CDR Action Initiation
24 October 2022
The ABA notes the rollout of write access should be done safely, with the protection of customer data being a key principle. We also recommend that there should be a strategic assessment ahead of declaring any actions, and that payment initiation will need to align with the broader payments work.
Download PDFStatutory Review of the Consumer Data Right
20 May 2022
The ABA makes a number of recommendations to improve the rollout of the Consumer Data Right, including prioritising changes that benefit consumers the most, simplify and streamline regulatory requirements and prioritise broader payments reforms before rolling out write-access.
Download PDFExtension of the Consumer Data Right to non-bank lending
14 April 2022
Response to Treasury's consultation on the extension of the Consumer Data Right to non-bank lending. In this submission, the ABA responds to some issues raised in the discussion paper and provides comment based on the experience of banks in implementing the CDR.
Download PDFDigital Identity Legislation
27 October 2021
ABA reiterates our view that there is significant potential economic benefit in the government’s digital identity initiative for consumers and businesses. The development of both government and private sector digital identity systems is needed to achieve wider adoption, and therefore realise the potential economic benefits of this government policy. That will continue to depend on whether the proposed legislative framework provides clarity, ensures robust privacy safeguards for users, provides flexibility to innovate and incentives to participate, while minimising the potential for conflicting or inconsistent data and privacy obligations for participants.
Download PDFAustralia’s cyber security regulations and incentives
27 August 2021
The ABA sees an important role for government in coordinating messaging and cyber security uplift efforts across stakeholder groups and sectors, and setting clear expectations of what entities should do to protect themselves and their customers. The ABA acknowledges that there is a difficult but important balance to be struck between, on the one hand, economy wide, consistent cyber security regulatory requirements that improve the nation’s cyber risk position and, on the other hand, more specific or targeted measures which need to respond to specific risks and/or levels of risk. Further clarity will also be required for entities that may be indirectly subject to SOCI Act requirements, and for entities that may move in and out of the SOCI Act regime. The ABA seeks further information about the legal form that the governance standards would take and what legal standing (if any) the standards would have. The ABA asks for clarity on the interaction between the proposed standards and other regulatory regimes.
Download PDFABA InfoSec Standards – Position Paper
23 July 2021
Incorporating responses to Data Standards Body consultation: Decision Proposals 182. CDR Information Security Recommendations Ensuring that the appropriate technical standards for information security are put in place to enable the CDR is vital. These technical standards need to accommodate both an extension in scope for open banking, as well as setting the template for expansion of the CDR to other sectors of the economy. This paper makes the following recommendations: 1. Adopt FAPI 2.0 for future best practice 2. Ensure and Preserve Interoperability
Download PDFCDR Proposal for Purpose-based Consent
23 July 2021
The proposed solution put forward in DP-183 refers to a principle of ‘Purpose-based consent’. Purpose-Based Consents are a way to encode all of the required dimensions and granularity for a specific use case. Unfortunately, this specificity leads to a consequent loss in flexibility. DP-183 highlights read-only use cases which are not currently covered; however, the same principles and requirements are even stronger to enable read-write access.
Download PDFOpt-Out Joint Account Data Sharing Model
26 May 2021
Whilst the ABA supports the principle of a simple CDR, we question the ability to develop a ‘one-size-fits-all-sectors’ approach to joint accounts. The ABA supports retaining the current opt-in approach. The proposed opt-out approach is not supported on the basis that it undermines the foundational principle of the CDR, which is informed consent. We are of the view that it is not feasible to nominate an industry preferred option at this point.
Download PDFResponse to Senate Select Committee on Fintech and RegTech
17 December 2020
The ABA urges the development of an overarching strategy for data and information privacy to underpin the transition to a digital economy and provide a consistent framework for future reforms. Co-ordination will be critical to achieve the intended outcomes. The data economy has the real and exciting potential to generate jobs and opportunities for servicing the needs of all Australians. Technology and digital capability are the mechanisms by which banking will continue to develop.
Download PDFABA Commentary on Proposed Expansions to CDR Rules 2020
29 October 2020
The ABA does not support the proposed segmentation of banking data into high, medium, and low risk. The speed at which the Australian Competition and Consumer Commission (ACCC) intends to finalise the draft Rules is concerning, especially given risks which have been raised in the Privacy Impact Assessment (PIA). The ABA does not believe that it is possible for the ACCC to mitigate the risks raised in the PIA and concurrently resolve the questions and concerns raised in this submission by December 2020. The ABA is particularly concerned with negative impacts the speed of implementation will have on smaller banks. The ABA is also concerned that consumers may be overwhelmed with the level of complexity in the proposed Rules which may make them less likely to participate in the CDR. Trust in the security of the CDR is paramount to its success. The ABA urges the ACCC to reconsider the intention to finalise these rules by December 2020 and seeks a meeting with the ACCC to discuss the concerns raised in this submission
Download PDF