How to go to market with open banking in Australia

Social image

What is open banking?

Open banking, known as the Consumer Data Right (CDR) in Australia, is a way of giving regulated companies secure, limited access to consumers' bank accounts and their financial data, with their permission, in order to provide useful services. For example, that service might be around budgeting advice or access to loans.For businesses, open banking enables them to take payments and fetch data, when given permission, directly from a customer’s bank account via technology called open APIs or Application Programming Interfaces. It has ignited a new generation of financial services, enabling businesses to build products that increase engagement, reduce costs and transform the customer experience.

What are the benefits of open banking?

For businesses, open banking creates new ways to offer their customers better services, giving them a competitive advantage in crowded or new markets.For example, any business that transacts online can take advantage of open banking to help them accept instant bank payments, without using card networks. Accepting payments online reduces fees, lowers fraud and lifts sales conversion. Alternatively companies can use open banking to accelerate customer onboarding. If you need to collect financial information from your customers at sign up, such as proof of income or proof of bank account ownership for a payment, open banking can help you do that in a secure, automated way.

How can I use open banking as a business?

Launching open banking within your business begins with a question: how can I use it in my business? The first step towards answering that question is working out your use case, the business problem or the opportunity that open banking provides the key to unlocking. Once you have decided on the 'how' comes a deep dive into the what, or the details of open banking data and regulations that you must follow in order to be allowed to handle consumer data.

What is an open banking use case?

Open banking is available in Australia, but beyond common applications such as comparing home loans or apps that merge all of a consumer's bank accounts in one place, many businesses don’t yet know how they can use open banking to better serve their customers. However, there are a range of use cases emerging which show how open banking data can be used to make products and services more targeted, efficient and useful for consumers. In Australia, Accredited Data Recipients (ADRs) like Finder, Intuit, and Regional Australia Bank are providing open banking services such as pulling information from multiple bank accounts into one app, tailoring product recommendations, and automating credit assessments and identity verification instead of having to request this information from the customer.

Emerging use cases

But the opportunity is so much wider. TrueLayer's experience in the UK and Europe suggests wealth management technology, ecommerce and credit and lending are likely to be areas with strong use case potential in Australia.In Europe, where open banking is already underway via the Payments Service Directive 2 (PSD2), there are proven use cases that are already driving value for companies. TrueLayer crunched data from millions of open banking API calls going through our platform each month to identify which use cases are working in Europe and which are emerging, as opening banking moves beyond fintech and into gaming and wealth management, all of which could be opportunities for Australian businesses looking to build products and services on open banking data.Use cases already underway in Europe and the UK:
  • Smart onboarding: Peer-to-peer lender Zopa for example uses open banking data to auto-fill forms, credit history builder CreditLadder for identify and verification checks, and Wollit for income verification.
  • Personal finance management: Financial planning app Revolut offers smart budgeting using open banking data, Olivia and Chip offer 'auto-saving', and Numbrs aggregates all bank accounts, investments, wallets, loyalty cards and more into one location.
  • SME finances: business credit card provider Capital on Tap uses open banking data to do affordability checks, while Coconut and Ember offer account aggregation and automated accounting.
Emerging use cases in Europe and the UK:
  • Data-driven insights and personalised services: Through partnerships with banks Cardlytics uses spending data, provided with consumer permission, to create insights for marketers into purchases decisions, while LoyalBe uses purchasing data to give consumers loyalty rewards at different businesses.
  • Instant bank payments: and one-off payments: share trading platform Trading212 uses open banking for instant funds transfers, while Coupay leverages open data to allow consumers to make one-off payments easily.
  • To read more about what's happening in Europe and the potential opportunities for Australia, read our guide to open banking use cases blog.

What is open banking data?

Open banking data covers a range of specific information relating to an individual's bank account. This includes customer data such as their name and contact details, details if they operate a business such as the business name and ABN, account data such as balances, direct debit information and account numbers and types, and transaction data including incoming and outgoing transactions, amounts and descriptions of transactions.Banking is the first sector to be rolled out under Australia's Consumer Data Right (CDR), which is designed to give consumers greater access to and control over their data and improve their ability to compare and switch between products and services. It enshrines in law the principle that a consumer’s data is theirs to share and make use of. The CDR will later be expanded to the energy and telecommunications sector, and likely the superannuation and insurance sectors too.

How is open banking being rolled out?

Under the open banking regime in Australia, the CDR will eventually cover all financial datasets as the phased rollout gathers pace. Under the phased rollout, different types of data are being opened up during three phases. From July 2021 consumers can use open banking for basic accounts such as savings and transactions, as well as GST and tax. From November 2021 that includes mortgages and other debt products, and from February 2022 the regime opens up to business finance, cash management accounts, and other more complex financial data.
  • To read about which financial services are launching open banking at what times, read our Australian guide to open banking.

What is derived data?

Information derived from open banking data is also covered by the CDR. What that means is if a business "materially enhances" data about a product or service through analysis, machine learning or drawing new insights that makes it significantly more useful or commercially valuable, that data is still CDR data – because it's been derived from open banking data. One example of materially enhanced data could be the result of income and expense verification, or information confirming income and rental history that real estate agents ask for before renting a property to new tenants.This has implications for anyone who accesses open banking data. Companies that want to directly access consumer data via open banking must either be an Accredited Data Recipient (ADR) or be working with an ADR via one of the four access arrangements. However, companies do not require any level of accreditation to access insights, the fifth and final access arrangement, derived from open banking data.

When is the data available?

