CX Consultation Draft 5: Joint Accounts

[CDR-API-Stream]

For review

The DSB CX team is seeking feedback and consultation of possible options for joint account elections. Refer to Consultation Draft 5 - Joint Accounts.pdf.

Please note the focus of this consultation is related to the CX considerations not technical standards at this stage.

Context

The ACCC is considering whether to amend the rules to accommodate joint account elections being offered in the authorisation flow. This would be optional and not affect current implementation in accordance with the existing rules. The ACCC is mindful that the November timeframe for joint accounts is fast approaching and any implementation decision should not create additional requirements that would impact build timelines.

This decision proposal articulates two options for joint account election and authorisation to be considered for Phase 3 implementation but also an ‘ideal state’ to work towards in the near future.

This decision proposal has been written to obtain community feedback on these options, and any other options that are raised for consideration, prior to a recommendation for a final proposal being made to the Data Standards Chair.

In particular, the Data Standards Body (DSB) would like to receive:

1. Views on joint account election and authorisation from the community, but especially data holders required to implement joint accounts in 2020 and 2021
2. Feedback on the specific options presented in this paper, along with any other options raised for consideration
3. Time estimates for successful implementation of the options in this paper, and any other options raised for consideration.

Feedback posted in this thread will be considered as part of the CX consultation. Feedback can also be provided via the CX Consultation Page.

Feedback for this paper is planned to close on 9th April 2020.

[SelenaLiuEA]

Hi All,
I understand from last week's Data Holder workshop that the DSB welcomes submissions from both the banking and energy sector in response to this joint account consultation. Will the DSB consider repeating this joint account consultation after the ACCC finalises the CDR rules for energy or provides them in draft form?
Thanks
Selena

[Susan-CDR]

The context section of the consultation states that ‘data holders are expected to work towards implementing multi-party authorisation as it is intended to become a requirement in the future’. Whilst Suncorp supports this future intent, we don’t think it’s practical until the CDR regime is more mature and better understood by consumers. We do not support that providing consumers with the option for multi-party authorisation be mandatory. This is because it is necessary to ensure that the effort from customers to provide authorisation on joint accounts is not prohibitive before investing in the additional complexity of this capability. If multi-party authorisation does become mandatory, this will impact compliance timetables and should have an extended compliance deadline.

Suncorp requests clarity on the Current State Joint Account Election slide as point 3 states ‘If a joint account is not available in the authorisation flow, DHs are not permitted to show ‘unavailable’ accounts, nor provide instructions for how to elect those accounts.’ This contradicts p79 of the CX guidelines which include a SHOULD requirement to display joint accounts as unavailable and MAY provide instructions on how to make these accounts available to share. Please clarify the correct requirement for displaying unavailable accounts in the authorisation flow.

Important feedback for both proposals is any communication to JAH2 will need to be a MAY (not a MUST) requirement. This is because it cannot be assumed that the data holder can digitally contact the second party. Many joint accounts will only have one party digitally active, so there needs to be the option to have JAH1 advise JAH2 that they will need to register for Online Banking, call the contact centre or visit a store to complete their authorisation of the joint account election.
Specifically, on proposal 1 (in-flow notification), whilst it is simpler to implement, it is likely to result in a poor customer experience and many data sharing arrangements where value offered is not realised as some accounts are not included in the initial consent. The customer would be required to complete a new consent or complete a separate consent just for the joint account, after it has been elected. Alternatively the success would rely on the data holder offering the optional capability to modify a consent, enabling adding an account after consent is established.

Proposal 2 (in-flow election) is supported in terms of allowing JAH1 elect the joint account and provide instructions how to access the joint account management service and how JAH2 will need to elect. This would allow the consent to be completed including the joint account in pending state with no data disclosed until JAH2 has authorised also. There will need to be guidance about the amount of time JAH2 has to elect, as there could be customer experience impacts for once-off data sharing arrangements (currently this would be an impractical 10 minute opportunity). Suncorp does not support it being mandatory to provide customers with the option of multi-party authorisation, nor for the onus to be on the data holder to contact JAH2 (due to the scenario where JAH2 may not have a means to be digitally contacted).

[SelenaLiuEA]

Good afternoon all, please see below for EnergyAustralia's submission.
Cheers
Selena
EnergyAustralia - Github - CX Consultation Draft 5 - Joint Accounts No. 106 FINAL 9 April 2020.pdf

[commbankoss]

Commonwealth Bank's feedback on the decision proposal is attached here:
CBA Response to April 2020 CX Consultation Joint Accounts_CBA.pdf

[da-banking]

DA supports in-flow election. It’s important that the approval of JAH2 does not interrupt the rest of the consent flow for JAH1, merely gates the availability of the specific account’s data to the ADR.

With that in mind, the requirement:

Data holders MUST provide information to JAH1 and JAH2 during the account
election process.

should be altered to remove the need to provide information to JAH2 during the election process.

DA seeks clarification of the obligations on a Data Holder should JAH2 remove the election, assuming:
• No notification to the ADR is required
• A 403 status code response to requests for the account’s data is sufficient
The proposal as it stands also leaves room for further innovation for Data Holders to improve UX in a space where opportunities for differentiation are currently constrained.

DA echos @Susan-CDR's request for clarity on current state.

