Minutes - 14 Jul 2021

Data Standards Advisory Committee, Meeting Minutes

Date: Wednesday 14 July 2021
Location: Held remotely via WebEx
Time: 10:00 to 12:00
Meeting: Committee Meeting No: 33

Download meeting minutes (PDF 561KB)

Attendees

  • Andrew Stevens, Data Standards Chair
  • Luke Barlow, AEMO
  • Jill Berry, Adatree
  • Brenton Charnley, TrueLayer
  • Damir Cuca, Basiq
  • Nigel Dobson, ANZ
  • Chris Ellis, Finder
  • Peter Giles, CHOICE
  • Melinda Green, Energy Australia
  • Joanna Gurry, NBN Co
  • Gareth Gumbley, Frollo
  • Rob Hale, Regional Australia Bank
  • John Harries, Westpac
  • Lisa Schutz, Verifer
  • Aakash Sembey, Simply Energy
  • Stuart Stoyan, MoneyPlace
  • Barry Thomas, DSB
  • James Bligh, DSB
  • Ruth Boughen, DSB
  • Terri McLachlan, DSB
  • Michael Palmyre, DSB
  • Mark Verstege, DSB
  • Paul Franklin, ACCC
  • Mark Staples, Data61
  • Shona Watson, OAIC
  • Kate O’Rourke, Treasury
  • Jessica Robinson, Treasury
  • Phil Schofield, Treasury
  • Leanne Breene, Treasury
  • Andrew Cresp, Bendigo and Adelaide Bank
  • Lawrence Gibbs, Origin Energy
  • Lauren Solomon, CPRC
  • Glenn Waterson, AGL

Chair Introduction

The Data Standards Chair (Chair) opened the meeting and thanked all committee members and observers for attending meeting # 33.  He noted that this is our first reconfigured Data Standards Advisory Committee (DSAC) meeting which aligns with the refresh of the banking Advisory Committee that came to the end of its term at the end of June 2021. 

The Chair noted that the Technical Stream have released Version 1.11.0 of the Consumer Data Standards (CDS) and the release relates to Maintenance Iteration # 7 and Decision Proposals 160, 178 and 187.  The Consumer Experience (CX) Stream also published some CX Artefacts over the last month. 

The Chair noted that the DSB and Treasury (TSY) will be running a half-day virtual workshop on Action Initiation on 27 July 2021.  There has been quite a lot of work done on the action initiation topic which was called out in the Inquiry into the Future Directions for the Consumer Data Right Report.  

The Chair noted that we have completed a market test and contract renewal for the Data Standards Body team and as part of that we have found some additional capability.  An API Architect will be joining the Technical Team in early August. 

The Chair noted that Louise Benjamin has recently left Energy Consumers Australia (ECA).  ECA have indicated that they don’t have sufficient resources to be able to maintain their involvement and contribution in the Advisory Committee.  He will consider what we do in that consumer space. 

The Chair noted that Andrew Cresp (Bendigo & Adelaide Bank), Lawrence Gibbs (Origin Energy), Lauren Solomon (CPRC) and Glenn Waterson (AGL) are apologies for this meeting. 

Minutes

Minutes

The Chair thanked the Committee Members for their comments and feedback on the Minutes from the respective banking and energy Advisory Committee meetings which were held on 9 June 2021. 

The Chair noted that there were two sets of minutes (banking and energy) in the papers due to the convergence of the committees into one as part of the refresh. He asked both the banking and energy members if they had any final comments on the minutes. 

The Chair noted that members had no further feedback so both sets of Minutes were formally accepted.

Action Items

The Chair noted that for the outstanding Action Item which is for the DSB to set up a Standards Design Challenge Subcommittee. He noted that he will now need to consider that in light of where we are at, he will come back to the committee with a plan at the next meeting. 

ACTION:  DSB to provide an update on the Design Challenge Subcommittee at the next meeting

Data Standards Advisory Committee Terms of Reference

The Chair noted that given that we are at meeting # 33 and a newly configured DSAC, it is timely that we both refresh and reacquaint ourselves with the DSAC Terms and Reference (TOR) and the Principles. 

