How to go to market with open banking in Australia
What is open banking?
Open banking, known as the Consumer Data Right (CDR) in Australia, is a way of giving regulated companies secure, limited access to consumers' bank accounts and their financial data, with their permission, in order to provide useful services. For example, that service might be around budgeting advice or access to loans.
- See our Australia guide to open banking.
What are the benefits of open banking?
For businesses, open banking creates new ways to offer their customers better services, giving them a competitive advantage in crowded or new markets.For example, any business that transacts online can take advantage of open banking to help them accept instant bank payments, without using card networks. Accepting payments online reduces fees, lowers fraud and lifts sales conversion. Alternatively companies can use open banking to accelerate customer onboarding. If you need to collect financial information from your customers at sign up, such as proof of income or proof of bank account ownership for a payment, open banking can help you do that in a secure, automated way.
How can I use open banking as a business?
Launching open banking within your business begins with a question: how can I use it in my business? The first step towards answering that question is working out your use case, the business problem or the opportunity that open banking provides the key to unlocking. Once you have decided on the 'how' comes a deep dive into the what, or the details of open banking data and regulations that you must follow in order to be allowed to handle consumer data.
What is an open banking use case?Open banking is available in Australia, but beyond common applications such as comparing home loans or apps that merge all of a consumer's bank accounts in one place, many businesses don’t yet know how they can use open banking to better serve their customers. However, there are a range of use cases emerging which show how open banking data can be used to make products and services more targeted, efficient and useful for consumers. In Australia, Accredited Data Recipients (ADRs) like Finder, Intuit, and Regional Australia Bank are providing open banking services such as pulling information from multiple bank accounts into one app, tailoring product recommendations, and automating credit assessments and identity verification instead of having to request this information from the customer.
Emerging use casesBut the opportunity is so much wider. TrueLayer's experience in the UK and Europe suggests wealth management technology, ecommerce and credit and lending are likely to be areas with strong use case potential in Australia.
- See our guide to open banking use cases to find out more.
- Smart onboarding: Peer-to-peer lender Zopa for example uses open banking data to auto-fill forms, credit history builder CreditLadder for identify and verification checks, and Wollit for income verification.
- Personal finance management: Financial planning app Revolut offers smart budgeting using open banking data, Olivia and Chip offer 'auto-saving', and Numbrs aggregates all bank accounts, investments, wallets, loyalty cards and more into one location.
- SME finances: business credit card provider Capital on Tap uses open banking data to do affordability checks, while Coconut and Ember offer account aggregation and automated accounting.
- Data-driven insights and personalised services: Through partnerships with banks Cardlytics uses spending data, provided with consumer permission, to create insights for marketers into purchases decisions, while LoyalBe uses purchasing data to give consumers loyalty rewards at different businesses.
- Instant bank payments: and one-off payments: share trading platform Trading212 uses open banking for instant funds transfers, while Coupay leverages open data to allow consumers to make one-off payments easily.
- To read more about what's happening in Europe and the potential opportunities for Australia, read our guide to open banking use cases blog.
What is open banking data?
Open banking data covers a range of specific information relating to an individual's bank account. This includes customer data such as their name and contact details, details if they operate a business such as the business name and ABN, account data such as balances, direct debit information and account numbers and types, and transaction data including incoming and outgoing transactions, amounts and descriptions of transactions.Banking is the first sector to be rolled out under Australia's Consumer Data Right (CDR), which is designed to give consumers greater access to and control over their data and improve their ability to compare and switch between products and services. It enshrines in law the principle that a consumer’s data is theirs to share and make use of. The CDR will later be expanded to the energy and telecommunications sector, and likely the superannuation and insurance sectors too.
How is open banking being rolled out?Under the open banking regime in Australia, the CDR will eventually cover all financial datasets as the phased rollout gathers pace. Under the phased rollout, different types of data are being opened up during three phases. From July 2021 consumers can use open banking for basic accounts such as savings and transactions, as well as GST and tax. From November 2021 that includes mortgages and other debt products, and from February 2022 the regime opens up to business finance, cash management accounts, and other more complex financial data.
- To read about which financial services are launching open banking at what times, read our Australian guide to open banking.
What is derived data?Information derived from open banking data is also covered by the CDR. What that means is if a business "materially enhances" data about a product or service through analysis, machine learning or drawing new insights that makes it significantly more useful or commercially valuable, that data is still CDR data – because it's been derived from open banking data. One example of materially enhanced data could be the result of income and expense verification, or information confirming income and rental history that real estate agents ask for before renting a property to new tenants.This has implications for anyone who accesses open banking data. Companies that want to directly access consumer data via open banking must either be an Accredited Data Recipient (ADR) or be working with an ADR via one of the four access arrangements. However, companies do not require any level of accreditation to access insights, the fifth and final access arrangement, derived from open banking data.
