Minutes - 15 Feb 2022

Data Standards Advisory Committee, Meeting Minutes

Date: Wednesday 15 February 2022
Location: Held remotely via WebEx
Time: 10:00 to 12:00
Meeting: Committee Meeting No: 39 

Download meeting minutes (PDF 1559KB)

Attendees

Chair Introduction

The Data Standards Chair (Chair) opened the meeting and thanked all committee members and observers for attending meeting # 39.

The Chair noted that it has been a busy period since the last meeting with the Data Standards Body (DSB) publishing two versions of the Consumer Data Standards (versions 1.15.0 & 1.16.0) and the CX Team have continued to progress the development of CX standards and guidelines, and worked closely with Treasury, the Office of the Australian Information Commissioner (OAIC), and the Australian Competition and Consumer Commission (ACCC) on CX developments related to the v3 and v4 rules.

The Chair noted that the DSB are hosting a workshop on “An introduction to the Consumer Data Right for the Telecommunications Sector” which will address the fundamentals, including how the Consumer Data Right is structured and governed, how its foundations (rules and standards) are created and how participants and stakeholders can contribute and shape the regime.  The workshop is being held on 22 February and is open to all participants of the CDR community.   

The Chair would like to extend his thanks to Gareth Gumbley (Frollo) and Joanna Gurry (NBN) for their offer to host the May DSAC meeting and to Chris Ellis (Finder) who offered to host an event for the DSB.  The May DSAC meeting will be held at the Frollo offices. He would also like to take Finder up on hosting an event prior to a future meeting. 

The Chair would like to welcome Amy Nussbaumer to the DSB’s CX team as a Designer.    

The Chair noted that members Gareth Gumbley (Frollo) and Jason Hair (Westpac) are apologies for this meeting.  Sophia Collins from OAIC is attending as an observer as Claire Schwager is an apology. 

Minutes

Minutes

The Chair thanked the DSAC Members for their comments and feedback on the Minutes from the 8 December 2021 Advisory Committee meeting.  The Minutes were formally accepted. 

Action Items

The Chair noted that Action Items will be covered off in today’s meeting or are completed. 

One member asked what is the expectation for DSAC meetings during caretaker mode? 

The Chair noted he will be discussing caretaker provisions and implications with TSY this week and how they could potentially impact the making and the maintenance of the standards.  His expectation is that they will continue to run with the schedule as is, and if changes are required, they will make them accordingly. 

ACTION:  Chair to provide an update on the caretaker provisions at the next meeting 

Working Group Update

A summary of progress since the last DSAC meeting on the Working Groups was provided in the DSAC Papers and was taken as read. 

Technical Working Group Update

A further update was provided on the Technical Working Group by James Bligh and Mark Verstege as follows: 

The DSB noted that the key things this month were the publishing of two updates to the standards – Version 1.15.0 (published 23 Dec 2021) which was a significant release and Version 1.16.0 (published 4 Feb 2022) with a more limited scope.  They are due to start Maintenance Iteration # 10. 

The DSB noted that they have received feedback saying that it’s hard to assess changes to the standards over a period of time, so they have now included in-line differences on the actual standard pages.  They are very interested in receiving feedback on this. 

The DSB noted that they are looking to get an external view of the InfoSec profile as a whole in the coming months.  This will look at the controls we have in place and longer term, the appropriateness of new controls noting that the relevant international standards (FAPI) are moving to a version 2. 

The DSB noted v1.15.0 included bringing the register and energy standards into the maintenance mode.  This benefited in the cross pollination across the banking and energy sectors. 

The DSB thanked the committee for contributing to the changes to adopt financial-grade API (FAPI) v1.0 which is now final.  They noted that when they originally went live with v1.0.0 of the CDR standards, they adopted a draft version of the FAPI standards, similar to the UK at the time.  Over the course of last year, these were finalised and there has been a significant amount of consultation on how to manage the transition towards the completed FAPI standards. 

They noted that the transition to adopting FAPI 1.0 will provide an excellent foundation for the CDR regime and will improve interoperability with international standards.

The DSB noted that they have seen an active increase in the number of data recipients (DRs) starting to contribute to change requests which is testament to the utility of the standards and the CDR. 

Consumer Experience (CX) Working Group Update

A further update was provided on the CX Working Group by Michael Palmyre as follows: 

The DSB noted that the v1.15.0 release included the energy data language standards being made binding, as well as issues relating to profile scope and joint accounts along with extensive updates to the CX Guidelines.  This was a significant achievement to get those standards settled ahead of the expected implementation lead time.

