Group items tagged

Australians can now choose to share their banking data to access more personalised financial products and services following the launch of the Consumer Data Right. All four major banks are capable of sharing their customers' data, when requested by the customer. Other authorised deposit-taking institutions will join the Consumer Data Right over the coming year. Overseen by the Australian Competition and Consumer Commission, consumer data relating to credit and debit cards, deposit accounts and transaction accounts are now available to be shared. Mortgage and personal loan data will be added from November.

The Bank of Canada published a paper that models the trade-off faced by BigTech payment platforms between costs associated with compensating users for their privacy concerns and revenues from the harvested data. The results of the modeling lead to two policy implications. First, data monetization is not necessarily inefficient from a social point of view because data are socially valuable and users are compensated for their privacy concerns with cheaper platform services. Second, when assessing BigTechs' introduction of payment services, one needs to consider the bundling of data and payments and the implied complementarity. In economies with large payment frictions, data-driven payments tend to increase social surplus. In advanced economies, however, where payments are already fairly efficient, payment-driven data can lead to inefficient adoption by platforms that seek to generate data beyond what is socially efficient.

Fidelity spun off its data-aggregation business, Akoya, into its own company, giving financial institutions another tool to securely share customer data with third-party financial apps. Akoya collects data from banks on its network and provides a single entry point for third-party apps and data aggregators, such as Plaid and Yodlee. Akoya will be owned and operated by Fidelity, 11 major banks and The Clearing House. Some industry groups view the spin-off as a threat to competition because the new arrangement gives banks too much control of consumer data.

The Hong Kong Monetary Authority (HKMA) is exploring the use of the Commercial Data Interchange (CDI) to enable more efficient financial intermediation in the banking system, and to enhance financial inclusion in Hong Kong. The CDI is a consent-based financial infrastructure that would enable more secure and efficient data flow between banks and sources of commercial data. It has the potential of solving long-standing pain points in SME financing by allowing SMEs to use their own data to enhance their access to financial services. To study the technical feasibility of the CDI, the HKMA is conducting a Proof-of-Concept (PoC) study in collaboration with banks. The PoC focuses on using trade-related data to facilitate trade finance application process and is expected to be completed by the end of 2020.

A BIS paper proposed a data governance system that restores control to the parties generating the data, by requiring consent prior to their use by service providers. The system should be open, with consent that is revocable, granular, auditable, and with notice in a secure environment. Conditions also include purpose and use limitation, data minimization, and retention restriction. Trust in the system and widespread adoption are enhanced by mandating specialized data fiduciaries. The experience with India's Data Empowerment Protection Architecture (DEPA) suggests that such a system can operate at scale with low transaction costs.

The International Working Group on Data Protection in Technology (the "Berlin Group"), chaired by the German Federal Commissioner for Data Protection and Freedom of Information (BfDI), published a working paper on central bank digital currency (CBDC) privacy-related risk factors. For example, the paper points out that the ECB must take a privacy and data protection by design and by default approach. In addition, it argues that a distributed ledger technology (DLT) architecture does not necessary entail a more privacy friendly solution, because data is immediately visible to all nodes in the network and immutability means that data can never be deleted or rectified (a right that is guaranteed in Europe's General Data Protection Regulation (GDPR). Also, some programmable features imply privacy and civil rights risks that may outweigh the potential benefits, due to legal and ethical concerns (for example automated decision-making without possibility of appeal and/or risk of censorship).

The Bank for International Settlements (BIS) Innovation Hub announced Project Ellipse, a proof of concept (POC) to explore how supervision could become insights-based and data-driven using an integrated regulatory data and analytics platform. If implemented, regulatory authorities, as the ultimate end users of the platform, would be able to digitally extract, query and analyse a large quantity of data from diverse sources. These data could then be relevant to current events in real time and visible via dashboards, informing them of early supervisory actions that may need to be taken. In Phase 1, partnering with the Monetary Authority of Singapore, the Bank of England and the International Swaps and Derivatives Association, the concept of cross-border digital regulatory reporting, using a machine executable data model, will be explored.

