Check against delivery.


Good morning

I’m very pleased to be here with you today at the Credit Law Conference.

This conference is being held at a most interesting time for the sector and the economy more generally.

We are contending with a number of deep-seated changes and challenges.

This includes broad economic challenges of high inflation, low productivity and rising interest rates.

We are also seeing the digital transformation of our society continue, with the impacts of COVID-19 accelerating this trend.

Data provided by and collected from consumers remains fundamental in the delivery and development of many everyday products and services.

Network effects seem to be more entrenched and new ‘customer centric’ business models increasingly prevalent.

A convergence theme is playing out before our eyes as established boundaries between industries and markets become increasingly blurred.

Like everyone, the Australian Competition and Consumer Commission is having to adapt to these new realities.

Our overarching role -- to promote competition and fair trade in markets to benefit consumers, businesses and the economy -- has not changed. 

But in data-driven markets we are seeing new issues that cut across the intersection of privacy, competition and consumer protection.

We have been consistently reminded of this, including in the ACCC’s ongoing work on competition and consumer issues relating to the major digital platforms.

As we have previously noted, the intersection of these issues should lead us to an ideal of competitive data-driven markets, competing for well-informed consumers on all dimensions of price and quality, including levels of privacy protections.

This morning I’d like to talk about developments with the Consumer Data Right or CDR as it is known, as well as some of the opportunities it can be expected to provide for Australians.

The CDR is a pioneering reform and will form an integral part of Australia’s competition policy in a digital world.

The CDR – like other Open Banking frameworks – has been made possible by the tremendous advances in technology.

First has been the adoption of new technologies that have reduced the costs of collecting, storing and disseminating data

This has been combined with advances in analytic techniques that have allowed for highly sophisticated processing to extract greater value from available data.

These advances have been drawn on by Fintechs and others to provide new opportunities to disrupt incumbents in the finance sector.

They have formed the bedrock of the open banking frameworks that are being adopted in many countries around the world.

Before turning to the specifics of the CDR, it’s worth briefly revisiting the role that ‘information sharing’ has always played in finance.

The International Monetary Fund has recently summarised this well[1].

Information about borrowers is essential for lenders to gauge the risks they take when offering a loan.

Obtaining this information thus represents a key challenge for the lenders that lack it, and a key opportunity for lenders that have it.

Traditionally, information sharing in the financial sector has usually involved data being intermediated by credit bureaus.

However, as the IMF notes, open banking frameworks are changing how data and information flow in the financial system: who has it, who doesn’t; and who decides.

A common aspect is that these frameworks – including Australia’s CDR – grant consumers the right to control who gets access to their financial data and provides an operational setting to exercise that right. 

In essence, in the realm of financial services, open banking is motivated by the recognition that enabling access to data across incumbents and new competitors can facilitate entry, competition and new and better products and services. 

Australia’s CDR is a reform that has consumers firmly at its centre and is founded on strong protections, including a fundamental role for consumer consent.

Data sharing under Australia’s CDR commenced in the banking sector in July 2020, with the four major banks required to share certain deposit and card account data. 

CDR for the sector has since been extended to cover all authorised deposit taking institutions. 

As at 30 September we have more than 110 banks and credit unions and societies and their associated brands in a position to share CDR data, at their customers’ behest. 

These organisations collectively hold more than 99 per cent of Australian household deposits.

The CDR system also extends across a growing number of so called ‘accredited data recipients’. 

These entities -- which predominantly comprise fintechs -- are the participants in the CDR system that come up with new use cases or value propositions for the benefit of the consumer using the CDR data.

At present, there are 34 of these data recipients that have been accredited by the ACCC to participate in the CDR.

To be accredited these data recipients must meet a number of specific obligations including in relation to information security, having adequate insurance and being a fit and proper person to manage CDR data.

The success and ultimately the benefits flowing to consumers from the CDR is intrinsically linked to establishing a vibrant ecosystem of accredited data recipients.

Getting access to a consumer’s data -- with the consumer’s consent – can enable the data recipients to come up with new products and services that make everyday life easier and more convenient for the consumer.

A well-functioning CDR system will enliven competition and contribute to efficiencies and productivity gains for the economy more generally.

I would like to emphasise a key point here -- and that is that trust is paramount when it comes to the CDR. 

Australia’s CDR has been deliberately designed with strong safeguards to protect the privacy, security and accountability of all participants.

Data can only be shared when a consumer has given an explicit direction to those holding their data to share it.

This consent must be informed and explicit. Consumers are notified of the data they are sharing and are able to revoke access to their data easily. 

There are various legislative requirements for the collection and use of CDR data and civil penalties for breach.

The ACCC is responsible for enforcing the CDR legislation, rules and standards, while the Office of the Australian Information Commissioner is responsible for regulating privacy and confidentiality under the CDR.

