Three seismic forces are driving the digital transformation in banking:
• EU’s revised Payment Services Directive (PSD2)
• General Data Protection Regulation
• Competition and market authorities push for a level playing field.
In a recent draft report studying financial services competition, the Australian Productivity Commission concluded that big banks probably don’t compete strongly enough for business and smaller banks find it difficult to grow. This market sentiment is shared by competition and market authorities globally and leads into the regulatory reforms now being enacted under the collective move to Open Banking.
As a result, banks around the world are transitioning from monolithic, homogenous product pushers, to customer-centric organizations that define and deliver digital banking services by leveraging new and emerging technology. It is becoming increasingly clear, that to be successful banks must become their customers’ go-to point for the coordination of disparate banking services across multiple service providers. The days of end-to-end value chain domination and vertical market integration look to be firmly behind us.
Massive product proliferation with weak, or no product differentiation, combined with limited product transparency has led to consumers being complacent to remain with incumbent sizeable financial services providers. In many instances, customers stick with their primary – and in many cases initial – banking service provider, regardless of poor treatment. Statistics indicate that loyal customers are not rewarded for staying put, and may, in fact, pay higher costs. This practice supports the high profit-generating capacity of the major banks, which claim they are merely responding to the market forces of shareholder demands for ongoing high returns on equity.
Open Banking reforms look to address the data asymmetries in banking that have led in part to these customer outcomes. Australia’s decision to implement Open Banking as the first application of the newly-emerging Consumer Data Right aims to facilitate an economy-wide consumer-directed data transfer system. The thinking is that if we can get it right for banking, we will have a replicable model for the safe, secure and permissioned management of customer data across all industry sectors. The supporting economic principle is that broader sharing of data will lead to increased innovation, more players participating in an interconnected ecosystem of providers, and increased competition. The result? Better outcomes for consumers and small businesses.
Therefore, the forces identified by competition and market authorities (CMAs) combined with the EU’s revised Payment services directive (PSD2), and emerging General Data Protection Regulation (GDPR) are combining to create dynamics leading to Australia’s inevitable and unstoppable Open Banking digital transformation.
A complex construct of Australian statutory, regulatory and aligned representative groups is required to enact the planned transformation to Open Banking. APRA, the RBA, ASIC, and the ACCC share institutional responsibility to support the reforms required to deliver Open Banking. Each entity is somewhat responsible for competition in the financial system, therefore keenly interested in enacting these reforms within the associated compliance timeline. Inevitably, this overlap of responsibilities can lead to a scenario in which―often at critical times―confusion prevails. It is becoming clear that holistic, parallel reforms to the regulatory framework will likely be required to ensure effective implementation.
Organizations must prepare now for the platform support required to meet these emerging regulatory and compliance requirements, while also considering the impact on today’s business operating models. Importantly, the UK regulatory technical specifications emerging from Open Banking Limited provide a robust basis for the standards required to support Open Banking reforms. We expect Data61, as an auspice of the CSIRO, will carefully consider these standards, as a litmus and catalyst of what Australia must achieve.
Application programming interfaces (APIs) and new platformification principles form the basis of the technical overhaul of legacy business and technology systems required, to support the efficient, permissioned and secure transmission of data necessary to transition to a customer-centric banking services provider.
Australian Royal Commission into misconduct in the Banking, Superannuation and Financial Services
As the Commission grinds into the third series of public forums, the reputations of Australia’s major banks remain under scrutiny. Evidence suggesting process weaknesses and misconduct is now before the commission, as legal teams begin to ask whether conduct surfaced can be reasonably represented as falling below community standards, and increasingly likely to be considered unconscionable.
Conduct relating to mandatory reporting requirements to Australian Prudential Regulatory Authority (APRA) is now being reviewed as evidence of possible breaches of the Corporations Act, opening the potential for civil penalties for those held responsible. Some senior executives and board members of Australia’s most significant financial services organizations have recently departed under a cloud of controversy about serious misdemeanors now considered inappropriate.
It is likely that the bank’s historical position as the sole provider of trust, supported by further deliberations around the responsibility that bankers will act ethically, and without conflicts of interest, will continue to be eroded by evidence of widespread misconduct. These challenges to the privileged position banks and bankers have held in the past have the potential to go the heart of the scrutiny of the culture that has formed within our local and global banks.
Considering the long-term effects of Open Banking
Two PSD2 clauses, in particular, have a far-reaching impact on the Australian banking ecosystem. First, third-party provider regulation to support access to data, and second, reforms aimed at providing access to accounts.
The Review into Open Banking (commissioned by the Australian Treasurer, Scott Morrison and undertaken by financial services legal expert Scott Farrell in late 2017) established that Open Banking reforms in Australia will reflect the Consumer Data Right, announced in July 2017.
The goal is to give consumers the right to direct the business transfer of their personal data to a third party, in line with the PSD2 clause that supports customer access to data (Access 2 Data). PSD2 and events that surround Open Banking reforms in the UK establish a clear path forward for European organizations and provide insight into the regulatory direction likely to be taken in Australia.
Timeframes and a process to establish supporting regulatory technical standards (RTS) are beginning to coalesce. Recommendations look increasingly likely that if reforms are to be effective, consumer trust for the protection and management of customer data is required to lie outside traditional banking industry custodians, and with an independent third party.
Trusted third-party providers that customers can trust to provide their banks with data-sharing mandates must be separately regulated. The Hayne Royal Commission will likely suggest a recommendation similar to the Wallis Enquiry (which established APRA in the first place) to give APRA authority to license and regulate third-party data providers to support the RTS as trustworthy recipients of data that had traditionally been perimeter fenced within a customer’s bank.
New Account Information Service Providers will be empowered to use APIs to present a holistic financial position for customers willing to share their data in line with the security provisions and conditions established by Open Banking reforms.
In response to Open Banking reforms, banks must now offer services that further aggregate their customers’ position while keeping in mind alternative financial service providers that soon will be easily aggregated to offer a variety of new revenue-generating opportunities.
General Data Protection Regulation (GDPR)
If we consider the emerging GDPR taking shape across Europe, then Article 17 is attracting a great deal of attention. Specifically, the regulation to enforce the right of erasure or, more commonly called, the right to be forgotten. We are at an early stage of understanding the far-reaching impact of this provision. Scott Farrell said in the Open Banking review that consumer data rights’ consequences are too complex to interpret within the scope of the Open Banking review. Therefore, no consequential recommendation was made. Data rights will remain a priority while mandatory reporting responsibilities hardened under the GDPR will ensure this issue remains top of mind for customers.
Significant changes to the legacy systems that support Australia’s banks today are necessary to create the agile infrastructure required for compliance with this new regulatory environment. The time is now to take the growing disintermediation threat seriously. Moreover, within an increasingly competitive market, the importance of digital transformation to become a disparate banking financial services provider must be understood and embraced.
Macro impact of Open Banking
The time is now to consider the supporting architecture and technical resources necessary to ensure compliance designed to ensure customers’ rights to manage their own data, and banks’ creation of a connected ecosystem of service providers that extends and maintains customer trust as a central, profitable, secure, and trusted financial services provider – all this to be undertaken within a complex business-as-usual environment, amid a storm of competitive forces.
 CSIRO: Commonwealth Scientific and Industrial Research Organisation is an independent Australian federal government agency responsible for scientific research. Established in 2016 from the integration of CSIRO’s Digital Productivity flagship and the National ICT Australia Ltd (NICTA), Data61 is Australia’s leading data innovation group.