CDR Momentum & Myths - A conversation on open banking with SISS Data Services, Intuit, and Wych

Speaker A: Okay, welcome everybody. Um, thanks for joining us. My name is Ben Ford. I work for Mogo plus AI and which and I've been around the fintech traps for a number of years. I'm joined for a special edition of the Fintech Australia podcast focusing on open banking. I'm joined by John Dunkley of Sys Data Solutions. I'll leave you to introduce yourself, John.

Speaker B: Thanks very much, Brent. Yes. John Dunkerley, Chief Commercial Officer for Sys Data Services. We've been around uh, 15 years providing bank data feeds primarily into accounting, ERP and finance platforms and uh, keen long term advocates for open banking and now using it in earnest.

Speaker A: Happy birthday.

Speaker B: Thank you. 15 years.

Speaker A: Some achievement in the data game. It is, it is very good. And Simeon, uh, Duncan from Intuit. I'll let you introduce yourself.

Speaker C: Yeah, thanks Ben. Yes sir, Simeon Duncan. I lead public policy for intuit here in APAC. So intuit, a global financial technology platform behind QuickBooks, uh, TurboTax, Credit Karma, Mailchimp. So small business software, uh, at scale. And uh, as John said, he's been involved with open banking for 15 years. QuickBooks, uh, was also the first accounting software provider, um, accredited under the cdr. So uh, John and I have both been around, got the gray hairs to prove uh, our uh, longevity in the open banking regime.

Speaker A: Excellent. Well look, I'm looking forward to picking your brains and hopefully we can share a few war stories about the open banking journey over the years. But let's kick into gear. We're midway through 2020 at the moment. Um, I felt this year that we're at a bit of a sort of potential tipping point, possibly an inflection point with open banking. There's a lot of change happening at the moment that perhaps hasn't been seen in the preceding couple of years. How would you characterize that at the moment, John? And what sort of signals are you seeing in the market that are really sort of chiming out to you?

Speaker B: Yeah, well look, I think you're absolutely right. I think the past 12 months really has, it's all started to happen. Certainly in our business. We've been an accredited data recipient for five years or so now, but it's really only been in the past year that we feel, felt that CDR was sufficiently mature to roll out at scale with our customers. And that's now happening. I think it's been driven by two things. I think on the supply side if you like. I think CDR has reached that level of maturity. Uh, it's stable, it's taken work to get There and some of that work has been um, for the data holders, but also there's been some for data recipients such as ourselves. Cause we offer our customers a very, um, highly reliable, accurate data service. So we've had to do a fair bit of work at our end to ensure that what we deliver down the line is of high quality. Um, but also, um, on the demand side, we're also seeing a huge increase in demand for platforms wanting to get away primarily from screen scraping. Um, not so much for direct feeds. We provide direct feeds as well, um, which despite the fact that you know they're more expensive, you have to pay the banks for them, there's been pretty good stability there, but it's really, we're seeing in the market a lot of readiness. Actually it's really accelerated in the past quarter. Um, we're flat out at the moment because so many people are looking to jump off screen scraping and get to something that's more stable for their customers.

Speaker A: And are you seeing anything that's sort of specifically causing that? Are you hearing anything in market?

Speaker B: Well, I think in real practical terms, um, we know that some of the major banks have, you know, through introductions of multifactor authentication and so forth, they've really made the customer experience for say, you know, a small business operator who's using an accounting platform. If they're depending upon screen scraping as a way to get their data feeds in, they're really finding that that's a huge impediment. Um, and we know from talking to many of them that in many cases it is the top driver of customer aggro, basically that the bank feeds don't work. And so platforms that are experiencing that with their customers are, have a pretty high degree of urgency of needing to solve that issue.

Speaker A: And what about you Simeon, what are you hearing in market and also as a consumer of open banking data, what sort of changed for you in the last sort of couple of years?

Speaker C: Yeah, I, um, think there's two, uh, I'd say signal sort of two things I'd point to. One is a consumer expectation. Uh, in a connected world, an increasingly connected world, um, there is just an expectation from consumers, be they retail consumers or small business consumers, that uh, their financial management software, their personal financial management software, their loan, um, applications, uh, are connected and real time data, um, when they open up their accounting software, when they look at their balance, that it's showing the same thing as their banking app. Ah, you know, they expect those two numbers to agree. The second thing I'd point to is actually an increased community posture towards security. Um, and I think that's hardened in a helpful way. Uh, whether it's conversations about data they're uploading to LLMs or you know, the steady drumbeat, uh, of uh, cyber incidences in the news, people are rightly much, uh, more aware of where their data is, what the data they uh, is being held and how it's getting there. And so I think the CDR was built for exactly that kind of scrutiny. The explicit consent, the scoped access, the audit trails. That's a real driver and it's not just a vibe. So there are two things from a consumer lens that uh, I'd point to as really driving some of that uptake.

