Data Standards Advisory Committee meeting minutes – 7 August 2024

Published date
Minutes

Meeting details

Committee meeting
No. 65
Meeting date
Meeting time
10:00 am to 12:00 pm
Location
Remotely via MS Teams

Attendees

  • Andrew Stevens, Data Standards Chair
  • Alysia Abeyratne, NAB
  • Jeremy Cabral, Finder (left 11:25)
  • Brenton Charnley, TrueLayer
  • Prabash Galagedara, Telstra
  • Melinda Green, Energy Australia (left 10:30)
  • Gavin Leon, CBA
  • Peter Leonard, Data Synergies Pty Ltd
  • Drew MacRae, Financial Rights Legal Centre
  • Lisa Schutz, Verifer
  • Aakash Sembey, Simply Energy
  • Stuart Stoyan, MoneyPlace
  • Zipporah Szalay, ANZ
  • Tony Thrassis, Frollo

  • Elizabeth Arnold, DSB
  • Ruth Boughen, DSB
  • RT Hanson, DSB
  • Jarryd Judd, DSB
  • Terri McLachlan, DSB
  • Michael Palmyre, DSB
  • Nathan Sargent, DSB
  • Mark Verstege, DSB
  • Verushka Harvey, ACCC
  • Victoria Stewart, ACCC
  • Fiona Walker, ACCC
  • Elaine Loh, OAIC
  • Claire McKay, TSY
  • Dan Joveski, WeMoney

  • Jill Berry, Adatree
  • Damir Cuca, Basiq
  • Naomi Gilbert, DSB
  • Colin Mapp, Independent
  • Richard Shanahan, Tiimely
  • David Taylor, Westpac

Chair introduction

The Data Standards Chair (Chair) opened the meeting and thanked all committee members and observers for attending meeting #65.

The Chair acknowledged the traditional owners of the various lands from which the committee members joined the meeting. He acknowledged their stewardship and ongoing leadership in the management of water, land and air and paid respect to their elders, past, present and those emerging. He joined the meeting from Cammeraygal land.

The Chair welcomed Dan Jovevski from WeMoney who would be presenting on “Empowering Australians: Open Banking’s Role in Navigating the Cost-of-Living Crisis” which he had delivered at Fintech Australia’s CDR Summit on 3 July 2024.

The Chair noted that there was no meeting scheduled for September 2024. The next meeting would be held on 9 October 2024.

The Chair noted that Jill Berry (Adatree), Damir Cuca (Basiq), Colin Mapp (Independent), Richard Shanahan (Tiimely), David Taylor (Westpac) and Naomi Gilbert (DSB) were apologies for this meeting.

Minutes

Minutes

The Chair thanked the DSAC Members for their comments on the Minutes from the 10 July 2024 meeting. The Minutes were formally accepted.

Action items

The Chair noted that the Action Items were either complete or would be dealt with that day.

Forward agenda

The Chair noted that a list of proposed topics that the DSB would present to DSAC members had been included in the papers.

WeMoney Presentation

Dan Jovevski, WeMoney CEO, shared insights from his CDR Summit presentation, highlighting the consumer benefits of the CDR, including improved financial awareness and saving opportunities.

The presentation focused on the consumer benefits of CDR, particularly in the context of the current economic challenges. He shared personal anecdotes and consumer stories that underscored the positive impact of CDR on financial awareness and savings opportunities, and highlighted the CDR’s role in providing solutions to these challenges and helping consumers manage their finances better during tough economic times.

He also highlighted WeMoney's journey as an Accredited Data Recipient, including challenges and opportunities in the CDR ecosystem, such as consent processes and the potential for account origination and action initiation to streamline consumer experiences and the consumer awareness campaign. The presentation underscored the importance of CDR in empowering consumers and fostering a competitive financial services market.

A copy of the presentation will be included in the published version of the minutes.

One member asked if WeMoney was regulated as a debt management service, what their business model was and whether it directs people to financial counsellors or assists in making hardship applications.

WeMoney clarified that they were not a debt management company, but helped users identify overpayments on financial products and find cheaper alternatives. They noted their membership base ranges from the bottom to the top end of the income spectrum. They also noted that they offer a subscription service called WeMoney Pro and receive referral payments from industry partners through helping members identity opportunities to save money.

One member highlighted the importance of pricing transparency and access in financial services, expressing excitement about the role of Consumer Data Right (CDR) in facilitating this. They also inquired about raising awareness for CDR.

WeMoney noted that an awareness campaign would be an incredibly important driver for not only industry but also for consumers, which would help the transition process by starting a credible conversation around transition away from screen scaping as more improvements became available.

