Skip to Content
Login
Close

Quick Links

Tag: Fintech Compliance

Business Consumer Disclosure Consent via Basiq’s Consent UI

Posted on by Rafael Damalio
business-consumer-disclosure-consent

The Consumer Data Right (CDR) in Australia has recently undergone significant updates, especially with the introduction of Business Consumer Disclosure Consent. This new form of consent broadens the horizon for business consumers, allowing them to share their CDR data with a wider array of service providers, beyond the traditional “Trusted Adviser” list. This list initially included professionals such as accountants and lawyers but now extends to include service providers like bookkeepers, finance brokers, insurance brokers, and business coaches.

If you want to know more about the changes read CDR is expanding to include non-bank lenders.

Getting straight to the point, the new CDR updates include:

  • Introduction of Business Consumer Disclosure Consent: Expands data sharing options for business consumers, facilitating sharing with a broader range of third party service providers.
  • Greater Flexibility with CDR Data: The V5 Rules update permits data sharing with software applications used for financial administration, offering substantial benefits for service providers and small businesses.
  • Encouraging Open Banking Adoption: Tailored for “business consumers,” this update opens up new opportunities for sharing financial data, crucial for accessing various funding options.

So what are the benefits for service providers?

  • Expanding Data Sharing Capabilities with less legal requirements: Service providers are able to access valuable CDR data and use it based on their existing business agreements without being bound by CDR rules.
  • Streamlining Financial Operations: With access to a broader range of applications for financial administration, businesses can streamline operations such as payroll, invoicing, and more.
  • Facilitating Access to Funding: The ability to share bank statements with finance brokers more efficiently opens up a plethora of funding options for businesses.

The recent updates to the CDR, present a new opportunity for businesses to engage in data sharing. Basiq’s consent UI has been enhanced to accommodate these changes, ensuring that businesses can leverage our platform to share financial data with a broader array of service providers. This enhancement is integrated into our existing consent UI, ensuring that the user experience remains consistent and intuitive.

So let’s take a closer look
The service provider Piper is wanting to collect business account details from a customer so they can offer a better service for their customer. They have integrated with Basiq to use their consent UI solution to allow their business customers to securely connect and share their bank account details in order to speed up this process and reduce manual processing. 

  1. The customer is met with a pre-consent screen within the piper application.
  2. When they agree to continue they are taken to Basiq’s consent UI flow to facilitate the secure access to account details through a relevant financial institution.
  3. The user is presented with details on; who has requested them to share the data (piper) and who is securely collecting it on Piper’s behalf (the ADR – Basiq), what details are being collected, for what purpose and for how long this consent will be valid for.

The Basiq consent UI simplifies the complex and verbose consent flow established by the ACCC and DSB CX (Customer Experience) guidelines. Our focus has always been to strike the perfect balance between compliance with the Consumer Data Right (CDR) regulations and offering an intuitive, user-friendly experience that maximises conversion rates. It aims to:

  • Reduce Drop-offs: By simplifying the consent flow, we aim to decrease the likelihood of users abandoning the process.
  • Increase Transparency: Users are well-informed about the specifics of the data sharing agreement, fostering trust and confidence in the process.
  • Maximise Engagement: A streamlined and user-friendly consent process encourages higher engagement rates, benefiting all parties involved.

The updates to Australia’s Consumer Data Right (CDR), featuring Business Consumer Disclosure Consent, significantly broaden the scope for financial data sharing, enhancing operational efficiency and financial management for businesses. The integration of these updates into the Basiq consent UI simplifies the data consent process, ensuring compliance while optimising user engagement. It enables service providers to offer more tailored solutions, streamlining operations and reinforcing trust in data sharing. 

As open banking evolves, Basiq continues to innovate, empowering clients and their customers to maximise the value of their financial data.

Resources
Have a read of our developer documentation to understand how you can get started with BCDC.

Important Information: This article has been prepared by Basiq Pty Ltd (ABN 95 616 592 011) (Company), and was originally published on 12 April 2024 on www.basiq.io. Information is current as at the publication date, and the Company has no obligation to update or correct this article. The information contained in this article is of a general nature and is not intended to address the objectives or needs of any particular individual entity, and should not be regarded in any manner as advice. To the extent permitted by law, the Company and its related bodies corporate will not be liable for any errors, omissions, defects or misrepresentations in the information in this article or for any loss or damage suffered by persons who use or rely on such information (including for reasons of negligence, negligent misstatement or otherwise. © 2024 Basiq Pty Ltd

CDR is Expanding to Include Non-bank Lenders. What Does it All Mean?

