ASIC should lead banks' data-sharing regime: MPs

Australia's corporate regulator should be put in charge of a pending data-sharing scheme within the country's banking sector that could see customer transaction histories opened up to other banks and fintech firms.

The recommendation was made by a lower house committee of MPs that said it would be a "conflict" to let the banks lead the proposed information-sharing framework.

Last November the lower house's economics committee released the final report of its review into the four major banks, suggesting the sector be forced to use application programming interfaces (APIs) to facilitate sharing of customer and small business data.

The committee said the scheme, which would include specific privacy controls and penalties for non-compliance, should be put in place by July next year.

It argued this approach would shift the balance of power from banks to consumers and give them greater control over their personal information.

In its second report into the four major banks, tabled on Friday, the committee noted that while each of the major banks had given their support for a data-sharing framework, it would not be appropriate for the private sector to lead the effort.

Customer data is currently a proprietary asset, making it a "conflict" for the banks to manage any sharing arrangement, the committee said.

An "independent regulator" like ASIC must "lead the charge and be responsible for implementation".

"The process of introducing data sharing cannot be left to the banks to lead," the committee wrote.

"The banks are conflicted in this process."

The major banks told the committee that whoever led the process must be able to ensure privacy and security of consumer data was protected.

"To be clear on this, we will support any solution if, ultimately, we can be very clear who is specifically accountable for privacy and security. That will need to be clear," CBA said in its submission.

"We want to take that accountability and, if somebody else is going to take it, be accountable for that so we know where to address concerns if there are problems with this. We are open to that solution."

The federal government has not yet said whether it will adopt the recommendation.

APIs, not CSVs

The committee also continued to stick to its guns on structuring the framework around APIs, rather than CSV-based data exchange as promoted by the Productivity Commission.

The commission has argued API-based sharing would be too expensive and lacked clear benefits.

While the parliamentary committee admitted an API regime would require "meaningful upfront investment", it argued this method provided the "largest number of benefits in terms of data security, data credibility and accessibility".

"Data reported in CSV files must be standardised to support machine readability before the scheme can commence. This severely curtails the framework’s ability to support innovation and competition," the committee wrote.

It argued CSV files were also point-in-time and subject to manipulation, and more complex than APIs.

The data that would be included, should the sharing framework be implemented, covers transaction histories, account balances, mortgage repayments and credit card activity, as well as small business customer data.