Abstract image of a woman sitting on books and studying on a laptop

Consumer Data Rights

Bikram Paul Choudhury, profile picture
Bikram Paul Choudhury

The document outlines the implementation of Australia's Consumer Data Right (CDR) rules, which aims to transition banks from a closed model to one that allows sharing of consumer data with third parties, emphasizing the need for strong data governance and management frameworks. It also compares the CDR with international regulations like the EU's PSD2 and GDPR, highlighting features such as consumer data correction rights, consent management, and data quality measures. Additionally, it discusses the expected impacts of CDR on banks and consumers, including enhanced competition, improved consumer choices, and the necessity for banks to upgrade their data systems.

Data & Analytics
1 of 12
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
UNLOCKINGVALUE WITHCONSUMER DATARIGHTSRULES
While the Consumer Data Right (CDR) rules are being finalised, the outline has been published. Australian banks have started their compliance journey to meet the new open banking standard. As banks prepare themselves for the seismic transition from a closed model to being able to share high-quality and accurate data with third parties, they face two immediate needs. First, strong data governance; and second, a robust data management framework that offers adequate data privacy and security measures. 2 UNLOCKING VALUE WITH CONSUMER DATA RIGHTS RULES
Figure 1: Global Regulations on Open Banking and Data Protection Sources: ec.europa.eu/info/law/payment-services-psd-2-directive-eu-2015-2366_en; www.gov.uk/government/organisations/ competition-and-markets-authority; bankingblog.accenture.com/brave-new-world-open-banking-apac-japan?lang=en_US; www. accc.gov.au/system/files/CDR-Rules-Outline-corrected-version-Jan-2019.pdf; citizen.co.za/business/1957537/will-sa-banks-pursue- open-banking-before-they-need-to/; openbanking.ng/get-started/; www.consumerfinance.gov/about-us/newsroom/cfpb-outlines- principles-consumer-authorized-financial-data-sharing-and-aggregation/ DataprivacyandOpenBanking gainglobaltraction Globally, along with changing consumer preferences, concerns regarding data collection, privacy, and security are growing. As regulators around the world continue to closely observe Europe’s Payment Services Directive 2 (PSD2) and the General Data Protection Regulation (GDPR), many are already in the advanced stages of drafting equivalent open banking standards and data protection regulations. PSD2 regulates banks in the EU to grant third party providers access to payment accounts for account information and payment initiation. CMA (Competition and Monetary Authority) regulated the 9 largest UK private banks to form an Open Banking Implementation Entity. Monetary Authority of Singapore “Finance-as-a-Service” playbook to boost Open API adoption. Japan to open up by 2020. Hong Kong Monetary Authority to regulate tier-1 HK banks to open up APIs. Furthermore, several Open Banking related GovTech initiatives in India, China, Singapore. Australian Treasury Department finalising Open Banking Standards by February 2019. New Zealand: Banks recently started Open Banking pilot. South Africa: PSD2 is watched closely. SARB (South African Reserve Bank) should “drop” a report regulating a “Sandbox API”. In Nigeria, API Banking use cases for financial inclusion gaining traction. US CFPB pushing for customer-authorized access to data as alternative for screen scraping. Canadian government is studying the introduction of Open Banking regulation. Fintech and Open Banking bill passed in Mexico. 3 UNLOCKING VALUE WITH CONSUMER DATA RIGHTS RULES
Theconsumerdatarightrules frameworkismorethanjust OpenBanking The Consumer Data Right Rules Outline released by the Australian Competition & Consumer Commission (ACCC) in December 2018 focuses on much more than just opening the closed and traditional banking model.1 While the rules try to empower consumers with the right to correction (like the subject rights in GDPR), enabling customers to rectify their data in 30 calendar days, they also require CDR participants to draft a policy on open and transparent data management that is independent of any existing privacy policy. The rules prescribe the need for adequate quality and security measures before data can be shared with third party providers. This provides banks with a perfect opportunity to leverage the CDR rules framework to establish a strong data governance platform focused on data quality, transparency and traceability. Australian banks will also need to comply with other ongoing data-centric regulatory initiatives such as the Basel Committee on Banking Supervision’s standard number 239 (BCBS239) and the GDPR. In doing so they may see cross-regulatory synergies. In response to the growing pace of technological innovation and the increasing risk and sophistication of data theft, the CDR rules underline the importance of having a strong, well-defined and well- governed data framework. Some of the key CDR rules highlights include: A) Multiple Regulator Model The ACCC will be responsible for standards-setting while the Office of the Australian Information Commissioner (OAIC) will examine the privacy impacts. B) Sector-by-sector implementation The CDR will be implemented on a sector- by-sector basis, starting with the banking sector. This gives all other industries, especially data-centric ones such as telecommunications, more time to plan the implementation. C) Phased implementation The banking sector will be required to begin sharing data in phases, with the first wave to be opened up by 1 July 2019 (see Figure 2). D) Consent / authorisation management Data holders and data recipients will need to obtain customer consent before customer data can be shared. E) Consumer dashboard Data holders and recipients will need to create a consumer-facing dashboard showing all data-sharing authorisations Proposedconsumerdata rightrules 4 UNLOCKING VALUE WITH CONSUMER DATA RIGHTS RULES