Speaker A: No, I'd agree. And certainly on the lending side, we're increasingly seeing a number of non bank lenders who may or may not have to become involved in the open banking regime as a data holder. What they're actually doing now is they're um, jumping the gun and becoming a data recipient first and foremost for kind of those reasons. I think trust plays a big part in it. I think the reliability of existing methods has sort of deteriorated and we are sort of reaching this. I don't want to call it a perfect storm because there's been nothing perfect about the rollout of open banking in Australia. But there is this sort of confluence of things happening at the moment simultaneously that mean that the time is right. And we've had some major consumer, um, fintech lenders, many of them listed, that have been approaching us and making the move from screen scraping. They can't rely on screen scraping anymore, so they're moving to open banking, um, and all of these things are playing a part in that and just sort of moving the needle forward. So, um, I think you're absolutely right

Speaker C: and I think confluence is the, is the right thing, even from a policy point of view as well, um, that you know, the CDR is not some standalone regime, but actually um, is a productivity enhancer, uh, across the economy. And so as you say, you know, there are, there is a confluence of things that are coming together to help drive that. As JD says, you know, that wasn't there even a few years ago, but we are seeing that now in more

Speaker A: recent times and just sort of um, sticking on the sort of trust and fraud issue for the moment. I think that's really important because I mean even if you're driving around the highway now, you'll see a bank advert on a bridge above the motorway and it's for trust and security. Is a big picture of a padlock with a certain bank and it's sort of, you know, it's absolutely front and center at the moment. So we are kind of moving away from this wild, wild west sort of approach where your data goes off into a bit of a black hole. Um, I guess my question to you would be, um, in terms of the completion rates of your customers, are you seeing any difference between direct bank feeds, any other methodology or an open banking? Because previously that has been sort of held up as possible. Um, and we call it in the industry the consent journey, which unless you work in open banking is meaningless to anyone. But we'll call it what we normally refer to it as. Um, but the consent journey has been tricky or more convoluted than a screen scraping thing and that's perhaps caused additional friction. Seems like that's being mitigated a little bit. Are you seeing anything like that in the numbers?

Speaker C: I'm saying it is, yeah, um, we are seeing instances of that. I'd say it is being mitigated. Um, and I think, you know, for those fintechs that are um, listening, that are building, you know, be aware that you know, what is an edge case when you're, you know, you know, in the testing and environment, uh, testing and assurances or phases, you know, when you roll out those little edge cases do scale and so there is friction still within the nominated reps process that um, you know, is causing folks who to, to provide an online access, you know, they may need to actually print out a piece of paper and go into a local branch, uh, you know, and do sort of physical world interactions to enable uh, you know, digital access. And so there are anomalies like that that you know, exist in the, in the pro, in these consent process that don't exist in other regimes around the world. Um, and so, you know, the UK solved that. Um, how come we can't solve that and we can.

Speaker A: How did they solve that for the uninitiated? You wrote an opinion piece?

Speaker B: Yeah, ah, I, I think, well, I, I, what I want to say actually is that all consent journeys have their drawbacks. So in the case of direct feeds, which we've supported for many years, the drawback was you had to fill out a piece of paper and then it took a week or so for the bank to process it. It was highly reliable provided the right person signed the bit of paper and their signature matched what the bank held on file, which didn't occur in the proportion of cases. Then there was screen scraping. Oh, that was Nice and easy. Except for the slight catch that you're disclosing your online banking credentials to a third party. That's not great. And yeah, look, as Simeon said, in this, in the CDR realm, the challenge has been, and we are very much focused on the B2B space. So the nominated representative issue comes up for us a lot. And for people who don't know what that is, it's in order to have the authority to share the data through CDR open banking, the bank needs to have you on record as being a representative that it's empowered to do so. Now, we've seen this is, in terms of your original question, in terms of success rates, what we have seen it's been very pleasing, has been the banks make it easier to become a nominated representative. So, yes, there was the case, and there still is cases where people have to fill out a form or even go to a branch, but they're increasingly the edge cases. For the most part. Becoming a nominated representative is now a digital process. Um, and in the case of, um, some banks, some banks are already there and some banks are moving towards having a broader definition of who should be defaulted as a, as a nominated representative or who should be opted in as a nominated representative by default. And so we are seeing fewer people having to jump the hurdle and we're seeing it being an easier hurdle to jump, but the hurdle still exists and it will. Whilst ever there is that concept that you need a separate and additional authorization in order to share data through open banking, and people will debate the merits of that. I'm one of them. I personally, I sort of feel if you can access the data through an online channel, you should be able to share it through an online channel. That's just my personal logic on this. Um, in the case of the uk, that's essentially where they got to is, is making it so that more people, the logical people, were opted in so there was less of a hurdle with having to become a nominated representative in the first place. And that's where I hope we end up.

Speaker C: Yeah. As JD says, you know, in the uk, if you can operate an account, you can share the data. And I think, um, you know, if we want to increase the uptake of the consumer data. Right, and with that then come new use cases as people want new, um, jobs to be done, that we make it as easy as possible for them to actually participate. Uh, and the consumer data, right. I'm old enough to remember Napster. Uh, you know, you'd find a new album that you thought you wanted to download. And who knew what came with that? But what Apple did was made it easier to download and access legitimate music. Um, and you know, I think similarly in the cdr, um, if we make it easy for people easier for people to access their own data legitimately through the cdr, with all of the consent flows, uh, that go with that, all the audit trails that go with that, then you know, we create a more secure environment for them to not only access it but then share it. Uh, and then we create the opportunity for new use cases to grow out of that as people go. You know what I'd love to do with this is if my ex could, you know, insert service provider, could help me complete a particular task or job.

