The Australian Competition and Consumer Commission has pushed out the start date for open banking from July to October. Financial institutions required to share product reference data by 1 July now have a three-month extension.
The ACCC also released revised draft rules covering the Consumer Data Right, of which open banking is the first step.
The ACCC announced that the temporary exemption under the CDR will apply to non-major authorised deposit-taking institutions and also non-primary brand products of the major banks.
The major banks have been sharing open banking product reference data since July last year. Product references data is information about a bank’s rates, fees and product features.
CDR is designed to give people greater choice over how their personal data is used and disclosed. It allows consumers to access particular data and transfer it to an accredited person.
The ACCC said: “We understand that financial providers are dedicating many resources at present to support their customers. However, we do encourage providers to share product information on a voluntary basis if they are in a position to do so.”
The ACCC’s rules give legislative force to consumer data sharing obligations in banking, which will become mandatory from 1 July. From that date consumers will have the right to direct their bank to share their data with an accredited data recipient.
The latest draft clarifies the types of accounts in scope for sharing consumer banking data, set out the functions of the Accreditation Register and Registrar and set the rules for use of the Consumer Data Right logo.
The rules cover a range of “product reference data” including interest rates, fees and charges, eligibility criteria for banking products, transaction and other customer data.
According to the rules, there are three types of requests that can be made to a data holder to disclose CDR data: consumer data requests made on behalf of CDR consumers by accredited persons; consumer data requests made by eligible CDR consumers directly; and product data requests made by any person directly
An important element of the rules is a data minimisation principle. Accredited persons must not seek to collect more data than is reasonably needed.
For example, to assess consumer eligibility for a home loan and accredited person could ask for the past 12 months of transaction data but not future transaction data.
The rules specify that consumers must have an online “consumer dashboard” to allow them to manage their consents.