(active and historical) that the customer has given. The dashboard should also record the disclosure of data. F) Right to correction Data holders and recipients must correct any CDR data which a consumer deems incorrect or redundant. They must respond to requests for rectification within 30 calendar days. G) Open and transparent data management Data holders and recipients must have a CDR policy on data management that is independent of any existing privacy policy. The policy should be easy to understand and drafted in a way that promotes consumer engagement. H) Notification of collection and disclosure Data holders and recipients must record disclosure of data in consumer dashboards. I) Quality and security of data Data holders and recipients must ensure that the CDR data being shared is accurate, current and complete for the purpose for which it is held. Recipients must also undertake adequate precautions to ensure data security. J) Record keeping and reporting Data holders and recipients will be responsible for collecting and maintaining records of complaints and disputes and reporting these biannually. They will have to retain the records for six years. Source: Published CDR Rules Outline – https://www.accc.gov.au/system/files/CDR-Rules-Outline-corrected-version- Jan-2019.pdf Figure 2: CDR Rules Implementation Phases for Banks PHASE I PHASE II PHASE III Products in scope • Savings accounts • Call accounts • Term deposits • Current accounts • Cheque accounts • Debit card accounts • Transaction accounts • Personal basic accounts • GST and tax accounts • Credit and charge cards • Residential mortgages • Investment mortgages • Mortgage offset accounts • Business Finance • Personal Loans • Lines Of Credit (Personal) • Lines Of Credit (Business) • Overdrafts (Personal) • Overdrafts (Business) • Asset Finance • Cash Management Accounts • Farm Management Accounts • Pensioner Deeming Accounts • Retirement Savings Accounts • Trust Accounts • Foreign Currency Accounts • Consumer Leases Date of compliance Product Data – Jul 01, 2019 Other Data – Feb 01, 2020 Feb 01, 2020 Jul 01, 2020 5 UNLOCKING VALUE WITH CONSUMER DATA RIGHTS RULES
Source: Qualitative Analysis, Accenture 2019 Figure 3: A Comparison of Consumer Data Regulatory Features CDRcombinesaspectsof differentEuropeanregulations The CDR echoes PSD2 with its requirement that banks open up their customer account information to third parties.2 It also incorporates several aspects of the GDPR, including the right to data rectification, active consent/ authorisation management and data minimisation measures.3 There are, however, key differences between the CDR and its European counterparts. For one thing, the scope of the CDR includes lending accounts while PSD2 and the GDPR do not. The Australian and European schemes also differ in terms of actions in scope: PSD2 and UK Open Banking allow actions such as payments initiation and account opening while the CDR allows read-only access. Having said this, we are already seeing potential use cases in Australia for the combination of the CDR and the New Payments Platform (NPP) to create new digital services for businesses and consumers that effectively leverage both read and write capabilities.4 (Our September 2018 paper, Open Banking and the New Payments Platform: Unlocking Real-Time Commerce, discusses this in more detail.) CATEGORY KEY FEATURE EU GDPR EU PSD2 Australia (CDR) Type of Information in scope Transaction data Account support data Customer identity AML/CTF support Accounts in scope Transaction/savings Credit cards Personal loans Mortgages Business loans Actions in scope Read data Initiate transactions Open accounts Initiate application Privacy standards Right to erasure Block solicitation/profiling & SCA Data Protection Office Pseudonymisation Consent Management Consumer Dashboard Breach Management 6 UNLOCKING VALUE WITH CONSUMER DATA RIGHTS RULES
Source: Qualitative Analysis, Accenture 2019 Figure 4: Impacts of CDR on Banks HowCDRimpactsdata, technology,processesandpeople The implementation of the CDR is likely to profoundly change Australia. As the banking industry adopts the rules framework and other industries follow, the impact will be widely felt by consumers and third-party providers. Consumers will benefit from the new regime as they will enjoy a better choice of banking products as well as potentially reduced costs due to greater competition. Along with the ease of switching between different service providers, including fintech firms and start-ups, consumers will have greater access to and visibility of their own data that banks hold. Importantly, consumers will have the ability to direct that the data be safely transferred to trusted and accredited service providers of their choice. For Australian banks, the CDR will have a significant impact on the entire process, system and data landscape. 1 Sharing of Customer Data 2 Consent / Authorization Management 3 Customer Dashboard 4 Open and Transparent Management of Data 5 Anonymity and Pseudonymity 6 Notifying the collection and disclosure of CDR data 7 Quality of CDR data 8 Security of CDR data 9 Correction of CDR data 10 Record keeping and Reporting 4 7 10 Technology Impact + + – – PeopleandProcessImpact 9 3 12 8 5 6 Bubble size indicates impact magnitude 7 UNLOCKING VALUE WITH CONSUMER DATA RIGHTS RULES