Speaker B: I think in the same way that the consumer expectation has become more uh, sensitive to how their data is protected, another consumer expectation is that sharing it should be really easy. So they want it to be secure, but they also want it easy. And you know, as consumers we're spoiled every day by very slick user experiences with subscription services and so forth. And so I think consumers expect it to be easier and consequently have low tolerance for when it is not. So I think it's beholden upon everybody in the CDR space to ensure we make that a really straightforward journey, but a secure one all the same.

Speaker A: It does seem slightly out of kilter that there is this sort of, we're moving towards a digital sort of way of doing things, yet there's still this sort of uh, legacy uh, analog issue, um, just going back to sort of some of the completion rates in terms of someone actually filling out a consent. I did get this interesting feedback from ah, a major consumer lender. Huge um, volume of loans that they're writing on a daily basis. They said, I think they said when they launched their conversion rate with screen scraping. So their completion rate is about 85%. When they started open banking it was already at 75% and within a few months it had got to about 80 to 83%. So um, again another, I guess we'll get on to some of the open banking myths that have been perpetuated. But um, the idea that the consent flow um, is that much more onerous and that much more frictionful I think has possibly been dispelled. And I think that talks to um, the trust issue, um, and the um, people wanting to be reassured against scams and frauds and being a bit more sort of careful um, with their data.

Speaker B: Yeah, I mean certainly once that hurdle of being the nominated representative is overcome, then the consent success rates are very high. You know, really the only impediment that we are finding that people are encountering is that they go through the process only to find that because they're not nominated representative, the account that they wish to share is invisible. We proactively took a step of building and making freely available CDRReady.com for precisely that purpose. So anyone can go and see which accounts they are the nominated representative for and find instructions on what they need to do where they're not. And that's been very helpful in helping our platform customers roll this out at scale. Because what they've done is they've essentially said, okay customers, we're going to be moving to open banking. In order to share your business accounts or whatever it might be, you need to be a nominated representative, go and complete this pre consent journey just to make sure that you're on file as the nominated representative. And if that's done by the customer, then the consent success rate is very high. It's not a problem.

Speaker D: You're listening to the Fintech Australia podcast. This season is sponsored by Vanta. Vanta is the leading trust management platform helping fintech businesses get compliant fast for frameworks like CPS234, SoC2, ISO 27001 and more. Vanta's AI and automation power everything from evidence collection and continuous monitoring to security reviews and vendor risk, whether you're starting up or scaling.

Speaker C: And I think one of the positive things that we're, is that actually we can have this discussion now, um, that you know, we're, it feels like we're more mopping up some of the remaining points of friction rather than trying to reorient where the CDR should go. Uh, and so I think that is a positive thing for the consumer data, right, for those that fintechs that are building to it, um, that the trajectory is in the right direction, that there is strong growth, uh, even um, the data around, um, you know, access rates and the calls and so forth, you know, is all very positive. Um, and so uh, the consumer data, right, is working, it is growing, it is delivering the results that it was intended to do. Um, you know, could it go faster? Of course. You know, we're in fintech, we always want the world to move faster and a lot of times we're trying to keep abreast with consumer expectation. Um, but the trajectory isn't, is hitting in the right direction.

Speaker A: Yeah, absolutely. We had some great stats out about the number of API calls being on an exponential trajectory. Anything else driving that? Any, anything that we've not touched on any sort of uh, remaining items that you think are sort of responsible for that.

Speaker B: I think we, I think we've pretty much covered it. I mean I think it does come down to the fact that um, because it is now fit for purpose, people like us are recommending it to our platforms who in turn adopt it for their customers. And many of those platforms have very significant customer bases. So all of a sudden there's a whole bunch of new people being introduced to cdr. Um, and then that I think paves the way for them to use other CDR powered services as well. I mean certainly from a nominated representative point of view, once you are the nominated representative that you, you've become that for your first foray into CDR that holds the next one, you don't have to go through that again. You're already, you're already down as being the norm rep. So I think these things do have a habit of accelerating exponentially. Um, and we're certainly seeing it amongst our customers as it's rolled out. Platforms almost invariably start with ah, a sort of a pilot on a smaller number of customers and they go actually this works pretty well. Let's roll it out to everybody. And that's where you can see big numbers come across.

Speaker C: Yeah. And to the two signals that I pointed to earlier about um, the consumer expectation uh, of connected systems and also uh, their enhanced security um, posture that consumers and fintechs that are building to the CDR are doing it in a way actually the CDR is safe and secure to build on and it's reliable. Uh, and so as those new, as the adoption uh, increases and new use cases come on board that unlocks a whole new um, gamut of consumers who want to access and get jobs done using the cdr. Um, so I think that's one of the key drivers behind it as well.

Speaker A: And in terms of the use cases and um, the requirements for open banking, have there been any areas that have sort of been somewhat surprising or sort of sleeper hits of the open banking world that you'd sort of point to or uh, perhaps give a big thumbs up to?

Speaker B: Well I can, yes. I mean our 15 year history has been largely built around providing data feeds into accounting and ERP platforms. So for us that was the most obvious business case. What has been interesting has been the uptake amongst the lending space, business lending and in particular the way that the availability of the data is driving new models there around, um, changing the way decisions are made, changing the way customers are monitored, changing the way Data can be enriched. So that's been an unexpectedly interesting aspect for us, uh, in our business that we've seen a whole bunch of attention from lending, um, in addition to the traditional bank data feeds to get your books done.

