Non-Functional Requirements Consultative Group meeting minutes – 9 October 2024

Chair Introduction

Mark Verstege, the Chair of the Non-functional Requirement Consultative Group (NFR CG) welcomed everyone to the meeting and acknowledged the traditional owners of the lands.

The Chair noted that John Adshead (AEMO), Jim Basey (Basiq), Mark Wallis (Skript), Jeff Wang (NAB) and Terri McLachlan (DSB) were apologies for this meeting.

Minutes

The Chair thanked the group for their comments on the minutes from 11 September 2024 meeting. The Minutes were formally accepted and will be made publicly available on the Consumer Data Standards website.

Action Items

The Chair provided an update on the outstanding action items as follows:

• DSB to invite Xero to a meeting: in progress with plans to invite Xero to a future meeting – related to this action, DSB circulated the Xero capacity planning presentation via GovTEAMS on 8th Oct
• DSB to create a survey around data collection patterns: outstanding
• DSB to circulate paper on asynchronous API design patterns: completed – shared via GovTEAMS on 8 Oct.

The Chair also provided to the group via GovTEAMS a document related to capacity planning analysis that they presented to Xero that maybe of interest to the group.

Discussion of Outages – issues and considerations

The Chair led a conversation around outages, issues and considerations focusing on the challenges and potential solutions related to system outages within the NFR consultative group.

The Chair asked the group to provide input via the Miro board. Key points included:

• Outage Length Concerns: The primary issue discussed was the extended duration of some outages, which significantly impacted data recipients and their customers, making the CDR system appear less reliable compared to other data collection methods.
• Communication of Outages: The need for more detailed communication regarding partial outages was highlighted, suggesting that current outage notifications do not provide sufficient detail on which services are affected.
• Planned Outages: There was a discussion on how planned outages are communicated and whether they should be included in the availability metrics. Different options for addressing planned outages were considered, including changing SLAs or finding ways to better communicate outage impacts.
• Data Holder’s Digital Channels: The discussion touched on how outages in the CDR ecosystem compare to outages in data holders’ other digital channels and the implications for service expectations.
• Potential Solutions: Various solutions were proposed, including improving the granularity of outage reporting to specify which endpoints or products are affected, and considering the impact of outages on data quality under PS11.

The conversation underscored the complexity of managing outages in a way that maintains trust in the CDR ecosystem, balances regulatory requirements, and meeting the needs of both data holders and recipients.

The Chair noted that the DSB will reach out to OAIC around the PS 11 requirements for data quality and data availability to understand the implications for planned outages.

ACTION: DSB to reach out to OAIC around PS 11 requirements The DSB identified some additional issues as follows:

Get Metrics: focusing on whether the current metrics are sufficient for reporting and analysis, and if there are any additional metrics that should be reported. The conversation aimed to explore the value of enhancing, extending, or changing the data collected through metrics. This is part of the broader considerations on NFRs and linked to discussions on authentication uplift in the Information Security Consultative Group. The dialogue sought to identify potential improvements or adjustments to the metrics to better support the ecosystem’s needs.

Participant capability discovery, emphasising its importance for data recipients to understand what functionalities a data holder supports. This includes knowing which authentication flows are supported, what versions of endpoints are available, and whether a data holder has released new endpoint capabilities ahead of obligations. This capability discovery is crucial, especially as the ecosystem evolves to include voluntary standards, ensuring data recipients can effectively interact with data holders’ systems

Consultation Workplan

Hemang Rathod from the DSB presented the consultation work plan, which included tasks related to optimising inefficient API calls, sharing large volumes of data, and performance tiers.

The group reviewed the plan to ensure it accurately reflected the agreed-upon priorities and tasks for addressing the identified problems. The DSB grouped the tasks in the plan to correspond with the problem areas they addressed, facilitating a clearer understanding of the plan’s structure and focus areas.

A discussion was held on PDF statements explaining that they are typically a digital version of what customers might receive through mail, reflecting a snapshot of account transactions at a specific point in time. It was mentioned the feasibility of making PDF statements available through open banking but highlighted the complexity of providing the data in a machine-readable format like JSON, which would be akin to reworking the data already available through API calls. They touched on the potential variability in how different data holders might implement such a feature and the importance of understanding the specific use case driving the request for statement APIs.

The group did not add any further comments or adjustments to the plan during the review, indicating a consensus on the current layout and priorities.

Next steps for the Consultative Group

The group discussed the future of the consultative group, considering whether to continue, take a break, or integrate discussions into maintenance iterations.

Key points included:

• The group discussed the value derived from the meetings and considered whether to continue in the current format or adapt. The consensus leaned towards the value of these discussions, with suggestions to possibly take a break after the current period ends to assess the impact of the consultations and public feedback.
• It was highlighted that the group has identified several actions and topics for consultation. The next quarters are planned to focus on drafting decision proposals and change requests to progress these actions. Ownership for specific change requests, such as cursor-based pagination and last modified date for transactions was discussed, with the aim to assign owners to take them forward.
• The importance of public consultation and gathering feedback on the group’s work was emphasised. It was suggested that taking a break to allow for public feedback on the consultations could be beneficial. This would help in assessing the effectiveness of the group’s recommendations and determining the future focus areas.
• The possibility of adjusting the focus of future meetings based on the outcomes of public consultations and feedback was discussed. This includes potentially re-evaluating the group’s structure or focus areas to ensure it continues to add value and address relevant non- functional requirements and other topics.

The group acknowledged the need to continue progressing the identified actions and consultations in the near term, with a view to reassessing the consultative group’s structure and focus based on feedback and outcomes of these actions.

Meeting Schedule

The Chair noted that the next meeting is scheduled for Wednesday 6 November 2024.

Any Other Business

The DSB raised a question regarding the handling of posted transactions and their potential modification after being posted. They touched on the implications for data quality and the reconciliation processes. It was clarified that posted transactions could still be disputed, leading to possible changes or reversals, indicating that transactions are not immutable once posted. This highlighted the complexities of transaction lifecycles and the potential need for a modified date on transactions to reflect any changes. They also considered the impact of different data holder implementations on transaction handling and the importance of understanding these processes for accurate data reconciliation.

Closing and Next Steps

The Chair thanked the group for participating for attending the meeting. The Chair noted that next steps for the group are as follows:

• DSB to draft decision proposals for the identified topics and bring them to the group for discussion.
• DSB to identify owners for the change request on cursor-based pagination (AEMO) and last modified date (Mark Wallis).

The meeting closed at 11:33