Interview: Regional Australia Bank's perspectives on CDR


Deadlines may have shifted, but there’s still plenty going on as Australia works towards the implementation of the Consumer Data Right. Marie Walker caught up with Rob Hale, Chief Digital Officer of Regional Australia Bank, to hear about their approach to CDR.



How did the bank view CDR?

We’ve followed this from an early stage and responded to the Treasury Review into Open Banking. As a customer-owned bank, our objectives are to best serve the need of our members/customers so we’re uniquely positioned to drive real consumer value. CDR is about consumer data and we think we are a consumer-focused institution, it fits really well for us.

So we were very excited, we saw the opportunity and the benefit. Our board were conservative in their historical comfort with screenscraping and other mechanisms for data sharing and acquisition, we didn’t really have a way of doing that safely and securely. The CDR addresses that head on and naturally seems a really good fit for us as an organisation.

It’s a good alignment with our purpose, our objectives and our reason for being.

Can you give us an insight into how you are preparing?

We are part of the ACCC’s testing group. We’re among ten organisations that have been labelled as fintechs – flattering as that is, we’re not, we’ve been around for 50 years, but all the rest are. That includes one other retail financial institution, 86 400. The four incumbent major banks make up the 14 participants.

The competition and consumer regulator, the ACCC, is involved but not the prudential regulator. There’s been some discussion around this in Australia, but it’s worth remembering that this is not open banking, it’s the Consumer Data Right – which extends to other sectors.

We’re going pretty hard on it, which is challenging for us as a small organisation, but what’s becoming apparent is that we actually are capable because we are smaller. We’re more nimble, we don’t have the burden of the governance and bureaucracy and systems of the major banks. We make decisions pretty quickly once we’ve committed to doing something.

We’ve got a small team of four people working on this. We have daily meetings with the other participants, working very closely to test out and prove the ecosystem that’s being designed to operate within what are called ‘the CDR Rules’. These sit alongside an updated version of the Competition and Consumer Act, which is where the bulk of the data privacy aspects of the rules are defined. So we’re working within the legislation and the rules, implementing the technical standards, and combining those with the CX standards and guidelines to build out the capability.

You’ve said it’s going to be hard to be there on day one, and obviously the ACCC has delayed the implementation of the consumer data part. Can you elaborate a bit?

We knew from the start that the timeframes were quite aggressive. I think everyone recognised that our target of a February implementation was going to be challenging. We would have made that date, but might have had to compromise some of the breadth of functionality at launch. We couldn’t compromise on security, quality or the technical implementation, but we could have given a little on the scope.

Delaying matters until July did feel a little frustrating at the time but in hindsight it was the right thing to do.  There was a bit of a pause over the holiday season but since then we have regained our momentum and are now flat out once again.  I sense and welcome some real urgency to ensure that we don’t find ourselves in a similar position as July nears.

There are two main roles within the regime: the data holder – initially the four main banks – and the data recipients (labelled as fintechs). We’re unusual in that we are an established bank, but we are participating in testing as a recipient. Under the rules, we can do that without having to reciprocate as a consumer data holder on day one. The new date is good for us, because we can still consume data without having to implement all of the data holder responsibilities, which are more complex than those for data recipients.

We can offer enhanced consumer services to our market from day one which is great, that was our objective. We’re also mindful that if our existing customers wish to avail themselves of services from other data recipients, we’ll gladly allow that as a data holder. So we’ll accelerate our implementation as a data holder, but day one we’re focused on being a data recipient.

You mentioned the CDR being much broader than open banking. How are you planning to take advantage?

Of course we’ve talked about the wider opportunities, but it’s quite challenging to do just the basics well.

The use case we’ve chosen is embedded in our Cloudcase online lending platform. If someone wants to apply for a credit card, personal loan or home loan they can do so using a fully online process. However, there are some fairly manual obligations for those applicants. One of them is to provide access to sufficient financial history to allow us to form a view of their creditworthiness. There’s a range of acceptable volumes – three months’ data may be enough in some cases – but the richer that data set, the better the decision.

We have an obligation to provide appropriate financial products and services. If that means someone doesn’t qualify, if they’re not able in our view to service the debt, we shouldn’t and we wouldn’t lend to them. So the right decision might appear as a negative consumer outcome in the short term but often our people, equipped with the right tools, can turn this around and find a solution that works for everyone.

Having access to richer, deeper, larger volumes of transaction history allows us to make better decisions. We already have a relationship with Basiq, a technology company here in Australia. We worked with them to develop an automated affordability assessment. It’s all done through APIs. Within about 60 seconds we can analyse the banking transaction history for an applicant and create a report on that person’s finances in a consistent manner and format, so when the regulator or anyone else challenges our decision-making process we can back that up scientifically. We’ve got a consistent, repeatable decision-making process.

We can provide the report to the consumer as well. We’re being very transparent about our need to assess - here’s how we do it, here’s the result and let’s have a conversation. As a relationship bank, we want to have a conversation about your needs and the right products to meet those needs for you. It’s not about getting hung up on how much someone spends on coffee or what they like to buy in which stores, it’s about your unique financial situation and your ability to service the debt.

With open banking we will be able to do that very quickly and across multiple banking relationships. Our use case is for the applicant to provide consent, if they bank elsewhere, for us to access up to two years’ of transaction history as a one-time request. That’s it. Very simple but very powerful. We take the pain and friction away from the applicant and provide a better quality outcome as a result.

Looking at the scale of what you are doing, what are the biggest challenges you’re facing?

We’re looking at a fast pace of implementation, complexity and an extra governance burden. And it’s all new, so we’re having to feel our way through the subjectivity of the rules and the legislation.