Posted on by Rafael Damalio
cdr-is-expanding-to-include-non-bank-lenders-what-does-it-all-mean

This year, Australia’s Consumer Data Right (CDR) is expanding to include the non-bank lending sector. Specific Non-bank Lenders will be designated as ‘Data Holders’ within the CDR framework, requiring them to implement systems to facilitate consumers in being able to transfer their data to accredited third parties.    

This builds upon the designations in the Banking and Energy sectors, where Data Holders are already operational, allowing consumers to effectively transfer their data. 

November 2024 marks the first milestone for Non-bank Lenders. So what do Non-Bank Lenders need to be aware of? 

Quick recap

The Consumer Data Right (CDR) is an economy wide designed to empower consumers with greater control over their data. It facilitates the secure sharing of data, currently housed in various organisations, with third parties in taking up new services. Banking was the first implementation of the CDR, commonly known as Open Banking, allowing consumers to consent to sharing their banking data with accredited third parties. For more detailed information on Open Banking, refer to Basiq’s definitive guide.

Following Banking, the Energy sector adopted the CDR and soon, Non-bank Lenders will join this initiative. Presently there are over 90 Banks and Energy providers acting as data holders. To see the complete list

Which Non-Bank Lenders must serve as Data Holders?

Treasury has delineated two categories of providers:

Initial provider: A non-bank lender that on the commencement date has over $10 billion in loans/leases and has averaged over $10 billion for the preceding 11 months.

Large provider: A non-bank lender that on the commencement date has over $500 million but less than $10 billion in loans/leases, averaged over $500 million for the preceding 11 months, has more than 500 customers.

What types of Non-Bank Lenders does it apply to?

Some examples of organisations it applies to include:

  • Mortgage lenders
  • Consumer finance companies
  • Buy Now Pay Later (BNPL) providers
  • Leasing and hire purchase providers
  • Marketplace lenders
  • Payday lender
  • Peer-to-peer lenders
  • Salary advance providers

What are Data Holders required to do?

Data Holders must be authorised by the ACCC, fulfilling specific criteria for data security, privacy, and technical capabilities. The implementation of robust security measures, such as encryption and access controls is required to safeguard data. Privacy compliance is crucial, ensuring data use aligns with relevant privacy laws.

Data Holders are obligated to adopt technical standards to facilitate seamless data sharing across  entities within the CDR ecosystem. This involves establishing a consent management framework to obtain and manage consent from consumers. 

Furthermore, ongoing regulatory oversight requires Data Holders to submit regular compliance reports to the ACCC and promptly address any inquiries and issues that may arise.

What are the key dates?

What is a complex request?
A “complex request” under the draft rules is a consumer data request that:

  • Is made on behalf of a secondary user of the consumer
  • Relates to a joint account or a partnership account
  • Is made on behalf of a non-individual CDR consumer whose authorisations are handled by a nominated representative

I’ll be required to be a Data Holder, what should I do?

While providing access to consumer and product data via APIs seem straightforward, the process of becoming a Data Holder is a complex undertaking. Beyond initial requirements, there are continuous obligations related to regulatory changes, maintenance and reporting. Based on feedback from existing Data Holders in the banking sector, it’s prudent to consider engaging a Partner with the requisite  expertise, experience and knowledge.  

Given the urgency and complex requirements, Non-bank Lenders falling under the scope of becoming a Data Holder should take proactive steps in initiating their CDR implementation projects. Here are our recommended actions. 

Step 1: Requirements and Timing
Familiarise yourself with what’s required and “go-live” deadlines

Step 2: Engage a Partner
Work with a Partner that can help you navigate the complex build and maintenance requirements

Step 3: API development
Start building the internal API layer to surface Users, Accounts, Transactions – needs to be done regardless of whether you engage a Partner or not. 

Important Information: This article has been prepared by Basiq Pty Ltd (ABN 95 616 592 011) (Company), and was originally published on 23 October 2023 on www.basiq.io. Information is current as at the publication date, and the Company has no obligation to update or correct this article. The information contained in this article is of a general nature and is not intended to address the objectives or needs of any particular individual entity, and should not be regarded in any manner as advice. To the extent permitted by law, the Company and its related bodies corporate will not be liable for any errors, omissions, defects or misrepresentations in the information in this article or for any loss or damage suffered by persons who use or rely on such information (including for reasons of negligence, negligent misstatement or otherwise. © 2023 Basiq Pty Ltd