What is this Open Banking Thing?
We have open source, open data, open economies. We have open-door policies, open house and open university. The world is open for opportunities, but what is this thing we refer to as Open Banking?
In Australia, it’s soon to be a part of your right as an Australian consumer. Specifically, the right is your right to your data: your right to access it and your right to share it. Just like your own money that you have collected over the years, through your life, from job to job and career to career, your data is yours and you should be able to access it and you should be able to share it as you see fit. Scott Morrison, as Treasurer, recognised this in 2017 and decreed that it should be so. Soon we will have what we call the Consumer Data Right (CDR) that provides for that very thing — your right to your data and your right to share it with other responsible parties. You probably have more data than you realise, and there are probably more people that want it than you realise.
If you are a human, or a “natural person”, you have data about your names and where you live, when you were born and how you can be contacted. That’s your basic consumer data, and it identifies you personally. It distinguishes you from someone else with a similar name that lives near you, or even in the same home as you. If you are an organisation — a different kind of consumer — you have different data that identifies you. You’d like to know who has that data, wouldn’t you? You might like to know whether those that have your data are sending email to the right @ddress for you, or whether they have your new phone number. You might like to give that information to another company that is about to start offering you a service. Now that you’ve checked it and made sure it’s correct you’d like to share all the details exactly as they are, so as not to type all that same stuff over again (again). And you’d like to save yourself from the hassle of undiscovered typos in that retyping.
Then you have data about how much money you earn, how much money you spend, who pays you money and who you pay money to. There’s data about how much money you save, how much money you borrow, and how often you do each of these things. Inside of that data there may be data about what you spend money on, as well. That’s your banking data, in a nutshell.
Open Banking in Australia is about your right to access that banking data and to share that data with other, responsible parties. Yes, sure, you can access the data if you go to your mobile banking application or if you go to your internet banking site, and you can download the data to a spreadsheet, or you can take a photo or a screenshot of the information. And you can share that information with someone (that you think is responsible). That means a bit of work on your part and also a bit of work on the part of the party that you are sharing with, and that is sharing once only, and that is sharing somewhat insecurely, and you might not keep a record of having shared on that occasion, and you can’t be sure that they will use the data for what you agreed it could be used for.
The Open Banking initiative is intended to make it easy for us to share, and secure to share. It is intended to have us know that those we are sharing with can be trusted. It allows us to manage our sharing, ongoing, for limited amounts of time but repeatedly if we choose to. It is intended to allow us to revoke access to our data when we want that access revoked, and to allow us to know who accessed our data and when they accessed it. In short, it allows us to get access to the banking data that we have accumulated, and to share that data with trusted parties. It allows us to complain to the right people if we think something is not right, and it provides for penalties when our trusted parties do the wrong thing.
Who are the parties that will play in this space?
Well, first and foremost, there’s you — the Consumer. Never forget that Open Banking is about your data. An old television advertisement for the State Bank of Victoria introduced us to “ownership” just before the start of the Banking Technology Age. So, Ralph, now it’s your data. You own the data, and you get to say who can see it, who can use it, and what they can use it for.
There are Data Holders. In Open Banking, these will typically be the banks and financial institutions. These are the organisations that collected your data from you, and now hold it. When Data Holders hold your data, you may give authorisation for your data to be shared with accredited, trusted third parties. This authorisation allows your data to flow, securely, to the trusted party when they request it.
The third parties are currently known by a number of names and acronyms. Some of those names and acronyms are: Third Party Provider (TPP), Trusted Third Party (TTP or T3P), and Data Recipients. These will typically be Fintech (financial technology) companies, large or small, or even your own bank. The Fintechs will be offering you things to do with your data (or ways to “spend” your data) — they may offer you comparisons, or analysis, or services to apply for new banking products. Your own bank may be looking for your data from other banks that you deal with, so that they can offer you more services or better services, or so that they can fine-tune your understanding as to how much they really are helping you with your finances.
This will be a much-watched industry. The most interested watcher will be the ACCC. The Australian Competition and Consumer Commission is the Australian “consumer law champion”, and they are there to look out for your rights and mine as consumers. They also have a role to promote competition and fairness in trade, as well as a regulatory role in national infrastructure. The ACCC will be making the rules as to how Open Banking will work, and will probably hold the keys to the castle and say who gets in — they will decide who is accredited to share this data and who is registered to share this data.
We have, in Australia, a body that protects our privacy with respect to data and information. This is the Office of the Australian Information Commissioner (OAIC). Now, there’s a government agency with Principles. They have 12, and they are collectively called the Australian Privacy Principles. You can read about these principles regarding your privacy at the OAIC website. At least initially, the OAIC will either handle any complaints or direct consumers to the most appropriate body to handle the particular complaint.
