Consumer-Permissioned Data Sharing in Australia

Australia’s Consumer Data Right is landmark legislation that reconfirms that citizens have the right to access, use and correct the information their institutions have about them, as well as putting requirements on those institutions to safeguard that information.  Open Banking is the first implementation of the CDR and will, if done thoughtfully, greatly improve the financial wellness of Australia’s consumers by bringing further innovative products and services to the market providing highly personalized services for wellness, responsible lending and professional advice.

Open Banking in Australia

At Envestnet | Yodlee, we know that Open Banking will have this positive impact because we’ve been running a commercially managed ecosystem for consumer-permissioned data sharing in Australia since 2010 and globally since 1999.  As a service provider to all types of financial institutions, including Australian ADIs, we’ve learned how consumers can entrust their sensitive data to responsible third party firms they’ve chosen to help them improve their financial wellness.  Working with the banking regulators, as well as privacy and consumer protections bodies, we’ve also learned how to manage this ecosystem safely and compliantly. 

As the global leader in this space, we’re happy to share our insights will all parties, including banks, lenders, advisors, fintechs, regulators, consumer advocates – or anyone with a sincere interest in empowering and protecting consumers and small business as they engage with their financial data. As we all work on Open Banking, we must also tend to the successful live market of consumer-permissioned data sharing applications and services that enable millions of Australia’s citizens to better manage their finances. 

Recently, CBA and Bankwest have reminded their respective customers that credential sharing comes with some inherent risks.  While this message is essentially correct, it’s equally important to know that you can safely access and use your data via third-party tools today by taking some basic and intuitive precautions. First, learn about your intended app or provider.  You wouldn’t buy a car without a test drive, nor marry a partner without dating – so don’t sign up for a service without reading the terms and checking the reputation online.  If it’s a new company, see if they have outside investors.  If they are providing a regulated service, like lending, check to see if their registration number is listed.  Think about the service they are providing and ask yourself if they really need the access to your data they are requesting.  Responsible providers will tell you just what they need and why they needed it.  When you entrust your credentials to them, they will only access the data you have approved and only for the purposes for which you gave your permission. 

Security and Privacy Standards

Now unless you are a lawyer, or even if you are, you might not fully understand the provider’s legal terms in this regard.  If the terms are not clear, give it a steer and don’t go near. It is true that not all providers have the same security as banks, but good security practices dictate that security safeguards and practices are fine-tuned, not one size fits all.  So don’t expect a money coach that only reviews transactions data to have the same cookie-cutter security as a payments processor.  What is important is that the security and privacy controls are appropriate for the service being provided. 

All businesses in Australia are licensed and required to comply with regulations and standards for security, privacy and consumer protection – with many having extra requirements and oversight via a licensing process.  You can factor this into your assessment if a provider is right for you. It’s also true that in this pre-Open Banking environment, the banks bear the brunt of fraud suffered by their customers. 

That is why Envestnet | Yodlee, and likely other providers, enter into strict commercial terms that hold the responsible partly ultimately accountable for security lapses that impact consumers.  This protects all stakeholders by ensuring the party that causes the harm is accountable for making it right – with stiff penalties for unfair, deceptive or negligent practices. Today, consumers and small businesses can safely build a bespoke portfolio of personalized data powered services from banks and third-parties that enable and protect their financial wellness.  Following good personal security habits are an essential part of this, including password hygiene such as long, complex passphrases unique for each site; signing up for fraud alerts and transaction monitoring and general awareness of your online financial relationships – including explicitly unregistering from any service you no longer use. 

While choosing to wait for Open Banking may be right for you, the vast majority of Australia’s consumers will benefit now from innovative solutions that enable them to meet their goals, such as buying a reliable car, moving to a neighborhood with better schools, optimizing their retirement benefits or simply holding on to more of their hard earned money.  Your bank can be a partner to you in meeting these goals, but they are part of your team – not the only option.