Regulators said they will not intervene to stop fintechs accessing banking data via the process of “screen scraping”, providing a green light to the practice continuing despite the concerns of the Commonwealth Bank.
In a Senate committee hearing on Thursday evening, the Australian Securities and Investments Commission (ASIC) said it was not planning to stop the controversial practice, which involves customers sharing banking passwords to allow start-ups to read their bank account data. ASIC said it was not aware of any harm caused by the practice, which is widespread in the market.
The Australian Competition and Consumer Commission (ACCC) also said that while it understood bank concerns about password sharing, screen scraping should not be stopped as the consumer data right – which will ultimately regulate the practice – is developed.
The ACCC also backed the “write” power for the consumer data right, which is currently being considered by King & Wood Mallesons partner Scott Farrell after a referral from Treasury.
Providing non-banks with “write access” would have a dramatic impact on the balance of power in the financial sector, allowing them to make payments and activate the switching away from banks’ products.
In a letter to the committee read out by chairman Senator Andrew Bragg, Mr Farrell, who wrote the original report on open banking, said the open banking regime will ultimately replace screen scraping but there is no urgency to intervene with drastic measures to stop the practice – which allows fintechs to operate.
“We aren’t planning to do anything drastic either,” Tim Gough, ASIC’s head of financial services, told the committee.
ASIC commissioner Sean Hughes said the corporate regulator knows of no damage that has occurred from customers sharing banking passwords with any fintech to allow access their banking data.
“There is no evidence that we are aware of, of any consumer loss from screen scraping,” Mr Hughes said.
ASIC’s new regulatory guidance on responsible lending recognises screen scraping can help with responsible lending compliance, and Mr Hughes said the e-payments code does not prohibit it.
The comments come despite Commonwealth Bank writing to its customers who are sharing passwords with fintech, warning of security risks. Competitors have described the warnings as anti-competitive.
The committee may make a recommendation endorsing the practice, which might restrict CBA from making its warnings.
The ACCC said it had discussed the CBA warnings informally with other regulators, but was not aware of any formal complaints being made by any start-ups. However, FinTech Australia told the committee on Friday morning it had written to the ACCC expressing concerns about the CBA warnings.
ASIC’s comments may encourage start-ups whose customers are receiving the CBA warnings to complain to the ACCC.
Bruce Cooper, general manager for the consumer data right at the ACCC, said screen scraping should be allowed while the consumer data right is being developed, given the CDR will initially only apply to the big banks and include a relatively limited set of products when it switches on on July 1.
“To outlaw screen scraping too early, before the consumer data right has had the opportunity to mature and pick up those additional products and banks, would be disruptive both to consumers and industry,” he said.
Widening open banking
The ACCC also said it will widen the consumer data right’s (CDR) accreditation scheme to allow “intermediaries” to provide data to unaccredited parties. This will allow smaller businesses who are not able to meet the insurance and security standards of the CDR to still receive the benefits from data analytics.
“There is strong interest and a willing market with participants who want to engage in the CDR – our job is to facilitate that,” said Paul Franklin, head of the consumer data right at the ACCC.
“We are considering measures to use intermediaries and [introduce] lower tiers of accreditation where appropriate, and consider the disclosure of information to non-accredited parties.”
The ACCC also backed the introduction of “write access” into the consumer data right, which will be confronting for the major banks.
“It is a sensible development,” Mr Franklin said.
Originally published by James Eyers, 28 Feb 2020, https://www.afr.com/companies/financial-services/asic-accc-give-green-light-to-screen-scraping-20200228-p54588