The Australian Competition and Consumer Commission (ACCC) alleges that Bank of Queensland did not meet this obligation on 1 July 2021 as required, and did not make the required services available until 13 December 2021, which meant that the bank’s customers were unable to share their CDR data for more than five months after the date by which this service was required to be available to them.
“Under the CDR, consumers have a right to safely and securely share certain data with accredited providers, including fintech firms and other third parties, who in turn can use that data to create better customised products and services for the consumer,” ACCC Commissioner Peter Crone said.
“For the CDR to work effectively for consumers, participants including all banks must meet their data sharing obligations within the timeframes set by the regulations” he said.
“In the current environment of rising interest rates, consumers benefit from greater access to information and tools to help them compare products and make informed decisions about switching banks, and the CDR assists this.”
In a statement on Wednesday, the ACCC noted that it closely monitors compliance with CDR obligations and provides support for participants to assist them in preparing for and entering the CDR program.
“As it is rolled out, the CDR will increase consumer choice and promote the innovation needed to improve competition in financial services and other areas. It will play a central role in enhancing productivity,” Peter Crone said.
The ACCC warns that if CDR participants do not comply with their obligations, the it will consider taking enforcement action in line with the CDR Compliance and Enforcement Policy. “This can include administrative outcomes, enforceable undertakings, infringement notices, suspension or revocation of accreditation, or commencing court proceedings.”
The ACCC says this is the first infringement notice it has issued for an alleged breach of the CDR Rules.
“A number of banks were delayed in implementing their CDR solutions, in part due to issues related to the COVID-19 pandemic and a shortage of skilled IT resources.
“In deciding to issue an infringement notice to Bank of Queensland, the ACCC took into account a number of factors, including the period of alleged non-compliance, the number of customers potentially impacted, the resourcing constraints Bank of Queensland faced in developing its CDR infrastructure and the steps it took to limit the duration of its non-compliance,” the ACCC statement concluded.
The ACCC also notes that the payment of a penalty specified in an infringement notice is not an admission of a contravention of the CDR Rules - and it can issue an infringement notice when it has reasonable grounds to believe a person or business has contravened certain provisions in the CDR Rules.
CDR gives consumers the right to safely access data about them, held by data holders, and direct this information to be transferred to accredited third parties, potentially to access new products and services, including better deals on everyday products and services.
CDR - designed and overseen by the Australian Government and independent regulators to ensure it is safe and secure for consumers - is an economy-wide reform that will be rolled out sector by sector, and has already been rolled out to banking.
The ACCC says that for banking, all Authorised Deposit-taking Institutions (ADIs) are designated data holders with obligations to share data through CDR - and the energy sector is set to commence sharing product (general) information in October this year, and to commence sharing consumer data from 15 November this year.