The Australian Government has announced its intention to mandate that ADIs provide open access to customer and small business data with a commencement date still to be determined. Treasury has been tasked with undertaking a review of the proposals put forward by the Productivity Commission, and is due to report back to the Government by the end of 2017 as to its recommendations on implementation of the proposals and recommended timeframe.
While everyone is excited about the benefits that will flow from open banking, there have been concerns raised about the security and privacy risks raised by an open banking regime. In relation to privacy, the Productivity Commission has suggested that the solution is to amend the existing Privacy Act to include a new class of protected information known as “consumer data”. However there are significant gaps in the existing Privacy Act that would pose real problems in connection with the protection of customer data. For instance, the Australian Privacy Principles do not apply to small businesses with turnover of less than $3.0m and this may exempt many FinTech players from any privacy obligations.