The top three factors impacting banks today are: 1.Sharingcustomerdata The data-sharing aspect of the CDR will necessitate the development of secure application programming interfaces (APIs), the implementation of data minimisation standards, and measures to ensure adequate data quality as well as data correction features. This will require a major overhaul of banking systems and processes. The entire system landscape, including ledgers, data warehouses, data marts and risk and reporting systems will need to undergo changes along with different banking processes. Banks will also need to invest in improving their end-to-end product and pricing data capabilities, which have typically evolved in a myriad of legacy systems and spreadsheets. This will need to become industrial-strength, automated and API-enabled to support the requirements of the CDR. And, most importantly, banks will need to ensure the data is always accurate and valid. 2.Consent/authorisation managementandconsumer dashboard The CDR will require banks to implement effective and efficient consent management policies and processes and establish dashboards. It will become essential for banks to be able to demonstrate clear governance around collecting and managing customer consent and authorisations before data is shared. 3.Openandtransparent managementofdata Banks will have to create a separate data management policy as well as review all existing policies and frameworks surrounding different data management practices today, including existing data minimisation measures, data retention policies and anonymisation/ pseudonymisation techniques. Consumers will benefit from the new regime as they will enjoy a better choice of banking products as well as potentially reduced costs due to greater competition. 8 UNLOCKING VALUE WITH CONSUMER DATA RIGHTS RULES
Usinglessonslearnedfrom similarglobalinitiatives Banks should use the lessons learned from global initiatives on open banking and data privacy to gain time and cost synergies when implementing CDR rules. Banks in Europe (and globally) struggled in their journey to GDPR compliance due to the complexity of the regulation and the huge impact on data, systems and processes, coupled with the short implementation time of only two years. Another burden was the introduction of the Payment Services Directive II (PSD2), which became applicable on 13 January 2018.5 Due to the extremely complex nature of these regulations, tight timelines for implementation, and high penalties for non-compliance, banks and financial services companies across the globe have struggled to execute solutions. Whilst there are many synergies between the two sets of regulation, financial services firms have tended to address each separately. As a result, they have not been able to fully realise the benefits of undertaking a co-ordinated and combined approach. Some of the key lessons from their experience include: Concerns over reputational risk and being a trusted brand For many organisations, avoiding reputational damage is viewed as more important than being compliant with regulators. E.g. Concerns over being the first to be fined in the industry. First-mover advantage Time to market is key. Leading market participants should take advantage of the current regulatory chaos by being first movers and thereby dictating market adoption in data privacy. Align with other ongoing initiatives From the outset, the CDR implementation should align with other ongoing data protection initiatives such as the GDPR. There is an opportunity to run common activities, so the entire data-driven regulatory portfolio can leverage the synergies between the different regulations. Improve customer trust and experience The CDR should not be viewed simply as a regulatory tick mark. Banks need to focus on delivering a differentiated positive customer experience as well as continue to maintain and improve customer trust. Rotate to the new Australian banks should use the CDR as a tool to rotate to the new and derive competitive advantage by leveraging the latest technologies, especially artificial intelligence, robotics, machine learning and advanced data analytics. 9 UNLOCKING VALUE WITH CONSUMER DATA RIGHTS RULES
Thecountdowntocompliance deadlinesstartsnow With a few months remaining for banks to meet their compliance obligations, it’s important to act now. As we’ve seen in Europe, banks have struggled with  implementing PSD2 and GDPR due to regulatory complexities. With a phased implementation for the CDR rules, banks in Australia will benefit by first starting with a clear, well-defined action plan and focused initiatives. Like any other regulatory initiative, banks will need to start with an assessment of the current state of the processes, systems and policies of not only their APIs, and the quality of data they hold, but also of current processes around data retention, data minimisation and data anonymisation. 10 UNLOCKING VALUE WITH CONSUMER DATA RIGHTS RULES
1 Consumer Data Right Rules Outline, Australian Competition & Consumer Commission (December 2018). https://www. accc.gov.au/system/files/CDR-Rules-Outline- corrected-version-Jan-2019.pdf 2 Directive (EU) 2015/2366 of the European Parliament and of the Council, European Union (25 November 2015). https:// eur-lex.europa.eu/legal-content/EN/ TXT/?uri=celex%3A32015L2366 3 Regulation (EU) 2016/679 of the European Parliament and of the Council, European Union (27 April 2016). https://eur-lex.europa.eu/legal- content/EN/TXT/?qid=1528874672298&uri= CELEX%3A32016R0679 4 Open Banking and the New Payments Platform: Unlocking Real-Time Commerce, Accenture (20 October 2018). https:// bankingblog.accenture.com/open-banking- new-payments-platform-unlocking-real-time- commerce?lang=en_US 5 http://europa.eu/rapid/press-release_ MEMO-17-4961_en.htm https://eugdpr.org/the-regulation/gdpr-faqs/ AUTHORS REFERENCES Tales Lopes Managing Director, Finance, Risk and Compliance Practice Lead for Australia and New Zealand, Accenture Financial Services tales.s.lopes@accenture.com Graham Rothwell Managing Director, Asia Pacific Payments, Accenture Financial Services g.rothwell@accenture.com Bikram Paul Choudhury Manager, Finance, Risk and Compliance, Accenture Financial Services bikram.choudhury@accenture.com 11 UNLOCKING VALUE WITH CONSUMER DATA RIGHTS RULES
Copyright © 2019 Accenture. All rights reserved. Accenture, its logo, and New Applied Now are trademarks of Accenture. 190317 ABOUT ACCENTURE Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions—underpinned by the world’s largest delivery network—Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With approximately 469,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com. DISCLAIMER The views and opinions expressed in this document are meant to stimulate thought and discussion. As each business has unique requirements and objectives, these ideas should not be viewed as professional advice with respect to your business.

