Review into Open Banking in Australia Closes Soon

Tuesday 6 March 2018 @ 9.47 a.m. | Corporate & Regulatory | IP & Media | Trade & Commerce

On 20 July 2017, the Treasurer the Hon Scott Morrison MP commissioned the Open Banking Review which was tasked with recommending the most appropriate model for "Open Banking" in Australia.  "Open Banking" is a concept that envisages giving customers greater access to and control over their banking data and which is seen as having the potential to "transform the way in which customers use and benefit from the banking system".

The Open Banking Review Report (the Report) was delivered in December 2017 and was opened for public comments and submissions on 9 February 2018, closing on 23 March 2018.

Overview - What is Open Banking

The idea behind "Open Banking" is to give customers a right to direct that the information they already share with their bank be safely shared with others they trust. The design is intended to give customers more control over their information, which in turn leads to more choice in their banking and more convenience in managing their money, resulting in more confidence in the use and value of an asset mostly undiscovered by customers; namely, their data.

Open Banking forms part of a larger concept known as the "Consumer Data Right in Australia" (the CDR), a more general right that is being created for consumers to have more control over their data - primarily, who is able to have access to it and who is able to use it. 

The banking sector is the first area of the Australian economy selected to which the CDR is to be applied.  After the introduction in the banking sector, the energy and telecommunications sectors will be next.

The Open Banking Report

The final Open Banking Report report makes 50 recommendations, covering areas such as:

  • the regulatory framework, 
  • the type of banking data in scope, 
  • privacy and security safeguards for banking customers, 
  • the data transfer mechanism and 
  • implementation issues.

Some of the key recommendations are:

  • Regulation of the System - The report recommends the Australian Consumer and Competition Commission (the ACCC) as the key regulatory body, supported by the Office of the Australian Information Commissioner (the OAIC) for matters such as the handling of complaints.
  • Technical Standards - These are to be determined by a new “Data Standards Body” working in conjunction with the regulators and would include transfer standards, data standards and security standards.
  • Sharing Mechanism - A standardised API-based sharing mechanism is to be used, including a redirect-based authorisation and authentication flow. Data sharing s to be free of charge.
  • APIs - These are to be limited to read-only access. Payment initiation-style services requiring write access is outside the scope of the CDR and Open Banking.
  • Participation Requirements - Participants, namely, data holders and  recipients, are to be accredited. The ACCC will be required to set the accreditation criteria, which may be graduated, based on the type of data received and held.
  • Privacy - The recipients of data must be subject to the requirements of the Privacy Act (Cth).


In terms of implementing such a system the Report recommends that Open Banking "should not be mandated" as the only way that banking data may be shared so as to allow competing approaches which will provide an important test of the design quality of Open Banking and the CDR. The Report also recommends that Open Banking should be implemented primarily through amendments to the Competition and Consumer Act 2010 (Cth) (the CCA) and that such amendments ".set out the overarching objectives of the CDR". The amendments should:

". . . enable the designation of a sector by Ministerial direction and create the power to set out regulations and operational Rules for sectors. This structure will embed a customer and competition focus in Open Banking, while allowing the CDR to be scalable across sectors."

As already stated the Report recommends that the key regulator is to be the ACCC but that it should be supported by a "multiple regulator model", including the OAIC who would be primarily responsible for privacy protection, with sector focused regulators like: ASIC, APRA, the RBA, and others consulted where necessary.

The Report suggests a 12-month period between the final Government decision regarding Open Banking and the a commencement date allowing Open Banking participants such as the major banks and early-adopting FinTech companies to actively test the technology behind the data transfers.

Making a Submission

According to the relevant Treasury web page, responses can be submitted up until 23 March 2018 and interested parties are invited to comment. Click here for details.

TimeBase is an independent, privately owned Australian legal publisher specialising in the online delivery of accurate, comprehensive and innovative legislation research tools including LawOne and unique Point-in-Time Products. Nothing on this website should be construed as legal advice and does not substitute for the advice of competent legal counsel.


Related Articles: