Two fintech watchdogs have demanded action from regulators against ING Bank (Australia) over a planned software migration which they say invalidates existing data sharing arrangements.
Australia’s national fintech association FinTech Australia and FData ANZ, a not-for-profit global association for financial services companies operating in open banking and open finance, have raised serious concerns about ING’s recent decision to transition to a new Consumer Data Right (CDR) solution.
FDATA ANZ and FinTech Australia have called on the Australian Competition and Consumer Commission (ACC) to take immediate action. They also issued a joint public statement on behalf of accredited data recipients across the CDR ecosystem, including:
We understand ING will be transitioning to a new consent solution in which all active data sharing arrangements on the existing solution will be invalidated on 8 February 2023. This will mean:
- Every single consent that is currently active with ING will need to be redone
- Thousands of consumers will be impacted
- Accredited Data Recipients will bear the cost of reintegration and any damage to their business
Not all accredited providers (ADRs) had been notified. The short timeline in which some had been made aware is of additional concern. This exacerbates the issue as the urgency means ADRs have to coordinate their teams to update their platform in a short period of time, and wear the costs and the reputational damage.
This action disrupts the lives of many Australian consumers who are using the CDR to improve the way they manage their finances and it cannot become a precedent.
“This move from ING sets a dangerous precedent for the Consumer Data Right rollout and endangers the benefits it is bringing to consumers,” said Rehan D’Almeida, general manager, FinTech Australia. “It’s perplexing that ING, a bank with consistently high customer satisfaction ratings, would not prioritise the Consumer Data Right. This is a transformational reform and the banks have had years to establish the systems they need to be compliant.”
Mathew Mytka, regional director, FDATA ANZ, said: “CDR has the potential to drive competition across many services, such as energy and gas, by making it easier for consumers to switch providers, save money and improve their financial lives.
“Open banking is still tracking well with 95 per cent of ADIs sharing data (114 Brands) and 88 data recipients in the ecosystem. But while many banks are doing the right thing, we do need to see a firm response from the regulator to ensure this does not set a precedent.”
The CDR is an economy-wide data sharing programme that enables Australians to leverage the data businesses hold about them for their own benefit. As well as banking, it has also commenced in the energy sectors.
FDATA ANZ and FinTech Australia want ACCC to take regulatory action “proportionate to the seriousness of the breach”. It also wants recognition of the level of harm, detriment or potential harm this can cause to consumers and the damage to confidence in the CDR regime.
The ACCC can issue an infringement notice when it has reasonable grounds to believe a business has contravened the CDR Rules.
In December, the ACCC fined ING for alleged breaches of CDR rules, relating to data sharing deadlines in 2021 and 2022. ING also paid penalties totalling $53,280 after the ACCC issued it with four infringement notices.
ING has described its upgrade as “necessary to build a safe and secure open banking experience for its customers”. It also said it was working through the migration plan with accredited data recipients.