Minutes - 19 Apr 2023

Data Standards Advisory Committee, Meeting Minutes

Date: Wednesday 19 April 2023
Location: Held remotely via MS Teams
Time: 10:00 to 12:00
Meeting: Committee Meeting No: 52

Download meeting minutes (PDF 237KB)

Attendees

Chair Introduction

The Data Standards Chair (Chair) opened the meeting and thanked all committee members and observers for attending meeting # 52.

The Chair acknowledged the traditional owners of the lands upon which they met.  He acknowledged their custodianship of the lands and paid respect to their elders, past, present and those emerging.  He joined the meeting from Cammeraygal lands.

The Chair noted that it had been another busy month with Version 1.22.1 and Version 1.23.0 of the Data standards being published. 

The Chair noted that sadly Rob Hale had advised that he wished to step down from the DSAC.  The Chair thanked and acknowledged Rob’s contributions during his time on the committee, noting that Rob had been a very balanced, constructive and helpful member, and wished him well. 

The Chair mentioned he had extended an invitation to Minister Jones to attend the June meeting as the Minister was unable to attend the March meeting due to scheduling reasons.  The Chair thought it would be more appropriate if the Minister joined after the budget was out.   

The Chair noted that Luke Barlow (AEMO), Jill Berry (Adatree), Chandni Gupta (CPRC), Greg Magill (Westpac), Deen Sanders OAM (Deloitte) and Stuart Stoyan (Fintech Advisor) were apologies for this meeting. 

The Chair noted that Barry Thomas and Michael Palmyre from the Data Standards Body (DSB) were also apologies for this meeting as they were on annual leave.

Minutes

Minutes

The Chair thanked the DSAC Members for their comments, and last-minute feedback on the Minutes from the 15 March 2023 meeting. The Minutes were formally accepted.   

Action Items

The Chair noted that all Action Items were either covered-off in this meeting or had been completed. 

Working Group Update

A summary of the Working Groups was provided and these DSAC Papers were taken as read.

Technical Working Group Update

A further update was provided on the Technical Working Group by James Bligh as follows:

The DSB thanked members for reviewing the urgent changes that went into Version 1.23.0 of the Standards.  This version gave significant implementation relief to a number of data holders (DHs) whose vendor partners couldn’t comply with the standards as they stood. 

The DSB noted the issue around hybrid flow versus authentication code flow, and in particular the transition path, has become an area of significant concern in the community, mainly because of interpretation of the various phases.  The DSB said they would be doing some education around that and communicating this via the weekly Implementation Calls.

The DSB noted that Maintenance Iteration # 14 is now complete, and that after the Chair approves, DSAC members should receive a decision document containing the updates for feedback, which would then become Version 1.24.0 of the Standards. 

The DSB noted that they are nearing the end of the consultation on Non-Functional Requirements (NFRs) and Get Metrics API.  They said they have received significant contributions from the telco, energy and banking sectors, which they were pleased about as it was cross sectoral.  As a result, they said they intended to extend the consultation and publish the likely proposal for further input before seeking approval from the Chair.

The DSB noted that they have begun consultation on the strategic direction for the Register Standards and they are looking forward to the same level of feedback.

The DSB noted that the engineering team are ahead of schedule for this quarter and are starting to work on the next quarter.  They would welcome feedback on the DSBs Future Plan.

The DSB noted that as the engineering team are ahead of schedule, they would be doing a Proof-of-Concept (PoC) on how they could provide guidance better through ChatGPT 4, and were experimenting to see if it could ingest all the Consumer Data Right (CDR) documentation and guidance created by the DSB, in order to support participants.

The Chair noted that he was particularly excited about the potential for this project and agreed that it was something that we should explore because clearly ChatGPT-4 and other related technologies were going to have an impact on the CDR in the fullness of time, and consequently it was appropriate to evaluate it on something as safe and important as facilitating guidance and understanding.

The Chair thanked the members for turning around the reviews because it was the last phase of the important consultation process.

Consumer Experience (CX) Working Group Update

A further update was provided on the CX Working Group by Eunice Ching as follows:

The DSB noted that with Treasury (TSY) they were finalising a Design Paper on the consent review, informed by Noting Paper 273 consultation. They also said a CX research report would also be published alongside this Design Paper, and they are also considering future work for phase two of this work.

The DSB published Noting Paper 296 on Offline Customer Authentication for community input. This paper focused on the impacts and opportunities of augmenting or deprecating the redirect with One Time Password (OTP) model and how doing so could maintain support for offline customer authentication. This consultation was extended until Friday 21 April.

The DSB noted that they had concluded a third round of CX research on Decoupled Authentication and a ‘waterfall authentication’ approach, and research analysis was underway.

The DSB noted that together with TSY they were exploring how action and payment initiation could work in the CDR.  They said they were exploring how giving, amending and withdrawing consent could work in the interbank transfer scenario for this round.

One member asked in terms of the OTP model. They said they were very supportive of uplifting this, but because apps are relied on less in the energy sector by their customers, they don’t want it to be done too soon because of the investment required were high and the risks were lower.  They said they would like this to be considered in the consultation process.

