Minutes - 9 Jun 2021

Data Standards Advisory Committee, Meeting Minutes

Date: Wednesday 9 June 2021
Location: Held remotely via WebEx
Time: 14:00 to 16:00
Meeting: Committee Meeting No: 32

Download meeting minutes (PDF 162KB)


  • Andrew Stevens, Data Standards Chair
  • Brenton Charley, TrueLayer
  • Damir Cuca, Basiq
  • Gareth Gumbley, Frollo
  • Rob Hale, Regional Australia Bank
  • John Harries, Westpac
  • Frank Restuccia, Finder
  • Lisa Schutz, Verifier
  • Ross Sharrott, MoneyTree
  • Lauren Solomon, CPRC
  • Stuart Stoyan, MoneyPlace
  • Barry Thomas, DSB
  • James Bligh, DSB
  • Ruth Boughen, DSB
  • Terri McLachlan, DSB
  • Michael Palmyre, DSB
  • Mark Verstege, DSB
  • Paul Franklin, ACCC
  • Mark Staples, Data61
  • Shona Watson, OAIC
  • Kate O’Rourke, Treasury
  • Jessica Robinson, Treasury
  • Jodi Robinson, Treasury
  • Andrew Cresp, Bendigo & Adelaide Bank
  • Nigel Dobson, ANZ

Chair Introduction

The Data Standards Chair (Chair) opened the meeting and thanked all committee members and observers for attending meeting # 32. 

The Chair noted that this is the last banking Advisory Committee meeting before the reconfiguration of the Data Standards Advisory Committees (DSAC) into one cross-sector committee.  Thank you to all who have signalled their intent to stay and thank you to those who have signalled that it's time to move on.

The Chair noted that Frank Restuccia (Finder) and Ross Sharrott (Moneytree) are stepping down from the committee.  He would like to extend his thanks to them both for their outstanding contribution to the values and mission of the DSAC. He welcomes Chris Ellis (Finder) as the new member to the committee from July.

The Chair noted that Tomas Schier, a new member of the DSB team commenced in May 2021. He is part of the technical team and his role is to help create, direct and facilitate open-source projects to develop a series of moderated open-source repositories. 

The Chair noted that Andrew Cresp (Bendigo & Adelaide Bank) is an apology for this meeting. 



The Chair thanked the Committee Members for their comments and feedback on the Minutes from the 12 May 2021 Advisory Committee meeting.  The Minutes were formally accepted.

Action Items

The Chair noted that the Action Items were either completed or would be covered off in scheduled discussions.

Advisory Committee Refresh

The Chair noted that we are at the end of the 12-month term for this Advisory Committee.  He thanked everyone for their feedback in relation to their ongoing role in the Data Standards Advisory Committee (DSAC) from July 2021.  He noted that there are a couple of members who have decided to make a transition in their membership which will provide an opportunity for others to join.

The Chair noted that there will be twenty members on our single Advisory Committee from July which consists of nine data holders (including NBN), eight data recipients and three consumer representatives.  A slightly different view would be three consumer representatives, four banking industry data holders, five energy sector data holders, one telco and seven existing and potential  seven data recipients and intermediaries.  He noted that we have ended up with a very good balance between data holders, data recipients and consumer representatives and also a good split between energy, banking and emerging telecommunication representation in our group. 

The Chair looks forward to yet another step in the journey for the DSB and the DSAC as we participate in this implementation of national significance. 

Working Group Update

A summary of progress since the last committee meeting on the Working Groups was provided in the Committee Papers and was taken as read. 

Technical Working Group Update

A further update was provided on the Technical Working Group by Lead Architect Mark Verstege as follows: 

The DSB has released version 1.10.0 of the standards which constituted a significant uplift around error handling. The aim is to drive better consistency and reliability for data recipients. There was less of a technical standard change, and more a CX change around joint accounts and the ongoing consultation around version 3 Rules changes and the Design Papers resulted in a lot of good feedback.

The DSB noted that they have a number of consultations open at the moment. They are continuing their consultation around uplift to metrics and in particular around the CX metrics and looking at mechanisms to be able to drive better observability around some of the CX metrics and outcomes across the regime.

The DSB also published a Decision Proposal around information security uplift to understand feedback from participants around how we could shape a roadmap going forward noting that the international standards have changed over the last year or two. 

The DSB noted that they have a pending placeholder around purpose based consent as one of the key pieces of feedback they’ve received both technically and from a CX perspective and how can we make it more useful to observe the data minimization principle more effectively but also to ensure that the consumers are able to consent to the full range of the data that's needed to fulfill a purpose.  They will be publishing a proposal around that in the coming weeks. 