More Related Content

PDF
Embracing Digital Convergence amid Regulatory-Driven Overhauls
Cognizant
 
PDF
The Power Of Open Banking Coupled With Artificial Intelligence
IndusNetMarketing
 
PDF
2021: The second wave of Fintech Disruption: Trends to watch out
IndusNetMarketing
 
PPTX
2015 Minnesota Water Technology Summit
GREATER MSP
 
PDF
apidays LIVE Australia 2021 - Open Banking: Successful Implementation Strateg...
apidays
 
PDF
Fintech post COVID World 2021
CodeCraft Technologies
 
PDF
How Open Banking, Blockchain & AI Are Redefining The Financial Services - 09 ...
Nouamane Cherkaoui
 
PDF
Data Beyond Borders 2.0
FairTechInstitute
 
Embracing Digital Convergence amid Regulatory-Driven Overhauls
Cognizant
 
The Power Of Open Banking Coupled With Artificial Intelligence
IndusNetMarketing
 
2021: The second wave of Fintech Disruption: Trends to watch out
IndusNetMarketing
 
2015 Minnesota Water Technology Summit
GREATER MSP
 
apidays LIVE Australia 2021 - Open Banking: Successful Implementation Strateg...
apidays
 
Fintech post COVID World 2021
CodeCraft Technologies
 
How Open Banking, Blockchain & AI Are Redefining The Financial Services - 09 ...
Nouamane Cherkaoui
 
Data Beyond Borders 2.0
FairTechInstitute
 

What's hot (20)

PDF
Webinar: Practical use-cases to monetize Open Banking APIs
Torry Harris
 
PDF
Digital Currencies: Where to from here?
Chartered Accountants Australia and New Zealand
 
PDF
The Internet of Things: A Prime Opportunity for Merchant Acquirers
Cognizant
 
PDF
Beyond Open Banking : Uncovering The Opportunities Ahead- 21st april 2021 - N...
Nouamane Cherkaoui
 
PDF
Traditional Banks, Credit Unions Compete Against Digital-Only Banks
Flavia_McCain
 
PPT
Interactive Data Corporation
lenmeyers
 
PDF
Dodd-Frank's Impact on Regulatory Reporting
HEXANIKA
 
PDF
apidays LIVE Singapore 2021 - Integrating and managing 3000+ digital products...
apidays
 
PPTX
Canadian Prepaid Ecosystem 2020
jennifertramontana
 
PDF
Durbin + Debit: The Devil\'s in the Details
JohnDStevens
 
PDF
Mobile Discovery User Guide v9
David Miller
 
PDF
The ASEAN Data Protection Index 2020
FairTechInstitute
 
PDF
Virtual school of ig economic issues_2021
Desiree Miloshevic
 
PDF
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
apidays
 
PPTX
O impacto da revolução digital no sistema financeiro - Murilo Portugal
Fundação Fernando Henrique Cardoso
 
PPTX
Dynamics of payment industry in 2021 v3.1
Nikunj Gundaniya
 
PDF
Disruption In Retail Banking - Powered by Intelligent Automation
Happiest Minds Technologies
 
PDF
Big Data - Accountability Solutions for Public Sector Programs
Gaurav "GP" Pal
 
PDF
Intermodal Transport Data Sharing Programme (Sep 2021)
FairTechInstitute
 
PDF
Chances of open banking
Netcetera
 
Webinar: Practical use-cases to monetize Open Banking APIs
Torry Harris
 
Digital Currencies: Where to from here?
Chartered Accountants Australia and New Zealand
 
The Internet of Things: A Prime Opportunity for Merchant Acquirers
Cognizant
 
Beyond Open Banking : Uncovering The Opportunities Ahead- 21st april 2021 - N...
Nouamane Cherkaoui
 
Traditional Banks, Credit Unions Compete Against Digital-Only Banks
Flavia_McCain
 
Interactive Data Corporation
lenmeyers
 
Dodd-Frank's Impact on Regulatory Reporting
HEXANIKA
 
apidays LIVE Singapore 2021 - Integrating and managing 3000+ digital products...
apidays
 
Canadian Prepaid Ecosystem 2020
jennifertramontana
 
Durbin + Debit: The Devil\'s in the Details
JohnDStevens
 
Mobile Discovery User Guide v9
David Miller
 
The ASEAN Data Protection Index 2020
FairTechInstitute
 
Virtual school of ig economic issues_2021
Desiree Miloshevic
 
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
apidays
 
O impacto da revolução digital no sistema financeiro - Murilo Portugal
Fundação Fernando Henrique Cardoso
 
Dynamics of payment industry in 2021 v3.1
Nikunj Gundaniya
 
Disruption In Retail Banking - Powered by Intelligent Automation
Happiest Minds Technologies
 
Big Data - Accountability Solutions for Public Sector Programs
Gaurav "GP" Pal
 
Intermodal Transport Data Sharing Programme (Sep 2021)
FairTechInstitute
 
Chances of open banking
Netcetera
 
Ad

Similar to Consumer Data Rights (20)

PDF
Digital Customer Due Diligence: Leveraging Third-Party Utilities
Cognizant
 
PDF
JP Case study for open banking using legacy system.pdf
prince1705
 
PDF
apidays LIVE Australia 2021 - Empowering the fintech ecosystem with APIs by D...
apidays
 
PPTX
Cyber Security Unit laws_and_regulatory_requirements.pptx
SourabhNath4
 
PDF
mr-jatinder-handoo modeling excavation earth work
findmogesg
 
PDF
A Survey on Bigdata Analytics using in Banking Sectors
ijtsrd
 
PDF
Special Committee review of the Personal Information Protection Act (PIPA): ...
BC Tech Association
 
PDF
PSD2 un GDPR savstarpējā ietekme. Intersections of PSD2 and GDPR
Latvijas Banka
 
PDF
Regulators on the Move – Recent Treasury and Comptroller Actions: How They Af...
Winston & Strawn LLP
 
PDF
Regulation and competition in light of digitalisation – UK Competition & Mark...
OECD Directorate for Financial and Enterprise Affairs
 
PDF
ICA InCompliance Magazine article 2019 - Virtual Banks
Thomas Wan 尹志坚 FICA CFTPSnr IBFA MSc MBus BA(Hons) PgDipGRC, FCC
 
PDF
Data Privacy Regulations and Their Impact on Buying Verified Cash App Account...
Popularit Usa
 
