How Australian Banks and their Customers Ended Up With a Greater Duty of Care

Key Takeaways

• The UK’s Consumer Duty requires banks to have very detailed knowledge of a customer’s circumstances and goals
• Australian financial services regulation is trending towards banks collecting and analysing more customer information
• To reach the UK’s level of ‘know your customer’, Australian banks will have to collect and process more consumer data

Have you noticed all the privacy disclaimers and documents that talk about the fate of your personal data?

Most of us hit ‘agree’ without reading what we agree to, but these disclaimers are lists of what the collecting party can do with your information, and your rights in relation to that.

If it’s any consolation, the big retail banks are spending more time on this too, only in their case the regulators are expecting them to capture more personal data and to do more with it. 

The banks and their customers are locked in a digital dynamic of expectation and obligation in which a consumer is expected to give up an entire digital trail of their financial ‘life’ in exchange for the bank having to know so much about them that they can tailor outcomes to a specific customer while protecting them from risk.

The digital relationship between bank and customer is turning into a Consumer Duty which will transform the way banks collect information and provide products and services. The United Kingdom has already embarked on this path, and it is being looked at for Australia. 

Under a digitally-enabled Consumer Duty, we will move beyond a legalistic counter-party relationship, and banks will instead be required to put the individual customer in the centre of their operations. 

This means a move away from simple demographics. Under Consumer Duty, the bank’s ‘Know Your Customer’ obligations give it little choice but to collect individual data and construct it into millions of distinct digital personas that have their own patterns, attributes and needs. And then the banks must tailor a fit-for-purpose relationship with each of them.

Let’s look at what is happening in the UK, where the Consumer Duty regulations come into effect in 2023. The banks must put customers at the heart of their business with a focus on actual outcomes (from the customer’s perspective).

First, there is an overriding Duty to ‘act to deliver good outcomes for retail clients’.

Secondly, banks must have three principles in their end-to-end business practices: Act in good faith towards retail customers; Avoid foreseeable harm to retail customers; Enable and support retail customers to pursue their financial objectives.

The new regs even specify key elements that inform the Consumer Duty relationship: Products and services; Price and value; Consumer understanding; Consumer support.

You might note the language. It is qualitative and positivistic. What is a ‘good outcome’? What is ‘value’? What is a ‘financial objective’? How deep is ‘understanding’ when you have millions of customers?

Along with the qualitative construction is an element of anticipation. The overriding ‘good outcomes’ test is itself a glimpse of the future, as is ‘financial objectives’ and ‘foreseeable harm’.

Being able to commit to these sorts of regulatory requirements will require deep levels of ‘Know Your Customer’ information, and it will take immense data collection and analytics – probably via AI – to fulfill the requirements down to the personal situation of every customer.

In other words, Consumer Duty for the bank necessitates a greater level of data collection from customers than we have right now.

Australia is moving towards its own Consumer Duty regime, and some of the regulatory signs are already here. Our National Credit Code (NCC) governs the consumer credit space and it already contains an assumption from the Australian Securities and Investments Commission that the lender has deep and up-to-date borrower information and a high degree of computational analytics to more or less front-run the borrower’s behaviour and pain-points.

We also have our DDO, or Design and Distribution Obligations that apply to retail product distribution conduct. They were due to come into effect in October 2022, but on September 14 Treasury released amendments to the regime given the compliance problems financial institutions were having with it.

The main challenge in DDO is the Target Market Determination (TMD) which is a similar customer-specific and qualitative view of – not a ‘market’ as we would understand it – but an actual customer. 

The relevant test of the product being compliant is whether the issuer and distributor took ‘reasonable steps’ to manage the risk that the product is acquired by someone outside the Target Market. While ASIC has claimed that TMD does not require an individual product suitability test, the level of detail required to comply with the TMD test across a database of millions, is extreme.

It will require more collection, more analysis and greater levels of predictive computation. It’s a paradox: giving up all your data to have greater financial protection.

Hong-Viet Nguyen is a Financial Regulation Partner at Ashurst.

Author:Hong-Viet Nguyen, Partner.