Clarify selection of Trusted Adviser in the CX Guidelines

[CDR-CX-Stream]

The DSB is raising this change request on behalf of Chartered Accountants Australia and New Zealand (CA ANZ), CPA Australia (CPA), and the Institute of Public Accountants (IPA).

For further details, see the Letter to the Chair PDF. The below change request was arrived at following further discussion.

Description

Revise the CX Guidelines for Trusted Adviser (TA) disclosure consents, particularly the Pre-consent stage—Trusted Advisor Directory and Trusted Adviser Rating.

Intention and Value of Change

While the CX Guidelines only outline optional examples and recommendations, they currently include ratings, additional information, and a selection process that go beyond CDR requirements. This includes the presentation of a list of trusted advisers of the accredited person from which a TA may be selected, and the accredited person’s corresponding ‘ratings’ of each trusted adviser.

To avoid confusion, only advisers that the consumer has already nominated should be presented when a consumer provides a TA disclosure consent, given the consumer should have been invited to nominate them prior to this step. The additional information and ratings screen should also be removed as the consumer should already be familiar with their trusted adviser(s).

This change request proposes the removal of the ‘About [Trusted Adviser]’ screen and a change to the heading of the list of trusted advisers from ‘Trusted Adviser Directory’ to ‘Trusted Advisers’, with a guideline to clarify that this is intended to be a list of trusted advisers that the consumer has already nominated.

Area affected

• Trusted adviser disclosure consents - detached flow
• Trusted adviser disclosure consents - consolidated flow

New item or change proposed

Update the Trusted Adviser Disclosure Consent wireframes to clarify the process of selecting trusted advisers. Remove any non-mandatory items relating to information about the trusted adviser.

DSB Proposed Solution

The DSB proposal for this issue is in this comment.

---

:warning: Disclaimer :warning: The CX Guidelines provide optional implementation examples for key rules, standards, and best practice recommendations.

They demonstrate key aspects of the consent model, but certain areas may be considered out of scope. This may include, for example, where the rules and/or standards are silent or non-prescriptive to provide CDR participants with flexibility or discretion according to their own systems or protocols.

:heavy_exclamation_mark:The CX Guidelines span policy, rules, standards, and best practice, so requests will be considered on a case by case basis and timings may not fall within a Maintenance Iteration cycle.

Importantly, the CX Guidelines are optional to follow, but the CDR rules require CDR participants to have regard to them. The CX Standards differ in that they are binding data standards that must be followed.

[darrenbooth]

How does the CX Guideline also then comply with 1.10C(4)(b), when the only good or service that is requested by the CDR consumer is for CDR data to be collected from a data holder and provided to a trusted adviser (per 1.10C(5)), noting that 1.10C(4)(b) still applies in this instance but 1.10(4)(a) and 1.10(4)(c) do not apply?

[Jill-CAANZ]

To our reading, 1.10C(4)(b) prevents an accredited person forcing a consumer to nominate a TA where the provision of the goods or service requested does not require such a nomination. Therefore not excluded by 1.10C(5).

Our understanding of 1.10C(5) on 1.10C(4)(a) and (b) is that an accredited person can make nomination of a TA a condition to accept a TA disclosure consent where it is the only service provided.

We are seeking clarification on the impact on an ADR when more then TA disclosure is provided. 1.10C(1) implies that it is a accredited persons choice to 'invite' TA nomination. This implies, by an ADR choosing not to 'invite' nomination, they are unable to accept a TA disclosure consent.

We are also seeking clarification if an ADR must accept the nominated TA or could the ADR limit who can be nominated at their discretion. We interpret the Rules that if an invite is made the ADR must accept the nominated party. This is through the lens of a consumer as if an ADR has discretionary power to limit who can be ‘nominated’ then it is the ADR’s trusted adviser, not the consumers.

[darrenbooth]

We are also seeking clarification if an ADR must accept the nominated TA or could the ADR limit who can be nominated at their discretion. We interpret the Rules that if an invite is made the ADR must accept the nominated party. This is through the lens of a consumer as if an ADR has discretionary power to limit who can be ‘nominated’ then it is the ADR’s trusted adviser, not the consumers.

