Standards and IT building and testing by Open Banking participants."
Lawrence says there are significant concerns around security and privacy of data, as well as controlling access. “One of the ways this may be dealt with is by establishing trusted third parties that act as the gatekeeper in data pools," he says.
“We're starting to see service providers in financial services with software platforms that think about the value of pooled data. This is happening in parallel to developments in other industries with large data pools, acknowledging there may be a benefit from combining datasets, for example matching data around shopping behaviour with data around banking activity," he adds.
While the Open Banking initiative is designed for financial services, it's logical that the same data-sharing principles apply across other sectors like telecommunications, consumer goods and utilities.
CFOs may find that the significance of the Open Banking initiative will vary according to their organisation. Some firms may have access to pools of data, others could want the insights those data pools can produce, while still others might be a hybrid of both.
Most businesses will face considerable technical work before being able to do anything useful with large data pools.
“It's a big assumption to make that large financial institutions, or any company, has data in a form that could be easily made available. Substantial work must take place internally to get the systems in place so data can be made available," says Lawrence.
“The report stipulates the interface will be an application programming interface (API). But behind that, there's a lot of work required to set up internal systems so there's a full view of an individual customer at the click of a button," he adds.
Businesses that want to use data also could have work to do so they can receive and properly manage this information.
“On the recipients' side, the question is what value can be derived from the data and how systems and the business model should be set up to make the most of that value. We may see businesses get together and think about how it applies to their industry," Lawrence explains.
For example, in financial services there's potentially substantial value from data that can be gained for anti-money laundering and know-your-customer purposes. So, it could make sense for banks to get together and find ways to use data for the good of the industry as a whole.
Lawrence's advice for CFOs is to start thinking about how the business needs to prepare internal systems, as well as how different parts of the firm onboard customers and talk to each other.
“They also need to think strategically about what this means for the business," he adds.
From a legal perspective, it's important for businesses to understand what data they hold, and to assess the regulations that govern how that data can be used and managed.
“Beyond that, CFOs should be exploring whether there's anything special about their data or about their customer relationships that requires additional legal protection," Lawrence says.
Being proactive about such actions may give firms a head start on potentially widespread changes. “Businesses that do that put themselves in a strong position to benefit once the Open Banking Review's recommendations have been implemented," Lawrence says.
- In the future third parties may house personal customer data.
- Start thinking now about the systems the business needs to share its data or receive data from other providers.
- Consider how business data needs to be protected to comply with regulatory requirements.