How Australia’s small banks overcame the hurdles to open banking and CDR

Australian regulations require that banks ensure customers can access and own their data, making it easier for them to choose and move between different providers. The open banking rules are part of Australia’s consumer data right (CDR), which will eventually see energy utilities and telecommunications providers, not just banks, required to facilitate the free flow and exchange of customer data.

In the runup to open banking’s deployment, the focus has been on the four biggest banks—ANZ Bank, Commonwealth Bank of Australia (CBA), National Australian Bank (NAB), and Westpac—plus six other Tier 1 financial services companies.

Australia’s 130 or so smaller banks (including regional banks, mutuals, and credit unions) were effectively left behind, unable to afford the fees the major banks were paying their providers and so were advised by the ACCC to find their own solutions for open banking conformance. CIO Australia talked to several of these banks to find out how they overcome the open banking deployment obstacles they faced.

The open banking opportunity and timeline

Under the open banking regime, all authorised deposit taking institutions (ADIs) must be able to share their customers’ data with other institutions should it be requested. (The ACCC oversees the consumer data right and open banking.)

CDR compliance is now mandatory for all Australian ADIs, with the new regime promising to transform banking in Australia. For customers, it means the ability to make more informed choices regarding everything from credit cards to mortgages. And because they’re now free to access and take their banking data to new providers, it means a more competitive environment in which smaller banks have unprecedented opportunities to take market share from the Big Four.

There are two stages to the open banking and associated CDR rollout:

• Demonstrating that all systems and processes are compliant with the Australian Competition and Consumer Commission’s requirements to be a ‘data holder’.
• Meeting the criteria to be an ‘accredited data recipient’.

Most banks had until 1 July 2021 to make their customers’ savings and credit card information available, while the biggest institutions had until the end of the 2019/20 financial year. The big institutions had until February 2021 to provide access to data related to Phase 3 products, including busines finance, investment loans, overdrafts, retirement savings, and foreign currency accounts. Smaller institutions have until February 2022.

Small banks band together for a common platform

Although open banking and the consumer data right have potential to make smaller banks more competitive against the Big Four, they first require conformance with the regulations and thus having a capable technology platform in place.

Hume Bank

“Smaller banks and mutuals, where customer numbers and revenues are far less, would be adversely impacted by having to make investments of this scale,” said Lisa Ryan, former CTO at regional bank Hume Bank. Hume and fellow smaller banks were looking at conformance costs starting in the hundreds of thousands of dollars.

Before leaving Hume Bank in October 2021, Ryan managed a small tech team—small by banking standards—of 12 people mainly based in Albury on the New South Wales/Victoria border where the bank is headquartered. That was too small to build a technical platform for open banking and the CDR. As the former head of technology at ANZ Bank, Ryan understood the complexity of what was required.

And Hume Bank was typical in resources as most other smaller banks. Karla Day, applications and projects manager at Tasmania-based Bank of Us, manages a similar sized team as Ryan’s with an IT group of five and a dedicated applications team of eight staff. Likewise, Scott Wall, CIO at BankVic, formerly called the Police Association Credit Co Operative, leads a team of 18 staff. Like Bank of Us and Hume Bank, his team wasn’t big enough to tackle the CDR challenge on its own. “Open banking is fairly complicated for banks, with new and demanding security requirements ensuring trust and ensuring people have the consent they say they do,” he told CIO Australia.

So Hume Bank, Bank of Us, BankVic, and 17 other smaller banks decided to team up and pool their resources in the hopes of finding a solution they could afford.

A chance meeting with the founders of Sydney-based banking technology platform Innovo last year resulted in all 20 banks working together with the company to build a platform on which they could test their CDR systems for a fraction of the cost and in far less time than the big banks spent. “We now have a scalable, volume-driven solution that we couldn’t replicate with just the people we had, and which means we can now bring a stronger focus to customers and retention,” Ryan said.

Day said the bank’s existing providers weren’t providing any sort of sandboxing, and that by leveraging existing relationships with fellow smaller banks and mutuals everyone was able to “socialise the costs as well as experiences and perspectives. Access to a platform and shared services model of this quality ensures that we can run and test all of our API and technology investments for conformance, while fast-tracking deployment.”

BankVic

At BankVic, now that it is on a faster track to conformance, Wall and his team have started talking with other parts of the business about the potential to develop better products and experiences for its members once being approved as ADRs. “Open banking is extremely useful for assessing loan apps and also identifying where we can offer better products and services to members,” he said. “If members share their credit card data, we can offer them better services and better support.” Wall said that with Australia’s CDR regime soon expanding to power and gas utilities, followed by telecommunications, BankVic and others will be able to design even more tailored solutions to help customers better manage their finances.

Both Hume Bank’s Ryan and Bank of Us’s Day also say they’re now mulling the next technical steps and business benefits of becoming ADRs themselves. The fact that Hume Bank, Bank of us and 18 other banks have joined each other in plugging into a cloud-based shared services model also means they’ll be able to easily update their systems and security settings appropriately as regulations evolve over time. “It’s a repeatable service, meaning once it’s built we own it and can reuse it for regression testing into the future and making sure we’re always compliant,” Day said.

Leveraging big-bank experience at a smaller bank

Bendigo and Adelaide Bank

Bendigo and Adelaide Bank took a different path. It is not a member of the 20-strong coalition of banks brought together by Ryan at Hume Bank and others. Instead, it drew on CIO Andrew Cresp’s experience at NAB to achieve conformance using systems he and his team developed in-house. Open banking “really pushed us” despite him being at the coalface of NAB’s conformance efforts in his prior role as general manager of core banking there. “Tier 1 banks have scale and also huge amounts of complexity,” he says.

NAB was one of the first banks to make a big commitment to the cloud, leading a key period of digital transformation for Australian banks leading up to the CDR regime. Once he had his feet under the desk at Bengido and Adelaide Bank, Cresp leveraged his NAB experience and brought across several members of his old team at NAB to work for him.

The experience has resulted in Bendigo developing a stronger digital architecture as it looks to harness data more effectively in delivering more targeted and personalised products and services to its customers. “Bendigo is relationship-based; it’s all about how we interact with the community,” Cresp says. “How do we personalise digital interactions so you get the same feel via the Bendigo app versus going into a branch?” he asks.