Transcript of Question & Answer Session Panel Participation at The Future of Financial Services Sydney Conference

We'll come back to that maybe at the end of the panel discussion and get our views. So let me just move over to this side and what might be easiest in the interest of time is if I start with Bruce and do a brief introduction of who you are, who you work for and a bit about what you do.

Sure, so my name's Bruce Cooper, I'm at the ACCC, I'm currently the general manager of the Consumer Data Right branch and we are responsible for implementation for what we'll call today open banking, but in Australia it really is a broader consumer data right that'll go across the economy and introduce or give consumers the right to share their banking data, their energy data, telco data and perhaps in the future things like shopping data with third parties that they choose to trust with their data that they think they can get some valuable service from. So that's what we're doing.

I'm Tony Richards, I'm Head of Payments Policy at the Reserve Bank. The Reserve Bank's got oversight and regulatory powers with respect to high value payments and clearing and settlement facilities. But for today's audience the important thing is we've also got regulatory responsibilities with overseeing retail payment systems. And there our mandates are to promote competition and efficiency and to reduce risk.

Simon Beitz co-founder and CEO of Bene. Bene hopes to be a digital challenger and we're working with the regulator to launch that early next year and we're looking to do a soft launch on a credit product late this year.

Hi everyone I'm Melanie Evans, I lead the retail bank team at ING in Australia, so looking after everything from product and marketing and distribution and service, right through to digital and innovation. So I guess the executive sponsor of our open banking work and very lucky to work for an organisation that considers itself the first real fintech in the Australian market.

Hi everyone my name is Dan Mcloughlin, I'm the digital security specialist from OneSpan. We're an authentication organisation who work primarily in the financial sectors. I work across the UK and EMEA and just bringing some of the knowledge of what we're seeing in open banking and PSE2 across from the UK and Europe and hopefully how that can help inform the way things go here.

Fantastic, so a very well rounded panel. Please give them a round of applause. In fact it's hard to think if we could have better handpicked a panel of people with different roles and different angles on the conversation that we're going to have. Open banking for those of you that were here yesterday was a theme that emerged pretty much consistently throughout the day. I guess Tony, I'll maybe start with you given that you've got I guess a greater oversight of the whole process in terms of realistically what is your assessment in terms of where we are in progress towards open banking?

Sure. The first thing to note probably is it's going to be very much a phased introduction, implementation of open banking. Open banking in Europe and the UK involve consumers giving away read access rights to their data as well as potentially giving away the right for payment initiation service providers to make payments on their behalf. But in Australia what's going to be implemented starting the middle of next year is the consumer data right and that's all about sharing. So it's just about providing commercial entities with the right to share to look at consumers' financial transactions.

Of course, the implementation is going to be phased. In July 2019 it'll only be some types of accounts and it'll only be at the four major banks, but from the middle of 2020 it'll be broader in terms of the banks involved and the types of accounts. So currently there's a lot of consultation occurring with the industry, treasury's consulting on the legislation that will underpin the framework. The ACCC is consulting on the rules framework and then it'll be publishing some draft rules that will underpin the consumer data right and open banking. And data 61 is consulting on technical standards to support open banking.

So there's a lot to be done in the first half of next year, banks and fintechs are probably not fully clear yet what they're building to, what the framework will look like on July 1. So that's a real challenge; the other challenge of course is that the banks as we all know are large institutions with complex systems, so it's going to be a major challenge for them. But we know the framework is going to be API based and that's an insight that we got from the UK amongst other places. So it remains to be seen how much data sharing actually occurs on day one, but I think it offers the promise of great benefits to consumers and businesses and we can talk about those later in the panel.

Melanie not one of the big four, but certainly here on the panel representing our established banks. Your thoughts on where you are with that and the implications for what you're working on at the moment?

Well I guess at ING we see open banking as a significant step forward from a customer perspective rather than it being a regulator led initiative. So we're very supportive of open banking. One of the benefits of being a global bank is we've seen how that's played out overseas and really what's happened. So while we're not part of the first wave of regulatory requirements, certainly we like to see ourselves as a leader and we certainly want to be there when open banking becomes available to customers. I think the challenge from a customer perspective rather than a supply or regulatory perspective is we've only got about 5% of the Australian population understanding what open banking is at the moment. And I think what we're certainly focused on doing is making sure that our customer base knows the benefit of standardisation, the benefit of being able to if they opt in, share their data certainly amongst the industry and certainly beyond the industry in the long term as we move to a more platformed world in financial services. Because the reality is they're living like that elsewhere at the moment in other parts of their lives. So yes, we can track it from a regulatory and legal perspective and certainly we're looking forward to seeing the standards, because we think standardisation is one of the big things in giving customers control. But what we would also like to do is spend a bit more time focusing on making sure customers are engaged and they actually use it and use it to their benefit.

Simon it's interesting to hear your take on it coming from a challenger bank for want of a better word, but one with a name that actually means good, which I'm sure will be well received by our friends in Canberra.

Bene is bringing the good back in banking and we hope to when we get that pass. I think it's great to hear ING approaching it that way Melanie. My concern is the big four have got so much on their plate at the moment that a lot of them will be thinking it's another compliance piece and forgetting about the customer here. I absolutely agree with you, customers are using their data in ways at the moment and Australians are global citizens and global experiences. So I agree with you that probably only 5% really understand what it is, but without understanding what it's called, they're actually interacting in those ways.

So we're absolutely for customers and Bene will be a purpose driven organisation and we absolutely believe that the customers own the data and have the right for their data how that works, so that's certainly something we're pushing hard for. Absolutely think that there needs to be rules and I spent most of my career in a large corporate, so appreciate the rules and the regulatory regime, but I think we also need to push and we all need to push for this, because I think it's going to be great for everyone.

Bruce do you want to add in to that?

Just on the consumer education and awareness, it's absolutely vital that consumers are going to understand what it is they're asking to share and the ACCC was given some money as part of our remit to do some consumer education along with both Data 61 in terms of the fintechs predominantly, but also the Office of the Australian Information Commissioner. One of the things that worries me a little bit is we can provide some of that education, but it's a complicated sort of regulatory system that we're setting up and we need to provide that education in a practical way that consumers can understand and without having good use cases from fintechs and others to explain to consumers, it's going to be difficult I think for it to really grab hold.

Yeah absolutely so certainly coming from a European perspective and a UK perspective, I think there's a slight feeling that the regulation's all been put in place, great everyone knows what they're doing, but from a consumer perspective nobody's really yet embracing what this is, because again everything is put in place. Just having a framework is not enough, you have to build this ecosystem, you have to have fintechs building compelling solutions for customers to actually start wanting to use. Now I know a lot of banks in Europe have created their APIs, they're ready and they're all looking to also provide open banking services, but that's further down the road. And one of the lessons you can learn is making sure there's plenty of time to get these solutions out there for customers to actually understand what the benefits are.

I think one of the challenges too is an organisation such as ours is building from the ground up as we have no legacy systems, which is obviously one of the keys. So we're thinking about it and our design team are continually challenging each other and saying customer owns the data, customer owns the data and that's how we're thinking about from day one. So we're already thinking down that path versus some of the legacy or most of the legacy banks that have never had to think like that and frankly they're challenged sometimes to share data across the organisation. I worked for a large organisation and I know the frustration sometimes in large organisations as well. So it's a real fundamental shift, not only on the customer side, in fact I think the customers are probably a little bit further along than maybe some of the corporate thinking there. But it's a fundamental shift in the way of thinking.

I guess if you look at though some of the announcements made by some of the legacy banks or larger banks over the last little while, it's fair to say that a lot of them are using APIs within their organisation and certainly even with partners. So to be fair on the larger banks, although they are seen as having very complex business models and so on and so forth, they are well advanced and I know there's plenty of major bank technologists in the room, I have a view that they are far more advanced than I think what we give them credit for in terms of what they're doing around APIs and service layers and so on and so forth. We are not necessarily a major bank in the market, but we've started an open service environment with, if this then that, where we're allowing that service provider to give us direction on customers saving $50 if it's a rainy day or if they do their 10,000 steps and so on and so forth. So there are some trials and some cool stuff happening out there. So I think to be fair on the larger organisations, they might be more complex in significant projects, but I don't want to underestimate how agile and nimble they can be when they need to be.

In a moment I want to move on to the elephant in the room, which is around privacy, security and protection of data, but before we move on to that, Melanie do you want to just tell us in your mind what are the real benefits to customers?

Yeah I mean from a customer perspective the first thing I'd say is this absolutely puts the customer in more control of their information and their data and I risk offending some people in the room today, but often I think of my career where a lot of technologists saw data as the bank's asset and actually what open banking does is actually give the customer ownership of their data back and they're now in control of whether or not what happens with that data and that information and how it's shared.

