Minutes - 10 May 2023

Data Standards Advisory Committee, Meeting Minutes

Date: Wednesday 10 May 2023
Location: Held remotely via MS Teams
Time: 10:00 to 12:00
Meeting: Committee Meeting No: 53

Download meeting minutes (PDF 234KB)

Attendees

  • Andrew Stevens, Data Standards Chair
  • Alysia Abeyratne, NAB
  • Jill Berry, Adatree
  • Damir Cuca, Basiq
  • Chris Ellis, Finder
  • Prabash Galagedara, Telstra
  • Melinda Green, Energy Australia
  • Peter Leonard, Data Synergies Pty Ltd
  • Drew MacRae, Financial Rights Legal Centre
  • Greg Magill, Westpac
  • Colin Mapp, Toyota Finance Australia
  • Deen Sanders OAM, Deloitte
  • Lisa Schutz, Verifer
  • Aakash Sembey, Origin Energy
  • Stuart Stoyan, Fintech Advisor & Investor
  • Zipporah Szalay, ANZ
  • Tony Thrassis, Frollo
  • Barry Thomas, DSB
  • James Bligh, DSB
  • Ruth Boughen, DSB
  • Rob Hanson, DSB
  • Terri McLachlan, DSB
  • Michael Palmyre, DSB
  • Mark Verstege, DSB
  • Tim Jasson, ACCC
  • Chad Batshon, OAIC
  • Andre Castaldi, OAIC
  • Emily Martin, Treasury
  • James Kelly, Treasury
  • Nathan Sargent, Treasury
  • Aidan Storer, Treasury
  • Luke Barlow, AEMO
  • Chandni Gupta, CPRC

Chair Introduction

The Data Standards Chair (Chair) opened the meeting and thanked all committee members and observers for attending meeting # 53.

The Chair acknowledged the traditional owners of the lands upon which they met.  He acknowledged their custodianship of the lands and paid respect to their elders, past, present and those emerging.  He joined the meeting from Gadigal land.

The Chair noted that the Data Standards Body (DSB) have completed Maintenance Iteration # 14 (MI14) and Maintenance Iteration # 15 (MI15) is underway.  The CX team continues to engage with the community and progress the CX data standards, research and guidelines. 

The Chair warmly welcomed James Kelly, the First Assistant Secretary for the Consumer Data Right to the meeting.  James commenced on the 3 May 2023 replacing Kate O’Rourke who moved to the Small and Family Business Division as First Assistant Secretary.  The Chair invited James to introduce himself to the Data Standards Advisory Committee (DSAC).

James Kelly thanked the Chair for the opportunity to attend the meeting and noted that he has always found the Consumer Data Right (CDR) to be fascinating.  He has recently taken over from Kate O’Rourke as the Division Head of the merged Consumer Data and Digital Division (CDDD) and the Markets Conduct Division (MCD) at Treasury (TSY).  He noted that the underlying structure and the people from the TSY side remains the same. 

He noted that he has been at TSY for a long period, apart from a recent stint outside the Department in the Financial Systems Division.  He has had a long-standing interest, given his financial sector background, in CDR and how it’s going with a particular focus around banking.  He is excited to have the opportunity to delve more into the CDR and keen for it to be a success.

One member asked what the levels and enthusiasm in TSY are like around CDR at the moment. 

TSY noted that the Minister is still very interested in the CDR and that he along with the team are fully committed and enthusiastic. 

One member asked whether TSY is open to feedback and input from stakeholders, particularly from the consumer movement?  TSY noted that they are open to all conversations.

The Chair noted that we are waiting to hear back from Minister Jones office about his availability to attend the June meeting and we will provide further information once details are confirmed. 

The Chair noted that Chandni Gupta (CPRC) and Daniel Ramos (ACCC) were apologies for this meeting. 

Minutes

Minutes

The Chair thanked the DSAC Members for their comments on the Minutes from the 19 April 2023 meeting. The Minutes were formally accepted.   

Action Items

The Chair noted that all Action Items were either covered-off in this meeting or had been completed. 

Working Group Update

A summary of the Working Groups was provided and these DSAC Papers were taken as read.