One member asked, “what was the timeline for the Consent Review Design Paper”?

The DSB noted the paper was currently being finalised.  The Chair asked TSY to provide further input on this as he thought there was a step involving the Minister because of a Rule’s implication. 

TSY responded that there was no statutory step in the sense that it required ministerial authorisation, but it did have Rules implications so they were keen to have some visibility associated with it.  They also said that TSY and DSB collectively thought it would be helpful to have a step between the conceptual piece and the set of Rules that would be implemented. 

One member asked whether there was any findings from the waterfall authentication approach research? 

The DSB noted that research had just wrapped up on this and the team were working on analysing this research.  They said they would also be looking into backing-up some of this moderated research with unmoderated research, which was ongoing.  They said a report would follow once completed.

The Chair noted that he was keen for the results of this research to be discussed at the DSAC as usually the discussion of that sort of research surfaces another level in granularity of issues. 

Stakeholder Engagement

A summary of stakeholder engagement including upcoming workshops, weekly meetings and the maintenance iteration cycle was provided in the DSAC Papers, which were taken as read. 

The Chair noted that Maintenance Iteration # 15 was due to commence on 3 May and conclude in late June.

Issues Raised by Members

Consent authorisation improvements

Tony Thrassis from Frollo continued his presentation from the last DSAC (which was interrupted by emergency evacuation) around consent authorisations, and understanding where further gains were possible, and how a means of tracking consent between ADRs and DHs would be beneficial. 

Frollo provided a quick recap from the last meeting as follows: 

Frollo noted the following:

• 1 in 5 consents didn’t complete

• 52% of the issues where technical issues i.e., can’t log on, can’t get their OTP, can’t see their account etc.

• Resolving incomplete consents was difficult and when Frollo raise a JIRA ticket, DHs ask them for the customer ID or other identifying information, but in most circumstances, they had none as the consent was not completed.

Frollo noted that if we had a number of “states” to understand the consent progress it would be beneficial in resolving issues and improving the consent completion rate. 

Frollo suggested that the states could be “consent requested”, “OTP completed”, “accounts visible” and “consent confirmation”. 

Frollo did note that when they redirected a user to the DH, they passed a parameter called “state” that the DH passes back at the end of flow, however, Frollo only received this if the consumer cancelled the consent flow.  Logging and exchanging this information would help identify consumers when resolving JIRA tickets associated to consents. Accredited Data Recipients (ADRs) cannot provide client-IDs, arrangement ID or any identification to assist the DH in most circumstances.

Frollo noted that this “tag” could be passed back with other content about the state of the consent as either an error or an incomplete scenario. 

Frollo noted that it would not be used for monitoring purposes but for resolution and information to help consents succeed/complete. 

One member noted that this would be really good as it would also presumably, as well as fixing bugs, also help consumers then know what the next steps are. 

Frollo agreed that there was an education element to this as well and knowledge about where they’re up to and how it works. 

One member asked about the 1 in 5 consent failure, “What role do you think the consumer had, because in some cases they may misunderstand how their accounts are set-up, for example”?

Frollo noted that between 50% to 55% are issues caused by them not being able to log on.  They are not focussing on the UI for the collection of the consents.  It is the other side; the issue was around the authorisation of that consent.

One member noted that the UX implementation for some banks needs to be considered.  For example, they haven’t had ideal results with some of the banks and bank XYZ had a significant amount of drop offs with customers going through the process of selecting their accounts and getting to the next step and then terminating the flow.  The reason for this was because the button to continue was right at the bottom and the scroll bar wasn’t visible.  They were therefore unable to get to the next screen. 

The DSB noted that one of the difficulties in this space was that we are using normative industry standards that were vendor supported, and adding in additional things becomes difficult.  They said their preference would be to find a way to solve this within the existing normative standards. 

The DSB noted that consultation that was open on Get Metrics API is actually an opportunity to resolve this, but the only feedback they have received so far is that it would be good to breakdown the metrics around abandonment.  They noted that they have proposed including in the Get Metrics API “abandonment metrics” so there was visibility of the taxonomy of consensus established in a period.

The DSB noted that they would love to see Frollo’s feedback on phases in the metrics on the 288 thread as we have an opportunity to introduce that into the metrics which means that it will start to get recorded etc.  They did note that this approach would need to be phased in. 

The DSB noted that if an ADR was using Push Authorisation Request (PAR) they got back a unique redirect Uniform Resource Identifier (URI) which was unique to the DH for a specific authorisation, and this value could be used in incident management processes to troubleshoot issues.  They asked if Frollo had considered using that in their troubleshooting? 

Frollo responded that it didn’t give customer information to them if they asked for it.  The DSB responded saying that if you give that to a DH, they can identify exactly what happened with that authorisation flow in their system. 

Frollo responded that no one asked for that as part of the resolution – they ask for customer information. Frollo said that Get Metrics was an avenue that could augment or replace what they’ve been doing in terms of asking the customer where they failed, but it’s not a real time solution.