Speaker C: Jody mentioned about uh, changing the way decisions are being made. And, and I can talk to the use case that I'm closest to which is the accounting software that is changing how decisions are being made. Not at a point in time or as I'm refinancing my house or looking for alternative lending, but it's changing the way decisions are being made every day when the business owner opens up their QuickBooks, uh, at Tuesday morning to decide, hey, can I pay that provider? Can I employ uh, this new person, can I run payroll? They're making decisions based on data that's been derived from the consumer data. Right. Um, and so you know, unsurprisingly we saw in the UK small business use of their open banking regime initially led the way uh, before retail consumers caught up. Uh, and so while it may not be the most earth shattering use case, it is a use case that is depended upon by tens of thousands of small businesses across Australia and you know, only increasing. And you know, once uh, we start to rely on it, we then depend on it, uh, we expect that that's going to be right every single time. And so um, you know, then you, you start to need to address issues of latency and data quality and so forth. But underlying that is the fact that people are adopting and using and relying on it.

Speaker A: Fantastic. Now let's change gears a little bit. I want to talk about some of the myths that still exist in open banking land. Um, I had this very peculiar conversation a few weeks ago with a pretty senior a, let's say he's at a card business, um, and he was completely down, ah, on open banking. He said it's not fit for purpose, it's not working, it's been a bit of a bust. Um, let's go through a few of these myths that sort of feed into that or some of the messaging that's still out there. Had a similar thing with a non bank lender lady who came from the Big four bank but still had no idea that the Big four bank was using open banking as part of their lending journey which again I thought was quite astonishing. So um, the first one is that the screen scraping data is still more complete, more data fields, more a richer source of data. Do we think that can be dispelled now in an open banking world here in midway through 20, 26.

Speaker B: Well, I would say, I mean for our purposes, certainly the coverage that we get out of open banking is what we need so we don't find ourselves going, gosh, we wish we had access to scraping or other sources of data. Look, there's, there's some things, there's some institutions which have sort of slipped through the net of CDR that we would like to get. You could still possibly mount an argument that the reach or the scope of screen scraping is potentially larger because you can effectively scrape data from anywhere if you can make it work. But I think that is more than outweighed by the reliability once you do connect to it. And so we're not finding. Well, as I say, I mean, we're finding that our business is um, being kept very busy at the moment by people who want to get away from screen scraping, notwithstanding that it has served them for a long time. They've built systems around it. It's not an easy decision to make. Um, but uh, no, we're certainly finding that the range of what is covered is what our customers need. Um, uh, and as say any, any slight blind spots be more than made up for by the reliability of the 99%.

Speaker C: I think from a consumer point of view, um, security settings aside, we've spoken at length about that. Screen scraping gives you what a human would see on the screen, but the consumer data, right. The CDR gives you the structured data that sits behind that, uh, which as JD says is a lot more reliable. Um, but then the second point I'd make is that if you're a fintech builder, um, such as Intuit or others, that it's not just about the completeness, it's about how it fails. Uh, screen scraping fails silently. You hear it's failed when your call center calls go up because their transaction data is uh, incomplete. Whereas at least with consumer data, right, it fails loudly. You get an error code, um, and so you're able to mitigate those uh, a lot sooner. So from a, from a, uh, production point of view, um, how those two, um, services fail I think is important.

Speaker A: Yeah, I think it's quite telling. To your point. Um, John though is around a lot of these people that are coming to you and going to other places looking to move away from screen scraping, they strike me as pretty hardened business people who um, are mining the pennies pretty ruthlessly. So they're not going to be making a switch. And um, it can be a decent amount of change to move from one regime and ask your consumers to reconsent or go through a new meth, or plug that into your workflows or your loan origination system cost and disruption. Yes.

Speaker B: I mean, you go and ask your many thousands of customers to do anything.

Speaker A: Correct.

Speaker B: That's a big, that's a big call. You know, when that decision's made around the board table, everyone's heart sinks slightly because they're going, this is going to, this is going to save the next few months of our lives, you know, disappear. So it's not, it's not done lightly yet.

Speaker A: They're still doing it, of course. So, uh, so there's something there sort of motivating them until you're pushing them

Speaker B: to your earlier point. I think tipping point is a very good way to describe this because I think many people have known open banking is coming, have understood what it potentially offers them. But understandably, most people are loath to grasp the nettle and make that move unless they really see the writing on the wall. But it seems to be the writing that's become very apparent on the wall in the past 12 months because we're just seeing so much more activity in that regard.

Speaker A: Absolutely. So I think we can say that we've, um, pretty well busted that myth. Let's move on to the next one. The compliance is too hard for small fintechs or small businesses to, um, become accredited. What do we think on that? I'll go with you first.