So I think there's a control and an ownership shift. One of the things that we've certainly seen through our global organisation is that although it is sometimes talked about switching is the big benefit, one of the key things we're seeing certainly in the UK market is the impact of standardisation of data and that allows customers to compare utility products far more simply and far more easily than ever before. And so our hypothesis is from a customer perspective, the shift now moves to competing on experience and the product or the product sale just becomes the utility service. So that's of huge benefit to customers, the quagmire and complexity lifts when things are made easy and standardised and simple and when they're given control back of their information. That sounded really simple didn't it? It's not that simple.

Tony this is a question for you, but equally Bruce I guess will have some thoughts on this as well, Mel's thrown around data security and ownership of data. Who is responsible for it and who should be and how should they be held accountable if there's a breach?

One of the benefits that I'm not sure if Mel talked about is clearly there's greater safety. Customers may already be sharing their data with other entities, but they may be doing it through screen scraping or something else where they're actually giving a lot more than just the ability for people to see their data, they may actually be giving the ability for people to actually make payments on their behalf. So the ability to share your data, but not to share other rights I think is a big thing. And APIs are obviously a key part of that, that it will be much more convenient and safe for them to do that.

But I think the important thing is that there are going to be standards for the accreditation standards for third parties to get access to the data. So for example the proposed framework, the accreditation process for data recipients, they're going to have to satisfy fit and proper tests, they're going to have appropriate systems, resources, procedures, including for dispute resolution and they'll have to hold appropriate insurance. So I suspect that there's actually a lot of protection there and it may actually be a challenge to right those accreditation rules in a way that they're actually not so strong that they turn into a barrier to entry for legitimate buyers.

Simon some of your thoughts on that being a challenger, does that sound daunting?

No not at all and I think there's a misnomer that challenger means we like to break the rules and all of that sort of stuff. I absolutely agree with everything that Mel said before and if you look at lessons out of the UK and one of our advisers is the ex CIO of Starling Bank, Greg Hawkins, the lessons we've learnt from there is there's lots of opportunities and it's actually not about taking bank's customers. Customers are already saying they're unhappy with the service they're getting from existing banks, so we're not relying on open banking at all to drive customers our way. We're looking at it as an opportunity to open up other opportunities for customers. And I think that's the way everyone should look at it in this room, it's not about who's going to move from one bank to another; I think the numbers in the UK have actually been quite low from churn.

Pretty static yeah, so it also opens opportunities for people to stay with their bank effectively, because they can consume a more exciting service, but without having to shift banks. And in the UK we're really, really bad at shifting banks.

Well I think Australians change their life partner more than they do their bank.

Yeah, yeah, yeah divorces win.

So we absolutely think we can co-exist in an environment where multi bank relationships are things that we are fine with and we think open banking will allow that to happen in a safe and proper way.

It's interesting you say that, because one of the speakers yesterday compared it to the complexity there was five years ago to change a phone number and take it with you and open banking is now going to give that portability and that frictionless switching between your main financial institution, a world which may cease to exist potentially. So that was an interesting insight. Dan you've experienced this in the UK and your focus primarily on the security and the cyber security aspects, we've heard about some of the protections and frameworks in place, I would like to hear your insights on it.

Yeah so open banking in the UK and Europe is effectively underpinned by two additional regulations. So we have the GDPR, so that's your Data Protection Act and the PSD2 Payment Services Directive. Now obviously with open banking we also have the ability to make payments on third parties behalves across the European regulation. So it's very important that that PSD2 regulation underpins that with some security levels that ensure that the bank is still in charge of authenticating any requests that might come through an API through a third party. So they have to be able to validate who the third party is and make sure they are an accredited third party, but they also are able to validate the end user using mechanisms that they provide. So the bank is still in control and in charge of that authentication, not necessarily the data itself, but the authentication of the user to make sure that the information being passed and any transaction risk is being correctly mitigated using technological solutions that are available.

One of the questions from the floor from Dmitri was do you see blockchain playing a part in that?

There is a potential for blockchain to play a part. I think there's always a lot of speculation around blockchain when you're looking into secure environments. It may provide users with a more ability to control their own data rather than having to pass it around to multiple players. But I think there's still a lot of investigation to be done in that place.

We've got a few minutes just for a few questions coming through. Anyone from the floor; this is what I'd say a truly unique opportunity to get every cross-section of people involved in the open banking discussion, does anybody have a question?

