01 August 2019

Consumer Data Right law passed – Open Banking set to start in Australia

By Scott Farrell and Max Allan.[1]

The law to establish the Consumer Data Right (CDR) has been passed by the Australian Parliament.  The way is now clear for Open Banking to start in Australia, as the first implementation of the CDR.  After so much work has gone into the development of CDR and Open Banking, customers will soon have the right to ask for their data to be shared with others they choose to trust.  Now is the time for businesses connected with the banking, energy and telecommunications sectors to work out not only what they will need to do for their customers, but also what new services they will be able to provide. Businesses in other sectors should also engage with what the implementation of CDR in their sector could mean.

In this Alert we describe:

  • What is Open Banking?
  • Where is its regulatory framework found?
  • To whom does it apply?
  • How is the data to be shared?
  • When does it start?
  • What happens next?
  • What should I do?

What is Open Banking?

In Australia, Open Banking is the first part of the Consumer Data Right.  The Consumer Data Right is a general right created for consumers to control their data, including who can have it and who can use it.  It is to form a single customer-driven data sharing framework across the Australian economy.  After banking, more sectors of the economy (including energy and telecommunications sectors) will follow.  Background on the Consumer Data Right is summarised in our recent Alert.  The implementation of Open Banking as the first stage of Consumer Data Right follows the recommendations of the Australian Government’s Open Banking Review, which emphasised customer control, choice, convenience and confidence.

Key features of the Open Banking system are summarised in the ten points in the following diagram.

Open Banking

The data which must be shared at a customer’s request is information about:

  • Banking products (product data)
  • The user of banking products (customer data)
  • The use of banking products (transaction data).

More information on this can be found in this Alert and in the regulatory framework for Open Banking.

Where is the regulatory framework found?

The regulatory framework for Open Banking is made of a few parts, described in the following diagram.

It is the first part, the legislation, which has been passed by the Australian Parliament.  The Rules are being developed by the ACCC, as lead regulator of the CDR, and the standards are being developed by the Data Standards Body.  The work on the Rules and the Standards have been substantially progressed, through multiple consultations.

In addition, there is a designation instrument, under which the banking sector is designated as a sector to which the CDR applies.  This contains descriptions of the types of data to which Open Banking can apply.  A draft of the designation instrument can be found here. The designation instrument describes to whom Open Banking is to apply.

To whom does Open Banking apply?

All Australian Authorised Deposit-taking Institutions (ADIs) must comply with Open Banking, including banks, credit unions and building societies.  Other entities can also participate, for example by seeking accreditation to receive Open Banking information through the system.  The accreditation requirements are to be set out in the Rules, and the Data Standards.  Entities accredited to receive Open Banking data must also respond to customers’ requests to share Open Banking data.

How is data to be shared?

The data standards provide for the Open Banking data to be shared using Application Programming Interfaces (APIs).  This provides a mechanism for customers to authenticate themselves to a data holder and authorise the sharing of that data by that data holder with the nominated accredited recipient.  Open Banking does not involve any central entity holding all of the data.

The use of APIs is consistent with the approach being taken in other countries, such as the United Kingdom, Hong Kong, Singapore and New Zealand. 

The technological standards for the APIs have been created by the Data Standards Body, and are available here.

When does Open Banking start?

The current timing for the commencement of Open Banking to different types of ADIs and different types of banking products is set out in the following diagram.  The four largest Australian Banks are required to start before the other ADIs.  However, other ADIs may choose to participate before they are required to.

What happens next?

The passing of the legislation is not the last rulemaking process needed for Open Banking to start in Australia.  The ministerial designation of banking as the first sector of the CDR needs to be finalised and issued, rules need to be finalised by the ACCC and the data standards completed by the Data Standards Body.  Also, a period of testing needs to be completed by the initial data holders and accredited entities.  However, the passing of the legislation will allow this remaining work to now be completed.

Also, the work for the extension of the Consumer Data Right to the energy and telecommunications sectors is to continue.  The ACCC has already engaged in consultation on its application to the energy sector, which can be found here

What should I do?

The passing of the legislation means that Open Banking and the Consumer Data Right cannot be ignored.  It is finally part of Australian law.  This is much more than a question of compliance.  Instead, this is a question of taking the opportunity to engage with customers differently.  This opportunity should drive competitiveness and innovation within, and between, businesses and sectors.

There are some initial critical questions for businesses to consider:

  • Will the business be required to comply as a data-holder?
  • If not, should the business opt-in as a data-holder?
  • Should the business seek accreditation to receive data?
  • What does the business need to connect with APIs?
  • How could the business use data to generate better services for its customers?
  • What new technologies might the business need to create those better services?
  • Does the business want to grow to be part of the vibrant data economy?

The benefits from the introduction of the Consumer Data Right should be best realised by businesses looking to participate and innovate in a customer-centric data sector which generates growth, employment and value to customers.  The new services, new products and new skills created by the opportunities the Consumer Data Right framework presents are likely to be in demand not only in Australia but also overseas.  Businesses should consider now their existing expertise, relationships, competitive advantage and, most importantly, the value they provide to their customers, and decide how they want to position themselves in the data economy and what products, services and skills they want to offer to their customers, and whether they want new customers, in the future.  Some businesses have already started this journey.

It is now too late to say that it is too early to engage with Open Banking and the Consumer Data Right.  It is now the time to use it to participate, innovate and succeed in Australia's emerging data economy. 



[1] Scott Farrell led the Australian Government’s Review into Open Banking.  However, this article is co-written by him solely in his capacity as a partner of King & Wood Mallesons.

Key contacts

Share on LinkedIn Share on Facebook Share on Twitter Share on Google+
    You might also be interested in

    On 9 October 2019, the Australian Securities Exchange (“ASX”) released the final version of its listing rules reforms. Nearly all of these changes are expected to come into effect on 1 December 2019...

    14 October 2019

    On 18 September the Federal Government reintroduced Treasury Laws Amendment (Prohibiting Energy Market Misconduct) Bill 2019 into Parliament.

    20 September 2019

    Committed settlement, a patent-pending methodology introduced by Digital Asset , could present a way to make financial transactions immutable

    18 September 2019

    Then this week came ASIC’s surprise. With no fanfare, ASIC has doubled the SPP participation limit from $15,000 to $30,000 per securityholder. Could this be the end of the entitlement offer era?

    30 August 2019

    You may also be interested in...

    Legal services for your business

    This site uses cookies to enhance your experience and to help us improve the site. Please see our Privacy Policy for further information. If you continue without changing your settings, we will assume that you are happy to receive these cookies. You can change your cookie settings at any time.

    For more information on which cookies we use then please refer to our Cookie Policy.