Speaker C: Well, being the first, uh, software, accounting software accredited, it was a journey, um, won't lie, uh, about that. But it is hard in specific ways that you don't know, you don't realize until you're right there. Um, as I said, we went through our accreditation back in 2021. I think the difference now though is that, you know, those of us who were patient enough, uh, and stuck with it long enough, um, there is a path now that others can follow. Uh, other fintechs can follow. You don't. They're also, you know, accredited intermediaries. There's published precedent, uh, you're not. And there's now a small industry of advisors who have done the work and can share, um, their advice. And so I, I don't think the barrier now is, uh, capability. It's commitment. It takes commitment. As JD says, if you ask for, uh, any change it takes, um, the leadership want to know why are we doing this? And fortunately, when Intuit started out on that journey, uh, the leadership committed to it. Um, and I think unless those that are around the boardroom table of Fintech are committed to, you'll Be two or three years down the track still asking the question should we be involved? Should we uh, become accredited? You know one of the things I am grateful for is, is uh, leadership who lean into those opportunities and see, you know what, this is going to be a journey but it's better for our customers to have control and confidence over their data than to, than to sit out and it's the persistence um, that is going to get you through.

Speaker B: Yeah, I would say to the, to the hardness of compliance. I think it is hard and I think it should be because I think that the preservation of the integrity of the system is absolutely essential for all of us, uh, including of course the consumer. So yeah, I think it's hard. I mean when we did it a few years ago, we're a data business, this is what we do. We thought oh this should be straightforward. And it took us a bunch of time and a whole bunch of money. M what year was that, John? 20 I guess we were accredited in 20, 22 or 21 I think ages ago in those banking years, in open banking years. Yeah. So um, look, as I say I'm in favor of um, making sure that participants are held to a high standard because it only takes a breach, someone being careless and then the whole system has a reputational problem. I also think that the issue of it being hard for businesses is actually a bit of a non issue because I think if they find a partner who offers them the right model then they are largely uh, insulated for what of a better term from that. So we are, I mean the. Look, we focus on B2B so maybe this is obvious but we're very focused on the BCDC business disclosure model. And part of the reason for that is because when we evaluated all of the different models and knowing our customers and what our customers sensitivities were around, compliance burdens and liability and all that kind of stuff, we really felt that was the only model that would pass muster at scale because otherwise our view was, and certainly I've seen some evidence to this, um, that models such as representative and what have you, which we haven't gone down, you can end up sort of being compliant by proxy because you might be represented by an ADR who then through their contract with you effectively compels you to comply with many of the same standards or indemnify them for the liability that they're taking on. And of course they're, they're essentially putting their license on the line for you. So for all of those reasons we, we judge that picking the right model was um, really paramount to this being sustainable to, to remove the compliance burden. I mean, if someone's up for compliance, they can go and become an ADR themselves. If they're, you know, sucker for punishment, I guess. No, but I mean certainly for some businesses that's, that's absolutely the right path to take. And um, you know, we do have some customers that have gone down that path and we can even support that as an osp. But our default position is a model that essentially means the compliance is on us. And of course that has massive impacts on the way that we operate and what we have to do and brings about a level of cost. But we're also able to amortize that across a wide client base. So I think the compliance issue is, isn't a big deal if you set yourself up correctly.

Speaker A: I think that's right. I think on the representative side I was in the registry doing some homework and just hanging out there, which I like to do sometimes. Um, yesterday. And there's a lot of CDR reps, um, of all different sizes. So I think, um, to your point, provided they've passed muster with the ADR that they're going with, then doesn't seem to be excluding every small business out there or every small fintech, because there are a lot of them. So, um, maybe we can put the compliance is too hard, Mitch to bed.

Speaker C: I think so.

Speaker A: Okay, final one. Um, poor customer experience for businesses and let's toss in consumers. We've sort of covered the consumer experience a little bit. But you know, again, this is a trope that's sort of rolled out by people who perhaps aren't as close to the industry day to day as we are. So again, what would you say to them? Let's start with you jd.

Speaker B: Well, yeah, I mean, that's our bread and butter as the business users. So, um, look, we've mentioned before the nominated representative issue that that remains a hurdle that has to be crossed. I'm pleased, as I said before, that the hurdle is applying to fewer people and is becoming easier to cross. But I gotta say it'll be great when eventually that hurdle is resolved that either people are by and large opted in by default, um, or other steps are taken to kind of get businesses past that. But again, the evidence is that once you get people past that step completion rates on consent journeys are very high. Um, and of course once that is in place, um, obviously the consent needs to be renewed periodically. But once the nominated representative, um, status is in place, then consent journeys are fine. And of course the other side is the data quality, uh, and consistency. That's very important to business because they're not just doing this to work out how much they spend on groceries versus movie tickets. They're doing this to, to do their tax returns and um, pay their bills and apply for credit. So accuracy, I mean data accuracy is something that does not happen naturally. And we look, part of our open banking journey was seeing some newcomers come into the market who we thought these guys are, uh, probably going to connect up to where the APIs and expect it'll all just flow through the pipes beautifully and it'll all be hunky dory. But we bet that they're wrong about that. And I think history has proven that correctly, that the data still needs work. It needs to be, for want of a better term, um, our, ah, technical guys hate it when I say this, but I'll say it anyway because they're not here. It's essentially a filtration process to go through. We know that the data has to be accurate. The debits and the credits have to match the balance. And so we have to do a lot of work so that the business customer is insulated from that problem, um, without that level of insulation. Yeah, I could see that some business customers were going, oh, hang on. What I'm seeing on my online banking portal screen isn't matching what I'm seeing in the CDR data. Why is that? Um, and so, yeah, so unless, unless steps are taken to deliver that customer, deliver on that customer expectation, you can see how businesses might be underwhelmed by what they're getting out of cdr.