PDF
DFS22_Main Stage_Laurent Bailly_Visa_041022
FinTech Belgium
 
PDF
JEE Data Protection Newsletter - January 2025 - MerisLabs.pdf
MerisLabs
 
PDF
Embracing Open Banking: The Future of Financial Innovation with Section 1033
nidhisharma633824
 
PDF
How IBM Supports Clients around GDPR and Cybersecurity Legislation
IBM Security
 
PDF
Top Ten Challenges for Investment Banks 2015: Revolution: Challenge 10
accenture
 
PDF
The Future of Open Banking, beyond January 2018
PaymentComponents
 
PDF
Balance Resilience and CX: COVID-19 Impact on Banking Customer Experience
RNayak3
 
PDF
NIIT Technologies regulatory reporting
NIIT Technologies
 
Digital Customer Due Diligence: Leveraging Third-Party Utilities
Cognizant
 
JP Case study for open banking using legacy system.pdf
prince1705
 
apidays LIVE Australia 2021 - Empowering the fintech ecosystem with APIs by D...
apidays
 
Cyber Security Unit laws_and_regulatory_requirements.pptx
SourabhNath4
 
mr-jatinder-handoo modeling excavation earth work
findmogesg
 
A Survey on Bigdata Analytics using in Banking Sectors
ijtsrd
 
Special Committee review of the Personal Information Protection Act (PIPA): ...
BC Tech Association
 
PSD2 un GDPR savstarpējā ietekme. Intersections of PSD2 and GDPR
Latvijas Banka
 
Regulators on the Move – Recent Treasury and Comptroller Actions: How They Af...
Winston & Strawn LLP
 
Regulation and competition in light of digitalisation – UK Competition & Mark...
OECD Directorate for Financial and Enterprise Affairs
 
ICA InCompliance Magazine article 2019 - Virtual Banks
Thomas Wan 尹志坚 FICA CFTPSnr IBFA MSc MBus BA(Hons) PgDipGRC, FCC
 
Data Privacy Regulations and Their Impact on Buying Verified Cash App Account...
Popularit Usa
 
DFS22_Main Stage_Laurent Bailly_Visa_041022
FinTech Belgium
 
JEE Data Protection Newsletter - January 2025 - MerisLabs.pdf
MerisLabs
 
Embracing Open Banking: The Future of Financial Innovation with Section 1033
nidhisharma633824
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
IBM Security
 
Top Ten Challenges for Investment Banks 2015: Revolution: Challenge 10
accenture
 
The Future of Open Banking, beyond January 2018
PaymentComponents
 
Balance Resilience and CX: COVID-19 Impact on Banking Customer Experience
RNayak3
 
NIIT Technologies regulatory reporting
NIIT Technologies
 
Ad

Recently uploaded (20)

PDF
©️ 01_Algorithm for Microsoft New Product Launch - handling web site - by Ale...
none
 
PPT
statistic analysis for study - data collection
NguynNgcBchTrm8
 
PPTX
AI AND ML PROPOSAL PRESENTATION MUST.pptx
wamalajohn
 
PPTX
Phase1_final PPTuwhefoegfohwfoiehfoegg.pptx
udayashankark9
 
PPTX
FMIS 108 and AISlaudon_mis17_ppt_ch11.pptx
SadihaAfrose
 
PPTX
New ISO 27001_2022 standard and the changes
Mayank Mathur
 
PPTX
Copy of 16 Timeline & Flowchart Templates – HubSpot.pptx
ahsonbashir
 
PPT
PROJECT CYCLE MANAGEMENT FRAMEWORK (PCM).ppt
GebrelibanosYowhans
 
PPT
Image processing and pattern recognition 2.ppt
anwarfadel430
 
PPTX
ai agent creaction with langgraph_presentation_
RithikLogu1
 
PPT
expt-design-lecture-12 hghhgfggjhjd (1).ppt
n02428295w
 
PPTX
recommendation Project PPT with details attached
AlanChen266674
 
PDF
Votre score augmente si vous choisissez une catégorie et que vous rédigez une...
GreatIdeasin5Minutes
 
PPTX
chuitkarjhanbijunsdivndsijvndiucbhsaxnmzsicvjsd
siddi1404
 
PPTX
Statisticsccdxghbbnhhbvvvvvvvvvv. Dxcvvvhhbdzvbsdvvbbvv ccc
DibyenduRoy49
 
PPTX
eGramSWARAJ-PPT Training Module for beginners
SouvenirCivil
 
PPTX
CHAPTER-2-THE-ACCOUNTING-PROCESS-2-4.pptx
AngelbertBayles
 
PDF
Jean-Georges Perrin - Spark in Action, Second Edition (2020, Manning Publicat...
Pablo Jose Prieto Entenza
 
