The House of Representatives Standing Committee on Economics has recommended an independent regulator lead the process that will eventually see banks in Australia open up customer data to external parties.
Concerned with the conflict involved in opening up data from a bank's perspective, the committee has denied Australia's big four responsibility for implementing the process.
"The process of introducing data sharing cannot be left to the banks to lead," the Review of the Four Major Banks (Second Report) says. "The banks are conflicted in this process and must not be allowed to lead it."
The committee's Second Report [PDF] follows the November publication of the First Report, which recommended banks be forced to provide open access to customer and small business data by July 2018 to be accessed by competing banks, startups, and other financial institutions.
The data would be wrapped in security and privacy protections and would include information on a customer's transaction history, account balances, credit card usage, and mortgage repayments, as some examples.
The committee suggested that the Australian Securities and Investments Commission (ASIC) be charged with developing a binding framework to facilitate this sharing of data, making use of application programming interfaces (APIs), and ensuring that appropriate privacy safeguards are in place to allow such a practice.
The committee probed the chief executives from the Commonwealth Bank of Australia (CBA), Australia and New Zealand Banking Group (ANZ), the National Australia Bank (NAB), and Westpac in March to gauge their level of support for the initiative that essentially makes it easier for customers to switch financial institutions.
During the three-day probe last month, the big four banks focused on the security concerns around sharing data and avoided giving committee chair, Federal Member for Banks David Coleman, a succinct answer on who they think should lead the change.
CBA's CEO Ian Narev did say, however, that he wants the banking industry to be responsible for determining the security and privacy guidelines around opening up APIs to external parties.
"We want to take that accountability," Narev told the committee. "If somebody else is going to take it and be accountable for that so we know where to address concerns if there are problems with this, then we are open to that solution."
By 2018, banks in the United Kingdom will be required to effectively open up APIs to enable consumer data to be accessed by competing banks, startups, and other financial institutions -- providing the consumer consents -- and the committee wants to see Australian banks do the same by July 2018.
The UK model has handed the responsibility over to an independent regulatory authority, which Coleman also wants to see mirrored in Australia.
"The banks are conflicted on this issue, as the process of opening up data means that an asset which is currently proprietary to the banks will be non-proprietary in the future," Coleman said in the latest report. "For this reason, it is critical that the banks are not allowed to control the process or set the rules by which consumer data is opened up. An independent body must lead the change and be responsible for implementation."
The committee wants the government to amend the Australian Securities and Investments Commission Act 2001 and, if required, the Privacy Act 1998 to empower ASIC in developing a data-sharing framework and to introduce penalties for non-compliance.
Australia's four major banks have significant pricing power and higher than average returns on equity and large market shares; they also hold a 95 percent share of the entire Australian finance industry.
"We are in a market which is, frankly, an oligopoly," ASIC chairman Greg Medcraft told the committee during the hearing.
Pointing to findings from the McKinsey Global Institute in 2013, the committee said that increasing access to data in consumer finance could add between AU$210 billion to AU$280 billion a year to global GDP, and noted that up to 50 percent of the total would flow through to consumers through enhanced price transparency, tailored product offerings, and the consumers' ability to actively shape the products that they consume.
"At present banks, not consumers, hold the data. This gives banks a significant degree of power," the report explains.
To maximise the data's usefulness, the committee believes that each data-sharing participant should also release the terms and conditions for each of their banking products in a standardised and machine-readable format, as it believes it necessary to overcome the information asymmetry in the market.
As data sharing arrangements and open datasets can take a number of forms, the committee said it is the government's role to set rules, templates, and access requirements around the new initiative.
According to the committee, in order to reap the potential benefits, any data sharing framework must be available to all licensed users, be able to be machine readable, and the data should be accessible at no cost on an ongoing basis.
While the committee said it is clear that APIs present the largest number of benefits in terms of data security, data credibility, and accessibility, it is concerned with the upfront investment required, as the UK Competition and Markets Authority estimated that introducing full account portability in the UK would cost at least £2-3 billion.
As a result, the committee recommends that the government, following the introduction of the Reserve Bank of Australia's (RBA) New Payments Platform (NPP) later this year, consider whether additional account switching tools are required to improve competition in the banking sector, as the NPP will remove the need for a BSB and account number.
"It is not clear that this expense is justified prior to the introduction and reviews of the NPP's effectiveness in 2017," the committee said.
Having previously made 10 recommendations, the committee has left these unchanged.
One recommendation is that the Australian government amend or introduce legislation, if required, to establish a Banking and Financial Sector Tribunal by July 1, 2017. This Tribunal would replace the Financial Ombudsman Service, the Credit and Investments Ombudsman, and the Superannuation Complaints Tribunal.
The committee also wants to see CEOs take responsibility for failures in their divisions, and wants this governed by the Australian Competition and Consumer Commission, or the proposed Australian Council for Competition Policy.