Tiered accreditation model needed to create level playing field in open banking

The current all-or-nothing approach to accreditation creates barriers to entry that severely restrict participation in the CDR and will limit the positive benefits to Australians of open banking, argues Moneytree’s Paul Chapman. 
 

Last month, ANZ proposed that regulators allow different levels of accreditation to enable companies to participate in the Consumer Data Right (CDR). 

Moneytree endorses this suggestion made before the Senate Select Committee on Financial Technology and Regulatory Technology by Emma Gray, Chief Data Officer, ANZ.  

Earlier this year, Moneytree also proposed a tiered accreditation system in our submission to the ACCC on CDR participation by third-party service providers.

Under current rules, non-ADI industry participants can obtain only one unrestricted level of CDR accreditation. 

This means both data recipients, and parties receiving data from data recipients (so-called third-party participants) must invest a considerable amount of resources to obtain full accreditation. 

Regardless of the sensitivity of data in scope, intended usage, or actual risk posed by a third-party participant, they are required to spend hundreds of thousands of dollars to obtain and maintain the same level of certification as a full data recipient.

ADIs, on the other hand, will not be required to do anything to achieve certified status, despite lacking experience in handling data sourced from other ADIs.  

While ADIs are perfectly capable of storing their own customer data, the majority currently lack the systems and processes for storing data sourced from other banks.

A high-bar accreditation approach is not without merit, but the unintended consequence is that it sets the bar unnecessarily high for many would-be Open Banking participants. 

 A tiered accreditation model, based on the level of confidentiality suitable to, and personal identifiability arising from the CDR data disclosed, is essential.

Dedicated financial data intermediaries like Moneytree will likely aim for full accreditation.  However, many small and medium-size financial technology businesses, led by experienced, trustworthy and innovative people, will not be able to achieve full accreditation due to significant costs.  

This threatens to confound the very innovation and increased choice that the CDR is intended to foster.  

Moneytree therefore advocates a tiered model of CDR accreditation, establishing a risk-based standard suitable for all legitimate participants.  

A tiered accreditation model, based on the level of confidentiality suitable to, and personal identifiability arising from the CDR data disclosed, is essential.

To understand what a tiered approach might look like, let’s consider how data confidentiality varies.  

Analysing an aggregate set of transactional banking data, by geographic area or age group, for example, that does not identify individuals is less sensitive than analysing the specific transactional data of an individual customer. 

Therefore, a CDR participant only accessing the former should rightly expect to require a less rigorous standard of accreditation than one accessing the latter. 

Another example could be a mortgage broker asking a data intermediary to confirm whether or not a loan applicant’s average income for the past three years exceeds $100,000, as was reported by the applicant.  Receiving a simple ‘yes’ or ‘no’ to this question, without providing access to the underlying raw transaction data, exposes minimal data while enabling the mortgage broker to approve the loan.

The current all-or-nothing approach to accreditation creates barriers to entry that severely restrict participation in the CDR and will limit the positive benefits to Australians of open banking.  

If we want to level the playing field in the financial services industry in Australia, providing increased choice and healthy competition, then a tiered system of CDR accreditation is essential.

Paul Chapman is the CEO and founder of Moneytree.