PPT
DU, AIS, Big Data and Data Analytics.ppt
SadihaAfrose
 
PDF
ahaaaa shbzjs yaiw jsvssv bdjsjss shsusus s
elisafebrianipasarib1
 
©️ 01_Algorithm for Microsoft New Product Launch - handling web site - by Ale...
none
 
statistic analysis for study - data collection
NguynNgcBchTrm8
 
AI AND ML PROPOSAL PRESENTATION MUST.pptx
wamalajohn
 
Phase1_final PPTuwhefoegfohwfoiehfoegg.pptx
udayashankark9
 
FMIS 108 and AISlaudon_mis17_ppt_ch11.pptx
SadihaAfrose
 
New ISO 27001_2022 standard and the changes
Mayank Mathur
 
Copy of 16 Timeline & Flowchart Templates – HubSpot.pptx
ahsonbashir
 
PROJECT CYCLE MANAGEMENT FRAMEWORK (PCM).ppt
GebrelibanosYowhans
 
Image processing and pattern recognition 2.ppt
anwarfadel430
 
ai agent creaction with langgraph_presentation_
RithikLogu1
 
expt-design-lecture-12 hghhgfggjhjd (1).ppt
n02428295w
 
recommendation Project PPT with details attached
AlanChen266674
 
Votre score augmente si vous choisissez une catégorie et que vous rédigez une...
GreatIdeasin5Minutes
 
chuitkarjhanbijunsdivndsijvndiucbhsaxnmzsicvjsd
siddi1404
 
Statisticsccdxghbbnhhbvvvvvvvvvv. Dxcvvvhhbdzvbsdvvbbvv ccc
DibyenduRoy49
 
eGramSWARAJ-PPT Training Module for beginners
SouvenirCivil
 
CHAPTER-2-THE-ACCOUNTING-PROCESS-2-4.pptx
AngelbertBayles
 
Jean-Georges Perrin - Spark in Action, Second Edition (2020, Manning Publicat...
Pablo Jose Prieto Entenza
 