Wondering how in the open banking world where you've got more transparency on product design, whether this will lead banks to lean more towards bundling, so that as a whole the entire proposition might be of value and make it more sticky than perhaps a customer who might tend to shop around and have one product with each bank, which I think open banking will bring? So the question is will product designers offer more loyalty programs and loyalty rewards to share wallet and gain whole wallets that they may have passed? That's the question for anyone.

I'm happy to give you my two cents. I think the future will see more of a marketplace environment, so I think loyalty is probably, a lot of customers see through loyalty now. Certainly, the work we've done with loyalty and I'm talking 18 to 30 year olds is they don't see it like our generation and older used to see loyalty in the points. I think that means you'll have a whole lot of suppliers and consumers in that marketplace and so it will ultimately will be more fragmented instead of going the direction you're talking about, but that's my view.

I think it depends on where the loyalty sits. So in an open banking world in particular, some of the UK models that we've seen, at ING we're thinking about it more as a platformed world, where the loyalty may sit with the distributor or the person owning the experience, rather than the product manufacturer itself. So in a way I don't want to say the opposite could happen, it sort like the lines you're going along, but instead we've got platforms who do the right thing and really open life up to you as a customer and says okay well you can't get your first home loan here, but this lender may do it or this is the right credit card for you or so on and so forth. So maybe loyalty doesn't sit at the product utility level, potentially the loyalty sits at the experience level, so think of it more like a platform ecosystem world rather than a linear bank to customer world.

With the customers, once we empower them with their data, how do we also help them not be taken advantage of by people who are poorly intended or fraudsters, whatever it might be, just from if you think about the equivalent of phishing attacks that we have right now? I'm happy for anyone to take that question.

I'll have the first crack at that I suppose. I'm not sure where Andrew is, it was just a voice from …. There will be protections around in the legislation for misleading and deceptive conduct and that sort of thing, and very significant penalties for people who pretend to be accredited recipients of data or authorised to receive it. There'll be restrictions on the ability to share data with someone who's not accredited, so protections at that sort of system level. We're also conscious I think in the consent models, not to be providing an opportunity I suppose to undermine some of the messaging that's been given out for years about phishing attacks and avoiding those. So there's a piece of work to do there I think. I think your question has a number of layers to it, so probably I've only skimmed the surface.

I think again some of the technologies that companies like mine provide through the financial institutions can help to mitigate these kind of data losses because with more advanced machine learning elements, risk and fraud analysis and solutions that are more impervious to the vishing style of attacks and the phishing style of attacks, we can help to really mitigate against that kind of data loss, when someone assumes they're doing the right thing, so an accidental data loss in that respect.

Unfortunately, we've run out of time for questions, but would like to just quickly revisit that poll that we started off at the beginning of the panel discussion. We've managed to get the results back from that. I'm not sure if the panellists can see that. We asked the question what do you foresee would be the norm in open banking world in the next two to three years? See the outright winner, customer loyalty being a thing of the past. Anybody wish to agree or challenge that view?

I think it could easily go both ways as I mentioned before. The whole platform above it means that you don't necessarily have to switch providers if you can consume services that you provider doesn't necessarily give you in the best way. So if you want a really up to date funky looking banking app and your bank doesn't provide that, but a TPP can and that's your requirement, then you can stay with your bank, you don't have to leave it. But consequently there is just as good an argument that you can have this ability to very quickly and easily see new components, new products that you can easily use from other providers and with some interesting uses of your data you can get some good recommendations, as much as you might from an insurance website where you compare other solutions like that. So you can easily see that happening too. I think it's a real 50/50 for me which way it will go and I think time will tell.

Dan thank you very much for that, Mel very good to hear your insight.

I'm going to go 100% option E. Customer loyalty will be won by those who see open banking as a consumer benefit and they'll work out how to win on customer experience and operating in the interests of the customer rather than seeing data and products as the banks' or the financial services' assets. So I'm an E, customer loyalty will be for all the smart cookies in the room who work out how to do that.

Fantastic. I'm afraid we're out of time. I'm sure you'll agree this has been a very rare opportunity to get such a great diverse panel together. Panel, thank you very much for your time. Mel, Bruce, Simon, Tony, Dan, it's been great to hear all of your opinions. Thank you for being so generous for your time, for your insights that you shared and for quite a stimulating conversation with the audience. Would you please give them a big round of applause.

[applause]