Managing organisational change and making best use of the opportunities change can bring are never easy – and become exponentially more difficult when multiple overlapping changes are proposed simultaneously and are being driven by enough regulators to make up a rowing team.
This is the reality confronting the New Zealand banking and payments sector, and it is occurring at a time of mounting public concern about access to banking services and the risk of online scams. We’ve produced this progress report to help you keep track. We hope you find it useful.
The core “rowing team” includes the Reserve Bank of New Zealand (RBNZ), the Financial Markets Authority (FMA), the Ministry of Business, Innovation and Employment (MBIE), the Commerce Commission and the Treasury.
They are all members of the Council of Financial Regulators (COFR) which released a Vision for the Future of New Zealand’s Payments in July 2023, setting out their respective roles in this space and confirming their commitment to an integrated approach.
In addition, Payments NZ and the API Centre provide an industry-driven perspective. The API Centre has most recently articulated its own clear views of what change should look like for New Zealand in its report Looking Ahead – Open Banking in Aotearoa New Zealand.
We comment at the end of this piece on the importance of a coordinated strategy across the broader change programme. The danger is that progress will be delayed unless the those operating in the market have a clear sense of the direction being pursued and the priorities being applied.
As we have previously discussed, the RBNZ is transitioning to a single regulatory regime for banks and non-bank deposit takers under the Deposit Takers Act. It is re-defining its role in the process. Current initiatives include:
- The decision through the branch policy review to restrict the New Zealand branches of overseas banks to the wholesale market, potentially limiting the scope of innovation from international bank players;
- The consultations on opening up direct access to its Exchange Settlement Account System; and
- The continuing Future of Money programme, with a central bank digital currency consultation in 2024.
Meanwhile, the FMA and RBNZ are both settling into their new supervisory, enforcement and standard-setting powers under the Financial Markets Infrastructure Act, created in response to New Zealand’s most recent International Monetary Fund (IMF) review.
The FMA’s focus on fair outcomes will ensure conduct and consumer protection overlays on all financial services, regardless of what happens to the Conduct of Financial Institutions Act.
Regulatory barriers and focal points are not being removed, but they are being significantly re-shuffled.
Within 18 months, New Zealand’s ‘big four’ banks (ANZ, BNZ, Westpac, and ASB) will have completed the industry-led Minimum Open Banking Implementation Plan, developed by Payments NZ through the API Centre.
They will have standardised APIs available from 30 May 2024 to API Centre third parties, with open access to account information by November 2024. Kiwibank has a two-year extension to hit these targets by May and November 2026.
As we’ve mentioned above, the API Centre’s ambitions extend well beyond this initial implementation plan.
Consumer Data Right
Banking will be the first industry to be covered by New Zealand’s Consumer Data Right (CDR) legislation, an exposure draft of which was put out for consultation by MBIE in June 2023.
The CDR will build on the work of the API Centre to standardise the use and processing of data with the objective of stimulating innovation and competition in services for the benefit of consumers. Direct, customer-authorised access to machine readable data could provide an entry platform for fintech players who meet the applicable security and organisational requirements.
Implementation of a CDR will take significant time and investment, largely by banks, but will reduce reliance on less secure technologies still common in New Zealand (e.g., screen scraping) and will better protect customer accounts against online scams.
Australia and the United Kingdom have had open banking since 2019 and 2018 respectively. The UK regime is relatively narrow and is payments focused.
The Australian CDR, like the proposed New Zealand one, is broad-based and will ultimately extend beyond banking to other industries, such as energy. But, while ours is proposed to provide both “read access” and “write access” from the outset, theirs began with “read access” only and is now being extended to include “write access”, for example to initiate payments.
The ongoing market study into personal banking services, which is expected to conclude in August 2024, is proving to be the tip of the iceberg for competition reviews in the sector.
- The Commerce Commission has also consulted on a proposal to regulate the inter-bank payment network to “promote competition and efficiency in the retail payment system for the long-term benefit of merchants and consumers”.
It acknowledges that this traverses some of the same territory as the CDR and the API Centre’s open banking initiative but suggests that it can reduce the risk of delays in implementing the CDR by requiring the banks to provide access to the necessary systems ahead of the CDR regime going live.
- More recently, the incoming Government has agreed (at the behest of New Zealand First) to establish a select committee inquiry into banking competition “with broad and deep criteria to focus on competitiveness, customer services and profitability”.
There is no indication into the timing, and there are no commitments at this stage to legislative change arising from the inquiry’s findings. But there is a risk it could significantly overlap the existing market study while straining the resources of both regulators and banks – particularly if the scope is not well-defined and coordinated at the outset.
Pulling in the same direction?
The rowing team analogy only takes us so far as the rowers have no choice but to row together and have the advantage of a cox. The regulators in the banking sector, by contrast, all have different mandates and do not have an agreed hierarchy.
They also need to navigate a host of related regulatory changes (such as proposals to broaden notification requirements under the Privacy Act and the recently enacted Digital Identity Services Trust Framework regime), as well as the change of government and the change of priorities that comes with it.
While the CoFR “Vision” statement is helpful, CoFR has yet to seek input on an agreed timeline or roadmap for the various different workstreams. Coordination with industry is also vital, as local use cases are created in response to the particular needs of New Zealand.
The international experience shows that the price of clunky implementation is slow uptake. Systems that provide strong benefits for one country’s demographics may be redundant, or even harmful, if transplanted to another. Success in New Zealand will require everyone to pull together.
Clear regulatory goals, clearly established roles between regulators, and coordinated consultations will help minimise overlap and conflict – and ensure we are setting ourselves up for the future rather than for failure.