Banks nudged to finish line on open banking

The big four banks are expected to meet the extended deadline for open banking compliance in February 2020, though one bank “might be struggling”, according to delegates at the 4th Open Banking and APIs conference in Sydney this week.

The original July deadline was extended after the Consumer Data Right legislation was delayed by the federal election, though it’s understood two of the big four failed to be ready and needed more time for testing. There has also been criticism the big four have deliberately been dragging their feet, though the Commonwealth Bank recently denied this.

Adrian Melillo from API integrator Mulesoft, which works both with the incumbent banks and new service providers, said the big four were telling him they’re already prepared.

“When I push and challenge them on this, as I don’t believe they’re as ready as they think they are, they say they are,” Melillo said.

“The first APIs are published already but currently they’re on track to do the sandpits scheduled next February, to be live by July next year. So in fact there’s a bit of complacency there.

“But it’s going to be very embarrassing now for them after being so bullish with ASIC and APRA if they turn around and say they need a delay.”

Another concern was that the focus from banks had been meeting the regulatory requirements, rather than innovation or the use cases around it.

Conversely, the highly innovative neobanks — despite their smaller budgets — may find it easier to meet regulatory requirements. Not only do they not have a large legacy to deal with, they have a later date to comply by.

If open banking is delayed, neobanks say it will create pain for customers. Despite concerns that open banking may initially “spook” customers, they stand to enjoy the biggest benefits from it.

Speaking on a panel, Judo Capital CDO Andreas Piefke said open banking was a simplification of current manual processes.

“If open banking is delayed, we will continue to have more complex processes. Interaction will be trickier, this will affect consumers most,” Piefke said.

Meanwhile, Xinja CTO John Pountain said open banking would resolve a lot of roadblocks the group faced.

“As a tech company we don’t have problems building APIs. But for consumers, portability is key. We have an issue with customers wanting their usernames and passwords to give to loan companies, to log into their accounts. Open banking will resolve this,” Pountain said.

Whether there’s a delay or not, the neobanks are pushing on with innovation and rolling out new and competitive services — even if it means less speed than they would like.

“If it doesn’t happen, or happens late, we have our own data. We won’t wait,” co-founder of Up, Dominic Pym, said.

One issue that the neobanks and others had struggled with was clarity around the requirements for data recipients, particularly in terms of an exact checklist.

Open banking has been very prescriptive in terms of what a bank has to do if it’s a data holder, and there are some prescriptive rules around connectivity. But as Adrian Melillo pointed out, it was “not very prescriptive yet as to what you have to do as a data recipient”.

“Neobanks don’t yet know what it’s going to take to be credited as a data recipient. That would be my area of focus: putting in place assurance regimes to prove that they are ready to be a data recipient. On the data holder side, you have to do A, B and C and it’s very clear,” Melillo said.

“On the data recipient side there are guidelines and principles but no detailed checklist, for example around security requirements, and there may never be. So it’s up to the neobanks to interpret them and apply them to their own environments, but it’s not a tick or a fail. It could be a lot of work for the neobanks to prove how they’ll comply with the standard.”

Uneven playing field

John Ford, CEO of Australian Military Bank, said some institutions would find it easier than others.

“If you’re an ADI (Authorised Deposit-taking Institution) it will be somewhat fast-tracked, guys in the early wave will get a step forward and credit for that. But Joe Blow off the street is not going to be receiving data any time soon,” Ford said.

Moneytree CEO Paul Chapman said compliance was not just about new regulations and requirements, such as the CDR (Consumer Data Right) and the draft privacy rules that the Office of the Australian Information Commission was preparing to release, but managing what kind of consent you had for what data.

“You’ve got this set of data from these customers and you can do this with it, and that’s going to become a new area of complexity. Informed consent is the gold standard. Your problem starts when you get the data, that’s really the start of your journey,” Chapman said.

When it does arrive, open banking is expected to not only encourage more local competition, but also make it easier for international players to enter the Australian market. Open banking software provider TrueLayer recently revealed it planned to open up in Australia in 2020, giving its European clients access to Australian consumers.


This article was first published by Australian Banking Daily.