Ah, LinkedIn… Twitter aside, you are by far the least intentionally funny social media site…
The Great Open Banking ‘Data Holder Massacre’ – A Lesson For Non-Bank Lenders
I’ll start by saying that this is going to get a tad messy.
This article covers a more prosaic topic than even this recent masterpiece on Bank Data enrichment and categorisation.
Acronyms will be used (although not without their full name), the word “compliance” – possibly the least sexy word in the English language – will be bandied around, shadowy & nefarious characters will enter the plot, and fingers will be pointed.
In the pantheon of Australian Data Compliance situations, the requirements for Australian banking institutions (or ADIs (Authorised Deposit-taking Institutions)) to comply with the Consumer Data Right (CDR) became something of a snafu.
In fact, “snafu” is to limit the scale of what went down.
‘Brouhaha’, perhaps, is a more adequate description.
Some might even go as far as to call it an ‘imbriglio’.
Regardless of how we define it, the ‘Data Holder’ requirements for all ADIs to prepare to share their customer and product data in a mandated, standardized format for consumption by other banks became something of a project management nightmare for many, many banks.
If you didn’t know any better, you’d think Bob Dylan had gotten wind of the Consumer Data Right when he wrote (the seminal) ‘Blood On The Tracks’ in 1975 in readiness for what was coming down the pike.
Stage 1 – The Origin Story
As in Europe, but different to America and India, ‘Open Banking’ in Australia was heralded by a change in legislation, requiring banks (as first cab off the rank) to enable customers to freely share their own banking data with other financial businesses in order to achieve greater choice, competition, fairness and all the rest of it.
This required banks (Or ADIs) to convert their own individual customer data into a single, uniform ‘data standard’ so that the data could be easily used and understood.
Sounds simple enough, no?
Let’s quickly ask 120 banks to get their in-house, legacy data from a range of different systems and different core banking providers / systems into a single, consistent format for use by other financial businesses so that they might offer competitive products to yours, to their customers (and yours).
It’s a couple of week’s work, tops, right?
Even without all of the competitive tension involved.
Well, no, as it turns out.
Stage 2 – Trouble Rolls Into Paradise
Actually, and who’d have ever predicted this, it had the potential to become something of a cluster%^&* [the Cambridge dictionary definition of the term is here so you can see that the word is genuine and not a crude playground slur] – and for lots of banks, that’s kind of what happened, through no fault of their own.
You see, a single bank likely has many, many ways of holding, storing and recording its data – so to get unified data from one single bank is something of a humongous undertaking.
But to get it from 120 banks, some huge, some small….all in a couple of years.
And yet that’s what the banking community of Australia managed to do (for the most part).
Not completely of their own volition, sure, but with enough of a stick being used to threaten after-school detention, a damn good scragging, and, ultimately some hefty fines if they didn’t meet their obligations and timelines.
But it wasn’t without some collateral damage. As I said before, there’s a fair bit of Open Banking blood on the tracks.
Stage 3 – The Damage
The toll the Data Holder compliance projects took, I’d comfortably say, on ALL banks (apart from maybe UP who, like everything they do, made it look effortless – best response times, cleanest APIs etc) was huge.
It was a two year compliance-Stalingrad, with almost as many casualties.
I say this in jest but, the trauma was real and lives on.
It is, I think, one of the reasons why so few banks, having done all of the regulatory compliance heavy lifting to comply with their Data Holder obligations, are still remarkably gun-shy when it comes to pulling the trigger (yep, I just did that) on enjoying the fruits of their Open Banking labour, by taking advantage of all the others bank’s data to offer their own customers better deals, products and experiences.
Dr Scott Farrell – the Godfather of Open Banking in Australia – alluded to this (I think) at a recent Australia / UK Open Banking Love-In, where he emphasised that huge investments have been made by banks as part of the Data Holder compliance journey, but the investment in that un-sexy side of the Open Banking coin haven’t yet been matched by similar investments in the cool, sexy side of Open Banking which benefits Australian consumers.
Learnings For Non-Bank Lenders
So, with bank data (mostly) fully compliant and in a uniform schema or format, attention has turned to Non-Bank Lenders who are now required to get their proverbial data houses in order.
What lessons can be learned, what insights gleaned from the poor banks who had to fly blind into a maelstrom of compliance and regulation with very little in the way of trainer wheels or manuals?
1. Understand Your Obligations
The compliance requirements for Data Holders vary depending on products offered, size of your loan book, how many brands you operate etc. Mortgage Managers are included in the new rules, despite not actually being the loan funder so this needs to be considered.
2. Start Planning Your Project Because It Is Going To Be Lengthy
Based on the time needed by banks, the Non-Bank Lender Deadline of September 2026 is going to roll around extremely quickly.
NBLs we’ve spoken to are at wildly different ends of the readiness spectrum. Some projects are scoped and ready to go, whilst others haven’t even made it to the priority list yet. [Plot-twist: it will quickly rise to the top].
3. Stand On The Shoulders Of Data Holder Giants
Leverage the expertise of those who have done the heavy lifting before and know the intricacies of such a project, and also where the slippery banana skins lie.
You know the old phrase: “an easy trap for young players.” Lean on the old sages in this area.
4. Consider Life After Data Holder
After the rain comes the sunshine.
I met with a roundtable group of mutual banks to suggest they enjoy the bountiful harvest of Open Banking by becoming a Data Recipient (a consumer of the Open Banking Data instead of just pony-ing it up for others to enjoy).
They asked how long such a project might take.
I said six to eight weeks should be plenty (given they could fast-track their accreditation as an ADI (bank)).
Jaws dropped, mouths were agape.
Having spent the best part of two years grinding through the Gulag, they simply couldn’t believe that they could be up and running with all the sexy, Open Banking goodness in such a short time.
Some jumped at it, others are still processing the trauma.
But, as a Non-Bank Lender, I’d take a two year view and assume that in that period, you’ll have become an accredited Data Holder (or been heavily fined) but, importantly, screen-scraping as a method of bank data collection will have been phased out, so you WILL need a way of ingesting data and therefore will need to become an open Banking Data Recipient.
So start planning for this STAT.
Related Posts
Comments (0)