In reality, for an ADR to provide CDR data to a TA the ADR will require a contract with the TA. The ADR is required to do checks on the TA to validate their status. Also the ADR will likely need to validate the system that it is disclosing the CDR data to, to ensure that the CDR data is being disclosed to the TA and not to another party.

[joshuanicholson]

We would like to add the scenario of a TA who has already been vetted, approved, and added to the ADR's platform.

The TA is inviting a consumer to share their data, so in this case, the consumer accepts the invitation to consent to their bank and then shares data with the TA that invited them (this means their TA is available to select and is promoted to 'top of the list' —BUT it does not prevent the consumer from selecting another TA or adding extra TAs).

The current CX assumes the consumer initiates everything. However, there is a strong business case for TAs to encourage their clients to share. Clearly, consumers are in full control of their sharing, but it just starts with an invite from the TA - imagine receiving a email from your Accountant (an email you know and trust) that asks you to share data with them)

[joshuanicholson]

We agree with the removal of the About Trusted adviser section, as we believe consumers should be 1) finding and selecting their already known TA or 2) inviting their TA to join/be vetted for the ADR's platform. (allowing an ADR to perform their requirements)

We do not believe an ADR should be offering a 'marketplace' for a consumer to find a new TA.

[joshuanicholson]

When it comes to the Trusted Adviser directory, we believe that ADRs should be allowed to provide a list of Trusted Advisers and a function to find them on this directory using criteria such as email address, personal name, location, or practice name.

Additionally, ADRs should be allowed to have the ability for a consumer to request the addition of their Trusted Adviser to the directory.

In summary we are happy with the current Directory CX - changing the title does make sense though.

[Jill-CAANZ]

If I understand the above scenario's correctly, such a directory is trusted advisers that have entered into some form of contract with an ADR to be available to any consumer using the ADR's platform. So, to the second scenario above, I understand the Rules already allow an ADR to invite a consumer to nominate their Trusted Adviser and subsequently provide a TA disclosure consent. That is, to facilitate the disclosure of information held by a third party (ADR) through a specific channel (CDR) so a service can be provided as part of a one to one relationship between a consumer and their Trusted Adviser. Such a nomination and TA disclosure consent does not mean that the nominated Trusted Adviser will want to be available in a directory accessible to other consumers on an ADR's platform. For example, I nominate my accountant and provide a TA disclosure consent as I wish them to have access to my data, noting it is no longer CDR data on disclosure to a Trusted Adviser. It does not mean that my accountant wishes to be on a list that another consumer can access and request their services. In this scenario, I would suggest there would need to be an opt in option for the Trusted Adviser to join such a directory. Though, to our understanding, promoting a Trusted Adviser's services is not a function of the CDR regime. As with the earlier comment 'We do not believe an ADR should be offering a 'marketplace' for a consumer to find a new TA.', equally, the CDR regime is not intended to provide a a marketplace for Trusted Advisers to find new clients.

[Jill-CAANZ]

To the scenario that a Trusted Adviser 'invites' a consumer to share data through the CDR channel. I am not certain if the use of the word 'invite' here is related to the ability of an ADR to 'invite' a consumer to nominate their Trusted Adviser. Where a consumer engages a Trusted Adviser to provide a service, the consumer will most likely need to provide information. The CDR being one possible channel to provide that information, in theory, whether or not the Trusted Adviser is vetted, approved and already on an ADR's platform. So a Trusted Adviser can alert their client to the CDR regime and discuss if the consumer wishes to use this channel to provide the information needed for the Trusted Adviser to deliver the agreed service. As we understand the Rules, it would then be for the consumer to see if the party holding their data is an ADR and if that ADR allows them to nominate, or already has on their platform, their Trusted Adviser. If yes, the ADR can then 'invite' the consumer to nominate their Trusted Adviser and then provide a TA disclosure consent. I think this is the point of difference, we do not understand that the Rules require an ADR to 'vet' and 'approve' a Trusted Adviser. The Rules do require an ADR to confirm a person is in one of the classes of Trusted Adviser and provides that CDR data disclosed to a Trusted Adviser is no longer CDR data, just data. The key question, I think, is where does the liability for data security rest during the conversion of CDR data to data when disclosed by and ADR through a TA disclosure consent?

[CDR-CX-Stream]

Thanks all for your input. We have discussed these issues with CDR agencies - see below for the response.

