Security guarantees hold NAB back from embracing customer data APIs

The National Australia Bank (NAB) faced the House of Representatives Standing Committee on Economics' review of the performance of Australia's banking and financial system on Friday, with CEO Andrew Thorburn probed again on the idea of opening up the bank's application programming interfaces (API) to external parties.

By 2018, banks in the United Kingdom will be required to effectively open up APIs to enable consumer data to be accessed by competing banks, startups, and other financial institutions -- providing the consumer consents. It's a move the Economics Committee is eager to see implemented in Australia.

According to committee chair, Federal Member for Banks David Coleman, opening up access to consumer data will create a more competitive market as it will make it easier for people to switch banks, which will result in Australians getting better offers from other banks.

Coleman posed the question to Thorburn three times of whether it is in NAB's commercial interests for currently proprietary data assets to become non-proprietary, to which the bank's CEO finally responded with: "It could be".

"We need to innovate, we need to improve, and we welcome competition," Thorburn later elaborated.

"And on this one, we sir, are supportive of it. We're supporting the thrust of what you're saying. We're just saying that the risks of it need to be clearly identified because if others have access to data, that is clients' data in our bank, and if that got into the wrong hands, the bank is going to be suffer serious reputational damage with that."

Antony Cahill, NAB chief operating officer, clarified Thorburn's vagueness, saying there is "absolutely" commercial opportunity for NAB as opening up APIs will provide the bank with the ability to provide credit -- for example -- in a more appropriate fashion.

Cahill said he was recently in the United Kingdom speaking with a number of financial services providers, but noted that even though their legislation has been in place for a while, providers in the UK are still working through the commercial implications.

"I think at this stage it is not possible to say whether it's in our interests or not," he added. "Our view is if it happens then clearly we'll think about the commercial implications and how we can adapt to that."

NAB's submission to the committee previously requested effectively leaving the process to the industry; however, Coleman said he was concerned that an industry-led model -- given the big banks would have a large say in it -- may not lead to a speedy implementation.

"We're very supportive of taking this forward. We welcome the initiative, we think it's good, but it just needs to be carefully managed with the risks identified and mitigated," Thorburn added on Friday. "Otherwise we're very concerned for clients' data."

When probed by the committee previously, Thorburn said he agreed with the concept of opening up APIs in principle, but cited a whole range of procedural hurdles.

"That is how this bank has survived and competed for 150 years. And now we have new competition -- fintechs that are coming at us -- and we welcome that, too," Thorburn said at the time. "We have to lift and get better, and that is good for customers."

"We're happy to proceed with the conversations that are happening -- the industry discussions -- to open that up. And I would say that we have been a bank that has actually been leading in this space with our work on APIs and comprehensive credit reporting."

Cahill also pointed to the recent announcement NAB made surrounding opening up some of the bank's APIs to third-party developers.

"We've done a huge amount of work in relation to APIs. We're working with Xero, a number of other external parties at the moment in terms of data sharing, because we believe if we can provide better products and services to our customers then commercially we can be more successful and we can effectively provide a better proposition to customers," Cahill added.

"I think when talking to some of the UK banks, their view is where it may not be commercially beneficial is quite simply if we don't prepare for this, if we don't start to think about what are the opportunities that would be created, how might we use the data, how may we adapt -- I think that's the key question."

The Commonwealth Bank of Australia (CBA), Westpac, and the Australia and New Zealand Banking Group (ANZ) are due to face the committee over the coming days, after telling the committee previously they would be in a position to support the Australian Securities and Investments Commission (ASIC) if it were to be charged with developing a binding framework to facilitate the sharing of data, making use of APIs, and ensuring that appropriate privacy safeguards are in place to allow such a practice.