Understanding the Consumer Data Right — Australia’s take on open banking

Background image
Profile Photo
Marie Steinthaler, VP of data products
2 Mar 2020

Read along as we drill down what has happened so far, what is happening next, and which are the key dates to be aware of.

If you’ve spent any time in the open banking world, chances are you’ve come across many reports about the spread of this phenomenon. Below, we distil some key takeaways to help you make sense of what’s happening with open banking in Australia.

Key takeaways 📣

  1. Consumer Data Right — Australia has introduced a Consumer Data Right — referred to as the CDR — which enshrines in law the principle that a consumer’s financial, utility and telco data is theirs to share and make use of.

  2. Broader than Europe — Excitingly, the CDR goes beyond what we’ve seen to date in Europe: it covers more products (i.e. not just payment services) and expands beyond banking to utilities and telco data.

  3. Leading regulator — The ACCC is the central body responsible for the CDR ecosystem. They are collaborating with the industry, a data standards body and the banks to implement this new right.

  4. July 2020 — The launch of the official APIs is currently set for 1 July 2020. While it has been delayed a few times, progress has been pretty fast for such a challenging and ambitious undertaking.

  5. A new market — If your company is building innovative open banking products in Europe, the launch of the CDR will open up a whole new market for you down under.

  6. Opportunity for Australian businesses — If you’re an Australian business that already uses banking data, the CDR promises to deliver a stabler, simpler, and more trustworthy channel for gathering that data.

  7. Official data standard — There is an official data standard which has been developed by data61 (part of CSIRO, the Data Standards Body (DSB) in Australia — think, equivalent to the Open Banking Implementation Entity, or OBIE, in the UK).

If you thought there weren’t already enough acronyms around, you’re in for a treat. Luckily, if you don’t want to know all this detail, you don’t have to — we try our best to simplify all this for you 😉

A brief history — what has happened so far? ⤴️

On 20 July 2017, then-Treasurer Scott Morrison MP commissioned the Review into Open Banking in Australia, to figure out the best way to make data work for Australians. The review recommended an expansion of Europe's 'Open Banking’, extending beyond just banking data. This led to the creation of a more general “Consumer Data Right”. If you hear people talking about the CDR, this is what they mean.

Who is the regulator leading this initiative and how does it work? 📐

There are a few parties involved:

  • The regulator in charge of driving the CDR forward is the competitions regulator, the ACCC (A-triple-C, for all non-Australians);

  • They are supported in their efforts by the Office of the Australian Information Commissioner (OAIC), and the Data Standards Body (DSB);

  • CSIRO, the Australian federal government agency responsible for scientific research, has been appointed to the role of DSB;

  • And their data specialist arm data61 is in charge of developing the data standards.

In order to access the APIs, organisations will need to be accredited by the ACCC and added to a central register.

What does this CDR actually cover? 💭

The CDR kicks off with banking data in 2020, covering products including transaction accounts, term deposits, credit cards, loans, mortgages, trade finance, and lines of credit. Working groups supporting the ecosystem are starting to look into the next sectors in the scope of the CDR: utilities, and finally telecoms.

The timeline and three phases of the CDR ⏰

The original plan was to have the first CDR APIs ready to go live on 1 July 2019. From the get-go, the plan mandated that the four biggest banks in Australia (Commonwealth Bank of Australia, Westpac Banking Corporation, Australia and New Zealand Banking Group, and National Australia Bank) open up their APIs first. No surprises there, considering they command more than 80% of the market share, and have struggled with public perception over the past few years.

The timeline also foresaw the phasing of APIs across three stages to make the roll-out smoother:


As you can see, both business and personal accounts are covered by the CDR — a question we often get since the name “Consumer” Data Right is sometimes interpreted as not applying to business customers.

Back to the initial plan: Big 4 banks, phase 1 products, ready to go on 1 July 2019.

The launch of the Phase 1 APIs was first postponed to February 2020, and then once more, to 1 July 2020. In November 2020, the remaining information will be due for products in Phase 2 and Phase 3.

While these delays were disappointing for many in the industry, let’s not forget that the first enquiry into open banking in Australia was only commissioned in 2017. This means a timeline of 3 years to the first launch of functional APIs, which doesn’t compare too badly to the European roll-out which took approximately 4 years. That said, we can’t wait to get going in July, and we know many of our clients are in the same boat. ⛵️


What’s happening next? ⏩

A key development as of early February 2020, is that the CDR Rules are now finalised and in force. This increases the pressure for the big 4 banks to provide APIs for Phase 1 products in July.

Here’s what is happening to make it a reality:

  • There is ongoing industry testing of the incoming APIs from CBA, Westpac, NAB, and ANZ to get them ready for July.

  • The ACCC is running consultations to iron out the fine details of the phasing of additional banks providing their data beyond the big 4, reporting guidelines and more.

  • The Data Standards Body is hosting workshops to look into the next sectors beyond banking and making regular improvements to their Consumer Experience Standards.

  • We’re having many conversations with existing and new partners about what this all means for their businesses come July.

What TrueLayer’s next steps look like:

  • Preparing our product for the private beta. If you are interested in being part of the beta testers, get in touch!

  • Continuing to support the Australian regulatory and standards work on the CDR implementation.

In short, we’re excited 🎉 Reach out on [email protected] if you want to know more about why you should be too!