CDR is a means to an end, not the end itself

Open banking through the Consumer Data Right (CDR) is a simple concept. A way of safely sharing personal data so consumers can get something they need – a home loan, a business loan, or simply manage their finances – via a more seamless, secure, and intuitive experience.

The introduction of the CDR, commencing with open banking, was intended to empower consumers with increased transparency, reduced pain points, and greater flexibility to actively seek and secure the best outcome for their financial situation.

For lenders, open banking can provide a more efficient way of providing credit assistance and recommendations, enhanced credit risk modelling, and detailed insights beyond traditional credit scores the industry has historically relied upon.

Conceptually, CDR paves the way for increased innovation and competition, with benefits for business and consumers alike.

So why then, has CDR been unable to increase competition in the way it was intended? In an increasingly digital economy post-COVID-19, why haven’t we been able to realise the desired benefits?

CDR has an identity crisis

Open banking went live with the ‘big four’ banks on 1 July 2020 and since then has gradually rolled out to cover all banks and now energy companies. Since 2020, the lack of uptake of CDR-enabled use cases has been a consistent feature of commentary on the CDR and despite the fact that there is genuine demand and interest in using the CDR by fintechs and financial institutions.

Much of the blame for the slow uptake has centred on friction in the consent process, data quality issues, and lack of a centralised implementation entity. While there are obvious, but solvable consent and data quality issues to overcome, what’s primarily inhibiting uptake is the bespoke CDR privacy regime. This has resulted in complex overregulation of the data received via the CDR ‘rails’ and has made the transition of many existing use cases to the CDR completely impractical.

Put simply, this means consumer consent for virtually every use and disclosure while also imposing a requirement that every organisation involved in the supply of a product or service through the use or disclosure of CDR data be licensed via CDR accreditation or fit within one of the complicated CDR access models. This is the obvious barrier to entry for those who want to use the CDR to provide products and services. An obstacle that for most is too hard and expensive to overcome in the challenging economic environment we now face with limited access to capital and stifled investment in innovation.

CDR is a means to an end – not the end itself

The metric of success isn’t going to be defined by how many customers know they are using CDR; instead, it hinges on how many products and services are facilitated by CDR.

By enabling businesses to leverage CDR to provide tailored services to consumers or a broader range of products for new customer segments, we will enable greater competition and through that provide benefits for consumers and businesses. In the future CDR will expand over more sectors and a broader range of data can be used with customer consent to foster innovation and new products and services being offered to consumers. The potential is obvious and all participants will reap the benefits.

Businesses like Tiimely are the pathway to uptake of the CDR – fintechs drive competition and innovation in financial services that larger financial institutions then follow. The government therefore needs to reduce the current barriers to using the CDR in a commercially viable way.

Privacy and trust are critical – but consumer protections need to apply equitably across regulated businesses on an economy-wide basis. The current Privacy Act reform process is the appropriate means of ensuring that privacy protections are fit for the digital age – not the CDR.

The government has already made adjustments to CDR to provide more flexibility for sharing of data by business consumers – we need further adjustments to ensure that individual consumer use cases (like digital home lending) do not remain stranded and to lay the foundation for a transition away from screen scraping.

Refocusing the CDR on its central competition objective is the way we enable consumers to get the benefits of sharing their data. In time we’ll all enjoy the new products and services that sit upon it.

Jodi Ross, head of regulatory affairs and compliance at Tiimely

Jodi Ross has been involved in the Consumer Data Right and open banking in Australia since the early days of implementation in 2018, where she led the development of the CDR rules at the ACCC and then Treasury. From 2021, Ms Ross has worked on CDR implementation within the fintech sector, as regulatory and compliance lead for TrueLayer in Australia and now as Tiiimely’s head of regulatory affairs and compliance.