Close this search box.

We are creating some awesome events for you. Kindly bear with us.

Australian Government proposes regulatory framework for open banking

Australian Government proposes regulatory framework for open banking

The Australian Government Treasury released a review
report into Open Banking in Australia last week.  In the 2017-18 Budget the Australian
government announced that
it will introduce an open banking regime in Australia. On 20 July 2017,
the Hon Scott Morrison MP commissioned
the Open Banking Review, chaired by Mr Scott Farrell who was asked to recommend
the most appropriate model for Open Banking in Australia.  

Open Banking would provide customers greater access to and
control over their banking data, and it has the potential to transform the way
in which customers use and benefit from the banking system.

Open Banking will be
the first implementation of the Consumer Data Right (CDR) announced by the
Hon Angus Taylor MP, the then Assistant Minister for Cities and Digital
Transformation in November 2017. The announcement formed part of the
Government’s response to the recommendations of the Productivity
Commission’s Inquiry into Data Availability and Use

The CDR will give customers the right to access their data in
a machine-readable form. Australian consumers will be able to compare offers,
get access to cheaper products and plans to help them ‘make the switch’ and get
greater value for money.

The CDR will be implemented economy-wide on a
sector-by-sector basis, initially in the banking, energy, and
telecommunications sectors. The Treasurer will be leading the development
of the CDR, with the design of the broader CDR informed by the recommendations
of the Open Banking Review.

The final report makes 50 recommendations, on the regulatory
framework, the type of banking data in scope, privacy and security safeguards
for banking customers, the data transfer mechanism and implementation issues.

Some of the key recommendations are as below.


Allowing for competing approaches: Open Banking should not
be mandated as the only way that banking data may be shared. Allowing competing
approaches will provide an important test of the design quality of Open Banking
and the CDR.

Regulatory framework

Open Banking should be implemented primarily through
amendments to the Competition and Consumer Act 2010 that set out the
overarching objectives of the CDR.

Open Banking should be supported by a multiple regulator
model, led by the Australian Competition and Consumer Commission (ACCC), which
should be primarily responsible for competition and consumer issues and
standards-setting. The Office of the Australian Information Commissioner (OAIC)
should remain primarily responsible for privacy protection. Australian
Securities and Investments Commission (ASIC), Australian Prudential Regulation
Authority (APRA), the Reserve Bank of Australia (RBA), and other
sector-focussed regulators as applicable, should be consulted where necessary.

A Data Standards Body should be established to work with the
Open Banking regulators to develop Standards.

Only accredited parties should be able to receive Open
Banking data. The ACCC should determine the criteria for, and method of,
accreditation. However, the review also recommends that accreditation criteria
should not create an unnecessary barrier to entry by imposing prohibitive costs
or otherwise discouraging parties from participating in Open Banking.

Open Banking should have internal and external dispute
resolution processes to resolve customer complaints. Amendments to the
Competition and Consumer Act 2010 should create powers to address complaints
(to the extent these do not already exist) and give customers standing to seek
remedy for breaches of their rights. There should be a single consumer data
contact point – there should be ‘no wrong door’ for customers. The Rules should
create a right for accredited parties to seek remedy for breaches of the CDR.


The Review recommends that data holders should be obliged to
share all information that has been provided to them by the customer (or a
former customer) at the customer’s direction. However, the obligation should
only apply where the data holder keeps that information in a digital form. It
should not apply to information supporting an identity verification assessment
(the outcome should be shared).

Data holders should also be obliged to share all transaction
data in a form that facilitates its transfer and use. Transfers of
customer-provided and transaction data should be provided free of charge.

According to the review, data that results from material
enhancement by the application of insights, analysis or transformation by the
data holder should not be included in the scope of Open Banking. Aggregated
data sets should not be included in the scope of Open Banking.


A customer’s consent under Open Banking must be explicit,
fully informed and able to be permitted or constrained according to the
customer’s instructions.

The Review further recommends that a data holder should
notify the customer that their direction has been received and that the future
use of the data by the data recipient will be at the customer’s own risk. That
notification should be limited to a single screen or page. Data recipients
should similarly provide the customer with a single screen or page summarising
the possible uses to which their data could be put and allow customers to
self-select the uses they agree to.

A clear and comprehensive framework for the allocation of
liability between participants in Open Banking should be implemented. To the
extent possible, the liability framework should be consistent with existing
legal frameworks

Data transfer

Data holders should be required to allow customers to share
information with eligible parties via a dedicated application programming
interface (API). The Review proposes the UK Open Banking technical specification
as a starting point for the Standards for the data transfer mechanism.

Data holders may not add authorisation requirements beyond
those included in the Standards, while customers should be able to grant
persistent authorisation. They should also be able to limit the authorisation
period at their discretion, revoke authorisation through the third-party
service or via the data holder and be notified periodically they are still
sharing their information. All authorisations should expire after a set period.

The Standards should also allow users who do not use online
banking to authorise the sharing of information through service channels ordinarily
provided by the data holder.


According to the Review, a period of approximately 12 months
should be allowed for implementation between the announcement of a final
Government decision on Open Banking and the Commencement Date.

From the Commencement Date, Open Banking should apply to
transaction data and product data. However, this should not be applicable to
transactions before 1 January 2017.

The four major Australian banks should be obliged to comply
with a direction to share data under Open Banking. The remaining Authorised
Deposit-taking Institutions should be obliged to share data from 12 months
after the Commencement Date, unless the ACCC determines that a later date is
more appropriate.

Approximately 12 months after the Commencement Date, the
regulator (or an independent person) should conduct a post-implementation
assessment of Open Banking and report to the Minister with recommendations.

Recommended regulatory
framework for Open Banking/ From Appendix D of
Review into Open Banking

The Review consulted extensively in forming its recommendations, including over 100 meetings with banks, firms, industry bodies, consumer groups, regulators, and data specialists and consideration of formal submissions from 41 interested parties.

The Government is seeking any further detailed comments on the recommendations before making final decisions on implementation.  Submissions can be sent to by 23 March 2018.

Access the complete report here.


Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.


As a Titanium Black Partner of Dell Technologies, CTC Global Singapore boasts unparalleled access to resources.

Established in 1972, we bring 52 years of experience to the table, solidifying our position as a leading IT solutions provider in Singapore. With over 300 qualified IT professionals, we are dedicated to delivering integrated solutions that empower your organization in key areas such as Automation & AI, Cyber Security, App Modernization & Data Analytics, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Renowned for our consulting expertise and delivering expert IT solutions, CTC Global Singapore has become the preferred IT outsourcing partner for businesses across Singapore.


Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit


SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.


HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 


IBM is a leading global hybrid cloud and AI, and business services provider. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity and service.