Consumer Experience (CX) Working Group Update

A further update was provided on the CX Working Group by CX Lead Michael Palmyre as follows: 

The DSB noted that it has been a very busy month since the last Advisory Committee Meeting.  The key things to point out are the Design Papers and the workshops they ran to support that consultation and which went very well. 

The DSB noted that there was great engagement, including the artefacts they developed to facilitate some of the comprehension.  They have conducted some analysis and now have some clear views on the next steps in relation to CX standards work.

The DSB noted that there are some key Decision Proposals out for consultation.  DP160, which covers non-individuals, business partnerships, and secondary users, closed on Tuesday 8th June.  They have received some feedback which they expect would apply to the energy sector as well, depending on the definition of eligible consumers, but obviously the first cut is for the banking sector.

The DSB noted there is also an item for disclosure consents which is effectively for accredited data recipient (ADR) to ADR disclosures but also relating to some of the access arrangements that were discussed in the recent Treasury announcement. 

The DSB noted that they published an update on NP157 to clarify that, other than the open consultation on DP160, no further Data Holder obligations are anticipated for July 2021 or November 2021 in relation to CX standards referenced in the updated NP157 document, unless required as a result of further rules amendments.

The DSB noted that extensive work is underway on CX Artefacts for ADR Dashboards, CDR Receipts, and the v2 Rules amendments to consent, such as separate consents and amending consents. These are currently being finalised for release in June.

The Chair noted that there is a lot of engagement happening on many fronts – strategic and operational and encouraged everyone to continue to provide feedback which is very useful to the team to be able to understand the sensitives. 

Stakeholder Engagement

A summary of stakeholder engagement including upcoming workshops, weekly meetings and the maintenance iteration cycle was provided in the Committee Papers and was taken as read. 

Issues Raised by Members

The Chair noted that there were no issues raised by members to be addressed at the meeting today. 

Treasury Update

Kate O’Rourke, First Assistant Secretary, and CDR Division Head, from Treasury (TSY) provided an update as follows:

TSY thanked committee members for their excellent contributions to the Design Papers issued on extending CDR to Energy and on Joint Accounts.  TSY noted the very positive feedback received on both the Design Paper approach – which included rules, standards and the consumer experience (CX) together in one paper - and on having multiple ways in which people could contribute (via GitHub, email and workshops).

TSY noted in regard to the energy Design Paper, they received submissions (in addition to the GitHub and workshop contributions) from a wide variety of stakeholders.  Some of the key issues raised were on moving to the peer to peer model and the particular issues this raises in relation to the roles of retailers and the Australian Energy Market Operator (AEMO), including with respect to complaints; and phasing the introduction of CDR to energy retailers.  

TSY noted in regard to the Joint Account Design Paper, there was almost double the number of submissions received than for the energy paper and it also attracted media attention. There were passionate submissions made on the issue of whether to switch from “opt-in” or to “opt-out” and stakeholders identified fundamental questions around CDR being at stake in relation to this issue. Some of the other issues raised were on complex accounts and the implementation question and the implications for how different options might be tackled.

TSY noted that the Telecommunications Assessment was announced in the Budget and that TSY will be assessing the telecommunications sector to see if it's suitable for designation, and that is brought into the CDR regime.  The criteria is set out in the Competition and Consumer Act 2010 and include the interest of the consumers, privacy of consumers information, the regulatory impacts, promoting data driven innovation and promoting competition.

TSY noted that there will be a consultation process which they hope to start in July 2021, which will include roundtables.  There is also a formal consultation processes that is required under the statute i.e. consultation with the Office of the Australian Information Commissioner (OAIC), the Australian Competition and Consumer Commission (ACCC) and the Australian Communications and Media Authority (ACMA) as the relevant regulator.  A report will then be sent to the Minister which will be published.  The Minister will then decide whether to proceed with designation. 

TSY is trying to do the work upfront to identify the best data sets and the types of data that will be available and make great use cases for people and to also see what the existing regulatory frameworks exist in relation to the telecommunication sector.  They are keen to get people’s input about these issues and how it applies to the CDR as it will be very valuable as they start the consultation process. 

TSY noted that the Government has asked them to conduct a Strategic Assessment to identify the sectors that will bring the most consumer benefits from CDR and comes within the broader context of the Digital Economy Strategy that the Government published in the Budget and the push for digitisation and business engagement.  They have been asked to complete this within the first three months of the year and provide to Government for consideration. 

