With the CDR in effect, Australia banks need to ramp up their path towards open banking. As a regulation dependent on technology, open banking forces banks to take a close look at their existing IT architectures, identify technology gaps and implement open APIs with top-notch security. Discussions around meeting the needs of the CDR, implementing consent management and maintaining positive customer experiences should happen now.
This deck will cover
- A brief introduction to the Consumer Data Right (CDR)
- A comparison of the Open Banking UK API Standard and the Australian CDR
- The key requirements for implementing an open banking architecture
- A demonstration of how WSO2 Open Banking meets the technology needs of the CDR
Elevate Developer Efficiency & build GenAI Application with Amazon Q
[APIdays Melbourne 2019] The Consumer Data Right: Building a Successful Open Banking Architecture
1. The Consumer Data Right
Building a Successful Open Banking Architecture
APIdays, Melbourne.
Dassana Wijesekara : Director - Solution architecture
https://medium.com/@dassana.p.wijesekara
2. What We Will Cover
● Open Banking Australia
○ CDS Rules
○ WSO2 OB Solution Components
● The key requirements for implementing an open banking architecture
● Pillars of the Consumer Data Righ (CDR)
● How WSO2 Open Banking helps with your OB journey
3. The Consumer Data Right (CDR)
● Improve consumers’ ability to compare and switch between products
and services.
● Encourage competition between service providers, leading not only to
better prices for customers but also more innovative products and
services.
4. Possible Use Cases
● Generic Comparison
● Personalize Comparison
● Basic Financial Management
● Complex Financial Management
● Apply for Credit
Products : Transaction Accounts, Savings,
Term Deposits, Personal loans, Home loans, Overdrafts
Cards
5. The Roles of Consumer Data Right (CDR)
● Data Holder (DH) - Your bank
● Data Recipient (DR) - A bank, A third party, fintech
● Register (R) - ACCC
● Consumer >
6. Principles for the CDR
Outcome Principles Technical Principles
● Are secure - ensures the protection of
customer data
● Use open standards - reaches a wider
audience of industries
● Provide a good customer experience
- is easy to use
● Provide a good developer experience
- allows developers to understand and
implement effortlessly
● Are RESTful - adhering to statelessness and resource
orientation
● Are implementation agnostic - the implementations
should be independent of API standards
● Are simple - to reduce implementation costs
● Are rich in capability - to cover a wide range of scenarios
● Are performant - to minimize repetition and issues with
heavy payloads
● Are consistent - by using common data structures
wherever possible
● Are version controlled and backward compatible - the
evolution of the APIs should not break previous
implementations
● Are extensible - to accommodate future use cases
7. WSO2 Open Banking Solution
WSO2 Open Banking is a purpose-built solution, using
Open Source WSO2 products, for regulatory compliance.
It helps align banking and regulatory needs with
technology infrastructures and regulatory expertise
to quickly satisfy compliance.
12. Data Recipient Onboarding
● Vetting of Data Recipients
● Accreditation
● Approvals / Revocation
● Periodic Validation / Review
● Disputes
13. The Process of Sharing Account Information
Login and
accessing account
information via
web/mobile
application
Authentication
endpoint
Login page
Two-factor authentication
Customer consent
Token
Obtain account
information
Web/mobile apps
Authorize
request
1
2
3
4
5
6
7
14. Consumer Experience
CONSENT SHOULD BE:
Freely given by the consumer
Expressed
Informed
Easy to understand
Specified as to the intended use of data
Time limited
Easily withdrawable
20. CDS - Non Functional Requirements
• Minimum Performance and Availability - Data Holder
• Maximum Traffic Expectation
• Reporting Performance - avoid auditing / inspection
• Data Latency and Quality
• Limitations on Data Load with Data Holder
23. API templates that support Open
Banking UK, The Berlin Group, and
STET, CDR specifications
Built-in API security, including OAuth2
and certificate validation
Strong customer authentication,
adaptive authentication, and user
consent management
Fraud detection and transaction risk
analysis
Key Features
API analytics and business insights with
dashboards
Integration points to core banking
systems
Third-party onboarding capabilities
Built on top of the WSO2 Platform,
making it easily extendable for digital
transformation initiatives beyond open
banking