ACCC says major banks pulling CDR resources as a result of COVID-19

Despite this, it is continuing to push forward with work on the mandate.
Written by Asha Barbaschow, Contributor

Following the announcement that it has given smaller financial services providers another three months to get their data-sharing ducks in a row, thereby extending the Consumer Data Right's (CDR) deadline, the Australian Competition and Consumer Commission (ACCC) said it is continuing to push forward with work on the mandate.

"There has been widespread disruption to the work of Consumer Data Right teams across all participants due to social distancing requirements, including travel restrictions, and requirements to work from home, causing some loss of productivity and temporary delays," it said in response to questions on notice [PDF] to the Select Committee on Financial Technology and Regulatory Technology.

"Despite those impacts, the ACCC and its technology provider are nearing completion of development of the Consumer Data Right Register & Accreditation Application Platform, and it will still be ready before July, in time to permit data sharing to commence in July 2020."

The ACCC said some data recipients have reported challenges in maintaining or securing funding to continue their work on the CDR; an inability to progress technology development; a loss of key clients due to COVID-19 related issues; difficulties in obtaining Information Security Control Audit Certificates due to travel restrictions in Australia or overseas; and competing business priorities.

It also said some data recipients have had to pause their work on the CDR.

Meanwhile, the data holders -- ANZ bank, the Commonwealth Bank of Australia, National Australia Bank, and Westpac -- have reported to the ACCC that they have expended "significant efforts" to respond to the economic impacts of COVID-19.

"They have each reported widespread and rapid reallocation of resources to areas of need. In response to a prediction of heightened cybersecurity risk to the banking sector as the health impacts of COVID-19 peaked, based on experience in other countries, cybersecurity resources were temporarily reallocated by banks from their Consumer Data Right projects to prevent and mitigate those anticipated threats," the ACCC said.

The ACCC said that in order to reduce the risk from technology change at a "time of strained resources", major banks have also reported that they have temporarily frozen non-essential technology changes.

"Recognising that the situation with COVID-19 will continue to evolve, the ACCC is continuing to work with participants, Treasury, and the government on the roll out of the remaining elements of the CDR," the ACCC said.

At this stage, the ACCC said it expects there will be a limited impact to the current schedule and that the sharing of consumer data will still commence during July 2020. Other than introducing sharing of consumer data, all banks have obligations to share product data from 1 July 2020.

The ACCC is tasked with implementing the CDR, which has been touted as allowing individuals to "own" their data by granting them open access to their banking, energy, phone, and internet transactions, as well as the right to control who can have it and who can use it.

The first sector to which the CDR will apply is finance, through an open banking regime, with telecommunications and energy soon to follow.

PayPal steps up COVID-19 counteroffensive

PayPal says it has "stepped up" its counteroffensive to identify and prevent opportunistic online crime in the financial services space, as criminals look to take advantage of the global pandemic.

"PayPal is strongly equipped to fight back in countries like Australia where law enforcement agencies have been quick to share intelligence that we can use to monitor our platform," it wrote in a submission to the committee.

The company claims to be taking action against Australian websites that fraudulently claim to offer home test kits and coronavirus immunity tablets; as well as against online businesses that have been engaging in price-gauging behaviour for essential items, such as surgical masks and hand sanitiser.

"In Australia, we have observed unscrupulous players inflate prices on bottled water," it said of the online criminal behaviour it has countered. "We are also actively monitoring for other fraudulent activity, such as fake cures, counterfeit items and bogus fundraising."

The submission is PayPal's second to the committee, with the committee last month re-opening its inquiry in direct response to the COVID-19 outbreak.

In its first submission, PayPal said it uses data analytics, machine learning, and virtualisation to detect suspicious behaviour within 15 milliseconds and prevent cybercrimes.

It said each day it processes over 3.1 million transactions globally -- $20,705-worth of payments each second.

PayPal has 8 million active accounts in Australia.


Editorial standards