Go to our Contact page for our office details.
The Department of Home Affairs has issued its draft guidance “Modern Slavery Act 2018: Draft Guidance for Reporting Entities” (Draft Guidance) for the new Modern Slavery Act 2018 (Cth) (the Act).
On 28 September 2018, the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (Commission) handed down its Interim Report (Report) following an extensive series of public hearings. Outlining key observations that will likely impact financial service providers, the Report indicates subsequent questions relevant to help drive future industry-wide amelioration. As customers are increasingly seeking bespoke offerings and tailored customer services, fintechs and start-ups are presented with significant opportunities to shape new business models, while established institutions face the challenge of redesigning their existing commercial strategies and capabilities.
Most notably, as a result of the Commission’s ongoing findings, there has been a marked decrease in consumer trust in both the financial services industry generally and the perceived institutional ability to protect consumer data. As reported by The Australian Financial Review, 29 per cent of customers are less willing to share personal data than they were six months ago, and 42 per cent said trust in banks has deteriorated significantly over the past year. This breakdown of trust, coupled with advancements in technology, will have a significant commercial impact as traditional providers compete with new entrants emerging in the market.
The Report notes the law already requires financial services to be provided “efficiently, honestly and fairly”, and therefore new laws may “add an extra layer of legal complexity to an already complex regulatory regime.” The increasing use of financial data to provide new services is likely to be an accelerant for systemic change in the Australian financial services landscape, and policymakers are already responding.
The Federal Government’s initial application of the Consumer Data Right (CDR) under the Open Banking regime is likely to transform the way in which customers receive financial services. Aimed at encouraging better services through greater competition in the financial services industry, the Open Banking regime empowers customers to direct the sharing of their data sets with accredited service providers (including other banks, comparison services, fintechs or other third parties). These sharing arrangements are intended to facilitate easier swapping of service providers, the enhancement of the customer experience based on personal and aggregated data and more personalised offerings. Significantly, this will give more power to consumers over the use of data that has historically been captured and analysed by established institutions for internal purposes only. Although the Open Banking regime was slated to commence in July 2019, the Federal Government recently announced that it would be delayed by seven months to allow the Australian Competition and Consumer Commission (ACCC), in partnership with the Big Four banks and Data61, to conduct a pilot program to “test the performance, reliability and security” of the new regime.
Corporate regulators will look to financial service providers to comply with the law in a way that is consistent with broader and developing community expectations following the final findings of the Commission. In turn, regulators including the Australian Securities and Investment Commission (ASIC) and the Australian Prudential Regulation Authority (APRA) are likely to increase their enforcement action in future following specific criticism in the Report. The Commission has implied that ASIC needs to be firmer and more proactive in taking enforcement action rather than reaching negotiated outcomes. ASIC has indicated that it is willing to be tougher on enforcement, however has noted that this will require a significant funding boost and expansion of legal powers. ASIC and APRA have both commenced separate internal reviews of respective enforcement policies and the two regulators will collaborate to clarify respective lines of responsibility. Separately, there have also been proposed legislative changes with respect to ASIC’s product design and distribution powers.
Technological innovations have aided the ability to collect and use consumer data at significant pace, with the global volume of data predicted to double between 2018 to 2022. With the upcoming advent of the Open Banking regime, there is a growing awareness of the importance of digital platforms through which customer data will be accessed. Financial service providers will be focused on extracting commercially-beneficial insights from data sets quickly and inexpensively in order to remain competitive. Consequently, both incumbents and fintechs will need to adapt existing processes to compliantly and securely incorporate data analytics into the provision of their services. A key focus for regulators will be ensuring that consumer protection remains an integral consideration against the backdrop of innovative change. In a speech earlier this year, Rod Sims, the Chairman of the ACCC, noted that the ACCC was primarily interested in how data sets are “changing the ways in which businesses compete against each other, what that means for markets more broadly, and how that intersects with consumer protection.”
The large-scale adoption of big data solutions coupled with waning consumer trust has created a commercial environment that is ripe for disruption. While fintechs have previously entered this space on the periphery by offering personalised unbundled services, recent legislative changes and shifts in consumer preferences have provided an avenue to move towards the core of the industry. The EY Fintech Australia Census 2018 reported that fintech adoption has more than doubled since 2015, and 37 per cent of consumers are using at least one fintech provider to receive financial services. With relatively more agile and flexible business models, fintechs are unencumbered by legacy system challenges and can develop innovative solutions more quickly. Additionally, new types of consumer data and advanced analytics will offer new streams to deliver custom products and services that exceed consumer expectations. Fintech players that capitalise on these opportunities and build capabilities to manage the risks associated with using such data will be well-positioned to improve competition in the Australian financial services landscape.
