ABA warns of data security integrity for open banking

Writing to the Treasury in response to the Farrell Review into Open Banking, the Australian Banking Association (ABA) said that banks were “committed to the success of open data”, which it suggested could “empower customers to achieve better deals and make more informed choices”, but argued that it did not believe that a 12-month implementation period from the announcement of an open data regime was “feasible”.

“This would not provide sufficient time for standards and rules design, and the subsequent technology build that requires the standards and rules before it can begin,” the ABA told Treasury.

It therefore suggested that a phased product launch be developed to “focus on delivering the greatest benefit to the largest number of customers as quickly as possible, before subsequent phases are launched leveraging the lessons of the first phase”.

As such, it has proposed that reference data and transaction data for those products listed under deposits are rolled out in the first 12-month implementation phase for large banks after the standards and rules are set, and no earlier than 24 months for smaller banks; while other products are rolled out in subsequent stages, “with timelines set based on the experience of the first wave, beginning with credit cards”.

Australian Banking Association chief executive Anna Bligh highlighted that ensuring customer data is secure is of paramount importance, particularly given the recent allegations of breaches in data collection involving Facebook.

“Our number one area of concern is around customers understanding what they are consenting to and what their data will be used for. Banks take data privacy and security very seriously,” Ms Bligh said. 

“Just recently, it was revealed that data from a social media platform was being used for other purposes. We do not want to see a repeat of this with the introduction of open data in Australia.”

Ms Bligh continued: “The banking industry believes that rules and standards must first be designed to ensure consistency across all industries that will eventually take part in the sharing of data.

“Customer safeguards and appropriately designed security and standards are vital to the scheme’s long-term success.”

As well as suggesting a phased introduction, the ABA’s response to the Farrell report suggests that the open data regime should also include a “reciprocity principle”, particularly as it applies to sharing across industries; clear service levels on how data is to be made available; and customer control over data should be paramount.

[Related: Open data will give mortgagors more power: uno]