As a small organisation, we don’t want to shoot cannon balls too soon – we don’t have many cannon balls to shoot – we shoot bullets and if they’re good then we’ll ramp that up. We have to be very careful about where we invest and put our effort. So we’re challenging ourselves about is this the right thing to be doing. I know we only have four people working on this, but there’s an opportunity cost, those people could be doing something else.

The challenge for us is what’s the benefit of being at the front of this wave? Why not wait six months, twelve months until the regime has been implemented, bedded down and is operating appropriately. We could go in quietly and effectively, probably at lower cost and certainly with less effort. So we challenge ourselves on that regularly.

The answer is that this is an important piece of Australia’s financial services history here, and we need people to participate in this and provide a broad voice across many perspectives. The incumbent banks are well covered and fintechs are well covered, but there isn’t really anyone representing existing customer-owned banking. We don’t need to make a song and dance about our organisation, we’re not trying to showcase our capability, we’re trying to deliver to the needs of consumers.

I think that’s important. Fintechs need to be successful, incumbents have their own motives. It sounds a little trite but we are genuinely motivated to do something that helps Australian consumers. We passionately believe that this is a good thing to be helping to implement.

What excites you most about the opportunity, any other angles that open banking can enable?

Right now, people are intimidated by financial services, it’s a jargon-laden industry. There’s an element of coercion – people want a car or a house, they’re outcome-focused, and they go along with what they’re told to do, filling in the forms, whatever. It’s wrong, it doesn’t need to be like that.

As an industry we are guilty of allowing that to continue because it serves some of us very well. The mystique around finance is very helpful for some organisations. I think we need to blow that away and make financial services accessible to as many people as possible.

The Consumer Data Right can do that, if we implement it well. I’m thinking particularly of the work we’re doing with Greater Than X on Data Trust by Design (DTbD) and ethical behaviour and better disclosure – ASIC have trumpeted that heavily. We’re post Royal Commission, where people were guilty of poor disclosure and poor behaviour, non-ethical conduct. We’re trying to demonstrate, certainly in the mutual banking sector, that is not the case. We behave very ethically, our values are very clearly backed up by our actions, and we believe we’ve got a great story to tell.

I’m excited because consumers can have access to a lot more information than ever before. If we can make improvements around their comprehension of what financial services offers, and have a better understanding of how they can help themselves and their families – if we can progress that even a little bit, we’ll have done something really worthwhile.

So that leads into the CDR policy that you’re creating.

Yes. We’ve got the legislation comprising the Act and the Rules, which state you must have a CDR policy. I remember reading that part of the rules and thinking what’s this about. The rules clearly prescribe the need for a CDR policy, separate to a privacy policy.

I did what most people did, I went to see our governance people and said we need to create a CDR policy. They said they could do that, what did it need to have in it? When I started getting into this, I was also talking with Nathan and Mat at Greater Than X, fortunately the timing was good. And they said why are you going to do that, you’ll just create another document that people tick or have a link to in some a process, that people probably will never read. So why don’t we do something different?

Why don’t we try and use it as an example of communicating a seemingly complex and alien set of concepts to ordinary Australians? If we do it well, as they go through that process they’ll sit back and think that wasn’t too bad, I actually understand my obligations and what I am getting into – why don’t people do that for other things?

Maybe we can make a dent in this legacy thinking that policies must be dense legal documents that you need a lawyer to understand. I think that’s a really exciting opportunity. We’re trying to engage the ACCC in that, asking to talk about it and collaborate with other participants. If we can work together we’ll make it even better. What we’re doing is new, innovative and exciting. The outcome could be really good – it could make the CDR itself more accessible to everyday Australians.

What’s your timeframe on completing the CDR policy?

It was very quick, it was pre-February before the dates were put back. We’ve done the research, we’ve gone through the legislation, pulling out all the clauses and cross-referencing them. Distilling it down to literally a page and a half of solid content that ticks all the compliance obligations. That content is now being reframed, using all the DTbD techniques, into a more consumable format that can lend itself to presentation online for different form factors – mobile, desktop etc.

So that’s all under way. Had it not been for the readjusted deadlines we’d probably have something in draft form now. We’ve already done wireframes, and should have it completed in March or April.

How interested are you in what other banks are doing in open banking?

We’re very interested in what UK banks and financial services organisations are doing, because the OBIE obviously is well ahead of where we are. We’ve watched with great interest the Open Up 2020 Challenge outcomes – I think 15 shortlisted finalists, the ideas and concepts that were put forward.

Unfortunately, in Australia there isn’t that same level of collaboration going on, yet. While we’re one of the participants in early testing, it’s still being done behind closed doors in quite a controlled manner. There is no free dialogue, people are quite protective about their capability, what they’re building, their readiness to participate.

I’d love to be more open about what everyone is doing if that were possible. Again, because of our unique position as an existing established organisation – we’re not a fintech, we don’t have any IP that we’re fearful of losing – we can be quite free with our content and share it generously. Hopefully, through that the collective will benefit.

We’ve developed our own Data Recipient Gateway, which abstracts a lot of the complexity of being a data recipient. We’ve decided to offer it as an open source product for anyone to use free of charge.

Why should be we do that, when it’s taken months to build and we’ve developed our own IP that could give us a competitive advantage? Because we believe that open banking and the CDR needs our support. The CDR makes sense – it’s good for banks, for consumers, for innovation, for competition and for the Australian economy.

If we don’t share our approach, everyone else will eventually build the same thing but differently. Sharing our gateway now and making it available to the open source community could help accelerate implementation of the CDR for mutuals and fintechs. The developer community will make it better, and it can become part of the CDR infrastructure with a whole industry supporting it. That’s the dream anyway.