Technical Working Group Update

A further update was provided on the Technical Working Group by James Bligh as follows:

The DSB noted that MI14 is now completed and Version 1.24.0 of the Standards have been released.  MI15 has commenced and is proving to have some fertile discussion around a couple of larger issues arising around data recipients (DRs) doing client registration and failing with certain data holders (DHs) and how we could give more automated relief in the standards for dynamic client registration (DCR). This issue will be consulted on via a Decision Proposal so it gets the visibility it needs.  The other issue is the representation of lending rates for banking products which has not been reviewed since the regime went live back in 2019.

The DSB noted that both the Non-Functional Requirements (NFR)/Get Metrics and the future of the Register standards consultations are still open. They thanked Frollo in particular for the feedback on the standards which will help shape how they think about the Register moving forward.  There are already discussions with international bodies like OpenID Foundation (OIDF) and the Open Banking Implementation Entity (OBIE) about an international standard for directory under the OpenID Foundation, which could be a candidate to build upon if established.

The DSB noted in terms of the NFR and Get Metrics changes, some of the feedback received from the banking sector is that there is a need for ongoing discussion around NFRs. They are therefore planning some in-person workshops to talk about NFRs across the board in late July or early August followed by an online version. 

The DSB noted that as the NFRs are evolving, over the last year they have gone from 200,000 application programming interfaces (APIs) invocations a day to 10,000,000 which means that NFRs are going to be increasingly important and we need to plan ahead.

The Chair thanked the DSAC members for providing feedback on Decision Proposal 281 – Maintenance Iteration 14 which was the final step in the consultation process.

One member welcomed the opportunity to have an ongoing conversation around NFRs as last week was the first time that they saw what the explicit threshold uplift may be.  They stated they would benefit from seeing the data that supports this in terms of the dashboard and being clear on what’s authenticated vs what’s unauthenticated, where the pain points are in the ecosystems and what underpins the arbitrary thresholds that have been presented and whether they are the right number.

The DSB noted that they have had a robust conversation with the architects at the Australian Banking Association (ABA) this week and this consultation has been extended a couple of times and is the result of two previous consultations during the MI process where they have explicitly called for suggestions around the thresholds, specifically around tiering and requesting concrete data.

The DSB received minimal feedback so they’re going off the metrics data obtained from DHs which is available on www.cdr.gov.au.  The thresholds are not arbitrary they are based on calculations done internally because they have hit the ceiling for transaction per section (TPS) a number of times. They are however only talking about a couple of DHs (mainly the largest DHs) but if you look at the trajectory, it is likely that in the next 6 months there will be half a dozen DHs hitting the ceiling. 

The DSB noted that they have been consulting on this issue for five months and with minimal feedback.  They are not wedded to the numbers that were presented, but in the absence of people providing specific numbers, they had to propose something.  They would welcome counter proposals.

The DSB noted that they have proposed to lower the thresholds for the vast majority of DHs, it’s only the top tier DHs that would be expanded.  It also doesn’t change the investment profile necessarily for the DHs as they are talking about the upper band for peak load and not the average load.  It’s about the threshold at which people can start rejecting under peak periods.  

The member noted that they would provide feedback and would welcome workshops on this topic.

The Chair would also welcome feedback on this topic and recognises the risk going forward operationally.  

Another member noted that if the upper tier provides the NFR as means for the DH to reject the request, then that’s a protection. For example, if a DH spent money and got to a certain level and that level was as guidance and then became law, they need to careful about that. Can the DHs provide what level they can accommodate because they’ll be spending money on this?

One member noted that the entire system is pull based verses push.  Any applications that consumers use, like a personal budget application, you want to see how much you’re spending and understand where your financially at.  A consumer can visit multiple times a day and because you don’t know whether the data has changed, there’s going to be constant requests to banks to retrieve the data. One of the most common and popular use cases of the data is inevitably going to hit the hard limits with TPS that have been put in place.  They wanted to highlight the importance and urgency of this issue and to make sure that it is resolved as it has a direct impact on the benefit and performance of the CDR programme.

The DSB noted that we need to maintain an ecosystem that has a level of quality of service that will grow and they would like to make it a data-oriented conversation rather than just a conversation.

Consumer Experience (CX) Working Group Update

A further update was provided on the CX Working Group by Michael Palmyre as follows:

The DSB have made considerable progress since the last meeting.  For authentication, there was a consultation for Offline Customer Authentication that was extended to 1 May which was well received. This consultation was not considering sector specific authentication standards and also eligibility for any sector wasn’t being reconsidered as part of this consultation.

