Welcome back to Instalment 6 of the Basiq Insights series. Last week, we scraped the surface of what ‘action initiation’ can achieve by looking at an Open Banking Payments scenario. This week, we look at demystifying ‘action initiation’ and what it means as the next iteration of the Consumer Data Right (CDR). This piece will define what exactly is meant by ‘action initiation’ or ‘write access’ (nb: this paper will use action initiation when referring to write access) and look at what it means for consumers, businesses and regulation in the future.
Before we begin, it’s important to note that action initiation can be done today via digital data capture, such as doing a balance check before triggering a direct debit. The CDR is currently formalising the rules around action initiation to further evolve CDR and the already defined framework for data sharing.
Action initiation under the CDR isn’t just about sharing data, but doing something once that data is shared. For example, you can currently share your consented data to a personal finance manager to read your financial information and suggest ways to budget, but that’s where it ends. Action initiation moves the experience beyond informing a user e.g. showing a chart on spending, toward engaging such as notifying them of the change to actioning, for example automating savings.
Action initiation proposes that once you share that data, you can then empower the personal finance manager to do something, such as (a) an automatic transfer once your salary arrives, or (b) topping up your savings account if you’re ahead for the month, and much more (and that’s just in the PFM example!). This is often referred to in the CDR legislation as ‘write access’ - or allowing an action to be performed on your consented-behalf. The sharing of data is technically the first ‘action’ the CDR has allowed for. From there, the use cases open up - from reducing cognitive friction to automating data-driven financial decisioning.
The CDR outlines the critical elements of Action Initiation being:
• A common set of standards is required to enable action initiation requests to be interpreted correctly by a service provider, allowing an interoperable and competitive system to develop.
• A system of accreditation is necessary to provide those receiving instructions with confidence about the legitimacy of the initiator of the request and to ensure adequate protection
• Processes for enabling consumers to provide direction and authorisation are needed for the system to operate for the consumers’ benefit.
• A clear governance and liability framework would ensure, to the extent possible, that risks are appropriately assigned between participants in the system.1
Given there’s a large amount (read: an incredible amount) of trust involved in allowing a someone-else (also known as an accredited third party) to do something once reading your data, the regulation is still evolving to answer “What’s the best way to do this in a safe and secure manner?”. The timelines for CDR action initiation are expected to be around 6-12 months away, to ensure a robust regulatory framework that can draw on the excellence of reading data and create fertile ground for action initiation use cases. You can see from the points above that conceptually it ties in with the existing rules around data sharing under the CDR.
An excellent proposal from the Data Standards Body (DSB)2 has presented some critical elements to combine the benefits of action initiation with the incumbent framework around CDR data sharing (and logically so). See Fig 1.0 below for similarities between an accredited data recipient and someone who can initiate actions.
The DSB is seeing Accredited Action Initiators as distinct from Accredited Data Recipients (green squares) and Action Service Providers as distinct from Data Holders. Rather than a Data Recipient, we have an Action Initiator which is a third-party entity accredited to initiate one or more actions within the regime. This Accredited Action Initiator (AAI) connects to a number of designated Action Service Providers (ASPs) that are similar to—or in many cases are—Data Holders. There is no definition around whether this will involve an additional accreditation model for now, however this will become clearer as the framework develops.
A notable call out is that an Accredited Action Initiator is a ‘trusted third party’ that can act as a digital power of attorney to execute instructions on a consumer’s consented behalf (e.g. automatically sweeping money into a savings account once your salary is deposited).
Table 1.0 below outlines the differences in terminology between CDR data sharing and CDR action initiation.
Spot The Difference
The concepts above are a clear 1:1 relationship which suggests that it is likely that an accredited data recipient will become an accredited action initiator, with some additional steps to be defined in terms of additional accreditation. This clear comparison will help accelerate the amendment to Treasury and reduce an additional layer of complexity for those who want to share data and those who want to initiate actions.
Action initiation, or ‘write access’, represents an incredibly powerful and exciting next step for the future of the CDR. As Open Banking extends into embedded and open finance, action initiation will be lauded for its forward thinking nature and ability for a consumer to have even more control over their finances. This is an important next step toward autonomous finance - a concept you can learn more about in Basiq’s recent White Paper - “Four Use Cases for Open Banking’s Future”.
Finally, let's not forget that CDR is extending out across other industry verticals, most likely the Energy sector next, followed by Telecommunications. The power of CDR data plus the ability to initiate actions across industry sectors will be huge! We are incredibly excited to see what companies can use this to their fullest extent once it is rolled out 💥
That’s it for this week’s instalment of Basiq Insights. Feedback? Always welcome - send it over to firstname.lastname@example.org. Til next time 👋
- Data Standards Body - API Technical Standards Working Group - "Noting Paper - Action Initiation Framework". Author: Mark Verstege. Published July 7th 2021.