The DSB noted that v1.16.0 release provided support for insights and trusted advisors, including CX Standards for disclosure consents which was another significant milestone.  The DSB completed a comprehensive process to determine the appropriate changes including two rounds each of consultation and research.  They are now working on CX Guidelines and working closely with other CDR agencies on that front.

The DSB noted that they have released CX Guidelines on OSP use and CDR representative and sponsorship arrangements which hopefully will help CDR participants implement those aspects and bring clarity.

The DSB continue to release artefacts, guidelines, and open-source assets for additional CX Guidelines.

The DSB are expecting some CX work in terms of energy, telecommunications and research into data language and other upcoming CDR developments. 

One member expressed appreciation to the team for getting the guidance materials out around the CX standards just before Christmas.  It was very useful to have something tangible and it’s a huge benefit. 

Stakeholder Engagement

A summary of stakeholder engagement including upcoming workshops, weekly meetings and the maintenance iteration cycle was provided in the DSAC Papers and was taken as read. 

The Chair noted that the DSB is hosting a workshop on “An Introduction to the CDR for the Telecommunication Sector” on 22 February.  He would appreciate it if the committee could share the details of the workshop to their networks. 

Issues Raised by Members

The Chair noted that no issues were raised by members for discussion at this month’s meeting. 

Treasury Update

Kate O’Rourke, First Assistant Secretary CDR Division, Treasury (TSY) provided an update as follows:

TSY noted that there have been some significant decisions made by the Minister and Government recently including the Governments Response to the Inquiry into Future Directions for the CDR, the announcement of the expansion of the CDR to the telecommunications sector on the 24 January 2022 and the release of the Strategic Assessment which means a very busy year ahead. They also noted that we have an upcoming election which will make the planning associated with the roll out a bit more complicated. 

TSY have prepared a snapshot of the CDR Framework Horizon to provide as much information as possible to help people understand the various streams of work and how TSY are proposing to progress.  See snapshot provided at end of minutes.

Treasury provided the following comments on the rows in the snapshot document:

• Reviews: TSY noted that the Minister announced this week the CDR Statutory Review which will be led by Ms Elizabeth Kelly PSM.  The review will explore the extent the implemented CDR framework supports its objectives of driving value for consumers, increasing competition within designated sectors, and driving innovation across the data services sector.

• TSY noted that the Terms of Reference give a sense of how the review is going to build on the work that’s been completed to date. This includes the future setting in the Future Directions Report, the Strategic Assessment and how we roll out an economy wide framework as well as work that is going on across government in terms of the digital identity reform and the work in the Prime Minister & Cabinet on the data transparency scheme. The Chair has asked the DSB to circulate the CDR Statutory Review Terms of Reference and Minister Hume’s Media Release.

ACTION:  DSB to circulate the Terms of Reference and Minister Hume’s Media Release to the committee.

• TSY noted that the Chair has agreed for Ms Elizabeth Kelly to come and speak to DSAC at the next meeting which will be a great opportunity for the committee to have a frank discussion about the types of issues that they’re experiencing and how to strengthen the framework thinking through the lens of the implementation approach. 

• Ecosystem maintenance review: as the system evolves, TSY has a workstream focused on assessing whether the CDR rules (both sector neutral and sector specific) remain fit for purpose. They are keen to make sure there are good lines of communication into the Rules team to address any emerging issues.

• Future Directions implementation: TSY noted the Statutory Review’s timing will help identify what some of the challenges are in the way the current frameworks operates when thinking about the fairly complex exercise of embedding an instruction layer and action and payment initiation layer into the framework.  TSY has commenced work on the drafting instructions for the legislation required to progress the Government response to the Future Directions report.  TSY noted work related to Rules and standards and other forms of the instruments that give effect to the legislative framework enabling action and payment initiation will follow after the legislation has passed.   

• Banking: upcoming milestones for the banking sector include 1 February 2022 for phase three data sets for non-major ADIs; from 1 July 2022 for data sharing requirements for joint accounts for non-major ADIs; from 1 November 2022 data sharing requirements for business accounts for non-major ADIs; and ongoing maintenance of CDR requirements from 2023 onwards. 

• Energy: upcoming dates for the energy sector include 1 October 2022 AER commence sharing Product Reference Data; from 15 November 2022 the largest 3 retailers and AEMO commence sharing consumer data and from 1 November 2023 the remaining required retailers commence consumer data sharing.

• Telecommunications: a telecommunications design paper on CDR rules and standards will be prepared jointly by TSY and the DSB.  We trialled this approach last year for the energy and joint accounts changes which proved successful.  This will then help guide them into the Rules and standards development.

