Proposed Non-Bank Lending & CDR Rule Changes (Nov 2024)

Jill Berry

The CDR has been flirting with the inclusion of Non-Bank Lending for a long time – and the release of new draft CDR Rules is one step closer.

Noting that these are just draft rules and not confirmed. Comments are open for consultation until 24/12/24. Adatree will be providing a response so please DM us if you would like your views to be included too.

Overall our view is that these are biased towards cutting Data Holder banking obligations, and not focused on the consumer or quickly delivering value to Australians.

Here is Adatree’s breakdown of the latest CDR Draft Rules (November 2024 version)

1. Including Non-Bank Lending as Data Holders in CDR

What is it: Outlining the timelines, eligibility for inclusion and scope for including Non-Bank Lenders into scope as Data Holders in the CDR

Why it matters: CDR is an economy-wide data sharing framework, and to show the full picture of a person’s or business’s finances, non-bank lending is important to be included as a data source – especially with the impending ban on screen scraping.

Proposed Scope of Inclusion for Entities:

  • Portfolio size: Non-bank lenders with a portfolio of $1 Billion, including related entities of the NBL
  • Customer size: Minimum of 1,000 customers
  • Data sharing obligations also apply to managers of loans (also known as servicer entities) that provide credit on behalf of a non-bank lender

Proposed Entity differentiation:

  • Initial providers – $10B portfolio of resident loans and finance leases (averaged over last 12 months)
  • Large providers – $1B portfolio of resident loans and finance leases (averaged over last 12 months) and >1,000 customers

Proposed Timing:

  • Tranche 1 – Product Reference Data for NBLs is live 13 July 2026. This is public, non-CDR data.
    • Applicable to both Initial and Large Providers
  • Tranche 2 – Consumer data – 9 November 2026 – Non-complex requests (only individuals)
    • Applicable to Initial Providers
  • Tranche 3 – Consumer data – 15 March 2027 – Introducing complex requests (joint accounts, business accounts)
    • Applicable to Initial Providers
  • Tranche 4 – Consumer data – 10 May 2027 – Non-complex requests (only individuals)
    • Applicable to Large Providers
  • Tranche 5 – Consumer data – 13 September 2027 – Introducing complex requests (joint accounts, business accounts)
    • Applicable to Large Providers

How is this different to the draft Non-Bank Lending Rules from December 2022?

  • Previous de minimis for inclusion for portfolio size was $500M
  • Previous de minimis for inclusion based on customer size was 500 customers
  • Previous implementation was 12 months after rules going live – now it is significantly longer (18+ months) without any justification of a drastically later start time

Verdict: Fantastic to include NBL, but the start timing of the first Tranche is extremely disappointing. Go -Live Timing must revert back to its original recommendations – it should be 12 months from the date of the effective rules. Realistically, Data Holders are using a provider and not DIY. 12 months is a very realistic and generous timeline to go live, especially since they have known this has been coming for literally years. Especially with PRD, there are off the shelf solutions that are very cost effective that take days to set up to compliantly expose their PRD data.

Timelines should be exactly as outlined in Rule 6.9(2) after the Rules effective date

  • 12 months for PRD
  • 15 months for consumer (non-complex) requests
  • 18 months for complex requests

Impacts

  • Consumers? The sooner this is live, the better off Australian consumers will be.
  • Data Holders? This is a compliance project for NBLs, but there are OOTB solutions for them to comply (also, with Adatree’s Compliance Dashboard, used by nearly 30 DHs already!) and years of notice for compliance have been given. With CDR live and tested for many years now, implementations aren’t as challenging as they once were.
  • ADRs? Work is needed to connect to and receive NBL data – but this is very welcomed work to increase the number and breadth of data sources. Demand is to access consented NBL much sooner.

2. Limiting CDR sharing history

What is it: Treasury is proposing to change the history available for products from 7 to 2 years.

Why it matters: This is only based on the feedback of Data Holders – no consumer would say “I want less access to my data”

Verdict: Not positive – Adatree will not be supporting this change. We would support changes of 4 years, IF the timing of NBLs started sooner (Section 1) the product scope was not affected (section 3)

  • Consumers? Less information available means less utility. However, the question is what the utility of data between 2 and 7 years old.
  • Data Holders? Making their obligations easier for data access.
  • Accredited Data Recipients? Would need to update all use case scopes for those collecting 7 years of historical data – unnecessary work and not considering the cost of compliance to ADRs compared to DHs.

3. Decreasing product scope for banking

What is it: Making the below products voluntary for banks. Noting that banking Data Holders do not implement anything voluntary, so this is as good as removing these products from the CDR.

  • Asset finance (except for standard auto finance)
  • Consumer leases
  • Foreign currency accounts
  • Margin loans
  • Reverse mortgages

Why it matters: This change only benefits Data Holders and disadvantages consumers. These products are popular in market for businesses and consumers. No consumers would want this change and unfortunately only highlights screen scraping as a viable alternative if the Data Holders do not support these products. These products wouldn’t meet Treasury’s own de minimis thresholds in this consultation paper (1,000 customers, section 1), so this is entirely inappropriate to deprive tens of thousands of Australians to having rights and access to their own data.

Impacts: 

  • Consumers? Consumers (businesses and individuals) are worse off as they don’t have full access to their banking data. Especially FCAs are important to businesses as this is a differentiation compared to bank feeds and a carrot for CDR.
  • Data Holders? Less work to implement and maintain existing CDR obligations.
  • Accredited Data Recipients? Ultimately the CDR is less attractive to them without these products in scope.

Leave a comment

ACKNOWLEDGEMENT

Adatree acknowledges Aboriginal and Torres Strait Islander peoples as the traditional owners of our lands throughout Australia. Our headquarters are located on the lands of the the Gadigal people of the Eora Nation. We pay our respect to their culture and to Elders past, present and emerging.

Adatree Pty Ltd
Level 2, 58-62 Kippax St Surry Hills
NSW 2010
(02) 8017 1118

© Adatree Pty Ltd

Privacy Policy Complaints CDR Policy