The Chair noted that the TOR and Principles guide both the DSAC and indeed the Data Standards Body (DSB) in our mission of national importance around establishing Standards for the Consumer Data Right (CDR).

The Chair noted that in the Background section of the document, in dot point one it says, “The Chair must, by written instrument, establish and maintain a committee to advise the Chair about Data Standards”.  The instrument is currently being drafted and considered by the TSY Law Division to ensure that the terms are okay and there are no unintended consequences.  Once finalised it will be executed and communicated to the committee. 

The Chair noted that there is no change to the way the DSAC will operate or function. It is advisory in nature, renewal is on an annual basis, everybody is engaged in an individual capacity and we will  continue with reaching out to members to raise issues for discussion at the meetings.  The Chair noted that we will also reset the renewal annual cycle, including for those in energy, for renewal each year on 30 June. 

The Chair noted that in the TOR under Item 1a:  

  1. The Data Standards Advisory Committee/s shall: 
  • Conduct activities, as required, in order to advise the Chair in regard to his functions, powers, and duties. These activities will include reviewing draft Data Standards following consultation and before they are made.

In terms of the “Advisory Committee shall”, as suggested by TSY we have added “these activities will include reviewing draft Data Standards following consultation and before they are made” as it was worth explicitly noting this in the TOR so people can understand the way in which the Advisory Committee has a final opportunity to contribute and it is beholden on the Chair to have regard to the advice or submissions (if any) received from DSAC. 

One member noted that it makes sense from the focus around the “Outcome, Technical & Consumer Experience Principles”. On Outcome Principles, often conversations move towards broader issues than rather purely Data Standards.  Should we capture any of that in the TOR recognising that we are a Data Standards Advisory Committee albeit the broader execution is paramount to what we are trying to achieve. It is more informal conversation, which is not specific to our mandate, but it is still beneficial to the overall policy objectives. Do we need to broaden or are we happy to have as part of the informal principles which is the successful execution of the CDR?  

The Chair noted that he approaches this as our DSAC formal role and because we have very involved and invested members of the CDR community, naturally there are times where there are other observations for example where we are in energy and what does success look like.  Recognising our roles which is to establish standards and contribute to those things as a participant and to keep those things informal. 

The Department of the Treasury (TSY) noted that they also like the idea that it’s an informal part of the discussion on standards rather than being included in the TOR.  TSY & the Australian Competition and Consumer Commission (ACCC) attendance at these meetings, not only in terms of talking to items but also listening to the discussion, and is incredibly valuable, they think it is best done informally of the committees’ responsibilities.

The Chair noted in regard to the CX Principles, and the points listed under “The CDR is comprehensible” he found that very refreshing.  It is vital in a CDR that we ensure that the CDR is comprehensible, and you can see the value inherent in each of those items for the consumer in the overall context of what we are doing. 

The Chair noted that in regard to “The CDR is Consumer-centric”.  There are some views that the CDR is business centric and aimed at providing stimulus and opportunity for start-ups and other businesses to get access to data. The reality is that it is consumer centric and the comprehensible points around the consumer are important and that we acknowledge those.

The Chair asked that the DSAC TOR be provided as an attachment to the minutes and also posted online (website). 

ACTION:  DSB to include the DSAC TOR with the minutes and online

Working Group Update

A summary of progress since the last committee meeting on the Working Groups was provided in the Committee Papers and was taken as read. 

Technical Working Group Update

Following issues raised by members the DSB’s Technical Team (James Bligh and Mark Verstege) provided an update as follows: 

The DSB noted that they are heading along to finish the energy standards to a candidate level.  They are doing a lot of work in banking and looking at InfoSec uplift now that the 1 July has passed. They are working with OpenID Foundation and looking at what is happening internationally; at action initiation; supporting the policy teams; and looking at bringing the register standards across. 

