Minutes - 8 Nov 2023

Data Standards Advisory Committee, Meeting Minutes

Date: Wednesday 8 November 2023
Location: Held remotely via MS Teams
Time: 10:00 to 12:00
Meeting: Committee Meeting No: 57

Download meeting minutes (PDF 165KB)

Attendees

Chair Introduction

The Data Standards Chair (Chair) opened the meeting and thanked all committee members and observers for attending meeting # 57.

The Chair acknowledged the traditional owners of the various lands from which the committee members joined the meeting.  He acknowledged their stewardship and ongoing leadership in the management of water, land and air and paid respect to their elders, past, present and those emerging.  He joined the meeting from Cammeraygal land.

The Chaired welcomed Naomi Gilbert who has joined Treasury to lead the DSB. Naomi’s most recent role was Heading up the Cyber Resilience Policy team at the Department for Science, Innovation and Technology in the UK.

Naomi Gilbert thanked the Chair for his warm welcome and noted that she had been in the UK for the last 10 years and has a policy background.  She said she had worked in digital policy areas, including digital data, open data, cyber security and cyber resilience and is aware of the challenges we have from a government and policy perspective in interacting with and progressing various digital related issues and digital economy.

The Chair also acknowledged and thanked Louise Staker for her outstanding contribution during the handover period between Barry Thomas’ departure and Naomi Gilbert’s commencement.  He said the number of learnings from the Treasury (TSY) and Data Standards Body (DSB) achieved during that period had been numerous and valuable. 

The Chair noted that the DSAC refresh had been finalised with all existing members accepting the invitation to continue.  New members will include Brenton Charnley (Mastercard), Kate Crous (CBA), Richard Shanahan (tictoc) and David Taylor (Westpac).  The December meeting will be the first meeting with new members.

He also noted that the Consumer Data Right (CDR) Board had had a very constructive meeting with Minister Stephen Jones last week, and the Minister has agreed to join the December DSAC meeting to provide an update on his expectations for the CDR and answer questions from the committee.   

Based on community feedback, the final CDR Implementation Call for 2023 will be held on 14 December 2023 and reconvene on 18 January 2024.   

Recruitment is well underway to fill the roles of Assistant Director Cyber Assurance and Assistant Director Compliance at the DSB.  The DSB hope to finalise in the coming weeks.   

The Chair noted that Jill Berry (Adatree), Stuart Stoyan (Fintech Advisor) and Zipporah Szalay (ANZ) were apologies for this meeting.

Minutes

Minutes

The Chair thanked the DSAC Members for their comments on the Minutes from the 27 September 2023 meeting. The Minutes were formally accepted.   

Action Items

The Chair noted that all Action Items were either covered-off in this meeting or had been completed. 

Working Group Update

A summary of the Working Groups was provided and these DSAC Papers were taken as read.

Technical Working Group Update

An update was provided on the Technical Working Group by James Bligh:

The DSB noted that they are continuing to maintain the standards, working with the ecosystem to find ways to help stakeholders improve performance and do research and analysis for the future of the CDR into Action Initiation (AI).

The DSB noted that version 1.27.0 of the Standards was a fairly minor update and resulted from changes arising from Maintenance Iteration # 16 (MI16).  It was however the first time that they had introduced the full draft standards for Non-Bank Lending (NBL), which was a draft Data Standard. The Chair had not approved them as they as they were only out for consultation.  The DSB said they expected to put a decision to the Chair in the next few weeks to make a Candidate Standard for NBL.  These Data Standards would not be made binding until the Rules, which are approved by the Minister, are made.

One member noted that they met with the Australian Financial Industry Association (AFIA) and there had been feedback around fleet products and different leasing conditions. They said they would like to set up a separate working group around this topic and they may need to update the Data Standards to cater for the fleet nuances.

The DSB noted that the candidate Data Standards are not final and are subject to change in response to the finalised Rules but they are 95% complete so implementers can start planning their development schedule.  They said the final dates for NBL won’t be determined until the Rules are finalised.

The DSB noted the updates to Product Reference Data (PRD) and account details for banking products, which will impact both banking and the NBL sector. Based on the feedback received they will make a candidate Data Standard, which is not a binding Data Standard, and would be followed by further consultation.

The DSB noted that before the end of the year, two further Data Standards would be published.  Version 1.28 would include the draft Data Standards and candidate Data Standards, and will be published shortly.  Version 1.29 would contain changes from Maintenance Iteration # 17 and would be published in the next couple of weeks. 