The DSB noted that Noting Paper 280 on CX of authentication remains open for community discussion which is part of a broader CX consultation for authentication uplift.

The DSB noted that there is a third round of CX research underway around Decoupled Authentication and a ‘waterfall authentication’ approach.  The report is being finalised and will be published in the Noting Paper 280 thread for ongoing discussion.

The DSB noted that the first round of CX research has completed on Action Initiation (AI) and they are currently conducting analysis.  The research explored an ongoing variable intrabank transfer within a specific range, in the form or a round-up service. They are currently planning a second round of research on a range of scenarios.

The DSB noted that with TSY they are finalising the Design Paper on consent and this will be published alongside the release of an accompanying CX research report. 

The DSB noted that Version 1.24.0 of the standards has been published and as part of that, Change Request 574 has been finalised which allows additional account selection functionality in the authorisation flow.

One member asked, when consulting on the second round of research for opening new products and services in AI, was it banking specific or sector agnostic?  The DSB noted that it was banking specific. 

Another member noted that in terms of the consent review and the potential for rule changes. Can the DSB provide any update in terms of timing?  The DSB advised that no further updates can be provided at this stage on timing.

One member asked when does the DSB plan to reach out to consumer reps about AI research for potential input and are they considering possible fraud and scam issues and friction into the CX research process instead of in isolation? 

The DSB noted that in terms of consumer reps, they plan to have a workshop and also conduct a consumer advocate round table.  The CX research will inform what they present but at this stage there is no timing.

The DSB noted that in terms of scam and fraud, it has been discussed as part of the ongoing work for AI but the CX research its more around sentiment needs, expectations and concerns, including fraud and scam where that may arise or be of a concern. There is nothing explicit in the CX research but they are definitely interested in what might be included in that research because it’s a pertinent issue.

ACTION:  DSB to reach out to member for further details around scam and fraud issues.

Another member noted in terms of the scenarios where customers have more than hundreds of accounts, do they have any idea how many customers this refers to? 

The DSB noted that this is specific to the energy sector but we also know that it is possible in the banking sector.  They did note that this is not a requirement, it is an “optional” standard that can be implemented.  The reason that it was proposed is that in the authorisation flow additional functionality information is not allowed unless it’s included in the rules and standards.  The change was to clarify what could be done if appropriate and if a DH deemed necessary.

One member noted that a great deal of research and focus happens and what we end up with in these conversations often is a sectoral, siloed dialogue from a CX perspective.  As part of the next round of consideration, you might think to look not only at the consumer advocacy channels but maybe also some sort of citizenry panel as we might need to do some reality testing as to the way these things intersect with whole markets.  For consumers, banking and energy are not different for the consumer experience in terms of scams and fraud.  They suggest we think about the consumer perspective out, rather than the data and industry perspective in.

The DSB acknowledged that point and noted that there is a tendency in CX research to focus on testing policy and positions, standard considerations and that in practicality, they have a limited focus on that in research sessions at the moment.

ACTION:  The DSB to reach out to member to get further detail on a citizenry panel

Stakeholder Engagement

A summary of stakeholder engagement including upcoming workshops, weekly meetings and the maintenance iteration cycle was provided in the DSAC Papers, which were taken as read. 

Issues Raised by Members

No issues raised for discussion by members this month.

Treasury Update

James Kelly, the new First Assistant Secretary of the Market Conduct and Digital Division (MCDD) at TSY provided an update as follows: 

TSY noted that in the Australian Federal Budget 2023, the Government allocated a further $88.8 million over the next two years to support the CDR in banking and energy, progress the expansion on non-bank lending (NBL) and undertake policy design for AI and deliver cyber security uplifts.  The two-year period is pretty common in a budget context.

TSY noted that the majority of the further funding will be going to ACCC to support its functions with some additional funding for TSY, DSB and the Office of the Australian Information Commissioner (OAIC).

TSY noted that the focus over the next couple of years for the Government is to strengthen the CDR framework, working through AI and building a foundation for future implementation.  In line with the recommendations of the Statutory Review of the Consumer Data Right, further time is needed to allow the CDR to mature, the Government has decided to pause the roll out of superannuation, insurance and telecommunications.

