ING Under Fire from Fintech Watchdogs for Open Banking ‘Breach’

Two fintech watchdogs have demanded action from regulators against ING Bank (Australia) over a planned software migration that they say invalidates existing data sharing arrangements.

Australia’s national fintech association FinTech Australia and FData ANZ, a not-for-profit global association of financial services companies operating in open banking and open finance, has raised serious concerns about ING’s recent decision to move to a new Consumer Data Right (CDR) solution.

FDATA ANZ and FinTech Australia have urged Australian Competition and Consumer Commission (ACC) to take action immediately. They also released a joint public statement on behalf of accredited data recipients across the CDR ecosystem, including:

We understand that ING will switch to a new consent solution where all active data sharing arrangements on the existing solution will become invalid on 8 February 2023. This will mean:

• Every single consent that is currently active with ING must be changed
• Thousands of consumers will be affected
• Accredited data recipients will bear the costs of reintegration and any damage to their business

Not all accredited providers (ADR) had been notified. The short timeline that some were made aware of raises further concerns. This exacerbates the problem as there is an urgency for ADRs to coordinate their teams to update their platform in a short period of time, bearing the cost and reputational damage.

This action disrupts the lives of many Australian consumers who use CDR to improve the way they manage their finances and cannot be set as precedent.

Dangerous precedent

“This move by ING sets a dangerous precedent for the rollout of the Consumer Data Right and puts the benefits it brings to consumers at risk,” said Rehan D’Almeida, Managing Director, FinTech Australia. “It is puzzling that ING, a bank with consistently high customer satisfaction ratings, would not prioritize the right to consumer data. This is a transformational reform and the banks have had years to establish the systems they need to be compatible.”

Mathew MytkaRegional Director, FDATA ANZ, said: “CDR has the potential to drive competition across many services, such as energy and gas, by making it easier for consumers to switch suppliers, save money and improve their financial lives.

“Open banking is still tracking well with 95 percent of ADIs sharing data (114 brands) and 88 data receivers in the ecosystem. However, while many banks are doing the right thing, we need to see a firm response from the regulator to ensure this does not sets a precedent.”

ACC action

CDR is a financial data sharing program that enables Australians to use the data companies hold about them for their own benefit. In addition to banking, it has also started in the energy sectors.

FDATA ANZ and FinTech Australia want the ACCC to take regulatory action “proportionate to the seriousness of the breach”. It also wants recognition of the degree of harm, damage or potential harm this may cause to consumers and the damage to confidence in the CDR regime.

The ACCC can issue an infringement notice when it has reasonable grounds to believe that a business has breached the CDR rules.

In December, the ACCC fined ING for alleged breaches of the CDR rules, relating to data sharing deadlines in 2021 and 2022. ING also paid fines totaling $53,280 after the ACCC issued four breach notices.

ING has described the upgrade as “necessary to build a safe and secure open banking experience for its customers”. It also said it was working through the migration plan with accredited data recipients.