Out-Law / Your Daily Need-To-Know

'Independent body' must lead on open banking reforms in Australia, says report

Out-Law News | 24 Apr 2017 | 4:55 pm | 1 min. read

Australia's government has been urged to ensure that the Australian Securities and Investments Commission (ASIC) or another "independent body" oversees the implementation of reforms on open banking in the country.

Banks in Australia will be required to open up access to customer and small business data as a means of encouraging innovation and new third party services in the market by July 2018.

However, in its report, the House of Representatives Standing Committee on Economics in Australia's parliament said that the four largest banks in the country, the Commonwealth Bank of Australia (CBA), Australia and New Zealand Banking Group, the National Australia Bank, and Westpac, would be "conflicted" if they were to lead that project.

"The process of opening up data means that an asset which is currently proprietary to the banks will be non-proprietary in the future," the Committee said. "For this reason, it is critical that the banks are not allowed to control the process or set the rules by which consumer data is opened up. An independent body must lead the change and be responsible for implementation."

In an earlier report, the Committee said that ASIC should be required to "develop a binding framework" to facilitate the sharing of data necessary for open banking where application programming interfaces (APIs) are used for that purpose, as well as ensure "appropriate privacy safe guards are in place". The Committee also said the Australian government should change the law to ensure firms that fail to comply with the open banking requirements can face penalties.

Open banking is also being mandated in the UK. Two new open banking standards will have to be developed under the terms of an order set out by the UK's Competition and Markets Authority (CMA). A new 'read-only data standard' and a 'read/write data standard' must be developed by the UK's nine largest banks by 13 January 2018 – the same date that the EU's revised Payment Services Directive (PSD2) is due to be implemented in the country.

The CMA's order requires the standards to be developed using open APIs and conform to standards on data formatting and security, including for authorisation and authentication.

RBS, Lloyds, Barclays, HSBC, Santander, Nationwide, Danske, Bank of Ireland and Allied Irish Bank were tasked with setting up and funding an 'implementation entity' to "implement, maintain and make widely available" the new standards. However, the entity's work will be influenced by financial technology companies, ‘challenger’ banks and businesses active in the payments market, among others, as well as the major banks, and will be overseen by implementation trustee Andrew Pinder CBE.