• Open Finance and Government data: TSY noted that they are pleased to see a really receptive response to the announcement around Open Finance being the next area of focus.  The challenge now is to take a more targeted data set approach to rolling CDR out in a way that doesn’t create too much fatigue in the consultation process.  They will initially start with the merchant acquiring services and non-bank lending which is familiar with people and then delve into a targeted approach to general insurance with the potential to prioritise something akin to product data as the stage. 

• TSY noted in terms of government data, it’s their intention to look at what government data might be available or complements some of the open finance data sets. They don’t want to be restrained to just looking at open finance data sets.

The Chair asked does this mean government data in the context of DAT type data or is it government held data about consumers? 

TSY noted that the DAT framework applies to government data going to other government data agencies or research institutions.  In contrast, the Strategic Assessment considered the consumer side of government data, including data that the government holds on behalf of a consumer or is generated by citizens’ interactions. 

The Chair asked TSY if the Design Paper process will be used in open finance and action initiation as well?   TSY confirmed that it will be. 

One member asked in terms of the Statutory Review, do TSY see any limitations about getting to some of the more practical issues that we're facing or things that could actually speed this up?

TSY noted that the Statutory Review is looking at the high-level legal framework architecture. In the CDR it’s an applied framework which provides an opportunity to review it both from the top, and from how it is working in practice, including whether there are any gaps.

One member noted that in terms of data quality and completeness, the issue will be amplified and multiplied as we move from 1 data set to 5 data sets etc.  Any quality completeness/data readiness issues that exist in banking and what we do to resolve that should be reflected proactively across the other industries.

The Chair noted that the operation and maintenance of the regime will become more complex than the implementation of the new sectors so we need to build and run those processes now. It’s going to be a very significant issue and that is why it’s worth looking at how we will consider them together, and more importantly over time how we’ll operate together.

ACTION:  TSY to provide an update on the CDR Statutory Review at the next meeting 

One member noted that they see this as no more or less than rewiring the data flows of the economy to the benefits of consumers.  They noted that there is a distinction between the CDR regime, which is for certain situations and the CDR framework.  The reason we have this level of complexity is because we’re going to do the same thing for all sectors.  The data sector is perfectly capable of mapping from one data format to another and innovating and investing.  The way to handle the operational complexity is to allow the intermediaries and the aggregation points to handle some of the complexity. The geometric complexity is only happening because we are assuming that there are no smarts in the middle.

The Chair noted that the complexity he is trying to avoid is that we end up setting up stand-alone regimes that have to be reconciled by the data businesses.  This could bring a burden on the data businesses and the data economy that could well be significant in Australia’s competitiveness overall.  He wants to make it simple, universal and principled based but agreed that there are commercial capabilities out there that we’re just not leveraging yet. 

ACCC Update

Paul Franklin, Executive General Manager ACCC CDR Division provided an update as follows:

The ACCC noted that on the 21 December they published a dashboard of participant performance. This is initially a static page with a view of each data holder’s (DHs) performance in the CDR ecosystem.  They have noticed that not all banks have been providing GetMetrics data, but compliance has significantly increased recently.

ACCC noted that as of 13 February 2022, they have 87 DHs providing performance data through GetMetrics and only 16 brands that are not yet providing that data. They understand that the majority of those will be fixed in the next couple of weeks. The data is quite promising where DHs are required to meet service availability of 99.5% measured over each month the calculated availability was 99.3% which is just short of the obligation.

ACCC noted that a lot of banks reporting 100% availability and response times to high priority calls of under one second.  They have noted that making the data visible has driven behaviour by DHs to improve the performance against those statistics. They intend to publish a dynamic version of the dashboard in the coming months which will provide another level of granularity within each DHs data set which will update daily showing a rolling average.

One member noted that speed is one thing but have ACCC thought about metrics and the quality of the data?

ACCC noted that they don’t see the data. If the data is in GetMetrics, they’re capable of reporting it and they will look to do that in the dynamic version. If data is not available through GetMetrics, they think an appropriate step would be to consider a change to the Data Standards to collect the data that they want reported.

The DSB noted that they have flagged the concept of voluntary ADR metrics because the problem with data quality is that it's very hard for the DHs to comment on their own quality.  They really need to get the clients to assess.  If the community feels there's an important need for ADR metrics to fill this gap, or another solution, they would be very happy to consult on that.

One member noted that the metrics are like a self-disclosure by the data owners, it’s not necessarily representative of what is the DRs experience.  Do the ACCC have any plans to have some independent perspective provided from the ingestion side of the equation rather than the publication side?