The Chair noted that in regard to the candidate level, in the first instance of the CDR establishment before legislation was passed and the rules were established, they had a process where they got as far as they could before the legislation and the rules were established.  This is exactly the same process here.  One member noted that in regard to the peer-to-peer model and the data history and how that works for some of the energy accounts. They have done some thinking about this and their team will reach out to the DSB in terms of when a customer changes retailer in energy what implications does it have and what they suggest in terms from an architectural perspective. 

The DSB noted that as the rules are becoming firmer, they have focussed on working closely with the Australian Energy Market Operator (AEMO) about the retailer to AEMO interactions which is the fundamental gap they have in the standards. 

The DSB noted that there are two fundamental issues for energy.  In banking the “account” was a very clear entity to attach to consents – the corollary in energy is unclear and is something that they are going to have to address in the next couple of months once the rules position starts to stabilise. 

The DSB noted that the other side is the structure of the schemers that occur with sharing and how the relationship between a retailer and AEMO works, and specifically lineage of the National Metering Identifier (NMI).  For example, the DSB asked, for a customer that's switched multiple retailers, how do you share that full history? The DSB said the sector doesn’t have an easy solution because retailers don't have an ability to talk to each other and confirm identity and there's no matching capability and AEMO doesn't have that provenance. From a CDR standards perspective, the DSB can only put an application programming interface (API) over what's there and unfortunately in the energy sector, the lineage isn't there at the moment. 

The member noted that the issue needs to be resolved and they’ve looked at an opportunity earlier to potentially solve it within the energy regulations, but as there was a delay in the rules, they didn’t have enough certainty to proceed.  They think that we need to consider that opportunity again once we've got a view of the draft rules and see if we can solve it. 

The Chair encouraged members to engage early and often which will be helpful in the process.

The Chair asked the DSB to provide an update on action initiation, register standards and purpose-based consent. 

The DSB noted that their work on action initiation is done in the absence of any recommendations that TSY are adopting out of the Future Direction Report.  In conjunction with TSY they’re seeking to gain information and input in the current consultation, which will help them provide a response to those recommendations. TSY and DSB held a workshop which was facilitated by AusPayNet which included a large cohort of industry participants in the payment scheme and data holder space.  The DSB and TSY will be publishing a Noting Paper which will include the general concepts and the current hypothesis around how the CDR may facilitate action initiation and may provide a role in that space.  The DSB and TSY also have a follow-up workshop on the 27 July which will delve into that in more detail. The DSB and TSY are seeking early-stage input around use cases to understand how to decompose that into a use case or a purpose as component actions.  The DSB’s approach to action initiation isn't looking to impose standards or obligations around the actions space they are trying to define whether the instruction layer allows existing industry processes and regulations to continue to work as they are.

The DSB noted they hope to cover a lot detail in the workshop on the 27 July. A key part the DSB and TSY want to explore is around the value proposition in relation to action initiation and the consumer journeys.  The planned activities are around what's the use case that action initiation could fit into; what are the existing pain points that action initiation could be a pain reliever for those use cases; breakout rooms; and prioritisation activity.  This is intended to help participants understand the value of those actions in the context of those use cases and journeys.  Analysis will be required after that and they are hoping to identify some high priority actions that span multiple use cases.

One member asked whether there is any opportunity to weave some consumer research into that. 

The DSB noted that they want to encourage participants to come with preformed views on what those use cases could be, based on research they’ve conducted.  The DSB wants to identity whether there is value in continuing some consumer research on those cases to test those value propositions in terms of what a consumer would consent to when it’s an actual action or instruction.

One member noted that in regard to payment initiation, they attended the TSY workshop yesterday which was useful. The member noted that there was a lot of questions raised in the chat function which they didn’t get to and they were hoping it was captured.  From the member’s point of view there seemed to be a sense of is it worth going ahead with and how are we assessing those use cases. The member stated that just because you can feasibly do it doesn’t mean that a business model will exist around that.   

Another member provided a really interesting example on CDR Action Initiate from Emirates which is for paying for flights in conjunction with the International Air Transport Association (IATA).

Another member noted that an issue came up about the fact that retailers can't track a customer who switches electricity retailers. Is there something like the myGov ID system that can be integrated to reduce the friction of supplying explicit informed consent when someone needs to switch retailers if a third party needs to initiate that?

