July 9, 2020

Volume X, Number 191

July 08, 2020

Subscribe to Latest Legal News and Analysis

July 07, 2020

Subscribe to Latest Legal News and Analysis

July 06, 2020

Subscribe to Latest Legal News and Analysis

Unresolved Risk Issues With The Proposed Open Banking Reforms

The Australian Government has announced its intention to mandate that ADIs provide open access to customer and small business data with a commencement date still to be determined. Treasury has been tasked with undertaking a review of the proposals put forward by the Productivity Commission, and is due to report back to the Government by the end of 2017 as to its recommendations on implementation of the proposals and recommended timeframe.

While everyone is excited about the benefits that will flow from open banking, there have been concerns raised about the security and privacy risks raised by an open banking regime. In relation to privacy, the Productivity Commission has suggested that the solution is to amend the existing Privacy Act to include a new class of protected information known as “consumer data”. However there are significant gaps in the existing Privacy Act that would pose real problems in connection with the protection of customer data. For instance, the Australian Privacy Principles do not apply to small businesses with turnover of less than $3.0m and this may exempt many FinTech players from any privacy obligations.

There are also no clear guidelines on who will be liable for any data breaches which result from transfers of consumer data. If the Banks are to remain liable then there should be minimum compliance and financial standards imposed on transferees of consumer data. Similar measures are being proposed in the UK where transferees have mandated risk management and security measures in place plus compulsory professional indemnity cover, and in some cases minimum asset requirements. If Banks are not to be liable for breaches after a transfer of consumer data, then consumers should be able to seek compensation from transferees which will only be valuable where transferees have assets or insurance to respond to claims.

It is to be hoped that in addition to all the potential benefits to consumers from open banking, the Treasury report also considers the very real risks which widespread consumer data transfers poses to consumers in terms of breaches of privacy and data security issues.

Edwin Tan also contributed to this post.

Copyright 2020 K & L GatesNational Law Review, Volume VII, Number 333


About this Author

Jim Bulling, KL Gates, financial services lawyer, funds management attorney

Mr. Bulling's practise focuses on banking and financial services and he acts for a range of entities in the financial services and funds management industry. His clients include Australian and international investment managers, banks, trustees of superannuation funds, wholesale and retail investment trusts, funds management companies and financial planning groups.

His main areas of focus include banking and financial product disclosure issues, financial services compliance issues, financial product distribution issues and superannuation and...

Michelle Chasser, KL Gates, financial services compliance lawyer, disclosure obligations attorney

Ms. Chasser is a corporate and regulatory lawyer with a focus on the superannuation and financial services industries. Ms. Chasser advises clients on a range of issues including compliance with Australian regulatory and licensing requirements, financial services compliance issues and disclosure obligations.

Ms. Chasser's clients include superannuation fund trustees, banks, wholesale and retail fund managers, as well as financial service providers.