"Open banking allows users to access financial information and services through consent-based data portability. This paper brings together the views of private and public experts from a wide variety of countries to explore opportunities and challenges of open banking for financial regulation, privacy protection, and competition. It discusses the different approaches taken by jurisdictions across the globe, and the importance of regulation and standards. While open banking empowers users in sharing and re-using their data across digital services, online platforms, sectors and borders, uncertainty in the interactions with data protection and privacy regimes remains challenging. This paper informs OECD work to consider how cross-sectoral cooperation between financial, competition and data protection authorities could help further open banking."

The IMF published a Fintech Note that offers a framework to help countries navigate, as well as tools to help them manage, the trade-offs between central bank digital currency (CBDC) data use and privacy protection. It addresses retail CBDC, as data access and privacy-preserving considerations in a wholesale environment are similar to those of the traditional real-time gross settlement (RTGS) systems. It emphasizes the role of institutional arrangements, data collection, access and storage policies, design choices, and technological solutions. At a given level of preference for privacy, central banks can facilitate better use of CBDC data through robust transparency and accountability arrangements, sound policies, and judicious adoption of privacy-by-design approaches including the use of privacy-enhancing technologies.

The National Bank of Hungary (MNB), working with eight Hungarian banks and eleven insurers, developed a distributed ledger technology (DLT) based home insurance scheme, to coordinate data sharing about mortgage insurance policies. The paperless and transparent data transfer will reduce administrative work and reconciliations. Data sharing will be General Data Protection Regulation (GDPR) compliant, so the homeowners will have to provide consent, and only the insurer and the bank will have the right to see the data, and not the central bank. https://www.mnb.hu/sajtoszoba/sajtokozlemenyek/2025-evi-sajtokozlemenyek/blokklanc-alapu-digitalis-csatorna-a-bankok-lakasbiztositok-kozt-csokkennek-az-ugyfelterhek

Financial sector policymakers are increasingly focused on data rights, touching on such questions as: who owns financial data, what rights do various parties have to use that data and in which ways, and what privacy rights do individuals have.

An IMF paper explores some of the insights that economics gives us to think about the implications of data proliferation, and what this means for modern data policies. Cooperation between regulators, both within and across countries, will be vital to tackle the challenges associated with the increased flow of data.

The European Data Portal released a new study on the value created by open data across Europe and builds on the EDP's 2015 report "Creating Value through Open Data".

The Hong Kong Privacy Commissioner for Personal Data and Singaporean Personal Data Protection Commission has signed a memorandum of understanding that will see the pair cooperate on protecting personal data

Moody's and Elliptic have formed a strategic alliance to integrate on-chain blockchain data with traditional off-chain data sources to screen virtual asset service providers (VASPs). The solution leverages Elliptic's real-time on-chain data, which categorizes the exposure of digital asset transactions to illicit activity and combines this with Moody's off-chain data within an integrated risk engine. Together, it provides a comprehensive overview of a VASP, helping institutions understand who they are doing business with and the associated risk.

A new data protection law in Kenya is setting a high standard for the rest of the continent. As the country looks to engender more safeguards in the collection, handling and sharing of data, Kenya's president Uhuru Kenyatta has approved legislation which complies with the European Union's General Data Protection Regulation.

Consumers routinely supply personal data to technology companies in exchange for services. Yet, the relationship between the utility consumers gain and the data they supply - "return on data" - remains largely unexplored.

Plaid is launching a new service to help banks, especially small ones, quickly develop application programming interfaces for sharing their account data with third parties. The company already works with 3,000 other fintechs to help them access customers' bank account data. But Plaid Exchange will enable banks to be in the driver's seat of data-sharing efforts.

"When designing privacy protection regulation, regulators face a challenging trade-off. On one hand, individuals are reluctant to share their personal data due to concerns about potential abuse or misuse. To protect consumers' privacy, regulators may consider limiting or even prohibiting the collection of personal data. On the other hand, data play a vital role for data-intensive firms like fintechs, which rely heavily on personal information to screen and price borrowers. Privacy regulation could thus potentially hinder the growth of fintechs and weaken competition in the financial sector."

The Financial Stability Board (FSB) published a stocktake of national and regional data frameworks and identifies frictions that pose challenges to improving the cost, speed, transparency and access of cross-border payments. It highlights fragmentation in data frameworks as a main contributor to increased cost and inability to automate cross-border payments. By early 2024, the FSB will develop recommendations, for public consultation, for promoting alignment and interoperability across data frameworks applicable to cross-border payments.