ING Bank systems upgrade could breach CDR rules – Finance – Software


Two fintech industry groups are calling for the ACCC to intervene in an imminent systems upgrade at ING Bank.

FinTech Australia and the international group FDATA’s local chapter alleged in a joint statement that a planned swap-out of ING Bank’s consumer data right (CDR) solution could place it in breach of its CDR obligations.

Cutover to the new system would invalidate potentially thousands of customers’ existing consents to share data with fintechs, and foist reintegration costs on the fintechs receiving data, the two organisations argued.

“Every single consent that is currently active with ING will need to be redone,” they added.

The joint statement also alleged that not all accredited data providers (ADRs) under the CDR scheme had been notified of the coming change.

“This exacerbates the issue as the urgency means ADRs have to coordinate their teams to update their platform in a short period of time, and wear the costs and the reputational damage,” the statement said.

The groups argued that asking customers to reauthorise data sharing amounted to a poor user experience, and could damage trust in the CDR “at a time where adoption is critical.”

The groups want ING Bank to maintain backwards compatibility with its old consent-collecting platform, so that consents only expire under the conditions they’re meant to, such as with time or the action of the consumer. 

In December, the ACCC fined ING bank for breaches of CDR rules, relating to data sharing deadlines in 2021 and 2022.

An ING spokesperson confirmed the upgrade to iTnews, saying it is necessary to build “a safe and secure Open Banking experience for our customers that has the potential to offer more functionality in the future.

“We are working through the migration plan with Accredited Data Recipients (ADR) and customers to make the process as seamless as possible,” the spokesperson said.

“One of the unintended consequences of the platform upgrade is that we will have to bring forward the re-consent of some customers, a step that everyone subscribed to the Consumer Data Right needs to do on an annual basis.”

 



Source link