There's no doubt that transitioning to CDR Open Banking data is a huge and complex undertaking. Like any complicated task, it's important to be able to break it down into more manageable chunks. However, without any guidance, it's very hard for organisations to decide what needs to be addressed first. That's why we're providing guidance on the top priority items organisations need to start focusing on now, in order the be prepared.
Why CDR Data?
First things first, why CDR data? The most important consideration for organisations is how CDR data is of value to them, the benefits, the use cases and any costs, as well as risks.
One of the major improvements that CDR APIs bring is access to a more well structured and stable data source. CDR APIs will likely respond more quickly than current digital data capture methods, meaning an uplift to the data retrieval process, but more importantly to the end user experience by providing a faster and more reliable connection to data.
Digital data capture methods also require significant engineering effort to create and maintain on an ongoing basis. At Basiq, we see CDR as a huge opportunity in a) providing our customers with even better coverage in the future and b) being able to direct more engineering resources to making data meaningful, so our customers can continue to innovate.
In terms of the data you can receive, there are two types; product data and consumer-specific data. Access to this data can help personalise services, improve operational efficiencies and make product comparison and switching easier - but not without significant normalisation and, potentially, enrichment. As an example, not all of the 17 CDR APIs are mandatory to share, such as 'Merchant Category Codes' which are needed to help identify the merchants that consumers shop with and better understand spending. This means that any organisation becoming an Accredited Data Recipient (ADR) needs to be prepared to build or buy data science capabilities if they don't already have them.
Key considerations for the transition
The CDR is all about consumer-consented data, so when preparing to consume CDR data the first thing you need to consider is consent and the User Experience (UX). Under the CDR, there are multiple consent types and UX is all about providing an informed, intuitive and trustworthy consent sharing process to support this. The key question here is, how are you going to get consent from your customers with the least amount of friction and in the most transparent way?
The next two considerations are focused on compliance and your data handling environment, specifically Data Governance and Security. In terms of data governance, how are you going to apply consent policies onto the data you hold? And alongside this, how do you ensure that data is secure, i.e. what does your security need to look like in order to be rubber stamped to get CDR data?
Data coverage is another consideration. Currently, the CDR mandates all of the 144 ADIs in Australia to share data. However, only a small percentage of those institutions are sharing data and the data available is limited. The focus here is less around when you are ready to consume CDR data but when will CDR data be ready for you to consume and why it's important to have complementary data sources outside of the CDR.
Similar to data coverage, Accreditation and the paths to CDR participation are still in progress. The only option at the moment to receive CDR data is to be a fully Accredited Data Recipient (ADR). This is a timely and costly process which is likely to be updated with tiered and alternative paths to participation. The government has already acknowledged that only allowing access to open banking for fully accredited businesses is restrictive and a number of consultations and submissions are under way. You can check out our latest submission to Treasury here.
The last consideration is the idea of 'Reciprocity' under the CDR. The reciprocity rule requires any ADR, who has certain financial products (regardless of whether they are an ADI or not), to become a Data Holder and open up their data for sharing. As a result, any organisation hoping to become and ADR needs to be aware that they may also need to become a Data Holder, a process that is currently very complicated and time consuming.
Given the above considerations, we've provided a guide to transitioning to CDR data below:
Download our guide to get detailed checklist items on the below:
- The different consent types you may need to request from your customers and ensure your environment is prepared to manage this data
- Your options with Basiq in using a complementary approach to data collection via our Dynamic Switching capability
- Ensuring your environment is prepared to manage the data you collect in a CDR compliant way and more!