A major bank has been fined for failing to share customer details under the Consumer Data Right

Complaints from the fintech sector that some major banks have been slow to get with the program when it comes to open banking have proved true with the competition watchdog slapping a $133,200 fine on the Bank of Queensland.

The Australian Competition and Consumer Commission (ACCC) issued the penalty and infringement notice against BoQ for allegedly breaching the Consumer Data Right (CDR) Rules by failing to provide a service enabling consumers’ data to be shared.

CDR first rolled out two years ago for the major banks, with all other banks required to share certain data by 1 July 2021.

The transfer of consumer data is at the direction of consumers, and has provided a major opportunity for the fintech sector to develop new products and solutions to help people better understand their banking and costs

Under the CDR rules, Bank of Queensland was required to be iready to share data for financial products, including savings accounts, term deposits and credit cards, by 1 July, 2021.

It finally happened five months later on December 13 last year.

This is the first infringement notice the ACCC has issued for an alleged breach of the CDR Rules.

ACCC Commissioner Peter Crone said that for the CDR to work effectively for consumers, participants including all banks must meet their data sharing obligations within the timeframes set by the regulations.

“In the current environment of rising interest rates, consumers benefit from greater access to information and tools to help them compare products and make informed decisions about switching banks, and the CDR assists this,” he said.

“As it is rolled out, the CDR will increase consumer choice and promote the innovation needed to improve competition in financial services and other areas. It will play a central role in enhancing productivity.”

The ACCC boss said a number of banks were delayed in implementing their CDR solutions, in part due to issues related to the COVID-19 pandemic and a shortage of skilled IT resources.

The regulator said it took into account a number of factors before issuing the infringement notice to BoQ, including the period of alleged non-compliance, the number of customers potentially impacted, the resourcing constraints and steps the bank took to limit the duration of its non-compliance.

The ACCC, with co-regulator, the Office of the Australian Information Commissioner, is responsible for ensuring CDR participants, including accredited providers and data holders, comply with their obligations.