Submission in response to the ACCC Consumer Data Right rules framework

October 2018: This submission is in response to the Consumer Data Right (CDR) rules framework released by the ACCC. Visit our government submissions hub for more Finder submissions to government consultations and inquiries.

Finder's mission is to empower everyday Australians to make better decisions and, as such, we welcome the development of Consumer Data Right (CDR). We believe effective CDR that enables Australians to gain access to, and have greater control over, their personal data will equip consumers with the information they need to make better financial decisions.

On the following pages we have provided feedback on specific sections but as a summary:

• We fully support the movement towards CDR as we believe it will lead to greater business efficiencies and better consumer engagement. We intend to engage more directly on the technical aspects of making it happen (e.g. involvement in the working groups for the Data Standards Body).
• We recognise the challenges of offering CDR to offline customers but believe that the extension of rights should not exclude or disadvantage offline customers.
• In our view, it is critical for transaction data to be linked with product data for CDR to lead to better financial decisions.
• When it comes to accreditation, access to CDR data should be restricted to those with an Australian Financial Services Licence or an Australian Credit Licence or equivalent authorisation.
• We agree that the authorisation and authentication process will be a pivotal element of CDR and think neutrality in developing the standards will be important.

Section 3 - CDR consumer

We recognise the challenges in applying CDR to offline customers but, with as many as 45% of Australians not using Internet banking in the last 12 months , we believe offering an equivalent 2 service for offline customers should also be a priority.

Anecdotal evidence from our user base suggests that consumers who use digital banking products are more likely to actively engage in the management of their financial affairs such as by using online comparison services to search for better financial products. There is also evidence to suggest that a proportion of online banking services are not accessible to people with a disability . As a result, offering CDR to online customers before the rest of the market 3 may benefit certain customers disproportionately.

Although we're a digital business, we're committed to principles of fairness and equality and we are opposed to any extension of rights that discriminates against those based on their use of, or access to, technology. We think offering the same service to offline customers will not only level the playing ground for all consumers, but may also serve as an opportunity to help more customers start their journey towards digital financial management. In doing so, we believe that these customers will eventually become more likely to make well-informed financial decisions.

Section 5 - Data sets

Finder has reviewed the minimum inclusions for customer, transaction and product data in the CDR framework and believes that the key components have been included.

We would like to explicitly highlight the value in linking the different data sets, particularly transaction data with specific product data. This is particularly prevalent for credit card data where product data such as fees, interest rates and spending rules are inherently linked to transactional data. As a result, transactional data on credit cards is more useful for comparison purposes when combined with the product data relevant to those transactions.

We are aiming to use the data coming from CDR to help Australians get a better deal on financial products like credit cards. To do this, we propose that data from CDR should allow Accredited Data Receivers to connect a customer's transaction data with the specific terms and conditions of the product they were using. This is alluded to in Section 5.3.3 of the CDR framework but we wanted to highlight the potential value created by linking the data sets when it comes to helping consumers find better deals.

Section 6 - Accreditation

Finder considers that the success of CDR depends on the robustness and effectiveness of the regulatory regime, including the accreditation process. While we believe the accreditation process should not represent an insurmountable barrier to new entrants, or disproportionately advantage incumbents, we strongly believe that an effective licensing and conduct regime is essential to ensuring consumer rights are protected.

As reflected in our submission to the Open Banking review, we believe that any participant in CDR should be licensed and possess either an Australian Financial Services Licence (AFSL), an Australian Credit Licence (ACL) or be authorised by a licensed entity. These conditions will ensure any participants are appropriately resourced and possess the competencies and capacities to provide services in accordance with the law.

In addition, licensing will ensure that every participant has dispute resolution process, adequate capital, breach reporting obligations and consumer protection measures including Professional Indemnity Insurance. We also support the imposition of additional prudential standards similar to the "fit and proper person" test. We would also support the extension of the Banking Executive Accountability Regime (or equivalent regulation) to all participants.

Further, we would suggest that participants in CDR should have licence conditions imposed on their AFSL/ACL to require compliance with higher standards of data protection. We think it would also be prudent to require the Licensee's annual audit to specifically confirm compliance with the relevant IT standards and the adequacy of their data security and data management capability.

Finder is not opposed to the staggered introduction of a "passporting system" for foreign accredited parties subject to them being accredited by an equivalent system and to their willingness, and capacity, to reciprocate the exchange of data. We believe that foreign accredited parties should not be "passported" unless, and until, they can meet or exceed the provisions of the Privacy Act and, in any event, they should not be passported until all Australian ADIs have transitioned across to the Open Banking regime. We believe these steps are critical to ensuring the rights and interests of Australian consumers are not compromised by international entities that don't, won't or can't meet Australian legislative requirements.

Section 9 - Authorisation and authentication process

In order to realise the potential benefits of CDR, an efficient and robust authorisation and authentication process will be essential. This needs to be secure enough to give consumers the confidence to use the service but also simple and harmonious enough to minimise friction between data holders and data recipients. As a result, Finder agrees that a single set of standards will be needed and fully supports the intention to not allow data holders to add requirements to authorisation processes beyond those specified in these standards.

We also think close attention should be paid to the involvement of the primary data holders in setting the standards for authorisation and authentication. Our understanding from the UK example is that cumbersome authorisation standards have proved in some cases to be a barrier to utilisation of Open Banking data by third party providers. If this was replicated in Australia then innovation stemming from CDR could be stifled. This reinforces the view from our Open Banking submission that all aspects of the CDR framework must be technologically and competitively neutral.

Section 11 - Making generic product data generally available

Finder is built on the premise that making product data available and easily accessible to consumers helps them to make better financial decisions. We are strongly in favour of making generic product data generally available and would look to integrate this information into our websites automatically where suitable and when it becomes available.

Section 16 - Data Standards Body

Finder believes that getting the data from CDR flowing effectively and securely will be one of the biggest factors in determining the success of Open Banking. As a result, the Data Standards Body (DSB) and the associated Advisory Committee will have a critical role to play.

Finder believes the Advisory Committee will need a strong representation of potential third party Accredited Data Recipients (ADR) to ensure it is working in the interests of the consumer. We are pleased to see a number of potential ADRs represented on the current DSB Advisory Committee alongside consumer interest groups. We would like to use this submission to formally show an interest in greater involvement in the DSB Advisory Committee and/or any technical working groups going forward.