TSY noted that included in the budget is funding to increase the consumer awareness of the CDR and develop a Trust Brand Strategy to help consumers identify when they can access CDR, support providers and products and services. 

Emily Martin, the Assistant Secretary MCDD provided further details in regard to the funding:

TSY confirmed that the funding is over 2 years and the focus is bedding down data sharing in banking, energy and NBL while the detailed policy design is undertaken for AI and PI.  The funding is being provided to maintain support for the regulatory and ICT infrastructure in banking and energy, enable cyber security improvements, support the policy and design work to deliver future benefits through functionality like PI and AI, expand the CDR to NBL and establish a trusted brand strategy.

TSY noted that funding has been provided to support the ACCC to strengthen its monitoring and enforcement of product reference standards to improve data quality in the CDR, focusing on improving CDR functionality and data quality within the already designated sectors.  This was one of the key recommendations from the Review.

TSY noted there is a pause to the expansion to superannuation, general insurance and the telecommunications sectors.  The pause will allow the framework to mature in banking and energy. This in part, responds to some of the concerns that the CDR is expanding too quickly, and it also acknowledges that stakeholders have asked for more time for consultation and collaboration to ensure we thoroughly examine the best options for new policy development going forward and is in line with one of the recommendations from the Review. It will also allow more time to develop the AI framework that will apply across all sectors in the future.

TSY noted that they plan to undertake a Strategic Assessment towards the end of 2024 to inform future expansions including superannuation, insurance and telecommunications as well as the implementation of AI.  

TSY noted on the Trusted Brand Strategy, consumer awareness of the CDR is critical to its ongoing success so the Government has invested in the development of a CDR Trust Brand Strategy.  The strategy will target and grow specific audiences to make it easier for them to trust the CDR with the aim of seeing the brand and recognising that a product or service provides a safer, more convenient way to share data. Whilst development is underway, TSY will work with other government agencies and industry groups to increase awareness and understanding of the CDR with target audiences.

TSY noted that they are also undertaking a refresh of the CDR website including more user-friendly messaging and improved functionality.

TSY noted that the Government has also prioritised strengthening cyber security across the CDR ecosystem. This is another outcome of the Review and an independent assessment is currently underway.  The uplift of cyber security will occur across all CDR agencies and includes funding for a range of activities such as enhancing programme level cyber security plans and uplifting capability systems and standards to meet the requirements of the CDR in an evolving data and threat landscape.

One member asked if this round of funding includes support for consumer groups to better engage with the CDR which was a proposal put forward by consumer advocacy groups? 

TSY noted that the Government did consider proposals to directly fund consumer groups, but they weren’t specifically funded through this budget measure.  With the pause of superannuation, insurance and telecommunications, the thinking is that there will be some more time for that collaboration and consultation.

The member noted his disappointment as the consumer movement all work with slim resourcing and they don’t have any specific resourcing and this is a real blow to any future engagement from consumer groups. 

Although supportive of the budget measure, one member noted his disappointment in the pause around superannuation because super goes a long way to completing the banking area. 

One member was pleased to hear the referencing to the Review and noted that the first recommendation was about accessing “government data”.  For the single touch payroll data, which is submitted to the Australian Taxation Office (ATO), they have a digital service provider programme, and this pause provides us an opportunity to think about alternative mechanisms to get the job done.

TSY noted that things that happen outside of the CDR were not part of this budget consideration and noted government participation was considered through the Review.  They expect the government to respond to the Review in due course.

Another member noted that it is great to see specific allocations, in particular around education and getting consumer understanding around CDR which has been talked about for a number of years. They did however ask what “mature” means as we have been talking about what success looks like and it would be good to clarify what “success looks like”?

TSY noted that the benefits realisation work is ongoing and they hope to engage again on that soon. TSY noted it would do some further work and undertake consultation on what a mature CDR sector looks like. In this context the Government is also interested in cost-recovery. TSY’s framing around cost recovery is that it is not appropriate until the CDR is well bedded down, consumers are using it and there is participation uptake.

One member asked in terms of the Strategic Assessment that will be undertaken at the end of 2024 in terms of the future expansion. Can TSY clarify what part AI will play in that? 

