ABSIA submitted to the Australian Competition and Consumer Commission's CDR rules expansion amendments consultation on 29 October 2020.
In this submission, ABSIA commended the ACCC on recognising the ATO's DSP Operational Framework and suggested that ABSIA could assist with this process and provide input on behalf of DSPs. Further, we also welcomed the introduction of the tiered accreditation approach and believed that it would enable greater participation from a range of Accredited Data Recipients (ADRs).
Given ABSIA's position within the industry, we have responded to select questions from the discussion paper. In summary, this submission made the following points:
- Following the recognition of the ATO's DSP Operational Framework, the ACCC should be recognising industry standards that currently regulate intermediaries and their ecosystems such as the Security Standard for Add-on Marketplaces (SSAM);
- The intention of the CDR regime is to regulate Machine to Machine processes and interactions only. The CDR rules framework should not attempt to control and regulate human interactions;
- We believe that the affiliate accreditation option will not increase participation from DSPs and their affiliates unless the Schedule 2 requirements align with the SSAM which already exists to regulate CDR derived data transfers between ATO accredited DSPs and their third party software products;
- The SSAM will be reviewed by ABSIA and revised upon completion of the ATO's review of the DSP Operational Framework;
- The revised SSAM will be published by ABSIA within 60 days of the finalisation of the Operational Framework security questionnaire or 31 March 2021;
- The ACCC should avoid introducing additional requirements to Part 1 of Schedule 2 as it will add unnecessary costs and work to data transfers that are already secure and working as intended;
- We understand that most DSPs will be providing derived data to their third parties through CDR, which is a level lower than the Level 3 example, and therefore the relationship between a sponsor and affiliate should be taken into consideration. Here, the SSAM is already applied to DSPs and their third party software ecosystems; and
- We wish to once again remind the ACCC about the original intent of Open Banking and consider how these rules are impacting intermediaries, who exist mostly outside of the banking sector, and are having rules intended for banking/finance products applied to them.
Access a full copy of this submission here.