DU, AIS, Big Data and Data Analytics.ppt
SadihaAfrose
 
ahaaaa shbzjs yaiw jsvssv bdjsjss shsusus s
elisafebrianipasarib1
 

Consumer Data Rights

  • 2. While the Consumer Data Right (CDR) rules are being finalised, the outline has been published. Australian banks have started their compliance journey to meet the new open banking standard. As banks prepare themselves for the seismic transition from a closed model to being able to share high-quality and accurate data with third parties, they face two immediate needs. First, strong data governance; and second, a robust data management framework that offers adequate data privacy and security measures. 2 UNLOCKING VALUE WITH CONSUMER DATA RIGHTS RULES
  • 3. Figure 1: Global Regulations on Open Banking and Data Protection Sources: ec.europa.eu/info/law/payment-services-psd-2-directive-eu-2015-2366_en; www.gov.uk/government/organisations/ competition-and-markets-authority; bankingblog.accenture.com/brave-new-world-open-banking-apac-japan?lang=en_US; www. accc.gov.au/system/files/CDR-Rules-Outline-corrected-version-Jan-2019.pdf; citizen.co.za/business/1957537/will-sa-banks-pursue- open-banking-before-they-need-to/; openbanking.ng/get-started/; www.consumerfinance.gov/about-us/newsroom/cfpb-outlines- principles-consumer-authorized-financial-data-sharing-and-aggregation/ DataprivacyandOpenBanking gainglobaltraction Globally, along with changing consumer preferences, concerns regarding data collection, privacy, and security are growing. As regulators around the world continue to closely observe Europe’s Payment Services Directive 2 (PSD2) and the General Data Protection Regulation (GDPR), many are already in the advanced stages of drafting equivalent open banking standards and data protection regulations. PSD2 regulates banks in the EU to grant third party providers access to payment accounts for account information and payment initiation. CMA (Competition and Monetary Authority) regulated the 9 largest UK private banks to form an Open Banking Implementation Entity. Monetary Authority of Singapore “Finance-as-a-Service” playbook to boost Open API adoption. Japan to open up by 2020. Hong Kong Monetary Authority to regulate tier-1 HK banks to open up APIs. Furthermore, several Open Banking related GovTech initiatives in India, China, Singapore. Australian Treasury Department finalising Open Banking Standards by February 2019. New Zealand: Banks recently started Open Banking pilot. South Africa: PSD2 is watched closely. SARB (South African Reserve Bank) should “drop” a report regulating a “Sandbox API”. In Nigeria, API Banking use cases for financial inclusion gaining traction. US CFPB pushing for customer-authorized access to data as alternative for screen scraping. Canadian government is studying the introduction of Open Banking regulation. Fintech and Open Banking bill passed in Mexico. 3 UNLOCKING VALUE WITH CONSUMER DATA RIGHTS RULES
  • 4. Theconsumerdatarightrules frameworkismorethanjust OpenBanking The Consumer Data Right Rules Outline released by the Australian Competition & Consumer Commission (ACCC) in December 2018 focuses on much more than just opening the closed and traditional banking model.1 While the rules try to empower consumers with the right to correction (like the subject rights in GDPR), enabling customers to rectify their data in 30 calendar days, they also require CDR participants to draft a policy on open and transparent data management that is independent of any existing privacy policy. The rules prescribe the need for adequate quality and security measures before data can be shared with third party providers. This provides banks with a perfect opportunity to leverage the CDR rules framework to establish a strong data governance platform focused on data quality, transparency and traceability. Australian banks will also need to comply with other ongoing data-centric regulatory initiatives such as the Basel Committee on Banking Supervision’s standard number 239 (BCBS239) and the GDPR. In doing so they may see cross-regulatory synergies. In response to the growing pace of technological innovation and the increasing risk and sophistication of data theft, the CDR rules underline the importance of having a strong, well-defined and well- governed data framework. Some of the key CDR rules highlights include: A) Multiple Regulator Model The ACCC will be responsible for standards-setting while the Office of the Australian Information Commissioner (OAIC) will examine the privacy impacts. B) Sector-by-sector implementation The CDR will be implemented on a sector- by-sector basis, starting with the banking sector. This gives all other industries, especially data-centric ones such as telecommunications, more time to plan the implementation. C) Phased implementation The banking sector will be required to begin sharing data in phases, with the first wave to be opened up by 1 July 2019 (see Figure 2). D) Consent / authorisation management Data holders and data recipients will need to obtain customer consent before customer data can be shared. E) Consumer dashboard Data holders and recipients will need to create a consumer-facing dashboard showing all data-sharing authorisations Proposedconsumerdata rightrules 4 UNLOCKING VALUE WITH CONSUMER DATA RIGHTS RULES
  • 5. (active and historical) that the customer has given. The dashboard should also record the disclosure of data. F) Right to correction Data holders and recipients must correct any CDR data which a consumer deems incorrect or redundant. They must respond to requests for rectification within 30 calendar days. G) Open and transparent data management Data holders and recipients must have a CDR policy on data management that is independent of any existing privacy policy. The policy should be easy to understand and drafted in a way that promotes consumer engagement. H) Notification of collection and disclosure Data holders and recipients must record disclosure of data in consumer dashboards. I) Quality and security of data Data holders and recipients must ensure that the CDR data being shared is accurate, current and complete for the purpose for which it is held. Recipients must also undertake adequate precautions to ensure data security. J) Record keeping and reporting Data holders and recipients will be responsible for collecting and maintaining records of complaints and disputes and reporting these biannually. They will have to retain the records for six years. Source: Published CDR Rules Outline – https://www.accc.gov.au/system/files/CDR-Rules-Outline-corrected-version- Jan-2019.pdf Figure 2: CDR Rules Implementation Phases for Banks PHASE I PHASE II PHASE III Products in scope • Savings accounts • Call accounts • Term deposits • Current accounts • Cheque accounts • Debit card accounts • Transaction accounts • Personal basic accounts • GST and tax accounts • Credit and charge cards • Residential mortgages • Investment mortgages • Mortgage offset accounts • Business Finance • Personal Loans • Lines Of Credit (Personal) • Lines Of Credit (Business) • Overdrafts (Personal) • Overdrafts (Business) • Asset Finance • Cash Management Accounts • Farm Management Accounts • Pensioner Deeming Accounts • Retirement Savings Accounts • Trust Accounts • Foreign Currency Accounts • Consumer Leases Date of compliance Product Data – Jul 01, 2019 Other Data – Feb 01, 2020 Feb 01, 2020 Jul 01, 2020 5 UNLOCKING VALUE WITH CONSUMER DATA RIGHTS RULES
  • 6. Source: Qualitative Analysis, Accenture 2019 Figure 3: A Comparison of Consumer Data Regulatory Features CDRcombinesaspectsof differentEuropeanregulations The CDR echoes PSD2 with its requirement that banks open up their customer account information to third parties.2 It also incorporates several aspects of the GDPR, including the right to data rectification, active consent/ authorisation management and data minimisation measures.3 There are, however, key differences between the CDR and its European counterparts. For one thing, the scope of the CDR includes lending accounts while PSD2 and the GDPR do not. The Australian and European schemes also differ in terms of actions in scope: PSD2 and UK Open Banking allow actions such as payments initiation and account opening while the CDR allows read-only access. Having said this, we are already seeing potential use cases in Australia for the combination of the CDR and the New Payments Platform (NPP) to create new digital services for businesses and consumers that effectively leverage both read and write capabilities.4 (Our September 2018 paper, Open Banking and the New Payments Platform: Unlocking Real-Time Commerce, discusses this in more detail.) CATEGORY KEY FEATURE EU GDPR EU PSD2 Australia (CDR) Type of Information in scope Transaction data Account support data Customer identity AML/CTF support Accounts in scope Transaction/savings Credit cards Personal loans Mortgages Business loans Actions in scope Read data Initiate transactions Open accounts Initiate application Privacy standards Right to erasure Block solicitation/profiling & SCA Data Protection Office Pseudonymisation Consent Management Consumer Dashboard Breach Management 6 UNLOCKING VALUE WITH CONSUMER DATA RIGHTS RULES