TSY noted that along with the DSB that they are also doing a lot of work in relation to payments which is in anticipation of the Farrell Report (Inquiry into the Future Directions for the CDR).  

The Chair noted that in regard to the Telco and economy-wide sector assessment work and the importance from this Advisory Committee given the level of the knowledge, engagement and investment of this group in the CDR space particularly at the data set level, which he said led to opportunities for the committee to have a particular impact on both of those pieces of work.  Some of the use cases which are in development could well inform some of the designation of certain data sets in sectors which would be particularly important to the process. 

One member noted that in regard to some comments made to them recently about the need for some data to support decision making and they wondered whether that's something we could go out in advance to participants for.  They said in the CDR we should ask early for evidence as it would be useful to do empirical decision making rather than relying on assumptions.  They suggested TSY could maybe include in the consultation an invitation like “we welcome any empirical statistics on your industry etc” to prompt the submitter. 

TSY noted that they endorse that suggestion, but they are often in the hands of the people providing submissions to those processes. They are unable to compel the provision of that information at that granular detail but they certainly welcome it.

Another member noted the importance to ensure that we have a problem definition and a proper analysis of the solutions to solve those problems as we go through the process. The obvious point is that if you're not a scheme participant, you don't have access to any of that data so other stakeholders that are supposed to be providing advice into the development of the rules and the standards the sharing transparently of the data that is being collected and the insights that are being found about the current operation of the scheme is incredibly important to support the consultation process.  If you don't have any direct access to that, you can't make any sort of informed comments.  They do think there is value in TSY playing a role in gathering those insights and making those insights public so that the community can actually discuss the problem and the solutions.

TSY noted that this is certainly something they’ll bear in mind and it is important to note that with the CDR they are in an iterative consultation process and at the beginning of a process they may not have the data and specific things to share.  Over time, the idea would be to collect more data, but noted that it is an obvious challenge in this space when you're asking for voluntary data to be provided by participants in a sector, and can raise some sensitivities for them to manage in terms of confidentiality in the way in which we can present data.  Certainly, they’ll strive to do so, particularly in the process going forward, but there's a little bit of a tension in terms of willingness of people to provide granular data and how that can then be shared.

The member noted that they agree that we need to respect people’s privacy as part of that process, regardless of whether they’re a business or an individual consumer and they’re sure there are ways that we can think about amalgamating that data and how we are measuring the outcomes and impacts more regularly in a transparent way as to how the scheme is operating. They have made some submissions along those lines and they have views about how they can actually measure the consumer impact so that they can understand the performance of the existing standards rules and legislation.

One member noted in regard to feedback in terms of data collection to assist the policy development process.  One of the things they feel is missing is there are a lot of decisions being made without necessarily a full reflection of how practical it is going to be and how the decision is going to practically impact players to be able to actually use that.  One thing that would be great would be to acknowledge that there is a multitude of FinTech’s that have a phenomenally high volume number of customers that are going through channels like screen scraping for example that are using financial data and are delivering solutions in the actual market.  They know exactly what will and what won’t work and putting these guys together for their input would be beneficial.  They think this part is missing with some of the decisions that we are making.  This is incredibly important as a validation point and they see that manifesting in some of the CX work that gets done and in terms of the API’s that get defined but it’s generally too late at this stage. 

TSY noted that we need to keep in perspective the timeframe to deliver what is going to be a fairly high-level roadmap and strategic assessment across the entire economy. They are hoping to get information about good use cases that they can interrogate. The challenge is going to be how detailed they can get at the high level initially. They will look for what the data is, the information that helps them determine relative benefit to consumers of different sectors and different data sets, but obviously the more detailed assessment will come through every sector assessment that follows.  The Strategic Assessment piece is where they will set out what they’ve gathered, hopefully sufficient information that allows them to distinguish a clear consumer benefit, going into certain sectors or data sets earlier and what the ultimate overall timetable might look like as a whole of the economy roll out.  At the same time, they are looking at deepening the functionality through responses to the Future Directions Report and how that might integrate into that roadmap.  They noted the next part will be the detailed sector assessments that will follow before any sector in that roadmap can be implemented.  

One member noted that as we are moving to Telco we need to think about the ways that we onboard and engage with participants in the sector.  The benefit for banking is that we've been doing this for 3 years and have a pretty good working rhythm.  The participants know how the program works.  There’s an education piece and we shouldn’t underestimate how much time and effort it will take for new industry participants to actually come up to speed with the body of work and we can leverage the groups that might be multi sector, and to leverage their learnings to bring others on. 