TSY noted that the funding will allow them to undertake a detailed policy design of the AI Framework in close consultation and collaboration with industry and stakeholders.  At the end of 2024, they will look at the expansion in terms of sectors and actions including the sequencing of how actions should be implemented.  The funding does not cover building the IT capability at the ACCC to implement the AI Framework. 

Another member noted that their understanding is that we will continue with the design and the legislative process and the implementation will occur post 2024.  TSY confirmed that this was consistent with the Budget measure.

The member also noted in terms of the consumer education and awareness piece, will TSY be taking expressions of interest from industry around how they can help with the brand strategy and awareness?

TSY noted that this has come out of consumer research that they undertook last year with a lot of focus groups and consumers talking about awareness around data sharing, what is safe and secure and other concerns from consumers.  They came up with a good framework about the role of government and the role of industry. Going forward it needs to be a group endeavour and they will have more to say on this throughout the year. 

One member noted that it would be good to research the moment of truth for trust as in their experience it can be quite confronting to try and explain what is CDR and the concepts.  They hope that when the education piece is done, could the framework have “privacy by design” but not necessarily make it so everyone has to understand how data gets transformed because people don’t want to know - they just want to be trusting. 

One member noted that the energy sector have an upcoming delivery date for commercial & industrial (C&I) on 15 May 2023 when C&I electricity users and secondary user go live.  They do note that AEMO has recently reported that since 15 November 2022 only been 41 sites have had data arrangements set up, which is a very slow up take. It is interesting that TSY is thinking about cost recovery because they have built a lot of things, and even if they become an ADR, they won’t have a use for it. As a DH they are trying to learn the lessons and make sure data quality is better and they are open for business.

TSY noted that this is an important comment because it’s the feedback from DH that has fed into the decision that the Government has made about focussing on the sectors where CDRs have been designated and rolled out and we start to see some consumer benefits being realised in those sectors before progressing with further expansions.

One member noted that following the discussion around pausing and reducing costs what kind of confidence can you give us that the Government is not going to back out of the programme in 2 years’ time?

TSY noted that they can take a lot of confidence from the fact that the government has committed to make this further investment in CDR in what was a really tough budget process.  This is one of the things they’ve invested and continued in which shows commitment from the government. One member strongly supported this sentiment and noted the ongoing funding was a good indication of the Government’s commitment.

The Chair asked members if there was any reaction from the telco sector in relation to the announcement to pause the roll out of telecommunications?

One member noted that they are still digesting the information but the pause was welcome news.  They have spent a lot of money already and they were struggling to come up with a business case for CDR so pausing will enable them to think about the value of the CDR for their sector. 

The Chair noted that one of the questions that the DSB will need to answer is whether we remove the telco standards from the standard artefacts or whether we leave it in its current form.  The DSB will engage with the community in terms of this.

One member noted that they are budget planning for FY24, FY25 and FY26 and they don’t want to assume the past timelines subsequent to a design paper being published.  Can they assume that at the end of 2024 there will be a future dated obligation? 

TSY noted that they will work with industry around obligation dates but there will be normal lead and build times which will be consulted on. 

One member noted that they made a submission around digital platforms and whether they would be included as part of the CDR, noting the ACCC recommendations around competitive advantages and how this could unlock innovation and have positive competitive effects in that space.  What was the appetite to look at this as part of the Strategic Assessment later in 2024? 

TSY noted that the parameters of the Strategic Assessment would be agreed with Government but it will likely be a full strategic assessment and wouldn’t be just confined to superannuation, general insurance and telecommunications. 

One member noted that they have gone a fair way with telco and now we’re backing out and bringing in a new sector – NBL.  Is there any insight why this change has happened?

TSY noted how complementary the NBL data set is to banking data sets that are already designated and which have those obligations in place.  There was also an attraction in terms of consumers having a better picture of their personal finances which was seen as a high value data set for expansion.

One member noted that it is a good time to revisit the success metrics during this “pause” phase. TSY noted that this work is ongoing and will continue and they hope to consult on soon.  

The Chair noted that as the Government has announced the reinvigoration and evaluation of the programme, we need to work out what success looks like now so that we can focus everyone’s attention across industry and the agencies to make sure we deliver it.  He noted that the benefits realisation work is 18 months underway and it would be good to get some clarity on what maturity means. 