One member asked WeMoney’s thoughts on the criticality of CDR expanding into other sectors.

WeMoney noted that if we looked at the current state, there was a lot of work to be done considering things like action initiation. They noted that energy was a perfect candidate for initial expansion for action initiation and for Non-Banking Lending, which is not covered by a lot of screen scraping protocols.

One member raised a question regarding the potential for a consent process that could streamline the consumer experience, reduce drop-offs during the authentication flow, and enhance overall engagement with CDR-enabled services. This question highlighted the importance of simplifying the consent process to improving consumer participation and trust in the CDR ecosystem.

WeMoney noted that there is a hygiene issue with the consent flow, and the screen scraping conversion sits at around 73%, versus 65% for open banking. They noted that the difference exists because of many well-known issues in the current consent process, for example not being able to receive one-time password. They stated their view would be to streamline the consent process and then to start an awareness campaign to drive higher adoption rates.

The Chair noted that for a consumer data related programme, product reference data seems critical in the switching scenario, and enquired as to whether WeMoney could explore this on the basis of their users and members.

WeMoney noted that during a deep dive analysis they uncovered product reference data that was either present or not present and the data was very patchy. They noted however, if you had the telemetry to understand exactly where a consumer is currently at with their finances, you can advise them with a degree of certainty how they can save, which is what leads to more adoption.

Working group update

A summary of the Working Groups was provided in the DSAC Papers and taken as read.

Technical Working Group update

A further update was provided on the Technical Working Group by Mark Verstege:

The DSB noted that progress is being made on Decision Proposal 338 and a decision was anticipated by the end of the month, which would incorporate workshop and DSAC feedback.

The DSB noted that the Information Security Consultative Group had made progress in developing a comprehensive threat model for the CDR ecosystem. They noted that this included performing an extraction of threat vectors from external security reports and completing an ecosystem-wide audit of data assets and participants. They outlined the next steps involved cataloguing current control identification and moving towards vulnerability identification, with a focus on considering the ecosystem as a whole beyond the Data Standards boundary.

The DSB noted that in terms of authentication, discussions were ongoing about accommodating different customer profiles and applications within a redirect to app flow with the aim to modernise authentication flows.

The DSB noted that the Non-Functional Requirements Consultative Group had been defining solution options for low velocity data in both energy and banking and considering ways to minimise API calls for data recipients.

One member asked whether the DSB was planning on presenting an updated version of the threat assessment to DSAC in October.

The DSB noted that their intention was to bring it back to the group but it may not be ready for the October meeting.

Action: DSB to confirm when the updated threat assessment can be presented at DSAC.

Consumer Experience (CX) Working Group update

A further update was provided on the CX Working Group by Michael Palmyre:

The DSB noted that the consent review Decision Proposal 350 would focus on CDR receipts, 90-day notifications, and amending consent issues to simplify consumer experience and obligations.

The DSB noted that they met with Energy Australia and Red Energy for further discussions around the Last Customer Change Date (LCCD) concerns, with further engagement planned with accredited data recipients (ADRs) to assess the value of supporting LCCD in the CDR.

The DSB noted that progress had been made on the Account Origination Experiment with a focus on how the standards might enable mortgage refinancing in a CDR-enabled way, with a use case blueprint being developed.

The DSB noted that in terms of the authentication uplift work, efforts were ongoing to enable redirect to app, aiming to address consumer drop-off issues during the authentication flow.

The DSB noted that they are drafting a DSB position on deceptive patterns, incorporating the work done by the University of SA to review deceptive patterns and the consent review work which they will outline at the next Advisory Committee meeting.

Stakeholder engagement

A summary of stakeholder engagement including upcoming workshops, weekly meetings and the maintenance iteration cycle was provided in the DSAC Papers, which were taken as read.

Jarryd Judd from the DSB provided a further update on CeDRIC (the Consumer Data Right Information Companion) as follows:

The DSB noted that CeDRIC is an AI chatbot designed to scale and meet community demand for information about the CDR ecosystem. They highlighted the progress in developing CeDRIC, including the selection of Dante AI as the platform, the focus on using publicly accessible information for its knowledge base, and the ongoing testing and validation internally within the DSB team.

Key learnings from the development process were shared, such as finding the right balance in responses, the importance of testing and training, and challenges like question phrasing and the traceability of rules to standards. They noted the DSB were also looking at the correct controls around liability.

The DSB invited feedback on the immediate needs from the community for CeDRIC and insights from those with experience in similar AI chatbot implementations.