The DSB noted that they had been conducting work on the Account Origination Experiment. They said they were developing bank account origination processes with LIXI’s involvement as well as a group of stakeholders.  They said this experiment was progressing well.

The DSB noted that they had commenced the consent and authentication uplift work, which would include a series of consultations.   

Consumer Experience (CX) Working Group Update

An update was provided on the CX Working Group by Michael Palmyre:

The DSB noted that Decision Proposal 327, which focused on the CDR authentication uplift work, closed on 15 November. 

The DSB noted that Action Initiation (AI) work was underway with the focus around the account origination experiment. They had sketched out a number of CX flows and shared with experiment participants and developed a range of wireframes and journeys. 

The DSB noted that the consultation on Decision Proposal 276 concluded on 20 October which outlined the Data Standards implications resulting from the July 2023 CDR Rules amendments. They said they had progressed to the next stage of consultation with DP333 and DP334 which outlines the Data Standards being proposed as binding to support the July 2023 CDR Rules.

The DSB noted that they were moving towards a holistic consultation on NBL standards in conjunction with the progression and finalisation of the technical standards. This was expected to align with the view that the existing Banking data language standards be adopted.

The DSB noted that the Consent Review Design Paper concluded on 6 October. They said they were working with TSY to analyse submissions policy and Data Standards thinking in support of the consent review initiative.

Stakeholder Engagement

A summary of stakeholder engagement including upcoming workshops, weekly meetings and the maintenance iteration cycle was provided in the DSAC Papers, which were taken as read. 

The Chair noted that a question was raised at Senate Estimates around the lack of press releases from the DSB and other agencies.  It was noted that the DSB did not engage in press releases but they do publish minutes, videos, post on LinkedIn, and that everything was open and collaborative.

Non-Functional Requirements (NFR) Working Group Trial

James Bligh, the Technical Lead at the DSB presented on the proposed NFR Working Group Trial. 

The DSB noted this Noting Paper had come out of the ongoing discussion around NFR requirements and modifying the NFR due to some issues and also the GetMetrics consultation.  Feedback included requiring a process to help participants to plan their infrastructure and to be proactive in setting NFRs rather than reactive to issues as they occurred. 

The DSB said they had held workshops in response to the feedback and the attendees proposed a working group that would access operational data and propose changes to the NFRs as an effective mechanism for managing NRs for the CDR. 

The DSB proposed a body of participants to talk about future planning and make proposals on NFRs in response to data that could then be put to the wider community for open consultation, but it would not be a decision-making forum.  And they said membership would be consistent and would be established under the Chair’s powers to establish Advisory Committees.

The DSB would seek nominations for membership and the Chair would make a determination around the membership.  They said they were seeking people with technical experience and representatives from the larger organisations, for a total of 6 meetings.

One member asked how the DSB sees the oversight and accountability of this new group and does the DSB envisage that this new group will take some of the workload from the DSAC?

The DSB responded that the current process for the DSAC would not change.  The new Working Group would help the DSB develop Decision Proposals. And any Data Standards would then go through the normal process, not directly to the Chair. 

The Chair noted that our process or consultation of the Data Standards would not change, and that they would just provide inputs given the specialised and forward-looking nature of some of those obligations, especially as volume builds. 

One member noted that it was a good idea and agreed that technical people should be involved as it would be very data rich.  They also recommended that members should be a mix of both data holders and data recipients as they look at the data from a different lens.

The DSB agreed and in terms of forecasting they will need data recipients involved, particularly the intermediaries that support many different customers and software products and representatives.

The DSB also noted that they don’t have access to the GetMetrics data but they have been speaking to the Regulatory Division at ACCC about getting access to the metrics data in raw form for this forum, which is subject to the Commissioners approval.  However, based on previous conversations around NFRs, the metrics by themselves would not be sufficient and they needed targeted data for problems spaces. They said they would require people to voluntarily disclose additional data points, which may mean some sort of code of conduct would be required.

The DSB noted that the code of conduct would need to include requirements for managing confidential performance data provided to the working group to help decision making.   

One member noted that if people don’t voluntary disclose is there some way that at an aggregate, we can find a pooled way to assess the performance on some key metrics? 

The DSB noted that this would be an item for discussion for the new working group.  The DSB do not run an accredited data recipient or data holder, they don’t receive the metrics data or involved in the operations.  They will need to lean on this group to give advice on how best we can get insights.

