Australian commercial banks are concerned about the low uptake of the Consumer Data Right (CDR) scheme despite outlaying $1.5 billion.
The Australian Banking Association (ABA) has released the findings of a review of the CRD regime following its introduction in 2020.
The CRD is an opt-in service that allows consumers to give an accredited business access to their data so that products and services can be tailored to their needs.
Only businesses accredited by the Australian Competition and Consumer Commission (ACCC) can provide services under the CRD.
The CRD is being rolled out stage by stage, with the banking sector implementing the regime first, followed by the energy and non-bank lending sectors.
Data holders in those sectors are also required to comply with new requirements when the CRD is introduced in their industries.
Just 0.3 Percent of Banking Customers Onboard
Yet the ABA’s review found that by the end of 2023, only 0.3 percent of bank customers were using CDR.In addition, over 50 percent of data-sharing arrangements between consumers and service providers had been discontinued or lapsed throughout 2023.
While the banking sector has invested $1.5 billion (US$1 billion) into CDR since 2018 (not including government investment), it has not seen any noticeable benefits as promised.
Instead, the review said the CDR was negatively affecting competition as mid-tier and regional banks faced disproportionately higher compliance costs than major banks.
This caused smaller banks to make trade-offs by cutting down on investment in vital technology and customer projects, such as digital services, scam detection and prevention.
“Despite the best efforts of government, regulators and industry, this review makes it clear that CDR has not realised its potential.
“It’s time to go back to the drawing board. The current CDR regime isn’t delivering for customers or enhancing competition, and a new pathway forward is needed.”
Echoing the sentiment, Customer Owned Banking Association CEO Michael Lawrence also said the CDR provided little benefits for customer-owned banks despite their $100 million investment.
Concerns About Data Risks
Despite the government’s promise that the CDR could improve consumers’ data control, a study (pdf) by the University of New South Wales pointed out that the regime heightens the risk of data loss by allowing consumer data to be disseminated to a wider range of stakeholders.“As more data is shared with more parties, the possibility of data breaches increases, making effective data management ever more crucial,” the study said.
“Furthermore, as organisations become more digitally integrated and their staff more flexible in how and where they work, more safety vulnerabilities arise.
“With the introduction of ‘action initiation,’ security risks for consumers are expected to rise even further by creating greater incentives for, and more vulnerabilities to, cyber attacks.”
The study also cited other research showing there was significant doubt among consumers about whether their information could be adequately protected by service providers when they share data with third parties.