One member expressed strong support for CeDRIC, highlighting its potential and offering his team's participation in early testing.

Another member appreciated the initiative but raised concerns about the liability and accuracy of responses, especially regarding interpretations of CDR rules.

One member suggested that CeDRIC could provide a valuable feedback loop by analysing the frequency of questions, which might offer insights into common areas of confusion or interest.

One member welcomed CeDRIC as a means to simplify access to CDR information, enhancing participation. They also raised a concern about using tools like Miro boards, which might exclude some participants due to organisational policies.

The questions and comments reflected a positive reception to CeDRIC, with constructive feedback on its development and implementation.

Proposed Standards Assessment Framework

The Chair provided an overview of the Standards Assessment Framework (SAF), emphasising its development through extensive community engagement. Key points included that:

  • The SAF had been developed in response to feedback for improvements in how standards decisions are communicated and assessed.
  • The process had involved broad engagement with the community, including DSAC members and others, to refine the SAF.
  • The SAF aimed to enhance transparency and effectiveness in the assessment of standards decisions.
  • The intention was to publish a document detailing the SAF, followed by adoption and a review after six months to evaluate its impact and identify further improvements.

The Chair noted that this initiative reflected a commitment to continuous improvement and responsiveness to community feedback in the standards assessment process.

Elizabeth Arnold from the DSB provided a summary of the SAF, highlighting key aspects and outcomes from the community consultation process.

The DSB noted that the community desired more visibility around the DSB processes, multiple decision points for assessing changes, and a strong rationale for any changes. They noted that feedback had led to the validation that the proposed draft framework was largely suitable but needed strengthening in some areas like triaging issues and developing change rationales.

The DSB outlined that they had been using maintenance iterations for requirements analysis, and the SAF incorporated this approach. They noted that the process now included a formal triage stage and a stage for rationale and implementation feasibility, focusing on upfront consultation and problem understanding before drafting decision proposals.

The DSB noted that flexibility was intended as a key feature, allowing for the accommodation of both minor and major changes, with the understanding that not all changes require the same level of scrutiny or consultation.

The DSB noted plans to trial different areas of the SAF, refine it based on adoption, and review its effectiveness after a six-month period, with findings to be reported back to the community.

The DSB summary underscored the SAF's focus on improving transparency, flexibility, and community involvement in the standards assessment process.

The DSB invited feedback from members as to whether they were comfortable with the proposed framework and ensured that their feedback would be incorporated.

The feedback provided was generally positive, with members expressing support for the framework's introduction and its potential to enhance transparency and decision-making processes within the CDR ecosystem.

One member expressed that it was a good start, but that the only way to see if it worked the way it was intended to would be to consider that version as a draft, test it with live examples and refine periodically.

The Chair noted that it was his intention to refine the SAF to ensure its effectiveness and bring it back to the DSAC in 6 months for feedback. He added that Decision Proposal 338 would be one of the first live examples.

One member was supportive and agreed that an uplift in transparency was always good for the ecosystem. They noted that it was also important to think about what’s measured along the way and raised concerns about potential consultation fatigue due to increased participant requirements.

The DSB noted that they understood there was a problem with consultation fatigue which is one of the reasons for using Maintenance Iterations initially to do some of the assessment of the problem and value. They noted that it was difficult for any one participant in the ecosystem to have a full view of a single problem and it takes many people to contribute to the conversation.

One member commended the DSB on the work and was keen to provide further input in writing and asked whether the DSB would accept that. The DSB noted that they would be happy to receive further feedback via email.

One member noted that in principle he agreed with the expansion of the Maintenance Iteration calls to include the SAF, but that the DSB may need to open them up to additional participants.

The DSB noted that the Maintenance Iteration calls were open to the entire community.

The Chair noted that this was the biggest undertaking that the DSB had done in the last six years, and he thanked the DSB team for all their work. He noted that they would take on board all the feedback and start to apply the SAF in the continuous improvement initiative way and communicate the process.

Items raised by Members for discussion

Lisa Schutz from Verifier volunteered to present on Bank Account Verification, the lean data, design and quality dilemmas. This topic was tabled for the October DSAC meeting.

ACCC Update

General update

Verushka Harvey, the General Manager of the Solutions Delivery & Operations Branch of the CDR Division at the ACCC provided an update on various aspects of the CDR, including guidance revisions, compliance matters, new representative arrangements, and technology updates. Further details followed.

The ACCC noted that the revised CDR Representative Fact Sheet was released on 18 July 2024 which provides more information about the need to ensure CDR representatives don’t make false or misleading claims about their CDR status in the CDR system.