The Information Commissioner also handles complaints and notifications of data breaches relating to CDR data.

While Australia’s CDR commenced initially in the banking sector, it was intentionally designed as a more general right for consumers to control their data but with a view to applying this data right in more sectors across the economy.

Work is well progressed to extend the CDR to the energy sector and a phased roll out of consumer data sharing will commence in the middle of November.

Additional sectors that have been designated or flagged for designation for inclusion in the CDR, include telecommunications and other aspects of finance including non-bank lending, superannuation and insurance.

Another important development for the CDR is a proposed expansion of its functionality to deliver more convenience to consumers. 

Planning is currently underway to allow consumers to authorise others to digitally initiate actions, such as switching providers and initiating payments through the CDR.

CDR supercharges switching and combats the ‘loyalty tax’

Much of the focus on the Consumer Data Right has been on how it can help consumers switch more easily between product and service providers.

By agreeing to make available the data existing providers already collect about them, consumers can have a streamlined experience when comparing products and switching between rival offerings. 

The CDR has great potential to address the impost caused by customer stickiness and inertia, particularly when it comes to home loan mortgages. 

The ACCC’s Home Loan Price Inquiry, released in December 2020, found that many borrowers could achieve significant savings by switching home loan providers due to the potency of a ‘loyalty tax’ paid by customers who remain tied to their lender over a long period of time.

We found that the earlier a person’s home loan was entered into, the larger the difference between the interest rate they paid compared with the interest rate available on loans for new customers.

By facilitating easier switching between providers and creating the potential for consumers to obtain a better deal more easily, lenders should be incentivised to keep existing customers’ rates competitive, as the threat of customer switching increases.

Competition in home lending is set to intensify as --  on some estimates -- $500 billion of fixed rate loans and a further $250 billion of split fixed and variable rate loans are expected to come due from next year and will be up for refinancing.[2].

The CDR could well come into its own in this environment.

CDR helps lenders make better assessments

The CDR not only benefits customers, but presents advantages for lenders in terms of substantial operational efficiencies.

Significant time and effort is saved when prospective borrowers can share relevant financial data through the CDR, compared with the typical process of gathering documentation including bank statements and payslips and the need to fill out forms.

These benefits are reinforced when we consider that under the CDR, a consumer can consent to an accredited data recipient receiving their data and then sharing that data with their mortgage broker.

Regional Australia Bank, one of the very first accredited data recipients, has already seen significant improvement in their loan assessment and approval times.

In considering the potential of CDR, the mortgage broking platform Next Gen -- which has also  been accredited by the ACCC as a data recipient -- noted there were more than 130,000 mortgage applications in Australia in October 2020, representing over $17 billion in value.

The typical processing costs of mortgages were over $350 million a month for lenders, just in assessing loan applications.

The CDR presents significant opportunities to revolutionise the way that lenders and brokers can get better-quality data, obtain it digitally and then have it built into their processes.

This in turn helps reduce costs, improve turnaround times for approval, as well as the customer experience, mortgage broker experience and lender bottom line.

Use cases beyond switching

The benefits of CDR, however, are not just about switching to a better deal or getting a more tailored personal service.

As more sectors become designated into CDR, the flow-on effects from being able to combine data from different sources will mean new and more comprehensive product offerings become available that generate increased benefits for consumers and businesses. 

An increasing range of use cases are emerging in debt relief and management, financial advice, personal finance management, and in payments.

An example of this is Way Forward, an Australian not-for-profit organisation helping people to manage their debt.

It has recently begun to participate in the CDR by becoming a representative of an accredited data recipient.

Way Forward offers long-term advice and management services to help people get out of problem debt.

It is supported by a range of banks, community organisations and financial counsellors.

As part of its free service, Way Forward evaluates its clients’ circumstance and financial situation, negotiates with creditors on their behalf and then puts together manageable repayment plans and budgets.

With a consumer’s consent, Way Forward can now use CDR to collect data about that consumer’s financial situation more quickly than by traditional means.

This will assist Way Forward to provide faster and more effective relief for vulnerable consumers who are experiencing significant financial distress.

Improving financial inclusion

Another example of the significant potential of the CDR lies in the opportunities it may provide for improving financial literacy and inclusion.

At the Open Banking World Congress earlier this year in Spain, Dr Leda Glyptis spoke about the possibilities open banking is creating for financial inclusion.

This is certainly a view I share.

Many customer segments for lending have been traditionally seen as unprofitable -- such as those on low incomes, young people and the elderly -- due to expensive acquisition and servicing costs.

New technologies combined with initiatives such as the CDR can make it easier to offer more personalised and innovative services that can be taken faster to market at a fraction of the cost.

This opens the possibilities of doing micro-lending, real time reconciliations and new ways of credit scoring - many things which were considered prohibitively expensive just a few years ago.