The ACCC noted that some organisations have provided voluntary data to the ACCC and the DSB which has been helpful.  ACCC performs a significant number of compliance and enforcement activities, so aside from the data that they publish across the ecosystem, which is dependent on there being standards available to collect that data, they have other tools like audits or investigations to verify performance.  There is an important role for DRs to tell them where they're seeing issues and then they can investigate. 

ACCC noted that making data available to the public is only one of the tools at their disposal. In this case, it has driven an increase in both reporting and response times and they hope to continue to build out more detailed reporting over time, but publishing data is not the only way they have of dealing with issues in the ecosystem.

One member asked how do we get good quality data through the ecosystem and ensure that good quality data is maintained?

ACCC noted that they have data currently available through GetMetrics as defined in the standards of which they’re capable of publishing. They are interested in feedback from this group to determine how to build this out in time. 

The member also wanted to know what ruling is needed to enable enforcement action around data quality. For example, if a data provider is providing poor data or if a data provider is offline, what is the immediate action and does there need to be management around that from a systemic and overarching ecosystem perspective?

ACCC noted that if a bank is offline, then the data is visible to them and it’s published. If there is a quality issue within the data that's being provided, there are mechanisms available to them to investigate the issue. 

The member noted that it takes too long and we need to enable some real time feedback loops to enable action. 

Another member noted that they would like ACCC to consider how they can look at the conformance to ensure the quality of data without asking the DRs to check it and then raise issues. 

ACCC noted that they are working to make the available data more visible, and for the data they don’t have, they suggest the community raise a standard change, as publishing data does drive behavioural change.  They noted that some data that’s currently not collected is not defined within the standards and does warrant further investigation and should probably be collected. 

One member asked if ACCC publishes the response times of how long it takes to resolve issues raised?

ACCC noted that the response depends very much on the situation and it varies on the nature of the issue. In November they had about a third of DHs providing GetMetrics data and now there at 80%. They expect that the bulk of the remaining issues will be fixed within a couple of weeks. 

One member noted that that’s a self-disclosed set of data from a DH, not the reality of a DR ingesting it. They have previously presented a tool that's used in the UK, the EU, and Open Banking Implementation Entity (OBIE) to demonstrate the reality of receiving that data and how that's assessed and how it varies from what a DH might believe is the case, not necessarily the issue. They would like to know whether ACCC plan to do anything independently across the DHs self-disclosure to assess the conformance and compliance of the ecosystem?

ACCC noted that one of the proposals is to seek data systematically from DRs as well and the Chair noted that this would require a change to the rules. 

One member noted that for DHs to be proactive, it would be useful to have an updated summary of themes with all new DHs who are participating to see what's got worse and what's got better (not by DHs) and see the biggest issues thematically which are impacting DRs.  They suggest over time a data quality monitoring team could help the DHs to specifically identify what is impacting the DRs thematically and we can then arrange for some targeted pre-regulatory intervention.

The Chair note that we need to have a look at this in terms of rules and standards and see whether there is some reporting that DRs could do that would automate the process of feedback rather than go through a manual process.

The DSB noted that they spent a lot of time last year thinking about this problem and they didn’t get a huge amount of feedback. They do think there is a case for them to go back and start looking at this question again and they encourage feedback on this. 

ACTION:  DSB to consider options for addressing the issues around data quality and advise on decision proposal/s which may be appropriate

ACCC noted that they now have 103 active brands representing 73 DHs which include 6 banks that have been activated since the last meeting and 6 more active DRs (PayPal, Basic, Police & Nurses Limited with their additional brands P&N Bank and BCU, SISS Data Services Pty Ltd, TrueLayer Limited and National Australia Bank). 

ACCC noted that they are preparing to release a sandbox for multilateral testing and they are very open to having existing participants who have active solutions in the market test the sandbox with them.

Meeting Schedule

The Chair advised that the next meeting will be held remotely on Wednesday 9 March 2022 from 10am to 12pm.

The Chair noted that the May meeting will be hosted by Frollo at their offices in North Sydney. 

Other Business

The Chair noted that he has extended an invitation to Commissioner Peter Crone from the ACCC to attend the next meeting.  Commissioner Crone has a meeting every Wednesday morning but he hopes that he will be able to attend the second half of the meeting next month.

TSY noted that Minister Hume is presenting at the an CEDA Event | Australia’s digital future: evolving the CDR on 24 February 2022.  This will be her last big speech and vision setting for CDR ahead of the election. 

Closing and Next Steps

The Chair thanked the DSAC Members and Observers for attending the meeting. 

Meeting closed at 11:26