Australia’s open banking scheme has reached its next major milestone, with all banks and credit unions now expected to share basic consumer data with individuals and registered data holders.
From today, non-major authorised deposit-taking institutions (ADIs) will be required to join the big four banks as data holders under the consumer data right (CDR) scheme.
As data holders, institutions will initially need to share data on savings and transaction accounts, as well as credit and debit cards with individuals if they request it.
That data will also be available to the handful of data recipients that have been accredited by the Australian Competition and Consumer Commission to use the data to provide product or service.
A phased approach will then see ADIs share data for home loans and personal loans from November, followed by other loans and lines of credit, trusts and retirement accounts from February 2022.
The Commonwealth Bank, ANZ, Westpac and NAB have been sharing this consumer data under phases one, two and three of the scheme since February after first joining the CDR in July 2020.
But even as the CDR enters its next phase, only a handful of tier two lenders have currently signed on as data holders, with the remainder delaying their entry – some by up to 18 months.
In addition to the big four banks, ten additional ADIs – and their respective brands – had become data holders at the time of publication.
Two of these, including Regional Australia Bank – which became a data holder late last year – and Australian Military Bank (including RSL Money), have done so using fintech Biza.io’s CDR solution.
Macquarie Bank, Suncorp, Citgroup, AMP, Judo Bank, eftpos provider Tyro and neobanks Up and Volt have also become last-minute data holders, which the ACCC’s website shows has occurred in the last three weeks.
The full list can be found here.
Frollo chief information officer Tony Thrassis last week said he expected around “15-20 data holders to be ready” through the fintech's open banking platform in early July.
Many of the remaining banks and credit unions have, however, had exemptions approved by the ACCC that push out their entry to the scheme until July 2022 or later.
ME Bank – which was recently bought by the Bank of Queensland – became one of the latest institutions to be granted an exemption last week.
The exemption will see the bank defer the “commencement dates of its phase one, phase two and direct-to-consumer data sharing obligations until 1 July 2022”.
Other banks and credit unions to receive exemptions this year include Bendigo and Adelaide Bank, IMB, Police Bank, Arab Bank Australia and G&C Mutual Bank.
A challenge some institutions have faced is the current requirement that each joint account holder authorise the sharing of data before it can occur.
Treasury is currently looking to rectify this by ensuring any account holder can “authorise the sharing of account data by default unless one or both account holders choose to opt-out”.
As part of this consultation, the central agency is also looking at relaxing data access arrangements for the scheme, including by opening new pathways for businesses to obtain data.
At present, only ten data recipients are accredited to ingest data, including the Commonwealth Bank, Frollo, Regional Australia Bank, Ezidox, Yodlee, Adatree, illion, and Intuit.
Update 10:18am: An earlier version of this story stated that some ADIs had become data holders using Frollo's open banking platform. That is not the case and the story has been updated to reflect this.