The Australian government is introducing a potentially economy shaking reform: Consumer Data Right (CDR). The rollout for banking is finishing, the energy sector is next and then, in 2023, comes the telecoms sector together with the insurance industry.
If the rollout goes to plan, Australia’s insurers are on track to become the industry’s first widespread adopters of CDR in the world.
“So, from an insurance perspective, while it’s still a little bit embryonic, we will be the most advanced. So this is also why it’s quite difficult to predict what it’s going to look like and what some of the use cases might be because it hasn’t been done anywhere else,” said Andy Parton (pictured above), Ernst & Young’s (EY) Oceania financial services technology consulting partner.
Parton is involved in sessions with Treasury, insurers and industry bodies around the CDR rollout.
“My advice [to the insurance industry] would be to start to form a team around this, start to look at what happened in banking and make some assumptions around what might happen and what you might need to put in place,” he said.
The change puts consumers in charge of sharing their personal information in an automated and secure manner with service providers. Under the rules it will be mandatory for all banks, insurers, telecoms and any other data holders to be set-up, registered and compliant under the new rules.
However, CDR works in two ways: through data holders and also accredited data recipients - in other words, the givers and receivers of the customer’s data. Parton agreed that there could be significant commercial opportunities for insurers if they become data recipients, but that part of the rollout isn’t mandatory.
“They’ll only have access to that if they choose to access it and choose to become a data recipient because the worst of all worlds is that you’re forced to become a data holder and you’re forced to share your data with others but you’re not setting yourself up to be a recipient and receiving the data from others,” he said.
Parton said it’s important to think of CDR “holistically” and to look at it “as a whole” and not as two distinct modes.
He said now is the time for insurance companies to start working out how they can become both a data receiver and a data holder.
“They can start to get ahead of the curve thinking about how to compete and be a data recipient whilst they’re waiting for the rules to be specified and be designated as data holders,” he said.
He also said the implementation of CDR across Australia’s banking sector has taken 18 months and there are lessons for the insurance industry. For one thing, the timeframe was “quite tight.”
“This is a bit bigger and a bit more complex than many organizations might initially think. On the surface it’s about sharing some data under some API’s and most organizations are doing some form of that already. But many of the banks thought that what they already had in place would be much more reusable than it actually was,” he said.
Parton said EY breaks down CDR rules and standards into 12 distinct areas and only one of those is APIs.
“For banking there are about 700 different obligations that banks need to sift through, understand and apply to themselves. Many of those are technology requirements,” he said.
Parton said less than half of the non-major banks managed to become compliant on time.
“The bulk of them were obligated to go live last July and less than 50% of them made it on time, largely because of delays in programs mainly due to technology not being ready,” he said.
He also said relatively few banks have signed up as data recipients. Parton said about 30 banks and financial service providers are now accredited as data recipients but only about half are active. About 100 banks and banking entities are in the CDR regime as data holders.
Treasury is still defining the exact rules for the insurance sector, but Parton said it’s likely to be consumer insurance-focused in the motor and home sectors.
“It’s a reasonably safe assumption to expect that the general principles will be the same and the model will be the same [as in banking]. Certainly, the whole concept of how consent works, which is at the heart of CDR, will be the same and the goals it’s trying to achieve will be the same,” he said.
Parton said those goals are better transparency and access to customer data for the purposes of customers being able to share that for their own benefit.
He also said the experience of the banks switching to CDR in both the UK and Australia may not be the “key” example insurers should look to. The ability of consumers to compare banking products in the UK – a system that hasn’t got off the ground here – became “a race to the bottom in terms of pricing and didn’t do a particularly good job of comparing like for like in terms of product,” said Parton.
However, he said that CDR could help these comparison systems improve and be very useful for the insurance industry and customers.
“But I do think CDR has the ability to be able to make it clearer in terms of, first of all, what are my needs as a customer?” he said.
Firstly, he said, more customers need to understand it and want to use it.
“Then the more industries that come in, the richer the data sets that are available, the more appealing it is to for others to come in. So, we do think that there’s going to be an acceleration of usage,” he added.
That’s starting to happen in the UK where CDR in the banking system went live in 2018.
“We’ve got some stats around transactional take up and it was pretty slow for a couple of years and then it started to go up like a hockey stick effect and that’s what we’d expect to see here,” said Parton.
He expects the banking sector in Australia to start showing that rapid rise in consumer uptake very soon.
Meanwhile, next year, Australia’s insurance sector is poised to be the first in the world to take on CDR.
“Australia is unique in that, as far as I’m aware, no other country is legislating something similar in other sectors. So the UK is banking only and countries like Canada and Brazil are rolling out similar regimes but also for banking only,” said Parton.
But he warned against insurance companies trying to implement CDR compliance and data systems without help. Parton said a few banking organizations went down that path and found it much harder and longer running than they thought. Now they’re looking to outsource that to others.
Parton said EY’s message to the general insurance industry is: start preparing for CDR.
“You’ve got a bit of runway now and you can start thinking about your strategy for how to compete in the CDR and design a program of work based on that strategy and think about your technology holistically,” he said.
Parton said Treasury is expected to finalize its CDR rules for the insurance industry in November before releasing a compliance timetable ahead of next year’s rollout.