The Australian Competition and Consumer Commission is warning that companies which fail to comply with open banking and consumer data rights regulations could be taken to court, and says banks will not be allowed to charge fees for providing account data.The Commission has released its framework for the rules that will govern the open banking regime, outlining a strict accreditation system that will require banks to take out insurance to cover potential data breaches."The rules framework does not identify which of the proposed rules will be specified as civil penalty provisions, since the penalties applying to contravention of the draft legislation and the rules may change in the final legislation. However, the ACCC's current position is that rules imposing obligations on data holders or accredited data recipients will be specified to be civil penalty provisions," the Commission said. It proposes that only the Big Four banks will initially be covered by the open banking requirements when they come into force on 1 July 2019, and it will be restricted at first to current customers. However, all Australian banks will be brought into the regime by 2020.And the ACCC said it is "desirable that former customers are brought within scope as soon as possible". Fintechs will have to prove they are "fit and proper" to qualify, with effective risk systems and insurance.However, non-accredited fintechs may still be able to receive bank data, with the ACCC saying it planned to allow customers to provide non-accredited parties with their account data as long as it goes first through an accredited recipient.The Commission said it supported developing tiered accreditation levels and sought feedback on possible "intermediary models", which would create lower levels of accreditation for fintechs which did not collect data from banks, enabling them to "access and use subsets of CDR data or insights from CDR data collected by an intermediary to provide services to consumers". The data which banks will be required to provide on request includes basic contact and account information and the bank's product information, plus a minimum data set which the ACC proposes should include opening and closing balance of an account for a specified period, transaction dates, an identifier for the other party in a transaction, the amount of a transaction, balances prior to and following a transaction, transaction descriptions, and the category of a transaction. All data transfers must occur through "application programming interfaces" (APIs). The ACCC is calling for comments on the rules framework by October 12.