CDR reviewer Heidi Richards from Better Regulation Advisory
Eight months after receiving it Stephen Jones, the assistant treasurer, has released the Consumer Data Right compliance costs review report.
In her report, reviewer Heidi Richards has echoed the view universally shared around the industry: “the costs of the CDR appear to have far exceeded original regulatory estimates” Richards said.
“Industry participants have expressed significant concerns about the continued pace of change and the resulting costs.
“Although this review did not focus on quantifying benefits of the CDR, it was evident that many participants question the cost-benefit justification of ongoing changes to CDR rules and CDR data standards, based on the very low level of usage that they observe among their customer base.”
Among the most vocal participants arguing precisely this have been the larger banks.
A month go, via the Australian Banking Association, banks last month released belligerent analysis undertaken by Accenture – a piece of work that generated howls of protest, especially from fintechs.
Through national media and especially LinkedIn, critics lashed Stephen Jones on two grounds; first, that he was unduly swayed by the views of the ABA and second, that he (and the government) were allowing plans for a broader rollout of the Consumer Data Right (to industries beyond banking) to languish.
Jones releasing Richards’ review into CDR costs, in conjunction with a speech to CEDA on Friday, will help to dampen things down and clarify the path ahead, especially in banking.
CDR implementation costs “have fallen most heavily on Data Holders” Richards noted.
All banks, in the banking version of CDR are Data Holders, though this phrase might as well be a proxy for the four major banks.
“There have been a number of factors contributing to these costs” Richards explained.
“For the most part, Data Holders did not have systems and data structures in place to meet technical requirements, so very significant systems development work has been required.
“There was also limited consistency in how Data Holders define and manage their product and customer data, particularly in the banking sector. CDR requirements did not always align fully with international standards (or such standards were not yet available), which meant that economies from standardised vendor solutions were generally not available.”
As a result, Richards concluded “cost impacts have varied substantially across the relevant industry sectors. Indicative overall cost estimates across Data Holder implementation activities to date range from under $1 million to well over $100 million each.”
The four major banks were the first to be covered by the phase-in of the mandatory CDR data sharing requirements beginning in 2020.
“These Data Holders have the most complex, bespoke technology and extensive product sets and so have, not surprisingly, faced the highest costs” Richards said.
Changing regulatory obligations are a major contributor to CDR compliance costs “and this was a key theme of the review” she said.
“The CDR data standards, in particular, are constantly being refined and updated
“The shifting strategic direction, including the prospect of the CDR expanding to include Action Initiation requirements, is also a source of some apprehension within the Data Holder population about further significant implementation costs.”
Richards catalogued a lengthy list of reviews and changes since 2020, which in summary include:
• three major reviews of the CDR framework;
• 16 consultations on legislative and regulatory changes;
• 20 versions of the binding CDR data standards; and
• More than 100 formal proposals for changes to the standards.
Richards called for “a clear prioritisation process for all CDR standards change proposals, based on transparent criteria and methodology, [which] would promote more efficient use of resources across all participants.”
Industry participants “would benefit from clearer strategic and tactical planning for the CDR. This would allow them to plan and budget for future investment, including developing customer use cases.
“For example, the CDR agencies could publish a medium-term plan, with strategic priorities and explicit tactical objectives for improving the CDR experience and reducing costs in each industry over the next one to two years. This could also serve as a guide in prioritising future rules and standards changes.”
Stephen Jones, in his speech to CEDA on Friday, made clear the federal government is “backing in the CDR; the government is sending a strong signal that this should be the system of choice.”
“The industry can do better than screen scraping” Jones said of a long-standing, common and illegitimate practice.
“Clearly CDR is not the data-sharing platform of choice for businesses” Jones said.
“This means screen scraping – with all its potential consumer harms – has continued to be used.”
Jones said he has tasked Treasury “to advise me over the next 12 months on a way forward for a full and formal ban of screen scraping.”
Rehan D’Almeida, CEO of FinTech Australia said of Jones’ speech: “this is the most clarity we, as an industry, have had on the CDR in the past 12 months.
“Not only will it help the sector maximise the impact of their policy for consumers and eventually cost of living pressures, but it also gives investors in fintechs tied to the CDR some certainty.
“A firm timeline from government indicating their agenda for different parts of the CDR would consolidate momentum here, and again help everyone in the industry work towards the best outcomes for this policy.
“We believe in simplifying data rights for the benefit of all Australian consumers.”