Closed CDR-API-Stream closed 1 year ago
The Noting Paper has been attached to the opening comment.
Initial comment would be whether there is some renaming/rewording required for the data cluster language? For instance the ecosystem currently has Basic Bank Account Data
but there are some quite stringent rules that state the use of the word bank is reserved and special to ADIs. I'm certainly not suggesting changing the technical scope name itself but I'm not so sure it's appropriate that non-bank lenders start sharing "Bank Account Data"? At a presentation level that seems like it could be misleading?
Some early thoughts & comments; no doubt we will have more as detail is released. As we add new sectors, I hope we have learnt some lessons from implementing the Banking sector. One issue for us concerns business consumers giving consent, specifically secondary users. Like Banking, there are many use cases for CDR data for businesses due to their compliance requirements (at a minimum BAS, financial accounts, audits, tax returns, etc.). Businesses will benefit from collecting data from the NBL sector. There could even be a few new considerations in NBL; consider an employee who 'owns' a motor vehicle lease needing to allow their employer access to the CDR data, as the employer has compliance requirements (FBT, GST) concerning the salary-sacrificing arrangements. Other issues around the current definition of an eligible consumer are, what if some NBL providers do not offer an online experience? Does this mean all their customers are not eligible, so the NBL has no requirement to share CDR data?
We also wish to ensure some precise specifications and definitions of terms; for example, a transaction or 'repayment' is a contractual requirement but may include multiple components: for example, repayment (capital & interest), fees (one or more), taxes, insurance and maybe more. So when the getTransaction call is returned, are ADRs (consumers) merely receiving the total repayment value or a transaction for each component? (kind of like a standard loan/mortgage product with an ADI) The worst case would be to receive no transactions and only receive a change in balance, as we fear some providers may only consider a loan product a schedule of repayments.
Hi @joshuanicholson
Thanks for your comments. Just to provide some general notes on the points you raised:
Business consumers giving consent For the Banking sector, any sharing is authorised by an eligible consumer of a Data Holder. A consumer may be an individual who is 18 years of age or older, or may be a person who is not an individual (commonly, a business).
Individual consumer accounts may have secondary users with certain privileges on the account (such as a secondary cardholder) that may be given permission to share data in their own capacity, by an account owner.
Non-individuals do not have secondary users designated on accounts, rather the business itself is the consumer, and the business may specify nominated representatives of the business to share data on its behalf (commonly, the employees).
The question for your scenario would then be; which party is the eligible consumer in relation to the Data Holder for the relevant lease. If you are able to provide further detail, or examples of different 'consumer' and 'owner' arrangements with respect to leases and leased items, and the particular data access that each may be interested in, or require, that may be helpful in understanding any further complexity or opportunity for NBL.
NBL providers not offering an online experience In the Banking sector, in addition to Rule 1.10B "Meaning of eligible", clause 2.1 of Schedule 3 - "Additional criteria for eligibility—banking sector" states that a consumer may only be eligible in relation to a Data Holder if they can access the account online.
If the Data Holder did not have an online service, they may not be obliged to offer data sharing at that time.
If you are aware of NBL providers that may be above the proposed de minimis threshold and only offer an offline experience, further details may again be useful for analysis. You can provide further details directly to Treasury using the details provided in this issue - Design Paper: Consumer Data Right Rules and Standards for the Non-Bank Lending Sector #278
Specifications and definitions of terms
As an example, clause 1.3 of Schedule 3 of the Rules - "Meaning of customer data, account data, transaction data and product specific data" provides an overview of the types of data that may be required for sharing;
The Standards provide structure to support these various types (transactions, balances, or fees for example);
Guidance (Ref. 1, 2) has been provided to suggest that data shared should align to data available in other channels. This is also supported by Privacy Safeguard 11 – Quality of CDR data.
The actual level of detail available to the ADR (consumer) may depend on what Data Holders are able to provide according to their respective systems, while still remaining compliant and providing a positive consumer experience.