The Chair also noted that the orientation of the new two-year funding partially reflects the existing funding that was already in place over the period and there was differing funding arrangements for different agencies.  He noted that it is actually an uplift of $88.8.

ACCC Update

Tim Jasson, the Executive Director - Business Management, Solution Delivery and Operations for the CDR at the Australian Competition and Consumer Commission (ACCC) provided an update as follows:

ACCC welcomed James Kelly and acknowledged all the work that Emily Martin and the team did on the budget.  They are very motivated by the $88.8 investment and it speaks volumes about the CDR.

ACCC noted, in terms of the outstanding Action Item around the OSP model, that if the only change is when an accredited person decides to use a different OSP, or to introduce an OSP for the first time, which was not disclosed when obtaining the consent under the rules, consent would not be impacted.  

ACCC noted that in terms of the Action Item around presenting on testing and DHs going live they confirmed that this be presented in an upcoming technical forum. 

ACCC noted that Paul Franklin will be leaving the ACCC on 15 May 2023.  He has been an integral part of the CDR and joined the ACCC to lead the Division at its establishment back in January 2020.  His experience and expertise will be sorely missed.

ACCC noted that Kathie Standen is the new Executive General Manager at ACCC and she will be commencing in this role on the 15 May 2023.  She joins them from the Australian Energy Regulator (AER) where she is currently the Executive General Manager for the Consumer Policy and Markets Division. 

ACCC noted that over the last month there has been no new ADRs accredited and no new activations.  TrueLayer Limited open banking platform as a software product and TrueLayer as a brand have been deactivated and removed from the Register as at the 20 April 2023.  EONX Services Pty Ltd also surrendered their accreditation on 21 April 2023.

ACCC noted that the performance Dashboard is still going through the Commissioners’ approval for its fourth iteration.  They will advise once approved. 

One member asked in what circumstances can there be multiple dashboards?  For example, NAB has its brand ubank and a person could be a customer of both and therefore would have multiple dashboards.  They would prefer the keep separate dashboards but they are seeking rules guidance on multiple dashboards where there are multiple software products. 

ACTION:  The member to reach out to ACCC for clarification and report back at the next meeting

Another member noted that at the March meeting the DSB presented an excellent presentation on the cross-agency work on consent continuity and what are the different scenarios that could be at play.  It was agreed that the current rules and standards would be reviewed to allow for different scenarios.  They cannot see this in the DSB Quarterly Plan for the July-September quarter and they were wondering if this will be taken forward for further investigation. 

ACCC noted that they will take this on notice and report back at the next meeting. 

ACTION:  ACCC to provide an update on the review to allow different scenarios for consent continuity

Meeting Schedule

The Chair advised that the next meeting would be held remotely on Wednesday 21 June 2023 from 10am to 12pm. 

Other Business

One member noted in terms of the Victorian Energy Compare (VEC) Program which is a Victorian State Government initiative.  How well is this initiative understood as it is not quite CDR but it really gets to the tangible benefits and value that you can provide by just comparing and enabling consumers to test their pricing.  This is a great case study of the full potential on what we can do in different segments of CDR.  Do we have any familiarity with this initiative and is it something of interest?

One member noted that VEC is run by the Victorian State Government Energy Department and funded by Government.  There’s not a direct analogy to CDR because VEC is a government comparison site so the traffic is driven there and in CDR the only sort of analogous groups would be ADRs which are commercial.  They note that consumers in Victoria are very much educated about this and it’s had a great take up and energy companies are competing.  They did note that this is not done by screen scraping - when consumers enter their national meter identifier (NMI), AEMO data is provided.  Victoria’s Energy Made Easy (EME) is the relevant comparator site that the AER runs.

TSY noted from a policy perspective they have looked at the EME service in the context of Government participation and them operating as a DR and having that capability.  There’s a lot of work but it is definitely worth exploring.  

The member noted that the awareness and the campaigning around it is analogous of what we could potentially consider around how we educate people for CDR.

The Chair noted that in the guidance space they are starting to explore, as a Proof of Concept (POC), a tool called ChatGPT as a way of simplifying the interface with all rules, standards and guidance materials.

Closing and Next Steps

The Chair thanked the DSAC Members and Observers for attending the meeting.  

Meeting closed at 12:00