One member noted that retailers can determine which other retailers have been the retailer for that customer in the past. It's just not part of the design yet.

The DSB encouraged energy participants to come to the workshop.  The DSB have been looking at a rubric and trying to balance out value to the consumer value from a business perspective versus complexity of implementation, and risk of implementation to try and identify all the facets of how a consumer would make a choice of a particular action initiation type. There are a lot of action initiation types, some are really complex but have value and some could be very high value, but low complexity. The DSB and TSY don’t have fixed views and the purpose of the workshop is to try and get the raw data so that they can start developing views.

TSY confirmed they captured the chat conversation from the workshop yesterday and they have a good record of all the interactions. TSY noted that there is an additional workshop on the 27 July and if participation levels increase, there may be a second workshop as it’s important at this early stage to get buy-in and to understand how participants think it might work.   

The DSB noted that on the register standards they will be bringing the register standards into the main standards area so they can be made binding through our legislative mechanisms through the Chair. Participants have also been clear about having two different places to go to as being confusing.  The DSB is keen to keep moving forward on getting a baseline for energy to build on before the October/November timeframe. The DSB noted that ACCC maintain the implementation and design of the register itself.  They are referring to the interaction points with the register that participants use for authorisation and authentication and bringing those standards across and leaving the actual implementation and design aspects of the register with the ACCC.

The DSB noted in regard to purpose-based consent, that the scopes and consents for the CDR currently are highly generic which is the place you start with data sharing the data clusters and being able to allow an Accredited Data Recipients (ADR) to explore all the data clusters and use the data minimisation principles to get the data they need for the right purpose.  The DSB stated however, that it's clear that there's certain particular use cases or purposes that are repeated and a lot of ADRs will likely implement, and these uses cases or purposes  could be quite industry specific. This consultation will therefore focus on a special purpose consent that could even be developed by an industry group recommended by an industry group to cover a very specific thing in that industry.

Consumer Experience (CX) Working Group Update

A further update was provided on the CX Working Group by CX Lead Michael Palmyre as follows: 

The DSB noted that over the last six months there's been a lot of work happening in relation to the v2 rules that were made in December 2020. At the end of June, they met a milestone covering off all the standards stemming from the v2 rules being made and also released a significant amount of CX artefacts to demonstrate how to implement items in the V2 rules as well as revamping our existing CX artefacts.

The DSB noted that they are moving to the next stage following the publication of the v3 rules for consultation. The DSB is currently producing another Noting Paper, similar to Noting Paper 157 which they released at the start of the year, which is to outline the anticipated impacts on CX from the v3 rules and also some expected or anticipated timing based on their analysis of the draft v3 rules which are out for consultation now.

The DSB noted there are a number of items they’ll be working on over the next six months based on the draft rules, including Joint Accounts; Trusted Advisor Disclosure Consents; Insight Disclosure Consents; and the data holder (DH) Dashboard issue to account for access arrangement changes.

The DSB noted on the lead up to November 2021 they will also be working on the applicability of account selection standards for non-banking sectors, as outlined in the Design Paper for the P2P model in energy given some of the requests for further consultation to explore that looks like in a sector like energy. 

The DSB noted that they will also be looking at other items like energy data language standards (AEMO and Retailer held data) which they progressed significantly last year in relation to some consumer research that they conducted. The next phase is the technical standards which is more refined, and they will consult formally on data language standards for the energy sector or the electricity sector specifically.

The DSB noted they will also be looking at the new item in the design paper on joint accounts, the enhanced communication between ADRs and DHs concept as outlined in the Design Paper on joint accounts which they want to consult on.

The DSB noted that there will also be work stemming from the upcoming Action Initiation Workshop particularly analysis and synthesis and be doing a deep dive. 

One member asked if there was any update on timelines for the enhanced checklist that would cover all the ADR obligations and the earlier consent components?  This was previously flagged to be done by the second half of this year. 

