Treasury has released the Report of the Review into Open Banking.
Open Banking gives customers a right to direct that the information they already share with their bank be safely shared with others they trust.
The Report focusses on how Open Banking should be done: it makes recommendations on the regulatory framework, the type of banking data in scope, privacy and security safeguards for banking customers, the data transfer mechanism and implementation issues.
The Government is currently considering its response to the Open Banking Review and is seeking submissions on the practical implications of the recommendations.
The Report recommends that a period of approximately 12 months between the announcement of a final Government decision on Open Banking and the Commencement Date should be allowed for implementation.
The remaining Authorised Deposit-taking Institutions should be obliged to share data from 12 months after the Commencement Date, unless the ACCC determines that a later date is more appropriate.
The review recommendations include:
- Open Banking should be supported by a multiple regulator model, led by the ACCC, which should be primarily responsible for competition and consumer issues and standards-setting. The OAIC should remain primarily responsible for privacy protection;
- Open Banking should be implemented primarily through amendments to the Competition and Consumer Act 2010;
- Data recipients under Open Banking must be subject to the Privacy Act;
- A Data Standards Body should be established to work with the Open Banking regulators to develop Standards;
- The Standards should include transfer, data, and security standards;
- The obligation to share data at a customer’s direction should apply to all Authorised Deposit-taking Institutions (ADIs), other than foreign bank branches. The obligation should be phased in, beginning with the largest ADIs;
- Only accredited parties should be able to receive Open Banking data. Authorised Deposit-taking Institutions (ADIs) should be automatically accredited to receive data under Open Banking;
- Open Banking should have internal and external dispute resolution processes to resolve customer complaints;
- The obligation to share data at a customer’s direction should apply for all customers holding a relevant account in Australia;
- At a customer’s direction, data holders should be obliged to share all information that has been provided to them by the customer (or a former customer)(customer-provided data). However • the obligation should only apply where the data holder keeps that information in a digital form and the obligation should not apply to information supporting an identity verification assessment;
- Data holders should only be obliged to share that information with the customer directly, not a data recipient;
- Data that results from material enhancement by the application of insights, analysis or transformation by the data holder should not be included in the scope of Open Banking;
- Transfers of customer-provided and transaction data should be provided free of charge;
- At a customer’s (or former customer’s) direction, data holders should be obliged to share all transaction data in a form that facilitates its transfer and use. The obligation should apply for the period that data holders are otherwise required to retain records under existing regulations. Table 3.1 describes the list of accounts and other products to which this obligation should apply.