CR646 requests that the 'Trusted Adviser Directory' be limited to nominated TAs, and that the 'About [Trusted Adviser] screens be removed. We have discussed this issue with CDR agencies to confirm what is possible under the rules, what the policy intent is, and the correct interpretation of the relevant rules (i.e. 1.10C and 4.11).

Following those discussions, we can confirm that ADRs are not required to:

• offer a TA disclosure service;
• invite a consumer to nominate a TA if they do not offer a TA disclosure service; or
• offer a TA disclosure service for any TA of the consumer’s choosing.

It is optional for an ADR to perform these activities. The rules envisage that an ADR's TA disclosure consent offerings may be based on existing and commercial arrangements with TAs, and as such the range of supported TAs may be limited on that basis.

CDR agencies are of the view that removing the 'Trusted Adviser Directory' from the CX Guidelines may misrepresent what is possible under the rules and standards. The rules do not prohibit ADRs from offering a 'marketplace' or directory service that provides consumers with a choice of potential trusted advisers. Such a directory may include TAs that the consumer already has a relationship with and may include the option to nominate another TA. This is consistent with the policy intent.

Where a consumer has not previously nominated the TA at the time of giving a TA disclosure consent, the data recipient may take the selection of a TA during consent to be the nomination of the TA. While the method of presenting nomination would be at the discretion of the ADR, and may consider their arrangements with specific TAs, the rules cover TA nomination and as such it is appropriate for the CX guidelines to demonstrate how this may occur.

The intention of rule 1.10C(4)(b) is to prohibit a situation where a consumer is forced to select a particular person as a TA by an ADR, however there may be reasonable grounds to only offer a single TA to a consumer where they have previously nominated that TA outside of CDR.

Given these positions, we are proposing that changes to this CX guidelines be limited to:

• the amendment from ‘Trusted Adviser Directory’ to ‘Select a Trusted Adviser’, for simplicity
• removal of the trust rating component in the ‘About Trusted Adviser’ screen
• clarify through a new CX Guideline that it is optional for an ADR to offer a TA disclosure service for any TA of the consumer’s choosing
• clarify through a new CX Guideline that a consumer's selection of a TA can constitute nomination

We do not propose that new guidelines be made to state that the list of trusted advisers is limited to those a consumer has already nominated.

Given the CX guidelines will reflect current rules and policy positions, and the DSB does not manage rules and policy, we recommend that participants engage with the Treasury if they see issues with the current operation of TA disclosure consents.

Importantly, the above positions do not represent legal or compliance advice. They should be read as interpretations provided by the DSB in collaboration with CDR agencies as compliance is the responsibility of the CDR participant.

[CDR-CX-Stream]

Based on the above clarifications, we have prepared a visual example of the changes we are proposing to make to the CX Guidelines for TA Disclosure Consent. This demonstrates the affected screens only. Please see this Figma link.

We invite final community views on the above changes. In the absence of further feedback, or a request to continue looking at this issue in MI21, the DSB CX team will proceed to finalise these artefacts and publish them on the Trusted Adviser Disclosure consents page on the CX Guidelines website in due course.

[darrenbooth]

The intention of rule 1.10C(4)(b) is to prohibit a situation where a consumer is forced to select a particular person as a TA by an ADR, however there may be reasonable grounds to only offer a single TA to a consumer where they have previously nominated that TA outside of CDR.

Given the above comment, there should be a similar clarification in the CX Guidelines that the "Select a Trusted Advisor" pre-consent screen with the TA options listed may not be required where the consumer has previously nominated that TA outside of CDR.

[TT-Frollo]

Frollo supports the summarised changes.

[CDR-CX-Stream]

Thank you to participants for providing input on this change request. The DSB has published updated CX Guidelines which reflect the proposed changes outlined in our comment made on 21 August.

You can find the updates on the CX Guidelines webpage for Trusted Adviser Disclosure Consents.

Regarding @darrenbooth's comment about nominating a TA outside of the CDR, the DSB will consider this suggestion further in collaboration with CDR agencies. We will keep this CR open until this query is resolved.

[CDR-CX-Stream]

The DSB is continuing to collaborate with CDR agencies regarding @darrenbooth's comment about whether the TA selection screen is required where the consumer has a pre-existing relationship with a TA. As the original change request has been resolved, we will close this CR and progress the remaining question as part of #674