Speaker A: Do you echo those sentiments, Simeon?

Speaker C: Yeah, I do. And the one talking point that I wish I could retire, um, but we're still talking about in 2026, is the ABN ACN Gap for Business Consumer Data Consent. Um, you know where we, we saw it coming. Uh, we as an industry, um, submitted consultations, um, saying that this was going to be an issue. 2026, we're still talking about it. Uh, if your customer doesn't, if a business customer doesn't have an ABN or an acn, uh, linked to their bank account, they can't access the consumer data. Right. Uh, as a business consumer now, um, it's not niche, it's the sole trader, uh, who's, you know, set up their business in the first year running everything out of their personal account. It's the same this person with a side gig, uh, who actually doesn't require an ABN or an ACN to run their business. Uh, and so these are all people that we want in the Consumer Data Right system. These are all people that would benefit, uh, from the cdr. Uh, and so the thing that I'd like to see fixed and we all agree needs fixing is actually how do we build the on ramp to the Consumer Data Right highway broad enough to actually get those, uh, businesses, you know, the side hustle, the new sole trader, ah, um, the person working in the gig economy into the cdr, participating in the cdr, accessing their data, securely, sharing it, uh, securely, uh, rather than having them locked out because currently they don't have an ABN or an acn.

Speaker B: Yeah, I absolutely agree with that. And that's an issue that certainly some of our customers are facing. That, uh, yeah, there's an awful lot of businesses out there that are businesses, but they don't have an ABN because they're small, because they're side hustles.

Speaker C: I'd say this is one of those ones that's a myth largely because there's just still enough life in it to keep the myth alive, um, that we are closing the gap. Gap, um, and there is, you know, goodwill on all sides to close that gap. But until that gap is closed, a bit like Nessie, everyone will say, no, it's still there, it still exists.

Speaker A: Sounds a bit Sisyphean to me, so I'm a bit nervous about that one. But we'll half put that myth to bed and, uh, we'll move on from the myth. I think we've, uh, conquered most of them now. I want to sort of go in a slightly different direction and talk about industry collaboration. Um, I was at an event, FinTech Australia event, probably last year, and they had, I think Dr. Bill Roberts, who's regarded as the godfather of open banking in the uk. Is that his name? He's the Scott Farrell equivalent of, um. So he was responsible for a lot of the work over there. Maybe.

Speaker B: I've got it.

Speaker A: Bill Nichols or Bill Roberts.

Speaker B: Yes, I think you might be right with Bill Nichols. I'm afraid I'm having a. That's a blank there as well.

Speaker A: Join me in that. But he was, um, he spent some time in Australia in Melbourne and Sydney, was speaking and Brisbane, I think, speaking to various fintechs. And he seemed genuinely perplexed, bemused, almost sort of disappointed and crestfallen at how little collaboration there was between fintechs and banks in Australia compared to what he'd seen in the uk. And he said it wasn't an easy marriage in the UK to begin with, but then eventually they um, sort of came together and sort of coalesced, coexisted and for the common good. Um, he sort of seemed to be lamenting the fact that there just wasn't anything remotely like that in Australia. Um, so I guess my question is, do you think the banks here are more or less supportive, particularly in terms of your experience? Um, some have commented that it's not widely used or widely requested by consumers, therefore isn't a priority for them to roll out solutions that will potentially benefit their consumers to a great degree. Where do we sort of sit on this kind of slightly uneasy or tricky relationship that seems to exist at the moment?

Speaker B: Yeah, I mean, look, I guess throughout my career I've been in a position of working collaboratively with banks. I've never worked for a bank, but I've spent a lot of time working with banks. Uh, so I've never really understood that. I've certainly seen it myself in fintech circles, people there, you know, bank bashing and what have you. And I'm not an apologist for the banks either. They do plenty of things wrong. But, um, I think a lot of that is driven particularly in areas where fintechs are trying to take business away from banks, you know, and they honestly believe they've got a better solution and, you know, they're gonna, they're gonna fight to make that point. Yeah, it's different for us. I mean, we collaborate with the banks, we have these direct engagements. There's indeed designuit with various banks. So banks are partners to us. I guess the one thing that I do that troubles me, and it perhaps is a, perhaps it's a reason behind this is actually the lack of understanding of open banking within the banks. Um, and I've had conversations at various levels of seniority at the bank and found people knowing surprisingly little about open banking and many falling back to some of those tropes about, oh, you know, it doesn't, no one's using it, so it's not really that important and so forth. In fact, we went earlier, we were talking about war stories. One from very personal experience. Um, our CEO and I had to go to our local business banker to fill out some paperwork for something. And we were having a chit chat with him and he was asking us about what sys data services do and we talked about open banking. And he, we were asking him, what do you know about open banking? Well, it was a pretty short conversation because the answer was, I've never heard of it. Uh, and I said to him, these are the wrong two blokes to be saying that too, uh, as a customer of yours. But I actually think that, that I don't blame the banks for that. Banks are big organizations and certainly I've had experience with that before that often these things don't percolate. Um, well, sometimes they're not even known at senior levels, but it certainly is hard to get understanding percolated right down to the grassroots level. And so if your local business banker, if we had walked into our local branch and we were the local builder or baker or whatever and asked about open banking, the business banker would have said, oh, I'm not, I don't really know what that is, you know, um, so that, that concerns me. And I think that, that if there was one thing that I could change at the bank's end, there's probably lots of things, but that would be one of them. Anyways, to say, let's understand what this is being used for. It is not, um, it is not a tool that is going to be used. Its purpose is not to do the banks out of a customer or out of a dime. Its purpose is to enable the consumer whose data it is to use that data for whichever purposes they reasonably want to use it for. And there's a philosophical sort of position, um, that people need to take on that. You know, not all bankers that I've dealt with over the years have accepted that it is the consumer's data. Um, I feel like that has moved on. I feel most bankers that I speak to now sort of say, yeah, sure, it's the consumer's data. Um, so look, um, I think the more that the system is used, the more people who are part of it, the more people who know about it, it will just get easier and easier.