Different levels of open banking Australia data are available at different times, as the open banking phased rollout moves ahead. From July 1, 2021, Accredited Data Recipients (ADRs) are able to offer services around savings accounts, call accounts, term deposits, current accounts, cheque accounts, debit card accounts, transaction accounts, personal basic accounts, GST and tax accounts, credit and charge cards (personal & business).From November 1, 2021, that extends to products home loan, personal loan, and mortgage offset accounts. From February 1, 2022, ADRs will be able to design products and services around data released in the third and final phase of the rollout, which adds business finance, investment loan, lines of credit (personal & business), overdrafts (personal & business), asset finance (including leases), cash management accounts, farm management accounts, pensioner deeming accounts, retirement savings accounts, trust accounts, foreign currency accounts, and consumer leases.

Are there any hurdles to accessing the data?

You can only access Australian open banking data by becoming at ADR or via one of the four access arrangements laid out by the central government financial policy agency, Treasury and legislated by the government in October.These are:
  • become an affiliate of an unrestricted ADR who can sponsor and be responsible for your open banking data collection
  • become a representative of an unrestricted ADR
  • use a trusted advisor model
  • gain access to CDR Insights Data to help identify and verify limited information about a customer without any accreditation at all.
The accreditation criteria necessary for achieving ADR status requires a company to undertake rigorous processes. Broadly speaking, companies must qualify as a ‘fit and proper person’, have information security in place to protect open banking data from misuse or loss, possess the requisite internal and external dispute resolution schemes, insurance and a CDR policy.

How do I access CDR data?

Once you've decided on the way you want to go to market with open banking, the next stage is to consider whether you DIY – build all your APIs and associated infrastructure yourself – or find a partner like TrueLayer who can provide an open banking platform for you. There are some questions to ask yourself before launching down one path or the other, which will help you decide whether building it yourself or partnering is the right route for you.
  • Is building your own IT infrastructure part of your core business, which you are best placed to deliver? For most companies, IT development won't be the open banking product or service they want to provide to their customers.
  • Which will add more value to your business: building your own infrastructure or partnering to use an open banking platform?
  • Are you prepared for the time and cost of maintaining your own open banking infrastructure? Eg hiring a permanent development team, compared to using a partner's platform.
To make it easier to visualise the business use case, refer to the following matrix. Please note that these are generalisations and your journey to integrating open banking data will be dependent on your business.
Directly connectingConnecting via an intermediary
DescriptionBecome an unrestricted Accredited Data Recipient (ADR).Use any of the five access models: full accreditation, Affiliate, CDR Representative, Trusted Advisor, and Insight Receiver.
AccreditationYou are responsible for all accreditation applications and ongoing compliance.You can work with an intermediary if you are fully accredited. The Affiliate model will require accreditation but at a lower level than the unrestricted model. The remaining three access models mean you do not need to be accredited as your ADR partner takes on that responsibility.
Compliance responsibilitiesYou are responsible for all compliance with ACCC, OAIC, Data Standards and legislative regulations.Your intermediary will collect data on your behalf, handle consent, and in the case of Affiliates and CDR Representatives also provide support with compliance.
Technical accessYou are responsible for building and maintaining all bank connections, technical maintenance, customer consents, data security in-house.Your intermediary handles all technical connections to open banking data including customer consents and data security.
Time taken to get permission6+ months. In order to be accredited, you must have prepared your technical and business case before submitting your application, which itself takes 4-6 months to receive approval.Time taken for integration with your intermediary only. The timeframe required for Affiliate accreditation to be completed has not yet been released.

Build it yourself

If you choose to build all of your own open banking connection infrastructure, you will need full ADR accreditation in order to build a secure, cloud-based ecosystem that can connect to Data Holders and deliver a service to your customers that is simple, clear, and intuitive.Your open banking API must be secure, meaning it has to include Strong Customer Authentication (SCA), consent management systems, fraud detection and ring-fenced from your existing technology systems. Consumers must be able to see on your website where data is collected from and when, the Data Holder of the data, the Consumer Data Standards, and it must be clear where and how they can consent and withdraw permission. You must follow the mandatory CX Standards when considering your consumer experience, which were designed to ensure Consumer Data Right experiences are consistent for consumers, and information security rules governing how data can be transferred securely. API standards also control how APIs are built.

Partner with an intermediary

If you decide that full accreditation isn't the right path to market, you can choose instead to partner with an intermediary, a company that can supply technology to both ADRs as well as open banking platforms. There are two types of ways you can interact with an intermediary: as a fully accredited ADR and as an unaccredited participant.
  1. When your business is an ADR and your provider is not, the latter can provide you services using open banking data you've collected, but can't collect that data for you.
  2. When both businesses are accredited, the provider can offer you goods and services and collect the data on your behalf.
TrueLayer is an intermediary that can help aggregate and classify data. That means we connect to the APIs controlled by banks and other Data Holders to aggregate banking data on your behalf. We handle the data collection, the consent management and can help you with your compliance responsibilities. You can offer your goods or services to customers using that data, and maintain the full relationship with customers.

Are there any reciprocal rights under the CDR if I am regulated under PSD2?

No, not yet. The European Payments Service Directive 2 (PSD2) which came into force in 2018 is similar, but not the same as open banking in Australia, which is part of the CDR. PSD2 requires banks to open access to customer data, but the formats by which they can do so are fragmented. The CDR creates a standardised, interoperable format for doing so, led by a centralised Data Standards Body.

Insights straight to your inbox

Join 10,000+ subscribers getting the latest open banking news.

Isometric abstract cubes
Background image
Background image

Ready to get started?

Talk with one of our open banking experts