When is the data available?Different levels of open banking Australia data are available at different times, as the open banking phased rollout moves ahead. From July 1, 2021, Accredited Data Recipients (ADRs) are able to offer services around savings accounts, call accounts, term deposits, current accounts, cheque accounts, debit card accounts, transaction accounts, personal basic accounts, GST and tax accounts, credit and charge cards (personal & business).From November 1, 2021, that extends to products home loan, personal loan, and mortgage offset accounts. From February 1, 2022, ADRs will be able to design products and services around data released in the third and final phase of the rollout, which adds business finance, investment loan, lines of credit (personal & business), overdrafts (personal & business), asset finance (including leases), cash management accounts, farm management accounts, pensioner deeming accounts, retirement savings accounts, trust accounts, foreign currency accounts, and consumer leases.
Are there any hurdles to accessing the data?You can only access Australian open banking data by becoming at ADR or via one of the four access arrangements laid out by the central government financial policy agency, Treasury and legislated by the government in October.These are:
- become an affiliate of an unrestricted ADR who can sponsor and be responsible for your open banking data collection
- become a representative of an unrestricted ADR
- use a trusted advisor model
- gain access to CDR Insights Data to help identify and verify limited information about a customer without any accreditation at all.
How do I access CDR data?
Once you've decided on the way you want to go to market with open banking, the next stage is to consider whether you DIY – build all your APIs and associated infrastructure yourself – or find a partner like TrueLayer who can provide an open banking platform for you. There are some questions to ask yourself before launching down one path or the other, which will help you decide whether building it yourself or partnering is the right route for you.
- Is building your own IT infrastructure part of your core business, which you are best placed to deliver? For most companies, IT development won't be the open banking product or service they want to provide to their customers.
- Which will add more value to your business: building your own infrastructure or partnering to use an open banking platform?
- Are you prepared for the time and cost of maintaining your own open banking infrastructure? Eg hiring a permanent development team, compared to using a partner's platform.
|Directly connecting||Connecting via an intermediary|
|Description||Become an unrestricted Accredited Data Recipient (ADR).||Use any of the five access models: full accreditation, Affiliate, CDR Representative, Trusted Advisor, and Insight Receiver.|
|Accreditation||You are responsible for all accreditation applications and ongoing compliance.||You can work with an intermediary if you are fully accredited. The Affiliate model will require accreditation but at a lower level than the unrestricted model. The remaining three access models mean you do not need to be accredited as your ADR partner takes on that responsibility.|
|Compliance responsibilities||You are responsible for all compliance with ACCC, OAIC, Data Standards and legislative regulations.||Your intermediary will collect data on your behalf, handle consent, and in the case of Affiliates and CDR Representatives also provide support with compliance.|
|Technical access||You are responsible for building and maintaining all bank connections, technical maintenance, customer consents, data security in-house.||Your intermediary handles all technical connections to open banking data including customer consents and data security.|
|Time taken to get permission||6+ months. In order to be accredited, you must have prepared your technical and business case before submitting your application, which itself takes 4-6 months to receive approval.||Time taken for integration with your intermediary only. The timeframe required for Affiliate accreditation to be completed has not yet been released.|
Build it yourselfIf you choose to build all of your own open banking connection infrastructure, you will need full ADR accreditation in order to build a secure, cloud-based ecosystem that can connect to Data Holders and deliver a service to your customers that is simple, clear, and intuitive.Your open banking API must be secure, meaning it has to include Strong Customer Authentication (SCA), consent management systems, fraud detection and ring-fenced from your existing technology systems. Consumers must be able to see on your website where data is collected from and when, the Data Holder of the data, the Consumer Data Standards, and it must be clear where and how they can consent and withdraw permission. You must follow the mandatory CX Standards when considering your consumer experience, which were designed to ensure Consumer Data Right experiences are consistent for consumers, and information security rules governing how data can be transferred securely. API standards also control how APIs are built.
Partner with an intermediaryIf you decide that full accreditation isn't the right path to market, you can choose instead to partner with an intermediary, a company that can supply technology to both ADRs as well as open banking platforms. There are two types of ways you can interact with an intermediary: as a fully accredited ADR and as an unaccredited participant.
- When your business is an ADR and your provider is not, the latter can provide you services using open banking data you've collected, but can't collect that data for you.
- When both businesses are accredited, the provider can offer you goods and services and collect the data on your behalf.