  • 7. Source: Qualitative Analysis, Accenture 2019 Figure 4: Impacts of CDR on Banks HowCDRimpactsdata, technology,processesandpeople The implementation of the CDR is likely to profoundly change Australia. As the banking industry adopts the rules framework and other industries follow, the impact will be widely felt by consumers and third-party providers. Consumers will benefit from the new regime as they will enjoy a better choice of banking products as well as potentially reduced costs due to greater competition. Along with the ease of switching between different service providers, including fintech firms and start-ups, consumers will have greater access to and visibility of their own data that banks hold. Importantly, consumers will have the ability to direct that the data be safely transferred to trusted and accredited service providers of their choice. For Australian banks, the CDR will have a significant impact on the entire process, system and data landscape. 1 Sharing of Customer Data 2 Consent / Authorization Management 3 Customer Dashboard 4 Open and Transparent Management of Data 5 Anonymity and Pseudonymity 6 Notifying the collection and disclosure of CDR data 7 Quality of CDR data 8 Security of CDR data 9 Correction of CDR data 10 Record keeping and Reporting 4 7 10 Technology Impact + + – – PeopleandProcessImpact 9 3 12 8 5 6 Bubble size indicates impact magnitude 7 UNLOCKING VALUE WITH CONSUMER DATA RIGHTS RULES
  • 8. The top three factors impacting banks today are: 1.Sharingcustomerdata The data-sharing aspect of the CDR will necessitate the development of secure application programming interfaces (APIs), the implementation of data minimisation standards, and measures to ensure adequate data quality as well as data correction features. This will require a major overhaul of banking systems and processes. The entire system landscape, including ledgers, data warehouses, data marts and risk and reporting systems will need to undergo changes along with different banking processes. Banks will also need to invest in improving their end-to-end product and pricing data capabilities, which have typically evolved in a myriad of legacy systems and spreadsheets. This will need to become industrial-strength, automated and API-enabled to support the requirements of the CDR. And, most importantly, banks will need to ensure the data is always accurate and valid. 2.Consent/authorisation managementandconsumer dashboard The CDR will require banks to implement effective and efficient consent management policies and processes and establish dashboards. It will become essential for banks to be able to demonstrate clear governance around collecting and managing customer consent and authorisations before data is shared. 3.Openandtransparent managementofdata Banks will have to create a separate data management policy as well as review all existing policies and frameworks surrounding different data management practices today, including existing data minimisation measures, data retention policies and anonymisation/ pseudonymisation techniques. Consumers will benefit from the new regime as they will enjoy a better choice of banking products as well as potentially reduced costs due to greater competition. 8 UNLOCKING VALUE WITH CONSUMER DATA RIGHTS RULES
  • 9. Usinglessonslearnedfrom similarglobalinitiatives Banks should use the lessons learned from global initiatives on open banking and data privacy to gain time and cost synergies when implementing CDR rules. Banks in Europe (and globally) struggled in their journey to GDPR compliance due to the complexity of the regulation and the huge impact on data, systems and processes, coupled with the short implementation time of only two years. Another burden was the introduction of the Payment Services Directive II (PSD2), which became applicable on 13 January 2018.5 Due to the extremely complex nature of these regulations, tight timelines for implementation, and high penalties for non-compliance, banks and financial services companies across the globe have struggled to execute solutions. Whilst there are many synergies between the two sets of regulation, financial services firms have tended to address each separately. As a result, they have not been able to fully realise the benefits of undertaking a co-ordinated and combined approach. Some of the key lessons from their experience include: Concerns over reputational risk and being a trusted brand For many organisations, avoiding reputational damage is viewed as more important than being compliant with regulators. E.g. Concerns over being the first to be fined in the industry. First-mover advantage Time to market is key. Leading market participants should take advantage of the current regulatory chaos by being first movers and thereby dictating market adoption in data privacy. Align with other ongoing initiatives From the outset, the CDR implementation should align with other ongoing data protection initiatives such as the GDPR. There is an opportunity to run common activities, so the entire data-driven regulatory portfolio can leverage the synergies between the different regulations. Improve customer trust and experience The CDR should not be viewed simply as a regulatory tick mark. Banks need to focus on delivering a differentiated positive customer experience as well as continue to maintain and improve customer trust. Rotate to the new Australian banks should use the CDR as a tool to rotate to the new and derive competitive advantage by leveraging the latest technologies, especially artificial intelligence, robotics, machine learning and advanced data analytics. 9 UNLOCKING VALUE WITH CONSUMER DATA RIGHTS RULES
  • 10. Thecountdowntocompliance deadlinesstartsnow With a few months remaining for banks to meet their compliance obligations, it’s important to act now. As we’ve seen in Europe, banks have struggled with  implementing PSD2 and GDPR due to regulatory complexities. With a phased implementation for the CDR rules, banks in Australia will benefit by first starting with a clear, well-defined action plan and focused initiatives. Like any other regulatory initiative, banks will need to start with an assessment of the current state of the processes, systems and policies of not only their APIs, and the quality of data they hold, but also of current processes around data retention, data minimisation and data anonymisation. 10 UNLOCKING VALUE WITH CONSUMER DATA RIGHTS RULES
  • 11. 1 Consumer Data Right Rules Outline, Australian Competition & Consumer Commission (December 2018). https://www. accc.gov.au/system/files/CDR-Rules-Outline- corrected-version-Jan-2019.pdf 2 Directive (EU) 2015/2366 of the European Parliament and of the Council, European Union (25 November 2015). https:// eur-lex.europa.eu/legal-content/EN/ TXT/?uri=celex%3A32015L2366 3 Regulation (EU) 2016/679 of the European Parliament and of the Council, European Union (27 April 2016). https://eur-lex.europa.eu/legal- content/EN/TXT/?qid=1528874672298&uri= CELEX%3A32016R0679 4 Open Banking and the New Payments Platform: Unlocking Real-Time Commerce, Accenture (20 October 2018). https:// bankingblog.accenture.com/open-banking- new-payments-platform-unlocking-real-time- commerce?lang=en_US 5 http://europa.eu/rapid/press-release_ MEMO-17-4961_en.htm https://eugdpr.org/the-regulation/gdpr-faqs/ AUTHORS REFERENCES Tales Lopes Managing Director, Finance, Risk and Compliance Practice Lead for Australia and New Zealand, Accenture Financial Services tales.s.lopes@accenture.com Graham Rothwell Managing Director, Asia Pacific Payments, Accenture Financial Services g.rothwell@accenture.com Bikram Paul Choudhury Manager, Finance, Risk and Compliance, Accenture Financial Services bikram.choudhury@accenture.com 11 UNLOCKING VALUE WITH CONSUMER DATA RIGHTS RULES
  • 12. Copyright © 2019 Accenture. All rights reserved. Accenture, its logo, and New Applied Now are trademarks of Accenture. 190317 ABOUT ACCENTURE Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions—underpinned by the world’s largest delivery network—Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With approximately 469,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com. DISCLAIMER The views and opinions expressed in this document are meant to stimulate thought and discussion. As each business has unique requirements and objectives, these ideas should not be viewed as professional advice with respect to your business.