The ACCC made a minor revision to their CDR business consumers Fact Sheet to clarify that an individual without an ABN cannot be treated as a CDR business consumer.

The ACCC noted that they continue to implement changes to the CDR Performance Dashboard, including additional data holder metrics relating to performance areas and abandoned consent flows, with an updated dashboard expected in late August.

The ACCC noted that they had had 10 new representative arrangements in July 2024 and 5 representative arrangements had been ended.

The ACCC noted that Ergon Energy Queensland had been activated as an energy data holder on the 1 July 2024 and Liberty Financial activated as a reciprocal data holder on the 2 July 2024.

The ACCC noted they had enabled new capabilities for staff to add additional criteria to the software product associated with a particular representative agreement which would ensure that participants received prompts to execute further actions where appropriate. They noted that they had also conducted a major planning event for technology delivery for the next three months, including updates to the RAP, conformance test suite and participant tooling.

One member asked for guidance around when a new software product was required, noting they had also written to ACCC regarding this query.

The ACCC noted that they would take this question on notice.

One member raised a question regarding ABN required for CDR business consumer consent and the exclusion of sole traders from being treated as CDR business consumers, despite sole traders being recognised as businesses under the Tax Act and being able to have an ABN.

ACCC noted that the Rules required that business consumers have an ABN. They outlined that this means that when a sole trader needs an ABN, under the ABN Act there are several exceptions, including that it is not required when the turnover is less than $70,000. They noted that it is not that they are excluded but they are required to have an ABN.

The member noted that there are a large portion of businesses who are sole traders that would not have an ABN because they are not required to for GST purposes. They also noted that they may therefore be excluded and queried whether there was scope to review this.

The member also noted that the process regarding the transition of CDR representatives was not clear, noting a gap that prevents representatives from shifting principles with the current software product limitations, potentially causing challenges in the ecosystem.

ACCC noted that they would take this on notice for further discussion.

One member raised concerns about an incident they experience regarding certificate renewals in the CDR ecosystem, particularly highlighting challenges when there are security breaches or other urgent needs to update certificates. They noted that the current process might not be sufficient to handle such scenarios efficiently, especially if all participants had to update certificates simultaneously.

ACCC acknowledged the concerns regarding the process for certificate renewals in the CDR ecosystem, especially in scenarios involving security breaches or urgent updates. They stated that this issue was on their radar and was being treated more as an incident in a Business As Usual improvement rather than a planned technology delivery enhancement. ACCC took the comment on notice for further discussion with the member.

Treasury update

Claire McKay, Assistant Secretary of the Data and Digital Policy Branch at Treasury provided an update on several key areas as follows:

TSY noted that the Minister was doing a speech at CEDA on Friday 9 August 2024 and outlined that there would be forthcoming announcements related to the CDR, consultations and consent changes. They acknowledged the challenge of managing multiple consultations simultaneously and assured targeted and manageable engagement with the industry.

TSY noted that work on developing a trust brand for the CDR was ongoing, aimed at enabling industry participants to communicate with consumers about the trusted system. They noted that this initiative was in progress, with engagement from industry and consumer testing.

TSY noted that they were considering how to define and track success metrics for the CDR, including the possibility of measuring the transition from screen scraping to CDR and other indicators of success. They noted that discussions with industry participants may be initiated to explore data collection methods for these metrics.

The Chair noted that potential consumer-oriented success metrics could be (taking from WeMoney’s presentation), that 62% of WeMoney’s customers have used Open Banking to consolidate have improved their credit rating; and that switching rates where the consumer uses PSD access via CDR being four times as high as via other means.

One member noted that we had been talking about success metrics for a couple of years and didn’t need workshops or consultations. They volunteered a day of their time to consolidate all of the input others had provided around success metrics, if TSY guaranteed they would run a programme to track it.

TSY confirmed that they would only be speaking to participants if they didn’t have the data readily available to them.

One member volunteered to send some data to TSY. TSY confirmed that they were happy to receive it and would pass it onto the relevant teams.

TSY emphasised the importance of industry participation in shaping the CDR's future and their commitment to managing consultation processes thoughtfully to avoid overwhelming stakeholders.

Meeting schedule

The Chair advised that the next meeting would be held remotely on Wednesday 9 October 2024 from 10 am to 12 pm. There is no meeting scheduled for September 2024.

Other business

No other business was raised.

Closing and next steps

The Chair thanked the DSAC members and observers for attending the meeting.

Meeting closed at 12:04