Frollo note that it maybe strategically better off for the DHs, as an ecosystem, spending some money on an app-to-app solution that might bypass or solve these problems.

One member noted from a NBL sector, they probably wouldn’t have a need for an app-to-app approach, and that n app-to-app may work in some sectors but it won’t work in the NBL sector. 

Treasury Update

Kate O’Rourke, the First Assistant Secretary of the Consumer Data and Digital Division (CDDD) at TSY provided an update as follows: 

TSY noted that the Parliamentary Committee hearing was held on 18 April for the draft Bill for Action Initiation. A number of members of the DSAC attended along with TSY, ACCC and OIAC and gave evidence before the Senate Economic Review Committee as they considered the Bill.

Kate O’Rourke advised that she is moving to another role within TSY and this will be her last DSAC meeting.  Her new role would be as the First Assistant Secretary of the Small and Family Business Division.  James Kelly will be the First Assistant Secretary responsible for the CDR and starts on 3 May.  Treasury is expecting a smooth transition.  

The Chair wanted to acknowledge Kate’s contributions to the CDR and noted that in doing something new, there are always tough times and good times.  Kate has been very consistent and constructive through both and he wished Kate all the very best in her new role. 

ACCC Update

Daniel Ramos, the General Manager, Solution Delivery and Operations for the CDR at the Australian Competition and Consumer Commission (ACCC) provided an update as follows:

ACCC noted that on the 5 April they released their findings on Data Quality in the CDR: Findings from Stakeholder Consultation. 

ACCC noted that at the last DSAC he mentioned Mastercard had been accredited.  Since then Mastercard’s Open Banking Solutions software product has been activated on the register. 

ACCC noted number of other software product have been accredited including recently including Yodlee’s “Clear21” and “Personal Finance Portal”; Verifiers “Verifiers Energy Insights”; SISS Data Services “ACSISS My Data”; and Basiq “Data Analytics Holdings T/A as Fonto”, “Quantaco Securities”, “Moroku” and “Golden Eggs Home Loans”  

ACCC noted that over the last month they have deactivated Commbanks Money Management ADR Product as that product has been decommissioned publicly.

ACCC noted that they deactivated Heritage Bank as a DH as a result of their merger with People’s Choice Credit Union. 

ACCC noted in terms of onboarding the next tier of energy retailers, they’ve started working more actively with Australian Energy Market Operator (AEMO) on coordination and testing with more regular meetings focusing on integration activities in response to their experience from the initial energy launch which was an area they could improve.

ACCC noted that the CDR Performance Dashboard www.cdr.gov.au will be undergoing a number of changes.  This 4^th iteration will be mostly a visual refresh.  The approval for these changes are currently with the Commission.   

ACCC noted that they are aware of a number of intermittent issues with Get Metrics reporting from some DHs that skews the results which they are currently working to resolve. 

ACCC lastly wanted to thank Kate O’Rourke for her leadership over the last couple years, because the CDR was a complex programme and a really tough leadership role. 

One member asked in regards to the Data Quality paper that was recently released, that he didn’t see any reference to the authentication side of things, and was wondering if that was intentional. 

ACCC responded that this was a good point.  Data quality as a headline area had many definitions and scope boundaries.  This paper deliberately focused on Product Reference Data (PRD) and consumer data. He noted that he would pass it back onto the team, and whilst it is deliberate, it also didn’t spell out why it didn’t focus on that point. 

The Chair suggested that ACCC also share Frollo’s presentation to the ACCC team.

One member asked about the discussion at the last DSAC around the OSP model for recipients and for ACCC’s follow up.  The member had reached out to ACCC and received a response saying that they had not made any determinations and were working within ACCC to resolve. 

ACCC responded that they were seeking legal advice on some of those points.  They would however, set up a meeting between DSB, Frollo and ACCC in anticipation of receiving that advice so they could talk about this in more detail.

ACTION:  ACCC to set up a meeting between ACCC, Frollo and DSB to discuss the OSP model

The member responded that they needed to consider the impact and report back because if they had say 200K customers with consents that needed to be withdrawn and reissued new ones, that would be dramatic if this was not closed off the right way.

The Chair noted that an update on the OSP model will be added to the agenda for the next meeting. 

ACTION:  ACCC to provide an update on the OSP model at the next meeting

Meeting Schedule

The Chair advised that the next meeting would be held remotely on Wednesday 10 May 2023 from 10am to 12pm. 

Other Business

One member noted that in the Implementation meetings, there had been discussion around testing and what needed to happen in order for DH going live.  They said the ACCC had presented on this previously, but no further update has been provided.  They asked if an update could be provided on this.    

The Chair asked the ACCC to check on this and come back to the DSB as to whether this was something that should be added to the agenda for the May meeting or whether it is more suitable to be addressed at the Implementation Meetings. 

ACCC noted that this might be more suitable for a technical forum but they would check and advise accordingly.

ACTION:  DSB to confirm with ACCC if an update around testing and DHs going live should be addressed at the next DSAC or the Implementation Meeting.

Closing and Next Steps

The Chair thanked the DSAC Members and Observers for attending the meeting.  

Meeting closed at 10:57