NAB fined over $750,000 for alleged Consumer Data Right breaches impacting fintechs
National Australia Bank Limited (NAB) has paid penalties totalling $751,200 after the ACCC issued it with four infringement notices for alleged contraventions of the Consumer Data Right (CDR) Rules.
The infringement notices relate to alleged failures by NAB to disclose, or accurately disclose, credit limit data in response to four separate requests made by different CDR accredited providers on behalf of consumers.
The CDR is an economy-wide data sharing program that empowers Australians to leverage the data businesses hold about them for their own benefit.
For the CDR to be effective it is critical that the data which a consumer has consented to be shared is accurate, up-to-date, complete and in the required format.
“Poor data quality prevents consumers from experiencing the full benefits of the CDR. When banks or energy retailers don’t provide accurate data, consumers can’t take advantage of CDR products and services to compare products, find better deals, manage their finances or make informed decisions about product switching,” ACCC Deputy Chair Catriona Lowe said.
In this case, a failure to provide accurate information in relation to credit card limits impacted the service a number of fintechs provided to consumers, including some fintechs who offer mortgage broking tools using CDR data. These tools are designed to provide consumers with faster, simpler and more secure loan applications which better leverage their own data.
NAB’s payment of these penalties is the highest amount paid for alleged contraventions of the CDR Rules to date. NAB cooperated with the ACCC’s investigation and has rectified the data quality issues identified.
Data holders in the banking sector have had several years to understand and implement their CDR obligations. As the CDR continues to mature, data quality within the CDR remains a priority conduct area for the ACCC. In the second half of 2024, CDR participants reported to the ACCC that over 530,000 consumers successfully used CDR products and services across the banking and energy sectors, representing an increase of 135 per cent from the previous six months. During the same period, approximately 582 million consumer data requests were made.
“All CDR participants are reminded that failure to comply with the CDR rules will result in scrutiny by the ACCC and may result in enforcement action,” Ms Lowe said.
Notes: The payment of a penalty specified in an infringement notice is not an admission of a contravention of the CDR rules.
The ACCC can issue an infringement notice when it has reasonable grounds to believe a person or business has contravened certain provisions of the CDR rules.