Deeper insights to help determine a more accurate credit risk score, as I discussed earlier are now possible and will become increasingly so, as more and more data types become available.

Extension into non-bank lending

As many here will be aware, processes are currently underway to extend CDR to non-bank lenders.

The non-bank lending sector plays an important role supporting economic growth by providing an alternative form of funding for individuals and businesses.

From a CDR perspective, non-bank lending has clear parallels with the already designated banking sector and extending coverage to include it effectively ‘rounds out’ the CDR banking rollout – further enhancing competitive tension.

Through consultation processes associated with designation of the non-bank lending sector, the ACCC has highlighted the importance of recognising that there is likely to be a higher proportion of non-bank lending customers who are in vulnerable circumstances. 

This reflects the reality that there are a range of non-bank lenders that specialise in providing loans to ‘non-conforming borrowers’ such as those who may be self-employed; have a poor credit history; or are experiencing financial hardship, and who struggle to obtain finance from the banking sector.

As outlined earlier, the CDR is very much centred on the consumer with a fundamental role played by consumer consent which must be specific, unbundled, comprehensive and current.

However it is important to keep a close watch on the effectiveness of informed CDR consent for vulnerable consumers who are urgently looking to access essential credit.

Accordingly, through the consultation process the ACCC has highlighted the need to give specific consideration to risks that can apply to vulnerable consumers and the need for specific rules to protect these consumers. This may include preventing data recipients from misusing CDR data - for example to up-sell inappropriate products or set discriminatory pricing or interest rates.

Enforcement and importance of compliance

The Consumer Data Right program is predicated on a ‘right’ for consumers to safely and securely share certain data.  This right is enacted in legislation.

As well as providing consumers with the right to direct that their information be shared, there are clear obligations on those who hold the data as well as on those data recipients who receive a consumer’s data.

For the CDR to reach its full potential, all CDR participants must comply with their obligations under the associated regulatory framework.

As mentioned at the start of my speech, we at the ACCC along with Office of the Australian Information Commissioner are responsible for enforcing the CDR regulatory framework.

Enforcement of and compliance with the CDR Rules and other parts of the CDR regulatory framework is an important responsibility for the ACCC.

The reality is that consumers won’t be confident joining and using what is a relatively new initiative without knowing the system is fair, secure and trusted.

This is where strong regulation is essential.

Compliance obligations that the ACCC oversees include:

  • For data holders, ensuring they deliver the required CDR functionality on time and ensuring that good quality data is shared. 
  • For accredited data recipients, ensuring they have the right consent mechanisms in place, maintain information and cyber security protections and protocols, and that they only use and disclose CDR data in accordance with the rules.

It’s only with high levels of compliance, that consumers, businesses and the wider economy can obtain the benefits that come from the Consumer Data Right.

When CDR launched on 1 July 2020, we recognised that it was a new framework that would likely require a period of transition while data holders introduced a range of complex technical processes and systems, especially in light of challenges during the COVID-19 pandemic.

With CDR now in an operational phase, the ACCC has placed a greater emphasis on compliance and enforcement activities.

Recently we have issued an infringement notice and fine against a large bank for allegedly breaching the CDR Rules by failing to provide a service enabling consumer data to be shared by the legally required dates.

Some non-enforcement tools we have implemented include the publication of a CDR performance dashboard on the CDR website.

This dashboard presents certain performance measures including the percentage of time data participants’ systems are available to share CDR data and their average response times to requests for sharing CDR data.

I’m pleased to report that since the publication of the dashboard, compliance with providing performance metrics has significantly improved and the system is tracking well against availability targets that have been set.

By its nature, the CDR framework is complex but I do urge all CDR participants to ensure they comply with all their obligations because it is the only way we can deliver this important reform and its benefits to the economy and your customers.


Throughout its development and delivery the CDR has been well serviced by a number of simple design principles.

These principles include that the CDR:

  • should be customer focussed;
  • should encourage competition;
  • should create opportunities through a framework on which new ideas and business can emerge and grow; and
  • it should be efficient and fair - effected with security and privacy in mind

As the CDR continues to evolve, these principles will remain a strong guide to its development and expansion. 

The CDR has the potential to vastly change our economy and help drive competition policy in a digital world.

It is a prime example of a reform playing out at the intersection between competition, consumer protection and privacy considerations.

Thank you for having me here today, and I look forward to seeing our collective progress on this transformative reform in the years to come.

[1] International Monetary Fund, Open Banking and the Economics of Data, Yan Carriere-Swallow and Vikram Haskar, in Open Banking edited by Linda Jeng, Oxford University Press, 2022

[2] Jonathan Shapiro, Surging rates mask hidden pain for banks, Australian Financial Review, 26 September 2022