The DSB noted that there has been some additional artefacts and variations released and have held off re-publishing CX checklists but will publish a comprehensive checklist soon. 

Stakeholder Engagement

A summary of stakeholder engagement including upcoming workshops, weekly meetings and the maintenance iteration cycle was provided in the Committee Papers and was taken as read. 

The Chair noted that Maintenance Iteration # 8 commenced today, and that we have good coverage in the Service Provider Directory.  He noted that the stakeholder engagement piece is not only important but is progressing well. 

One member noted in regards to the Service Provider Directory, it is hard for people outside (or even inside) the CDR ecosystem to figure out what providers do what, who’s accredited and who’s active. For example, the member said, there are so many claims on websites saying they have a conformance solution or if you use us, we don’t have to your OSP etc.  The member said they were not a fan on having unvetted solutions on a government website and suggest a disclaimer saying that the list contains unvetted solutions. The member noted that there are currently only five ADR’s in Australia that can say they are conformant. 

The Chair asked whether it would resolve the issue if we included whether they are accredited and an active data recipient or if they are an accredited but not yet active data recipient? 

The member noted that would solve part of it (whether your active, accredited or not) but they think a lot of other service providers have no intention of getting an audit or formally being an OSP.

Another member noted that there is a disclaimer on the Service Provider Portal. 

The Chair noted from the DSB point of view, they will look at the Service Provider Directory and the need for it as it may well be past it’s used by date and/or whether we make some enhancements.  He asks the members to send any suggestions or concerns in relation to that.

The DSB suggested that if anyone has any feedback on how they can improve the Directory or even remove it, please send comments to the engineering solutions thread

ACTION:  Members to send feedback on how the Service Provider Directory can be improved to the DSB

ACTION:  Based on members feedback DSB to review the Service Provider Directory and provide update at the next meeting

One member wanted to go back to the conversation about action initiation. They think it will be hugely beneficial to Australian consumers but are conscious that the recommendations haven’t been approved by Government yet. Do we have any sense of when or if?

The Chair noted that the recommendations have been included in the Farrell 2.0 Report, which is being considered by Government and TSY have been asked to provide advice in relation to that. What we're trying to do is to make sure that the implications in that advice are informed by some of the realities without a firm commitment that this recommendation will be implemented.

ACCC noted that in regard to the Service Provider discussion, if anyone is making claims that are not correct and go to the point of being potentially misleading and deceptive, that's part of the ACCC role to enforce the competition law provisions around misleading and deceptive conduct. The ACCC went on to say that it’s potentially useful to have such a forum to advertise the fact that they're interested in providing solutions but they’re not pre-validated, other than accreditation, they don't have a way of validating the effectiveness of solutions., and If there are any misleading and deceptive claims being made, either through that portal or elsewhere, the ACCC urges everybody to report those to the ACCC as it’s important to the integrity of the ecosystem that claims are backed up. 

One member noted that the integrity of the ecosystem is paramount here, in terms of a potential data breach or bad press or PR around the ecosystem, therefore, they said the ACCC should be very forceful, and it should be treated as a significant risk and is critical to the successful execution and scaling of the CDR.

One member noted that maybe there’s an education piece needed on things to think about if you’re looking at getting help in this space, because an educated market is less likely to buy into stories (misinformation).

Another member noted that this conversation is very relevant about building trust and confidence. The Open Banking Implementation Entity (OBIE) is a good signpost of how they handled the register in terms of the various participants, and it would be good to use as a guide, so therefore a similar single place, like on www.cdr.gov.au would be a good central place as it is hard to track all these things down. 

One member noted that when looking at how other industries, including health, approached these types of challenge. They asked, is there a long term ability to come up with some sort of icon or approval (like the Heart Foundation Tick) that people could use on their website and which is very heavily policed and regulated?    

Issues Raised by Members

The Chair noted that there were a number of issues raised by members this month from a deep dive on each stream, rapid run through of each stream, what does success look like for the CDR and key metrics for success. 

The Chair noted that he has asked ACCC and TSY to address these items in their updates. 

