Australian regulations require that banks ensure customers can access and own their data, making it easier for them to choose and move between different providers. The open banking rules are part of Australia\u2019s consumer data right (CDR), which will eventually see energy utilities and telecommunications providers, not just banks, required to facilitate the free flow and exchange of customer data.\nIn the runup to open banking\u2019s deployment, the focus has been on the four biggest banks\u2014ANZ Bank, Commonwealth Bank of Australia (CBA), National Australian Bank (NAB), and Westpac\u2014plus six other Tier 1 financial services companies.\n\n[ Beware the 9 warning signs of bad IT architecture and see why these 10 old-school IT principles still rule. | Sign up for CIO newsletters. ]\n\nAustralia\u2019s 130 or so smaller banks (including regional banks, mutuals, and credit unions) were effectively left behind, unable to afford the fees the major banks were paying their providers and so were advised by the ACCC to find their own solutions for open banking conformance. CIO Australia talked to several of these banks to find out how they overcome the open banking deployment obstacles they faced.\nThe open banking opportunity and timeline\nUnder the open banking regime, all authorised deposit taking institutions (ADIs) must be able to share their customers\u2019 data with other institutions should it be requested. (The ACCC oversees the consumer data right and open banking.)\nCDR compliance is now mandatory for all Australian ADIs, with the new regime promising to transform banking in Australia. For customers, it means the ability to make more informed choices regarding everything from credit cards to mortgages. And because they\u2019re now free to access and take their banking data to new providers, it means a more competitive environment in which smaller banks have unprecedented opportunities to take market share from the Big Four.\nThere are two stages to the open banking and associated CDR rollout:\n\nDemonstrating that all systems and processes are compliant with the Australian Competition and Consumer Commission\u2019s requirements to be a \u2018data holder\u2019.\nMeeting the criteria to be an \u2018accredited data recipient\u2019.\n\nMost banks had until 1 July 2021 to make their customers\u2019 savings and credit card information available, while the biggest institutions had until the end of the 2019\/20 financial year. The big institutions had until February 2021 to provide access to data related to Phase 3 products, including busines finance, investment loans, overdrafts, retirement savings, and foreign currency accounts. Smaller institutions have until February 2022.\nSmall banks band together for a common platform\nAlthough open banking and the consumer data right have potential to make smaller banks more competitive against the Big Four, they first require conformance with the regulations and thus having a capable technology platform in place.\n Hume Bank\n\nLisa Ryan, former CTO, Hume Bank\n\n\n\u201cSmaller banks and mutuals, where customer numbers and revenues are far less, would be adversely impacted by having to make investments of this scale,\u201d said Lisa Ryan, former CTO at regional bank Hume Bank. Hume and fellow smaller banks were looking at conformance costs starting in the hundreds of thousands of dollars.\nBefore leaving Hume Bank in October 2021, Ryan managed a small tech team\u2014small by banking standards\u2014of 12 people mainly based in Albury on the New South Wales\/Victoria border where the bank is headquartered. That was too small to build a technical platform for open banking and the CDR. As the former head of technology at ANZ Bank, Ryan understood the complexity of what was required.\nAnd Hume Bank was typical in resources as most other smaller banks. Karla Day, applications and projects manager at Tasmania-based Bank of Us, manages a similar sized team as Ryan\u2019s with an IT group of five and a dedicated applications team of eight staff. Likewise, Scott Wall, CIO at BankVic, formerly called the Police Association Credit Co Operative, leads a team of 18 staff. Like Bank of Us and Hume Bank, his team wasn\u2019t big enough to tackle the CDR challenge on its own. \u201cOpen banking is fairly complicated for banks, with new and demanding security requirements ensuring trust and ensuring people have the consent they say they do,\u201d he told CIO Australia.\nSo Hume Bank, Bank of Us, BankVic, and 17 other smaller banks decided to team up and pool their resources in the hopes of finding a solution they could afford.\nA chance meeting with the founders of Sydney-based banking technology platform Innovo last year resulted in all 20 banks working together with the company to build a platform on which they could test their CDR systems for a fraction of the cost and in far less time than the big banks spent. \u201cWe now have a scalable, volume-driven solution that we couldn\u2019t replicate with just the people we had, and which means we can now bring a stronger focus to customers and retention,\u201d Ryan said.\nDay said the bank\u2019s existing providers weren\u2019t providing any sort of sandboxing, and that by leveraging existing relationships with fellow smaller banks and mutuals everyone was able to \u201csocialise the costs as well as experiences and perspectives. Access to a platform and shared services model of this quality ensures that we can run and test all of our API and technology investments for conformance, while fast-tracking deployment.\u201d\n BankVic\n\nScott Wall, CIO, BankVic\n\n\nAt BankVic, now that it is on a faster track to conformance, Wall and his team have started talking with other parts of the business about the potential to develop better products and experiences for its members once being approved as ADRs. \u201cOpen banking is extremely useful for assessing loan apps and also identifying where we can offer better products and services to members,\u201d he said. \u201cIf members share their credit card data, we can offer them better services and better support.\u201d Wall said that with Australia\u2019s CDR regime soon expanding to power and gas utilities, followed by telecommunications, BankVic and others will be able to design even more tailored solutions to help customers better manage their finances.\nBoth Hume Bank\u2019s Ryan and Bank of Us\u2019s Day also say they\u2019re now mulling the next technical steps and business benefits of becoming ADRs themselves. The fact that Hume Bank, Bank of us and 18 other banks have joined each other in plugging into a cloud-based shared services model also means they\u2019ll be able to easily update their systems and security settings appropriately as regulations evolve over time. \u201cIt\u2019s a repeatable service, meaning once it\u2019s built we own it and can reuse it for regression testing into the future and making sure we\u2019re always compliant,\u201d Day said.\nLeveraging big-bank experience at a smaller bank\n Bendigo and Adelaide Bank\n\nAndrew Cresp, CIO, Bendigo and Adelaide Bank\n\n\nBendigo and Adelaide Bank took a different path. It is not a member of the 20-strong coalition of banks brought together by Ryan at Hume Bank and others. Instead, it drew on CIO Andrew Cresp\u2019s experience at NAB to achieve conformance using systems he and his team developed in-house. Open banking \u201creally pushed us\u201d despite him being at the coalface of NAB\u2019s conformance efforts in his prior role as general manager of core banking there. \u201cTier 1 banks have scale and also huge amounts of complexity,\u201d he says.\nNAB was one of the first banks to make a big commitment to the cloud, leading\u00a0a key period of digital transformation for Australian banks leading up to the CDR regime. Once he had his feet under the desk at Bengido and Adelaide Bank, Cresp leveraged his NAB experience and brought across several members of his old team at NAB to work for him.\nThe experience has resulted in Bendigo developing a stronger digital architecture as it looks to harness data more effectively in delivering more targeted and personalised products and services to its customers. \u201cBendigo is relationship-based; it\u2019s all about how we interact with the community,\u201d Cresp says. \u201cHow do we personalise digital interactions so you get the same feel via the Bendigo app versus going into a branch?\u201d he asks.