In my opinion, the name "Non-Bank Lenders" accurately conveys that these institutions perform similar functions to banks but are not banks themselves. Therefore, any constraints regarding their integration into the existing schema would involve ensuring their products fit within the framework already established for banking products.
While I acknowledge Stuart's concern about the potential confusion caused by the use of the term "bank" in the name "bank account," I believe it is a reasonable compromise that avoids the need to create an entirely new schema, which would unnecessarily complicate the process.
When considering the use cases for non-bank lenders as data holders, they are essentially identical to those for accessing banking data. As a result, adding further complexity to the schema is not necessary.
While I acknowledge Stuart's concern about the potential confusion caused by the use of the term "bank" in the name "bank account," I believe it is a reasonable compromise that avoids the need to create an entirely new schema, which would unnecessarily complicate the process.
I'm certainly not trying to be difficult here simply highlighting it as a potential issue. I'd actually lean towards simply changing it to "Basic Account Data" for everyone and moving forward. The challenge with the word bank
is that the Banking Act 1959 Section 66 1(b) explicitly bans the use of the word unless explicitly permitted by APRA:
(1) A person commits an offence if: (a) the person carries on a financial business, whether or not in Australia; and (b) the person assumes or uses, in Australia, a restricted word or expression in relation to that financial business; and (c) neither subsection (1AB) nor subsection (1AC) allows that assumption or use of that word or expression; and (d) APRA did not consent to that assumption or use of that word or expression; and (e) there is no determination in force under section 11 that this subsection does not apply to the person.
It seems like a really long way around to somehow get APRA to declare consent to use the term in the context of the CDR but 🤷 maybe the government folk will perhaps think otherwise.
The CBA supports the DSB's proposed approach regarding the Standards to apply to the non-bank lending sector, and we agree that they should be aligned with banking.
Thanks to those who provided feedback. The feedback period is now closed, and responses will be reviewed and considered as part of the draft standards development process.
While I acknowledge Stuart's concern about the potential confusion caused by the use of the term "bank" in the name "bank account," I believe it is a reasonable compromise that avoids the need to create an entirely new schema, which would unnecessarily complicate the process.
I'm certainly not trying to be difficult here simply highlighting it as a potential issue. I'd actually lean towards simply changing it to "Basic Account Data" for everyone and moving forward. The challenge with the word
bank
is that the Banking Act 1959 Section 66 1(b) explicitly bans the use of the word unless explicitly permitted by APRA:(1) A person commits an offence if: (a) the person carries on a financial business, whether or not in Australia; and (b) the person assumes or uses, in Australia, a restricted word or expression in relation to that financial business; and (c) neither subsection (1AB) nor subsection (1AC) allows that assumption or use of that word or expression; and (d) APRA did not consent to that assumption or use of that word or expression; and (e) there is no determination in force under section 11 that this subsection does not apply to the person.
It seems like a really long way around to somehow get APRA to declare consent to use the term in the context of the CDR but 🤷 maybe the government folk will perhaps think otherwise.
Thank you Stu.
I want you to know that your comments in this regard have been heard.
For the time being the architects will continue with the previously established nomenclature but legal advice will be sought on this, amongst the other legal advice we seek for the Chair.
Regardless of the outcome of the advice, I hope to have addressed the point you raised by no later than the end of this calendar year in order to provide clarity and certainty to our community.
Regards, RT
This Noting Paper outlines the approach and assumptions that will be used to guide the development of the standards for the Non-Bank Lending sector.
The noting paper is attached below: Noting Paper 292 - Approach to developing Data Standards for the Non-Bank Lending Sector.pdf
While this is not a formal consultation and will not lead to any change to the Consumer Data Standards feedback from the community is still welcome as it will help guide how the consultations for this sector progress.
This noting paper will be open for feedback until the 24th of March.