The OAIC will assist the ACCC in developing the rules that will be enforced. The OAIC has opinions and experience regarding ensuring information is secure and how consumers and providers should protect it. Another body helping the ACCC develop the rules and the finer details of the sharing mechanism is Data61. Data61 is a part of CSIRO, and specialise in data science, data design and data engineering. They are the body that will be developing the specifications for how our data will be shared around — which specific data items we share, how they are structured, the protocols that will be used to share the information. They will also specify the security aspects of proving you are who you say you are and of proving that you have the right to share data.
Ok, so now that I have this right over my data, what good does it do me? Where is the value in this, and how much is all this going to cost me?
In Arthur Conan Doyle’s, “A Scandal in Bohemia”, Sherlock Holmes is asked what he makes of a note, un-dated with no signature or indication of origin. He says “I have no data yet. It is a capital mistake to theorise before one has data.” Sherlock made his bread and butter from data, and constantly undertook to find facts (data) where others could not or did not. He valued data and put his data to good use. Now, we are seeing the emergence of concepts and practices in our society whereby data is perceived to have a greater value than previously, and some companies are seeking to help us put our data to good use. Numerous use cases are available to help describe how sharing our data with trusted parties might be of value. Here are just a few:
- A consolidated view of all of your bank balances on your mobile phone is enabled when you share your banking data with the consolidator
- A budgeting and analysis tool helps you decide which credit or debit card to make a purchase with — or suggests you use the change in your pocket instead
- Setting up a new bank account, you need to add all of your BPay payees and Osko PayIds and legacy BSB/Account numbers from your old account
- Applying for a new credit card, or a personal loan, or a mortgage, a comparison site can analyse your ability to service your debt and recommend the best provider for your circumstances
- Small businesses and sole traders have more options for managing their expenses, tracking invoices and creating reports
The intelligent and selective use of our banking data will allow us as consumers to be more informed, and give us greater insights. We will have mobility, being able to create new financial relationships with partners easily, and terminate relationships without the burden of having to harvest and store our information before doing so. For the finance and technology industries, this offers a wealth of opportunity for innovation and competition. Opening opportunities for innovation and competition is part of the remit of the ACCC, and just like the New Payments Platform (NPP) provides the opportunity for new, interesting and exciting technology, Open Banking will provide the fodder for thought, for inspiration and for execution on other opportunities. Eventually, the NPP opportunities may meet and intersect with the Open Banking opportunities, and we will see real opportunities to enable simplicity in banking.
For now, at the very start of Open Banking, the ability to access and to share your information is free: it comes at no charge. That is, the Data Holders are not allowed to charge you to share your data with others. This does not mean, necessarily, that the services offered to you by your trusted third parties will be free. Once you get your data to them, it is up to them as to how they will charge you for services: you should always read the Tease and Seize (Ts&Cs, or terms and conditions) for any agreement.
On that note, you should also be aware that you may already have agreed to share your data with other parties. The data that we are talking about in this post, as I have mentioned, has some value to some organisations. When you take a credit card from your bank that is branded with another organisation (let’s say, for example, you have a Virgin Galactic credit card from IDK Bank), you will quite likely already have agreed for IDK Bank to share your data with Virgin Galactic, and there is no doubt that VG will be putting their (your) data to good use already. That data that you shared with VG is outside of the Consumer Data Right: you made an agreement with IDK Bank when you clicked on the checkbox, and you may not be able to get hold of whatever information has been shared with them — although in theory it will probably be the same information you share via Open Banking. However, under such bilateral arrangements that are already in place, you should know that it is not so easy to revoke your consent to share, and doing so may mean surrendering the relevant credit card or other product.
This data sharing world will soon be a part of your right as an Australian consumer; but this is only a part of your new right. The Consumer Data Right will extend beyond your banking data. Just as you have accumulated data on your banking, you have also accumulated lots of other data as well. Two important areas in which you have accumulated data are your energy usage and your telecommunications usage. How many kilowatts you consumed on a given day within a peak demand period, and how much you paid for those kilowatts is important data to you, and to many others as well. How many minutes you spoke on the phone, how many texts you sent, how much internet data you downloaded or uploaded — and how much you paid for each of these — is also data that is useful. Once Open Banking is underway, we will later be able to access the data relating to our energy and telecommunications usage. Just as the banking data provides opportunities for us to compare service offerings, to budget and analyse, the energy and telco data will allow us to do the same. Beyond those three industries, the plan is not yet clear, but we can imagine that transport data, health data, entertainment data, even gaming data might be subjected to the Consumer Data Right. Oh, so much data …
Let’s just never forget that with Rights come Responsibilities. There will probably not be a booklet to download that describes the Consumer Data Responsibilities, but some of these responsibilities should be self-evident. You should always read the Ts & Cs of any data sharing arrangement, any service offered in return for your data, any product you sign up for. Oh, and by the way, in all of this, you should never have to give anyone (other than in your bank’s login page or app) your digital banking credentials. Keep keeping your credentials secure.
