October meant many things. 10 weeks till Christmas, strange American holidays and nearly the end of an ‘interesting’ year for all us. For banks it was also our deadline to comply with the first phase of the new Consumer Data Rights (CDR) regulations – a cornerstone of Open Banking. Xinja has done this but is also already looking beyond to what we’ll do next year.
The story so far…..
Before we look ahead, let’s remind ourselves about what Open Banking is. As we explained in our blog all the way back in 2017, it will allow banks or other financial service providers to share customer data with third parties, securely and in real time, which has all sorts of potential benefits to customers. We’ve been watching Open Banking in the UK, where it started to roll out in 2018, promising to be an evolution rather than a revolution, but now is yielding some real initiatives providing new services or value (see some examples below). The roll out in Australia has been slow; in our blog in July 2019, we noted the milestone of the pilot program, but the deadline for the Big 4 banks to comply was shifted back, from July 19 to February 2020. And then again, so the Big 4 didn’t actually open up data for sharing until July 2020, and they took some flack for it: Liz Hobday of the ABC pointed out, “consumer data rights threaten to unstick the big banks’ customers”.
Open Banking Timeline
So what’s Xinja been up to in open banking?
Our first deadline was last month to provide access to our product data (the details of our bank account and Stash account) via an API, which we’ve done, so this could easily be accessed by third parties. Our next is July 2021, when we need to make our customers’ data available, again via API and according to open banking standards, at their request to third parties who are accredited ‘recipients’, for example loan companies or services automatically pulling relevant data to assess someone for a loan.
“Companies like Xinja and SISS will go beyond CDR and look to really unleash Fintechs from the inbuilt constraints of legacy banks very soon. It’s an exciting time.”
– Greg Steel, CIO Xinja
Getting the Rights right
The lead regulator of the CDR, the ACCC (Australian Competition and Consumer Commission, writes: “the CDR will give consumers greater access to and control over their data. It will improve consumers’ ability to compare and switch between products and services, and will encourage competition between service providers, leading not only to better prices for customers but also more innovative products and services.” To help make this happen, Xinja joined forces with SISS Data Services to create a new open banking solution and to meet that October deadline.
Letting customers control their own data
Our Chief Information Officer, Greg Steel, explains why Xinja chose SISS: “What really attracted us was that Xinja and SISS, along with partners like private data sharing platform digi.me and ID Exchange, are well aligned in vision; looking beyond CDR to putting data fully into the hands of customers and helping them control access.” Steel believes that the next steps of the CDR might be difficult for some of the bigger banks. “I believe CDR alone opens up opportunities for Fintechs, but companies like Xinja and SISS will go beyond CDR and look to really unleash Fintechs from the inbuilt constraints of legacy banks very soon. It’s an exciting time.”
Open Better banking
Open banking will pave the way for a number of integrations to become available for your bank account. Examples of useful customer benefits from this, as we’ve described before, include customers having greater control and say about their own data and who accesses it, better informed credit decisions for loan applications, easy switching and moving between financial service providers, account aggregation that lets you easily see your finances in one place, and marketplaces, where customers can access services within and beyond finance at great rates. In the UK some examples already include identifying whether you can save money on energy bills (facilitated by Yolt), or your mortgage readiness (from Mojo) or whether someone can get an advance on their wages (with Wagestream).
So what’s “Screen scraping”?
To achieve some of the above outcomes, financial services companies currently mostly rely on so called ‘screen scraping’, which means handing over your logins and having these apps scrape all your transactions. This is the predominant method used by customers now to share their banking data with another service provider. As an app only bank, Xinja itself can’t be screenscraped. Instead we are looking forward to moving beyond screen scraping next year, when open banking makes this kind of data exchange fully secure.
Securing the future
Xinja is following APRA’s CPS 234 information security standards and, as well as the SISS partnership referenced above, have partnered with Kong to create an API gateway that is highly secure. Long story short, we’re approaching Open Banking (which itself is an improvement in the security of customer data) in the most secure way possible. Now that we’ve passed the October milestone, we’re looking forward to being fully CDR compliant by July 2021 to take part in the fuller open banking ecosystem and ultimately receiving customer data from third parties that will allow us to add value. We can’t imagine yet all the possibilities this could open up, but we’re excited to be part of the movement. Bring it on!