The Federal Government has announced it will require financial institutions to develop a way of recording their customer information, and now the Australian Bankers Association is pushing to have that information shared widely.
Australia’s Financial Conduct Authority (FCA) says it is asking the Bank of Australia, National Australia Bank and the Australian Financial Services Corporation to work with banks and other financial institutions across the country to “develop a set of standards for the collection and use of data by financial institutions”.
The move is an effort to prevent breaches of bank customer data, which are increasingly being used by criminals to gain access to customers’ money.
The bank has previously said that the use of blockchain technology to record customer data could be “the next frontier” in financial data security, but this is the first time it has asked the industry to work on the technology itself.
In a submission to the FCA, the Australian Banking Association (ABCA) said it is “deeply concerned” about banks being unable to “ensure that the information is appropriately protected against loss, misuse or abuse”.
“The FCA believes the existing data security framework for financial information must evolve to include a way for financial institutions and the wider community to have confidence that the data that is stored in a bank’s data centres is securely protected,” the submission said.
“This will enable financial institutions, financial service providers and other stakeholders to better identify risks that are emerging and to better safeguard the information they hold.”
A number of organisations, including the ABCA, have been pushing for the introduction of a “common set of rules” for financial services companies, including a clear legal framework for how information can be shared, as well as standards to help identify fraud.
A common set of financial services company rules would include: A legal definition for the data sharing process; An independent audit of the sharing of data between financial institutions; A requirement that the bank keep records of customer identity, payment details and other identifying information about customers for six months after a customer account is opened; And, a requirement that banks maintain a record of their customer identity for three years.
An ABCA submission also said the regulator needs to consider whether there are existing data protection frameworks that would allow banks to use blockchain technology, such as the Open Blockchain Standard, for sharing customer information.
Meanwhile, a spokeswoman for the National Australia Banking Association said: “As part of its response to the ABCa submission, the bank has requested a set set of common rules for financial service organisations to implement.”
In an email, the ABCAs said: The National Australia bank has made clear that the banks new data security guidelines need to include clear legal requirements to be met by financial services organisations.
We will also be meeting with the regulator in due course to discuss these and other issues.
There are also questions about the validity of the existing privacy rules for data that banks store on customers.
But it is unclear if the bank would be able to enforce the rules in a meaningful way, as banks are not required to store customer information in any way, but would need to share it with the Financial Services Commission, for instance.
Financial Services Commission (FSC) chairwoman Fiona Richardson told the ABC the regulator had not been able to reach out to the Australian bank to seek clarification of the issue.
She said the agency would be asking the bank to come to its own conclusions on how to implement the new rules.
Ms Richardson said the FSC was “committed to working with the Australian banking industry to ensure that all Australians are protected from cyber-attacks, including data breaches”.
Ms Miller said she believed that the FSB was in a “different position” from the FCT and the FASA because the Australian financial services industry was “in a position of being the backbone of the Australian economy”.
But she said the “big banks are making it very clear that they are not going to allow the Australian people to use their data to attack the Australian Government”.
She also said she was “not sure” the FSF would be “happy” with the “overly simplistic” approach to protecting customer information proposed by the Australian Banks Association.
Mr Holden, the chairman of the ABCs Banking Standards Council, said the banks were “very much committed to ensuring that people’s data is kept secure”.
He said the industry would work closely with the FCS to develop “a common set and standard”.
This article has been updated to clarify that the ABC has a policy of not commenting on any industry or individual issue.