ANZ bank has used its submission to the Select Committee on Financial Technology and Regulatory Technology and its probe into the opportunities the two vectors present to Australia to suggest the introduction of a mechanism that would allow third parties to access data under the upcoming Consumer Data Right (CDR). It also recommended for further accreditation tiers to be added to the regulation.
The now-delayed CDR, through the Treasury Laws Amendment (Consumer Data Right) Bill, allows individuals to "own" their data by granting them open access to their banking, energy, phone, and internet transactions, in addition to gaining the right to control who can have it and who can use it.
The first sector that will have the CDR applied is banking, with telecommunications and energy soon to follow.
At present, there is only one level of accreditation to receive data under the CDR -- "unrestricted".
Read more: Rules drafted on how to access data under Consumer Data Right
An accredited person holding an unrestricted accreditation can receive all CDR data that is available under the CDR as it applies to banking, providing customer consent has been sought.
"To help lower barriers to entry and foster innovation across the economy, additional tiers of accreditation could be introduced," the bank said in its submission [PDF].
"These additional, lower, tiers could allow accredited persons to receive different types of CDR data or insights based on that data. These lower tiers could impose fewer requirements on an accredited person because the risk of the data would be lower.
"The corollary of having the ability to receive all banking data is that accredited persons with an unrestricted level of accreditation must adhere to a significant set of understandable requirements to keep data secure."
The bank believes adding lower, less sensitive tiers could encourage more entities to participate in the CDR framework.
"These lower levels of accreditation could involve fewer security requirements of accredited persons. They would entitle these accredited persons to (a) receive less sensitive information and/or (b) to access sensitive information securely," the blue bank wrote.
Less sensitive information, according to ANZ, could be information that carries fewer risks for consumers if a third party were to gain unauthorised access to it.
"While all banking data is very sensitive, other industries could involve data of lesser sensitivity. As the CDR is applied to other industries, lower levels of accreditation could be introduced," the submission continued.
Another way ANZ believes innovation could be unlocked would be to allow accredited persons to provide services based on the CDR data through the establishment of a mechanism that allows a third party to have access to that data.
"The data host would be responsible for keeping the data secure while the other accredited person would only be responsible for providing the service based on the data," the bank continued.
"For example, a fintech offering a personal financial management app could engage with customers, seek their consent to access the customer's CDR data and then send a request to the data host to run the app's service based on the data held by the data host.
"The data host would then call up the customer's data, run the service and then send the results back through to the app for the customer's use. Because the fintech has never held the data, they may not need as high a level of accreditation as an entity that does."
ANZ said the ACCC could "easily" add this function to the regulation.
"We believe the adoption of these kinds of accreditation to receive CDR data would be the appropriate next-step in encouraging the use of data in fintech innovation. We would be happy to work with the Committee and the ACCC on developing this idea further," the bank concluded.
MORE FROM ANZ