Regional Australia Bank is a customer-owned bank that has been helping its customers achieve their lifestyle goals for over 50 years. The bank has a strong reputation for being flexible, personable and being able to make the complex simple. Its Head Office is based in Armidale, NSW and its branch network extends to 38 locations across regional and coastal NSW. Offering a full range of retail consumer banking services, Regional Australia Bank has grown to become one of the premier banking alternatives to the ‘Big Four’ banks.
The bank has a focus on celebrating what it means to be regional, and a large part of that is being connected to its communities. In 2019, the bank donated $1.8million to community causes through its various sponsorship programs – equivalent to 16 per cent of pre-tax profits.
It’s also committed to offering innovative services and solutions to customers, has offered mobile and internet banking for over a decade and launched its New Payments Platform offering, allowing real time funds transfer, on the first day that service went live in Australia in early 2018.
It has now become the first accredited Data Recipient under the Consumer Data Right (CDR) – the Australian Competition and Consumer Commission legislation which heralds an era of Open Banking in Australia. CDR allows consumers to request that their data is transferred from one service provider to another to encourage choice and competition.
In the past, when customers wanted to swap data between banks it was shared via direct connections or oversight processes which could be cumbersome and slow – or screen-scraping which many consider to be a security risk.
Open Banking has been designed to streamline and simplify the secure sharing of consumer data through a regulated system. Open Banking started in July this year with the four major banks as the regime’s first nominated data holders, and Regional Australia Bank and Frollo the first two authorised Data Recipients. By July 2021 all banks will be data holders and can also elect to become data recipients – further reducing the hurdles for consumer choice.
To make that happen banks need trusted digital platforms able to share and collect consumer data. Regional Australia Bank has developed its system using Microsoft Azure with API Management Services providing integration to the wider banking ecosystem.
Microsoft caught up with Rob Hale, Chief Digital Officer of Regional Australia Bank to learn more.
Microsoft (MS): You are one of two Data Recipients – what does that mean?
Rob Hale (RH): It means we were one of the first businesses to be able to consume CDR data from the initial Data Holders- the big four. From 1 July 2020, with consumer consent, we were able to start requesting consumer data from the majors. We were actually the first accredited Data Recipient – our number is ABNK000001.
MS: Why is this important to your customers?
RH: Being a Data Recipient means we can streamline processes, saving customers time and effort. Our initial CDR use case is being optimised to take the bad friction out of online lending – the uploading of bank statements and asking applicants to say how much they spend on education, transport, travel etc. We can automate that whole process which creates more time to have a human conversation about someone’s financial needs. Being a Data Holder also has value in our minds – if our customers can get a service they like elsewhere, perhaps a personal financial management solution or some budget tool that’s better than the one we offer, then we want to facilitate their safe use of that tool.
MS: You selected Azure as the foundations for this platform – why?
RH: We used Azure for CDR because we have it as an established and trusted cloud provider for our organisation’s infrastructure. Azure became our chosen platform because of its rigorous demonstrated adherence to APRA regulated privacy and security principles. It has provided us with a good platform for hosting containerised micro-services securely within segregated VNETs behind trusted firewalls and API management
MS: What about the security of this data as it moves from bank to bank?
RH: We collect CDR data, have it processed and delete the original data all within a matter of seconds. There is no record of the original data stored on our systems from that point on. We create a high-level summary of the analysed CDR data and that is stored securely against the user’s loan application on our existing, mature core systems. During transit, the user’s data is encrypted at all times. And during those few seconds where the data is on our secure systems being processed, it is effectively anonymous data, it does not contain any information to link it to any individual.
In addition to API Management Services, we’ve leaned on Azure container groups, firewalls, log analytics, private DNS, key-vault, SQL databases, virtual networks as well as subnets with security groups to deliver our solution. This has allowed us to reliably template deployments, manage our costs, provide visibility while appropriately isolating the solution from our other services in a secure manner.
MS: Did you develop this platform yourselves or work with a partner?
RH: We developed the main technical component that interfaces with the CDR ecosystem ourselves. We had some help from others when it came to development of web applications, consent design, policy material and user experience. We are now happily releasing the main CDR DR Gateway engine as open source – https://github.com/Regional-Australia-Bank/ADR-Gateway
MS: How long did this take to develop?
We spent the best part of nine months collaborating with the Australian Competition and Consumer Commission, the big four banks and other data recipients to build and test our solution.
MS: How will you be able to measure the impact of the move to Open Banking?
We track end to end application time savings, consumer feedback and reduction in human effort. Indirectly we hope to see a marked change in our Customer Effort score and hopefully a tick up for our net promoter score which is currently sitting at around 58.
MS: You are now working toward becoming a data holder – how will that work?
RH: This solution will differ somewhat from our ADR solution in that it is a vendor supplied and managed solution. Regardless, it will also be securely housed within our Azure environment. The Data Holder solution will make use of Azure virtual compute services as well as the segregated VNET, firewall and API management services that we’ve come to understand and trust. We’ll commence sharing of product reference data by 1 October 2020 and then to commence publication of consumer data by 1 March 2021, or sooner if we can.