[NationalAustraliaBank]

It's great to see another round of exploration and testing kicking off for the joint account holder consumer experience. This will be a critical piece in landing on a usable experience which builds on current implementations, while ensuring that joint account holders are empowered as part of the CDR. NAB recommends:

• Separating the concerns of election and authorisation, and validating how much control customers want. As a baseline there needs to be the ability to elect, though an in-flow option needs to make this clearer as to what implications are ongoing. Additionally customers the option to authorise every data sharing request for joint accounts should not be ruled out. This will also provide data holders flexibility to implement each separately in line with how account authorities are currently managed (for example in a payments scenario, joint account holders can elect authority to make payments with 1-or-2 to authorise, and then actually authorise payments as per that election);
• Expanding on the JAH2 experience and their rights as part of CDR, and the implications for joint business owners - some key considerations have been outlined below;
• Exploring more in a collaborative approach, similar to how the current consent model was workshopped to drive key decisions, a similar approach should be followed for joint consent models to fully map out the experience and impacts for joint accounts. NAB would be willing to share our own findings and learnings as part of this.

Responses to key questions

1. Should joint account election be permitted to occur in the authorisation flow?
In-flow elections and authorisations of joint account sharing should be allowed, though should not be enforced as mandatory. The objective should be to make it easy as possible to share joint accounts, while ensuring joint account holders are well-informed. An In-flow election as outlined in this proposal is unclear, and requires more exploration of the end to end experience for both JAHs. The current proposal doesn't outline any experience for JAH2. This exploration should include more industry collaboration to share concepts, learnings and research between participants to create an experience informed by consumers.

2. If not, should the authorisation flow provide information on unavailable accounts and provide instructions for election?
Joint accounts should be visible, and instructions should be provided on how to share if they can't be selected. If this information isn't provided, it will make it difficult for a consumer to share their account and may result in poor adoption of the CDR due to frustration and confusion.

Additional key considerations that need to be addressed with future collaboration:

• Individual customer information does not require joint authorisation.
• Does business customer information require joint authorisation?
• How does each JAH manage the data sharing arrangement and what does each see?
• Should business owners (JAH2) see the authorisation in its entirety, or just the account and related scopes they authorised?
• JAHs that do not have an online presence, will they be needing to elect? The same applies to JAHs that cannot elect at all, e.g. (A JAH under 18 or a deceased JAH).
• JAH2 will have limited information in the current implementation to make an informed decision about a consent, which is a very different experience to what is communicated to JAH1.
• Change of elections and revoking account authorisations from sharing should be seperate concerns. Changing elections should not revoke accounts from existing consents because it is an action that affects two holders. Consents should be evaluated beforehand to understand if a JAH will be impacted before revoking the consent.
• When a JAH revokes their authorisation, what is their right to be forgotten? Current consent authorisation is between JAH1 and the ADR, with no context of JAH2.
• How do JAH owners get notified at what points during the consent flow?
• How might reauthorisation work for joint account authorisations? (When this is eventually introduced).

Implementation Timelines

At this stage it is premature to assess the impact of each option until these key questions are worked through, and a technical lens is applied as to what this means from an InfoSec / API Standards perspective. Additionally, the impact of COVID-19 is still evolving, and adds further uncertainty to any potential timeframes.

[WestpacOpenBanking]

Westpac supports Proposal 1 - In-flow notification for November timeframes. It is important that the term "unavailable" as used in the proposal is given a concise definition which is limited to those accounts which can be made available for sharing (i.e. accounts jointly held by two individuals for which a joint account election does not exist), but are not unavailable for some other reason as this will help to reduce the risks of harm that could occur. We believe that this approach provides an easily understandable customer experience.

Westpac does not support Proposal 2. Making sure that customers are adequately informed before granting consent is important, and we are worried that providing in-flow election functionality would create an overwhelming and confusing distraction in relation to the other choices and information which must be presented to customers during the consent flow. Rather than proceeding with this proposal, we suggest it may be beneficial to develop guidelines in relation to two party authorisations as these are less likely to be confusing.

[CDR-API-Stream]

Thanks everyone for all your feedback and participation. The feedback period has now closed. The DSB will review the responses and will provide additional commentary here.

[CDR-CX-Stream]

Thank you to everyone for your contributions. This issue depends on rules changes so any final proposals will be delayed so that new rules can be consulted on.

Unavailable accounts being shown in the authorisation flow
Data holders are permitted to show unavailable accounts in the authorisation flow except for unavailable joint accounts. V1.3.0 of the CX Standards/Guidelines will clarify this exception as per the below:

Data holders are not permitted to show unavailable joint accounts as joint accounts need to be elected via a joint account management service before they are permitted to appear in the authorisation flow (See CDR Rules: Schedule 3, 4.1(1); 4.2; 4.3(3); and CDR Rule 4.24)

This consultation has raised important issues that the CX Workstream will collaborate on further before the development of a specific proposal.

[CDR-CX-Stream]

For noting: ME Bank provided a response to this decision proposal within the consultation window. In line with the DSB's open consultation process it has been linked to here for visibility:

https://consumerdatastandards.org.au/workinggroups/consumer-experience/consultations-cx-workstream/consultation-draft-5/

[CDR-CX-Stream]

For noting: Origin provided a response to this decision proposal within the consultation window. In line with the DSB's open consultation process it has been shared here for visibility:

Joint Accounts - CX Consultation 5 - Origin comments.docx

[CDR-CX-Stream]

This issue will be closed before any decisions are proposed. As these proposals depend on policy considerations any further recommendations will only be suggested after inter-agency consultation has also been conducted.

The V1.4.0 release will seek to resolve the unavailable joint account issue cited in this thread. The details of this proposed change are on the standards maintenance page.

The ACCC is currently consulting on how joint accounts operate for the energy sector as part of the energy rules framework consultation.