The Australian Government has today released a report into Open Banking in Australia that sets out recommendations in relation to the method of implementation and proposed timelines. Some key points are:
- the Australian Competition and Consumer Commission (ACCC) should be primarily responsible for overseeing standards-setting and accreditation, assisted by the Office of the Australian Information Commissioner for privacy issues;
- the obligation to share data should apply to all Australian Deposit-taking Institutions (ADIs) as well as reciprocally for other participating entities;
- all ADIs should be automatically accredited to receive data. A risk-based accreditation standard should be used for non-ADIs (this would include most FinTech startups, for example);
- the use of Application Programming Interfaces to facilitate data sharing; and
- mandatory implementation of “read-only” access should be approximately 12 months from a final Government decision to implement Open Banking for the big 4 banks, with a further 12 months transitory period for other banks.
Interestingly, the report recommended that a tiered accreditation model be used, with higher risk data only accessible by parties accredited to receive data of that level of risk. The report also did not recommend that accreditation requirements be based on proposed use of data. This is in contrast to the UK where registration or authorisation requirements differ depending on whether a business offers the ability to initiate bank payments from their third-party service.
Further details of the implementation remain to be seen, particularly in relation to “write” access which will allow data such as payment instructions to be sent to bank accounts through a third-party service. You can read the report here.