Treasury Update

Kate O’Rourke, First Assistant Secretary, and CDR Division Head, from TSY provided an update as follows:

TSY noted, in relation to the education issue raised in the previous discussion, including on what CDR means and the trust and confidence in the regime, that they are considering the importance of getting the timing right in terms of educational, promotional and information aspects of CDR for supporting consumers, people who are working in the system or who are prospective ADRs.  TSY noted the discussion has been useful, and they’ll pass through those observations to colleagues who are leading that work. 

TSY noted in regard to draft rules v3.0 consultation (published on 1 July 2021) that the aim of these rule changes is to try and increase participation in the CDR through opening up different means by which people can be part of the CDR regime as part of the ecosystem, and to otherwise increase the use cases for consumers.  At a high level, the rules propose a new sponsored level of accreditation, an agency CDR representative model and a new role for OSPs for collecting CDR data on the behalf of accredited entities.  Together, these changes are aimed at lowering barriers to entry, but still having protections achieved in a different way so we don’t compromise that high level of trust and confidence in the system. 

TSY noted the rule changes also contemplate CDR data being able to be shared with “Trusted Advisers”, which includes accountants, lawyers, tax practitioners, BAS agents, licensed financial advisors and planners, financial counsellors, and residential mortgage brokers. These classes of people will be able to receive CDR data, subject to appropriate consent.

TSY noted the proposed rule changes also permit disclosing limited insights for prescribed purposes e.g., identity verification or current account balances.  TSY noted these disclosures are subject to the standards which will mean that they are only permitted if the consumer is fully informed on what that insight will reveal about them or describe about them.

TSY also updated the Committee on the proposed single consent data sharing model for joint accounts.  They said the model that's in the draft rules is one which allows a single account holder to consent to the data sharing without other actions by the other person, but with notifications and with visibility and capacity to take steps afterwards by the other joint account holder.

TSY noted that they are having a general information and Q&A session at the DSB and ACCC Implementation Call on 22 July.  TSY are also going to have a separate privacy round table, particularly focusing on the privacy implications of the rules which is planned for the 28 July. The details of which can be found in the TSY CDR newsletter.

TSY noted in regard to the energy rules design paper, they really benefited from the inputs received and they are now in the process of preparing draft rules which will be published for consultation.  As noted in earlier meetings, these rule changes will cover key issues including bringing different energy data sets together (for example, if data is held by AEMO or multiple retailers), what the account is, who can share energy data etc. 

TSY noted that in regard to the Telecommunications Assessment, consultation is planned for July and they’re hoping to commence the consultation process soon. 

TSY noted that in regard to the Strategic Assessment, TSY is considering how the CDR can be rolled out economy wide, which requires consideration of the roll-out beyond the immediate sectors, what are cross-sectoral consumer benefits and use cases, what are the opportunities for consumers and businesses and what are the implementation issues?  TSY said this work is happening over the next three months.

The Chair invited TSY to outline the key upcoming implementation dates in banking and energy. TSY noted that in regard to energy, that it is too early to say what the implementation dates might be, but they’re working on the draft rules.  In regard to banking, TSY noted the 1 July deadline just passed, and the other data sets coming through in 1 November (major banks – non-individual accounts, non-majors – phase 2 products).  TSY noted the proposed start date for the joint account rules is proposed in the draft rules 3.0 to be extended from 1 November to 1 April 2022.

One member noted they are keen to understand the primary issues around the energy space (as previously been a member of the banking committee). Another member noted that in terms of their effectiveness of being able to contribute to the energy conversation that have happened over the last 12 months, it may be worth potentially having a separate session on energy and also for banking so the members can come up to speed.  This member was keen to understand the biggest pain points and problems they’re trying to solve from a technical perspective and from a standards perspective, but also what are the three broader general points around execution and implementation of CDR and energy.

The Chair noted that he will ask the DSB team to put together a summary of the standards as they exist vs where the candidate standards are developing in energy and what are the implications.  The Chair noted that this is in terms of cross sector and universality of the standard and these are the areas we have candidate standards developing because of the uniqueness of the situation. 