The member noted that in regard to use cases and using this as a lens, where is the most friction and most economic loss from a consumer perspective. That could be a really good way to frame what the next step are and the next opportunities to look at and help prioritise and drive momentum and uptake. 

ACCC Update

Paul Franklin, Executive General Manager, ACCC provided an update as follows:

The ACCC noted from an accreditation perspective, over the last month they’ve had two new data recipients accredited and two new data recipients go live. They now have six active data recipients and twelve accredited.

The ACCC released a mock version of the register last week which is effectively a coded version of the register standards. They are also working to release a mock version of a data holder and data recipient in July. This is in response to requests from participants for a broader range of testing tools to help them with their own testing. That has been released an open source code. 

The ACCC noted that they have seen eighteen banks pass through the Conformance Test Suite (CTS) in a two-week period with plenty more due to come through in the next three or so weeks. They have also increased the number of resources available for the onboarding team and they are doing everything they possibly can to make sure that they’re able to support any bank that is ready to go live by the 1st of July.

ACCC noted that they have had a number of requests from data holders for exemptions from their 1st July data sharing obligations. They’ve written to the members of Customer Owned Banking Association (COBA) and the Australian Banking Association (ABA) to let them know that just because they're currently late or not able to meet their obligations doesn't mean that they will automatically be granted an exemption.  They noted that in fact, some exemption requests have been denied by the CDR Committee. Any exemption request that has been granted is published on the ACCC’s website.

ACCC noted that they expect that there will be some accredited data recipients that will not be live by the 1st July as they are obliged to and this will trigger an enforcement investigation by the ACCC.  They are doing everything they can to make sure that they’re able to get every bank live that is capable of being live by the 1st of July.

The ACCC released a mock version of the register last week which is effectively a coded version of the register standards. They are also working to release a mock version of a data holder and data recipient in July. This is in response to requests from participants for a broader range of testing tools to help them with their own testing. That has been released as open source code.  They noted that this is the first time that the ACCC have developed software in house and noted that the team supporting the CDR is now much more capable than previously which is a very positive development. 

One member noted that in terms of data holders going live on 1 July, do ACCC know how many they will have on day one?

ACCC noted that they don’t.  As with 1 July 2020, they didn’t know how many major banks would go live until a couple of days beforehand and it will be similar this time around.  There is a number that will go down to the wire.  The majority of the institutions that are going to be late will be very small institutions with a low market share.  They have granted exemptions to institutions that collectively represent a little more than 2% of market share.  If you measure it by APRA household deposits and the institutions who don’t have an exemption and won't be ready, they are typically small credit unions.  There are promising signs that the larger institutions will largely be there which indicates a high proportion of consumers will have access to the CDR. 

The Chair noted that ACCC recently mentioned that there were some issues with some vendors and the vendor support and was asking if this has now been stabilised and improved. 

ACCC noted that many banks are dependent on vendors to deliver a solution that either has not been delivered or has only been delivered recently.  This is still an ongoing issue. 

ACCC noted that in the case of any gaps in compliance that existed after the 1 July and subsequent dates they have a rectification schedule on the CDR website.  Something similar will apply this turn around.

One member noted that even when the data holders go live and they have their APIs available, what is the process for ensuring the data coming through is complete.  They have had some experience with data not always been complete.

ACCC noted that the rectification schedule that was included for the major banks after 1 July 2020 and 1 Nov 2020, there were a few issues where a response was provided for a particular API but there was a particular fee missing etc.  If there are known issues they will publish them and if there are unknown issues and you discover them, there is a process where a ticket will be raised and investigated. 

Meeting Schedule

The Chair advised that the next meeting will be held remotely on Wednesday 14 July June 2021 from 10am to 12pm. 

Other Business

One member noted that Regional Australian Bank (RAB) launched an app last week which allows consumers to interact with CDR to see how it works.  It is used as a one-time consent basis and has proven to be very interesting.   The “Discover your Data” app can be found at https://mycdrdata.regionalaustraliabank.com.au/

One member congratulated RAB, Frollo & TrueLayer on their Fin Review piece and said it was great to see them champion the cause! 

The Chair also thanked again Frank Restuccia (Finder) and Ross Sharrott (Moneytree) for their involvement in the committee and wished them well for the future. 

Closing and Next Steps

The Chair thanked the Committee Members and Observers for attending the meeting. 

Meeting closed at 3:02