Last week, the Australian Banking Association (ABA) and Accenture jointly released their findings following a strategic review of the performance of the Australian Consumer Data Right (AU CDR) across its first four years in operation (the Report).
Most notably, the Report highlights very low levels of uptake, with only 0.31% of Australian customers reportedly using AU CDR products. This is despite very large levels of investment by the Australian Government and AU CDR participants, including AUD 1.5 billion invested by the Australian banking sector alone.
In New Zealand, the Customer and Product Data Bill (Bill) currently before Parliament seeks to establish a Consumer Data Right in New Zealand (NZ CDR). For background on the Bill, including the journey leading up to the release of the Bill, please see our related Insights here.
Whilst the Bill proposes a slightly different regime to the AU CDR, including in particular:
- the omission of an AU CDR-style principle of reciprocity;
- a clearer delineation between the application of New Zealand privacy laws and NZ CDR data principles;
- the ability of participants to share CDR data with a wider range of non-accredited third parties; and
- the inclusion of action initiation from the outset,
there are still several lessons that New Zealand can take away from the Report's findings.
Report findings
In late 2022, a statutory review of the AU CDR (Statutory Review) found that its complexity, overly prescriptive nature, lack of alignment with existing regulatory regimes and requirement of reciprocity were all factors limiting its adoption and creating a barrier to entry for smaller participants (our previous summary on the Statutory Review can be found here).
The Report builds on the findings of the Statutory Review and concludes that, rather than encouraging innovation, benefitting customers, and promoting competition (being the AU CDR's stated objectives), the AU CDR has actually had detrimental impacts in a number of these areas. In particular, the Report indicates that the significant compliance cost, which has been disproportionately high for mid-tier banks (in 2023, the accrued AU CDR cost per customer for mid-tier banks was double that of major banks), has had an overall negative impact on competition in the banking industry.
The Report further highlights a lack of compelling or innovative use cases for the AU CDR and low awareness of AU CDR-enabled solutions amongst consumers, as well as banks having a limited capacity for investment in improved AU CDR functionality (and other areas of innovation) following the significant initial investment required to be made into AU CDR implementation and compliance activities.
Lessons for New Zealand
It is worth noting that some FinTechs have already criticised aspects of the Report's findings, saying that the figures regarding low adoption rates misrepresent growing interest in the regime and that the reported lack of compelling use cases is simply naïve.
However, notwithstanding these differing perspectives, there remain a number of issues highlighted across both the Statutory Review and the Report which the NZ CDR regime would do well to take account of early on in order to set New Zealand up for the best prospects of CDR success.
Compliance burden
Like Australia, promoting innovation and competition are key objectives of the NZ CDR. However, the Report and Statutory Review both found that high compliance costs have stifled innovation of new AU CDR-powered products, as well as strategic investment aligned to customer demand in Australia. In contrast, India and Singapore (both countries with much higher CDR adoption rates in this space) have been recognised by the Report as having lighter-touch and market-driven regulatory frameworks.
To reduce counter-productive compliance costs and maximise CDR uptake, the NZ CDR will need to address any overlap with other existing (and emerging) regulatory regimes and seek out opportunities to lighten the compliance burden/cost of participating, including adopting a more permissive (rather than prescriptive) approach wherever appropriate to do so.
Data Quality and Trust
The Statutory Review highlighted that data quality would need to improve for the AU CDR to realise its potential and recommended that screen scraping be banned to encourage CDR uptake. The Report does not comment on the impact of poor quality data, but flags that customer trust levels in the AU CDR will need to improve in order for the AU CDR to displace less secure (and poor quality) data sharing options, such as screen scraping.
The Report also notes that jurisdictions who enjoy higher CDR adoption rates still permit screen scraping, with a general trend globally towards API-based data sharing. Based on the experience of these overseas jurisdictions it appears that building customer trust in the NZ CDR from the outset, including by ensuring access to high quality data (ie data that is appropriate, sufficient, and obtained legally), is likely to be a more effective strategy to incentivise CDR adoption than prohibiting screen scraping.
Customer Awareness
The Report highlights low awareness of the AU CDR amongst customers as a further factor impacting adoption rates. Customer awareness is fundamental to the success of any CDR or equivalent regime and was a widely reported contributing factor to the UK's initially low open baking adoption rates also.
Investing in a customer awareness-raising and education campaign early on will be critical to establishing customer demand and, ultimately, driving uptake for CDR-enabled products. This campaign should be an essential part of the Government's implementation activities and cover customer awareness of both the potential benefits of the NZ CDR and any risks (and associated safeguards) that customers should be aware of.
Consent
It is still unclear exactly how customer consent will work under the NZ CDR regime. The Bill requires consent to be express and informed but detailed consent requirements are yet to be set. From a user experience perspective, it will be important to ensure that the consent process is not cumbersome so that customers are not put off by it.
In Australia, the Statutory Review found the consent process to be too complex and had the potential to lead to "consent fatigue". There were similar widely reported issues that arose in the early days of the UK's open banking experience also. To promote adoption in New Zealand, it will be vital that we fine tune our consent settings from the outset to ensure an overall positive NZ CDR customer experience, including ensuring that the process is appropriately user friendly, brief, and avoids any unnecessary complexity.
Next Steps
The Russell McVeagh team will be continually monitoring developments and will provide further updates as the Bill progresses. In the meantime, if you would like any advice regarding how the CDR might affect you and organisations in your industry, please do not hesitate to contact us.