ACTION:  DSB to provide a summary of the Standards to be tabled the next meeting

The member noted that they just want a narrow and focussed update.  For example, what is unique about energy that a direct application of the banking standard doesn’t solve for that and equally from an energy perspective which will help in a really constructive discussion going forward. 

TSY noted that the split between CDR rules of universal application and rules that are sector-specific is reflected in the structure of the CDR rules which has a main body, and then sector-specific schedules.  TSY said the general goal is to have as much as possible covered by universal CDR Rules, but a recognition that there are going to be some things that are specific to certain sectors. TSY said once they are in a position to share draft rules on energy that will help but in anticipation of that, they hope the Design Paper will help.

Another member agreed that it would be useful to have a meeting with each other to come up to speed. The member said they are learning things from the TSY forums, but they will benefit from learning it quicker, getting to know each other in person, what each other’s background are etc, and   in terms of the draft rules, they asked TSY if there is any date for the release.  TSY responded saying that for the energy draft Rules, there is no date yet.

The member noted that in the explanatory notes of the v3 draft rules, they were not broad enough or high level enough for them to understand what the thoughts were and why they were now the draft rules.  They are trying to engage with TSY and others so they can participate in that consultation. 

ACCC Update

Paul Franklin, Executive General Manager, ACCC provided an update as follows:

ACCC noted that there was a significant obligation that commenced for non-major ADIs on the 1 July 2021,when they ended up with 32 brands active, which includes 16 primary data holders or entities, plus another 16 brands, both secondary brands include the alternative brands owned by an ADIs which include St. George, Bank of Melbourne, Bank SA (owned by Westpac), U Bank (owned by National Australia Bank) and Bankwest (owned by Commonwealth Bank), and also included white label products like Qantas Premier credit card supported by Citibank and a range of others.

ACCC noted there is a noticeable gap in the number of ADIs that are obliged to share data but are not yet ready. ACCC said there are 15 more ADIs that have passed the conformance test suite (CTS) prior to 1 July, nonetheless their own solutions were not ready to deploy, and they expect those to be activated in the coming weeks. 

ACCC are actively working with all the remaining ADIs who don't have exemptions to get them to go live as soon as they're able to do so.

ACCC noted that part of their role is an enforcement function, that they are supporting ADIs to go live as quickly as they can and also following up from an enforcement perspective.  They actively monitor and follow-up incidents in the CDR ecosystem, particularly as new entities came into the ecosystem. 

ACCC noted that in regard to lessons learned from banking, that they developed a test strategy on the expectation that the private sector would fill the need for testing everything up until the point of the CTS.  ACCC said that based on feedback, that there weren’t enough testing tools, they’ve launched a mock register in June and are about to launch the mock data holder and mock data recipient register.  One of the lessons, the ACCC said it has learnt, for the energy sector is making sure that the testing approach and the right tools are fit for purpose and well-communicated to the industry a long time in advance so they can test them progressively as they build them. The ACCC noted that if fully compliant participants can get through the CTS quickly but if there are differences between the solution and the CTS it can take a while to resolve.

ACCC noted that many of the banks who are not compliant, are not compliant because they're relying on a vendor who is not ready, consequently, it is important that the preparation for the energy sector includes work with the vendors to make sure that they're able to develop compliance solutions.

One member noted that passing the CTS does not mean your fully conformant and they are seeing that now with so many errors with data holders sharing incorrect information, or just not sharing some information.  The member said they can’t even lodge issues as they are at the point where they’ve passed CTS, but they can’t receive data correctly, and said it is not they’re job to list all of the issues (and is not going to be sustainable) and they are looking for ACCC’s feedback on this. 

ACCC noted that the CTS was designed as a minimal set of controls that are tested to ensure that the ecosystem works in the perspective of participants being able to connect together, but it was never intended to be an expectation that passing the CTS testing meant testing the whole of every participants solution.

ACCC noted that there has been some work proposed within the DSB to look at testing tools for individual API responses, but that's not within the scope of the CTS, although they are working very closely with DSB on looking at those tools. There is certainly an opportunity to expand the suite of tools.

