The Royal Commission into banking misconduct continues to act as a perfect catalyst of the reliable, responsible and independent future of the Australian digital financial and payment capabilities.
The reality is things going wrong under Open Banking will come down more to technology and human error. It’s our job to manage those expectations, especially as Open Banking is expanded to Open Finance, to make sure financial services companies and their
customers know the benefits far outweigh the costs.
Last month, a trio of Australian consumer groups
wrote to the Treasury arguing non-bank lenders could misuse the Consumer Data Right (the mechanism for Open Banking) because they are not subject to the same comprehensive credit reporting (CCR) mechanism like the big banks.
The consumer groups also argued expanding Open Banking to non-bank lenders would “support and increase poor non-bank lender behaviour that profiles risk and targets financial hardship” with a specific focus on screen scraping.
These are all reasonable concerns to any Open Banking regime introduced in a market where a minority of financial services industry actors are engaging in nefarious conduct. The consumer groups are doing their job.
It’s also worth remembering that while the UK’s recent inquiry into the banking industry was to do with competition, Australia’s Royal Commission was about misconduct. This is the background mood with which Open Banking and Open Finance are being rolled
out.
Screen scraping has been banned in the UK and it’s difficult to see the practice being allowed to continue in Australia for much longer once Open Banking is more mature.
What I think the consumer groups have downplayed is the benefits that flow to consumers from Open Banking. As my colleague Andrew Glover has
written in Australia:
“An unscrupulous actor could use the CDR to target vulnerable customers. The reality is that people in financial hardship need quality financial services and the CDR gives the majority of ethical actors the same access to those consumers as the dodgy ones.
Further, when someone does become entangled with a dodgy non-bank lender, the task of getting away from them is hard outside the CDR.”
The undersold part of this story is the role that breaches to Open Banking regimes will play when the cause is technology and human error. There’s a strong chance this will play a much larger role in shaping the perceptions of Open Banking as a reliable
remedy than the bad actor scenario.
In March, the UK’s Competition and Markets Authority
wrote to Barclays and Lloyd’s over banking API breaches. The breaches mostly related to inaccurate information such as available ATMs, and debit interest rates for lending products and appear to have been isolated rather than systemic.
This problem will be more frequent. Systems integration issues in frameworks such as Open Banking, NPP, PayTo tend to arise from short regulatory timelines. As an adviser to critical payments infrastructure rollouts in Australia, I can report this has been
a multi-facet feature of the concurrent priorities and significant stress-testing on all levels that even bigger economies than Australian have challenges to mitigate completely.
Barclays has introduced manual controls to check data accuracy and rolling out staff training on open banking API compliance. But this should not be accepted as precedent given the benefits of Open Banking are supposed to be shared with smaller operators.
Australia’s ‘Shiraz and Wagyu’ case, a creation of the Royal Commission creation, highlighted how manual processes can increase costs for customers and reduce competition as smaller operators are disproportionately penalised. Banks can’t behave badly, but
our solutions have to deliver sustainable improvements to consumers.
Unprecedented richness of metadata, fully transparent yet secure authentication will make Open Banking, fast payments and PayTo unsustainable for smaller fraudulent operators, increasing the benefits and security for Australian consumers. It’s our job as
an industry to make sure everyone knows what the real problems will look like and assure all users that when they arise, we can fix them.