Speaker A: Would you add to that?

Speaker C: Yeah. And, uh, to touch on Bill Roberts comments about, you know, the lack of cooperation, perhaps, you know, in Australia, you know, as the, as the head of open banking in the uk, he comes with a lot of a great awareness. And so he's probably, I dare say, put his finger on something that we'd all love to see more of. Um, I live and work in Canberra. I spent a lot of time in the, on the halls of Parliament in Canberra. Uh, and one thing that we all, ah, as a society want to see is, you know, less hostility, uh, in our politics and more collaboration. Uh, but I think what we don't see certainly in Canberra and Parliament is actually that on the majority of things there is alignment. Um, what you see are ah the points of friction that still need uh, resolution. I think the same thing is between fintechs and banks as well that on a lot of the issues each of us are trying to serve our customers in the best way we can uh, while upholding security, uh, while upholding the utility uh, of what we're uh, providing for our customers to help them get their jobs done. So I think there is on the whole a lot of collaboration um, and unity. It's the remaining points of friction that highlight themselves. But also shout out to FinTech Australia for organizing the roundtables, bringing the groups together, bringing the fintechs, uh, the banks and the community owned banks together with treasury and the regulators in a room so we can have these discussions. Uh, that is such a vital role for uh, any association uh And I think FinTech has done it particularly, uh, FinTech Australia has done it particularly well. Um, the second point on the utility is that a few years ago you might have said well listen there isn't the uptake, uh why do we as a data holder have to invest uh in this. But as we've seen from the ACCC's latest results the authorization curves ah, are just growing exponentially. 1.19 million and steepening. Um so you know to say that it's not widely used, that might have been acceptable in 2023 I don't think that passes the pub test. Uh in 2026 the volume is there and the people that are driving it are the customers of those banks.

Speaker A: No, I tend to agree with that and interestingly a lot of those banks uh, are offering or are using some kind of open banking in their lending flows. So I think it's in the consumer apps, it's maybe in the money management and the PFM type use cases. I do wonder if there's ah, the idea of being able to easily switch to a better interest paying account is probably a bit of a source of existential dread for certain banks because it's an easy way to uh, lose a lot of customers potentially. But also it's an easy way to win a lot of customers on the flip side as well.

Speaker B: Um, that's right. I mean the banks have the advantage of lower cost of capital so you know, in many respects, in many respects, you know you could say that the fostering of greater transparency may in many cases play to their benefit. So um, but yes, absolutely the banks are very keen on using open banking data to improve their models and improve their business. Um, and I think maybe that's the way in which it does become more understood within banks and more supported within banks banks. Um, but by and large, I mean the bankers that I deal with are not, they're not anti open banking. There's certainly, you know, there's been elements of people saying oh, it's not, it's not really a big deal, it's not used a lot. So it's, it's hard to get priority and I'm, I'm sensitive to those people in large organizations where the bank is going to apply its resources based on where it, where it sees the squeakiest wheel. Open banking has not been a particularly squeaky wheel. It's been something that you can ignore but, but as Simeon says, the numbers are now too great for it to be ignored. So I think that's seen a distinct change in the way the banks are approaching it.

Speaker A: Absolutely. And interestingly I think we're probably the adoption curve is following something almost like for like three years or four years behind the uk which ironically is, well not ironically is basically when we started open banking was three or four years after them. So it's almost like everything's playing out kind of as it should in a way and maybe we're sort of over. Uh, well that's probably why there's renewed optimism midway through uh, 2026. Let's leave the banks alone. Um, non bank lenders are coming online this year. Um, is there any learnings I guess from the journeys that the banks have been on? Let me preface this a little bit. Um, a lot of the mutual banks I know spent a huge amount of money becoming data holders. Got absolutely sort of entrenched in a bit of a, mired in this quagmire of took a long time, cost them a huge amount of money. Um, and then as a result going into, then um, sell them as a vendor, uh, data Recipient Solutions, they were almost sort of battle scarred if you like. And they were like this is going to be super expensive. It's going to take a huge amount of time. When we said actually you could get up and running pretty quickly in a few months or less it will cost you a few thousand bucks a month or what have you, they almost didn't believe it because they thought we were lying. Because they'd spent so much money and so much time going through the quagmire. Um, what would you say to a, ah, non bank lender? Is there any sort of, um, I'd