ACCC noted that in regard to incident management, that participants can log incidents if there is a technology issue which they actively monitor, and that it is up to participants to resolve incidents between themselves, but the ACCC takes a role in making sure all participants are actively following up on those things.

ACCC noted that there are a lot of interaction between participants, which the ACCC has no visibility over. The ACCC said there is work going on between ACCC, TSY and DSB about how to get better visibility of those interactions including collecting data that they can use for enforcement activities.

One member noted that this is more looking forward, and asked what are the early data recipients, who’ve invested so much time and money, expected or supposed to do right now?

ACCC noted that there are some areas of non-compliance and those should all be listed in the rectification schedule which is published on www.cdr.gov.au, and if they aren’t listed on that schedule, the participant should be compliant. The ACCC said that if participants find incidents, they ask them to log this through the incident management portal.  The ACCC said they do assist with some follow-up and they have an enforcement function, but they don't see the data flows between participants, and they are dependent on participants to report or raise the incident.

The Chair noted that the volume is so high that for a small businesses, they’re not able to keep up with them and the implications of this is that they can’t meet the expectations of the customers they're trying to serve because the data flows are not happening.  The Chair said these FinTech’s are facing an existential threat of basically not being able to survive because they can't get data flows in line with the commitments they’ve made to the customer.

One member noted that looking back at banking, early on the big fours commitment wasn't necessarily as strong on say day one of the CDR versus potentially, a little bit further into it when it became apparent that it was going to happen.  They said consequently, stricter enforcement and penalties around noncompliance are needed. The member also noted that some measures considered by the FinTech Advisory Group was whether or not fines and penalties could be imposed on banks for non-compliance on certain issues and then be routed to industry funding for supporting FinTech’s or something else. 

One member noted that when we talk about what does success look like, we’ve been looking at success as a number of active participants, not necessarily at the quality of the data that is flowing in the ecosystem and they think we need to make an adjustment.  The member noted with respect to ACCC, their DNA is around being told about a non-conformance issue and then acting upon that information, but non-conformance is something where we need to be more proactive and go and identify whether people are conforming and not wait for participants to raise an issue. 

One member noted that the recent AFR article, which was celebrating the 1 July, but which also observed the lack of participation. The member said the reason we don’t have more early adopters and active participation is because of the concerns around the risk that Fintech’s face in terms of funding etc and going out of business when you’re correcting problems for other businesses, and consequently, Fintech’s would prefer to wait until it works because they don’t want to be testing and debugging for other people. 

One member noted that they have been calling this out for at least a year about how much effort is required to support the banks in monitoring and managing the performance of the API’s and the quality of the data and consistently raising tickets.  The member said the issue is the lack of diligence that some of the banks are taking the data holders before they go live, because with the mad rush and push from ACCC that they must comply and go live, the resulting quality of implementation across the banks is significantly different. The member said they are keen to set up a separate session with the other active recipients to talk to the ACCC about what we can do more immediately. 

The Chair asked ACCC whether it would be helpful if those who have data operational data at this level of granularity provide it to you on a voluntary basis in the interim. 

ACCC noted that they have had one data recipient provide data on a voluntary basis and it has been very helpful. 

ACTION:  Any members who wish to share statistical level data on a voluntary informal basis to provide it to ACCC and copy Paul Franklin. 

Meeting Schedule

The Chair advised that the next meeting will be held remotely on Wednesday 11 August 2021 from 10am to 12pm. 

Other Business

The Chair noted that Minister Hume was not able to join us at this meeting, but she is keen to join one of the future meetings to both speak to us and also hear from us. 

One member suggested a broader discussion around success and where we’re at, what’s it looking like and where we’re going. That conversation would be potentially beneficial with Minister Hume and to hear her perspective on that as well. 

The Chair noted he will speak to Minister Hume about this and try to line her up to attend one of our future meetings.   He understands that Minister Hume wants to thank everyone for their commitment of the CDR and to the process. 

Closing and Next Steps

The Chair thanked the Committee Members and Observers for attending the meeting. 

Meeting closed at 12:00