As Australia and New Zealand stride into the brave new world of open finance, data holders find themselves at the epicentre of a regulatory whirlwind. The Consumer Data Right (CDR) in Australia and the forthcoming Consumer and Product Data Bill in New Zealand are reshaping the financial landscape, demanding a new level of data transparency and consumer empowerment that's sending concern through boardrooms across both nations. The legislation broadly aims to improve “customers’ access to and control over their data”, and establish the trustworthiness of those that data is shared with.
For the big four banks in Australia - CBA, Westpac, ANZ, and NAB - the reality of open banking has already hit home. They've been grappling with the complexities of data sharing since July 2020. Now, as the CDR expands its reach to encompass a broader definition of open finance, a new cohort of data holders is being pulled into the regulatory net.
In New Zealand, while the legislation is still taking shape, savvy financial institutions are already bracing for impact, knowing that the trans-Tasman neighbour's approach often presages their own regulatory future.
The requirements for data holders under these new regimes are as complex as they are crucial. At their core, they demand that organisations holding consumer data must make it available, in a standardised format, to accredited data recipients when requested by the consumer. It sounds simple in theory, but in practice, it's a technological and operational minefield.
First and foremost, data holders must ensure the security and privacy of the data they're sharing. This isn't just about robust firewalls and encryption - it's about creating systems that can verify the accreditation of data recipients, authenticate consumer consent, and maintain an auditable trail of data access and sharing.
The Australian Competition and Consumer Commission (ACCC) has made it clear that data holders must be able to respond to data sharing requests promptly and accurately. This means investing in APIs that can handle real-time data transfers and systems that can package up years of transaction data at a moment's notice.
For many organisations, particularly those outside the big four banks, this represents a significant technological uplift. Legacy systems, some of which have been ticking along since the time when mobile banking meant carrying your cheque book to the pub, are being stress-tested like never before.
But it's not just about the tech. Data holders are also required to educate consumers about their rights under the new regime. This means clear, accessible information about data sharing, consent, and the implications of participating in the open banking ecosystem. For financial institutions accustomed to keeping their data cards close to their chest, this new era of transparency represents a cultural shift as much as a regulatory one.
Data Holder compliance isn't a one-and-done affair, either. The regulatory landscape is evolving rapidly, with the ACCC in Australia and the Ministry of Business, Innovation and Employment in New Zealand continually refining the rules. Data holders need to stay on their toes, ready to adapt to new requirements as they emerge.
The penalties for non-compliance are steep. In Australia, breaches of the CDR can attract fines of up to $10 million for corporations. While New Zealand's regime is still taking shape, it's a safe bet that regulators across the ditch will be equally serious about enforcement.
Yet for all the challenges, open finance also presents opportunities. Data holders who embrace the spirit of the regulations - not just the letter - stand to gain consumer trust and position themselves at the forefront of financial innovation.
As we move deeper into this new era, one thing is clear: the days of data hoarding are over. For data holders in Australia and New Zealand, the message is simple - adapt, innovate, and above all, comply. The future of finance is open, and there's no going back.