The member suggested that there was no reason why the DSB couldn’t be an accredited data recipient and then do some mystery shopping. 

The DSB noted that they hadn’t considered this to date, but responded that it was an interesting idea. 

The Chair gave his approval for the DSB to commence the trial for the NFR Working Group.

ACTION:  DSB to set up the NFR Working Group Trial

The DSB also noted that they will be calling for nominations including from new members of the DSAC.

ACTION:  DSB to call for nominations for the NFR Working Group Trial 

Operational Performance

Tim Jasson from the Australian Competition and Consumer Commission (ACCC) noted that they were scheduled to provide an update on 9.4 Reporting at this meeting. 

They said they are currently considering the information provided in those participant reports including whether any information can be published.  They said they were keen to provide transparency to stakeholders when they could.  The said the likely avenue for any publication is the recently started Compliance Update and Regulatory Bulletin (CURB).

The CURBs first edition was published last month to around 170 subscribers and is a periodic publication to raise awareness about the CDR compliance activities. To subscribe to the CURB Bulletin reach out to accc-cdr@accc.gov.au.

Issues Raised by Members

No issues were raised this month. 

Treasury Update

Aidan Storer, Assistant Secretary, Market Conduct and Digital Division provided the TSY update: 

TSY noted that they had concluded several draft Rules and Design Paper consultations since the last meeting. These included the draft Rules for extending CDR to the NBL sector and the Consent Review and Operational Enhancement Design Paper, which concluded on 6 October. The Screen Scraping Discussion Paper also concluded consultation on 25 October.

TSY noted that good stakeholder engagement was received on all of those consultations which showed that there was a lot of interest in those topics. 

TSY indicated that they plan to send the NBL rules package to the Minister before the end of this year for his consideration. They are also considering what measures from the design papers should be taken to the draft Rules stage for consultation next year.

TSY noted that in terms of consumer group engagement in the CDR’s development, that they value their input and are currently working with consumer groups to ensure that there is ongoing engagement with their work.

The Chair noted that one of the potential questions for the Minister, who was attending the December meeting, might be around obligation dates for NBL and when the Minister thinks he may be in a position to make the Rules. 

TSY noted that they received stakeholder feedback on the proposed NBL obligation dates and want to make sure there is adequate time for effective implementation.  They reiterated that they intend to provide advice to the Minister so he could make a decision before the end of the year. 

ACCC Update

Tim Jasson, the Executive Director of the Consumer Data Right Division at the ACCC provided an update:

ACCC welcomed Naomi Gilbert to the DSB and also thanked Louise Staker during the interim period. 

Since the last DSAC they had focussed on the preparation for the 1 November. They’ve had 13 energy retailers activated on or before the 1^st of the month, 2 did not achieve compliance (rectification dates provided) and 7 energy retailers have been provided exemptions.  

ACCC recently deployed a GetMetrics update which would capture better operational statistics from data holders and update the Register to align with changes introduced in version 1.24 of the Data Standards. They had also upgraded the CDR website to a new version of the consent management platform and continued to deliver on their cybersecurity uplift programme. 

ACCC noted that version 5 of the Performance Dashboard was expected to go live on 9 November with information being published around energy sector and secondary data holder performance metric. 

ACCC noted that the Regulatory team were assessing the 5^th tranche of accredited persons ongoing information security reporting which was due to be submitted to the ACCC by the 30 September.

ACCC noted that they published a new version of the compliance and enforcement policy for CDR in collaboration with the Office of the Australian Information Commissioner (OAIC) which added data quality as a priority conduct area.

The Chair asked, in terms of the information being published on the 9 November around the energy sector and secondary data holder metrics, would ACCC be open to putting this on the agenda at the next DSAC?   He said he also appreciated the sensitivity around 9.4 Reporting and therefore expected this would be subject to the Commissioners approval. 

The ACCC said they were happy to receive direct feedback and to present at the next meeting, subject to approvals.

ACTION:  ACCC to confirm if they could present on the Performance Dashboard at the next meeting

Meeting Schedule

The Chair advised that the next meeting would be held remotely on Wednesday 13 December 2023 from 10am to 12pm. 

The Chair noted that Minister Jones would be joining us at the December and we look forward to hearing his views, expectations and forward view of the CDR. 

Other Business

No other business was raised. 

Closing and Next Steps

The Chair thanked the DSAC Members and Observers for attending the meeting.  

Meeting closed at 11:55