Speaker B: be inclined to say think of it as two separate things. Yes, they're both components of CDR One is Something that you are basically being forced to comply with. You're going to be forced to share the data. So that's a straight out of the blocks. That's a compliance cost. As a data recipient though, that's the opportunity to turn this into a revenue generating or a margin increasing activity. So I would be inclined to view them as two separate activities. Um, I also think that there are different organizations which specialise in those two. So there are specialists, um, that can help data holders become data holders. And similarly on the data recipient side, I think for the non bank lenders they should be buoyed by the fact that a lot of people have already done this. So I think when many organizations who are sort of initially within scope had to do this, this was the first time anyone in Australia had done it. And you pay a price for being at the leading edge. You also pay a price if you've got massive systems. So for the banks, yeah, becoming part of cdr, uh, has been a big expensive job. Frankly. I don't think there's many jobs that are not big and expensive at a bank just because of their sheer size and the number of customers involved and the number of staff, etc. Um, so the non bank lenders by and large are smaller organizations. They by and large have more modern tech stacks and they're coming into an

Speaker A: environment where you'd be surprised about that by the way.

Speaker B: Well, I may, I may, I may be, yes. Um, but I do, I do think that they are probably up for an easier journey than some of the pioneers in becoming data holders and I think that they will find that um, the opportunities presented by being a data recipient will make them overall have a pretty favorable view of cdr.

Speaker A: Before I flip that question to you, Simeon, um, what are your thoughts on a non bank lender becoming a data recipient before they go through the data holder journey to add that one into the mix.

Speaker C: Run that by me again. What do I think of a non

Speaker B: bank lender about to have to become

Speaker A: a data holder and go through a pretty onerous compliance project with no ROI and a lot of pain? Is it worth them going through a shorter journey? Now get up and running as a, um, CDR representative, probably not becoming an ADR in their own right. So they can become. And look, this isn't an original concept. A couple of them have actually done this and they're sort of, you know, they're thinking about it, I think in possibly quite a clever way. Some of the others are saying, look, you know, open M, uh, becoming a data Recipient should be a fast follower towards doing the data holder piece because we can see, you know, that's where the benefit to our customers is. Once we get through, I'm saying possibly, could you flip it on the head, get the, get the nice sexy stuff done first and then spend a year doing your compliance project question mark to

Speaker C: put it back to you. Uh, there was an article that um, Ben, was it Ben Ford. Right. Uh, saying that non bank lenders who get on the front foot won't regret it. Um, so those that get in early on their journey, um, will reap the rewards. Far better to get in and get the learnings, um, that you will through that process than sit out and wait and let your competitors fill that space. Uh, I think for non bank lenders going through uh, the process of JD spoken to the compliance, uh, requirements, I challenge them also from a customer point of view, like be unrelentingly, unapologetically customer centric. Uh, you know, for every design call, every technical call, you know, what is the least amount of friction for our customers that we can apply while maintaining our uh, compliance obligations? Ah, is there another click? Is there another paper form? Is there another step that we can remove? Um, because if it's there, then take it out. If they don't take it out, their competitor will, uh, and those customers will leave for whoever makes that uh, easier for them. So you know, build the lowest friction, you know, compliance path to compliance. Um, that, that is reasonably possible.

Speaker A: No, I should definitely check out that article.

Speaker C: Do that.

Speaker B: Very, very knowledgeable, absolutely, very learned.

Speaker A: And then finally, because I don't want to detain you guys for, for too much longer, um, I'm going to give you, I'm the open Banking Genie. I'm going to give you one wish. Um, what would it be? Let's go with you first, Simeon.

Speaker C: For me. I'll stick with my earlier comments. I'd nominate the abn, acn, uh, issue. Build the door wide enough so that those people that can really benefit can actually uh, walk through it. Uh, the sole traders running their personal accounts, the gig, um, uh, workers, um, they're exactly the kind of people that this regime um, should be serving. I think that that is not a difficult change. That's a rules change, not a tech change. Um, and so I think that's quite possible.

Speaker B: Yeah, mine would be nominated representative. That's, that's really the remaining fly that I'd like to have removed from the ointment. If we could just make it that more people were opted in by default, uh, I think that that would make the path a lot easier for businesses to start adopting at scale.

Speaker A: Great answers. I'm going to go with screen scraping, which I think is kind of self selecting its way out. So um, if I can't have screen scraping, I'm going to go open banking payments because I do think open banking payments make up 50% or more of all API calls in the UK now. So I think in terms of additional rubber hitting the road and momentum, I think that would really drive things forward and I think possibly that's where we've missed a trick. But um, we'll run wrap up there. Thank you so much for joining me. Great conversation. One for the open banking purists Nerds into the weeds. Hope you enjoyed it.

Speaker D: Thank you for tuning in for this episode of the FinTech Australia podcast. This season is sponsored by Vanta. Compliance regulations, third party risk and customer security demands are all growing and changing fast. Is your manual audit and compliance program actually slowing you down? If you're thinking there must be something more efficient than spreadsheets, screenshots and all manual processes, you're right. Audits and compliance can be so much easier while strengthening your security posture and actually driving revenue for your business. Banter's Trust Management platform automates key areas of your certification program, including compliance, internal and third party risk and customer trust, and streamlines the way you gather and manage information. And the impact is real. The recent IDC analysis found that compliance teams using Vanta, uh, are 129% more productive, so you get more time and energy to focus on strengthening your security posture and protecting your business. Vanta Continuous Compliance how much easier trust can be Day go to vanta.com fintech Australia podcast to get started.