Disruption by fintechs in the financial services industry has pushed incumbents to radically transform their processes to ensure their offerings remain competitive to consumers. Across the industry, there is likely to be a greater focus on service over sales stemming from the Commission’s final report and incumbents face the challenge of improving existing consumer relationships.
With respect to industry response, it will not only manifest in businesses amending employee incentives (ie, benefits for providing useful assistance / recommending relevant products to customers instead of volume based commissions) but also through increases in both the responsiveness of customer interaction/support and transparency of service offerings (eg, more relevant alerts/notifications for customers to understand what service they are paying for).Some banks have already announced these initiatives.
Incumbents face the challenge of improving existing consumer relationships, but have the benefit of doing so by focusing on long-term data stewardship over short-term commercial incentives. Well-equipped with respect to financial, technological and human resources, incumbents are presented with the opportunity to develop comprehensive data infrastructures and robust analytics to produce data-driven commercially viable insights. In doing so, incumbents can evolve their existing business models to create new sources of value for consumers. As one fifth of Australian fintechs operate in the data, analytics and information management space, large institutions are presented with the opportunity to consider strategic collaboration and partnerships to facilitate rich joint ventures in areas such as data sharing and cyber security. With the dual effect of lowering long-term costs and gaining access to new markets and digital innovation, such collaboration addresses in-house capability issues and fosters an environment for new technologies and solutions.
While the potential for consumer data to create new business growth and innovation opportunities is rapidly growing, it is fundamental that businesses mitigate any data-handling risks. One of the greatest challenges for both incumbents and fintechs is how to effectively leverage customer data whilst maintaining adequate levels of data authenticity and security. Consumers have raised significant privacy concerns regarding the impact of data misuse, given the increasing number of reports of data breaches and use of complex artificial intelligence and ‘unaccountable algorithms’ in business processes.
During the first quarter of reporting under the Notifiable Data Breaches scheme, the Office of the Australian Information Commissioner revealed that the number of data breach notifications has been steadily increasing month-on-month, and that the finance industry is the sector with the second highest number of data breaches reported. Notably, as new firms offer financial services, many often have limited resources and time to invest in cybersecurity. Both fintechs and incumbents will need to adopt ‘cybersecurity best practices’ as outlined by industry and regulators to ensure appropriate measures are undertaken to protect consumer data.
Incumbents have historically had greater access to large quantities of consumer data. Under the new Open Banking regime, these institutions will be obliged to share data with accredited data recipients only. For fintechs, ensuring that business cyber resilience strategies are in place and comply with legislative and technical standards will be vital in ensuring that they are determined to be fit to receive data under the regime. In past assessments, ASIC has noted that there has been a marked disparity in the cyber resilience of small-to-medium enterprises in contrast to large institutions. Globally, the World Economic Forum (WEF) has initiated the development of an assessment framework with respect to fintech cybersecurity practices, highlighting the significance of this challenge as digital channels are increasingly used in financial services.
On the other hand, incumbents face the logistical challenge of upgrading legacy infrastructure to flexibly, quickly and securely connect data sources and facilitate data transfers. Open Banking will bring benefits to consumers so long as data is easily and securely transferred between accredited data providers. Therefore, incumbents will need to ensure that they have the ability to manage the risks associated with new types of advanced analytics. On top of this, incumbents must meet the Government-imposed deadlines at each stage of the Open Banking roll out, which requires considered but constant expansion of infrastructure capability.
Lessons have been learned by off-shore providers with respect to migration of bank information technology systems that has been implemented too quickly and without comprehensive testing, resulting in significant financial and social consequences for not just the bank and its various stakeholders, but also the broader financial economy.
Data is having a transformative effect across the financial services industry, and the regulatory response to the collection, storage and transfer of data will have a significant impact on the nature of this transformation. The WEF reported that the “evolution of data regulations will be the critical driver in determining the roles and relative positioning of different players in financial services.” Regulation of data and how financial services providers wield data sets in the future will have ongoing ramifications for competition in the financial system, the introduction and deployment of artificial intelligence and overall consumer trust in the sector.
Policy makers in Australia and overseas have recognised the need for guidance with respect to data, and have begun implementing legislative responses such as the European Union’s General Data Protection Regulation and Open Banking regime. As discussed, the delayed phased entry of open banking in Australia is due to commence February 2020. The Royal Commission will submit its final report to the Governor-General by February 2019.