ING Bank pays penalties for alleged breaches of CDR rules

ING Bank (Australia) has paid penalties totalling $53,280 for allegedly failing to comply with Consumer Data Right (CDR) rules and making a false representation to consumers, after the Australian Competition and Consumer Commission (ACCC) issued it with four infringement notices.

ACCC said the payment of a penalty specified in an infringement notice is not an admission of a contravention of the CDR Rules or Competition and Consumer Act 2010.

According to the ACCC, ING Bank allegedly missed three important legislated deadlines and made a misleading statement to consumers on its website about the reliability and security of its CDR service.

Under the CDR Rules, ING was required to be in a position to share data for certain financial products by specific deadlines and this included data relating to residential home loans by 1 November 2021, and data relating to joint accounts by 1 October 2022.

The ACCC alleges that ING Bank did not meet all of these obligations as required and was not able to facilitate certain consumer data sharing, as it was not capable of receiving consumer data requests from accredited data recipients acting on behalf of consumers.

By failing to meet its obligations, ING potentially denied its customers the full benefits of being able to use the CDR program.

“Under the CDR, consumers have a right to safely and securely share certain data with accredited providers, including fintech firms and other third parties, who in turn can use that data to create better customised products and services for the consumer,” ACCC Commissioner Peter Crone said.

“Unlike customers of most other banks, many ING customers were not able to fully benefit from the services of accredited businesses using their CDR data.”

“Allowing consumers to share CDR data relevant to these services, including those relating to financial management and comparison tools, is important, especially given current cost of living pressures and rising interest rates,” Crone said.

“All data holders are reminded that failure to comply with the CDR Rules will result in scrutiny by the ACCC and may result in enforcement action, with potentially serious consequences including infringement notices or court proceedings.”

The ACCC also alleged that ING Bank breached the Australian Consumer Law by making a false or misleading representation on its website.

Between 28 October 2021 and 2 February 2022, ING Bank represented its accredited person request service had been operational since 1 July 2021 and was therefore a reliable and secure system for customers to use to share data, when this was not the case.

“All CDR participants are warned that any claims about the CDR must be accurate and able to be substantiated, or they risk breaching the Australian Consumer Law, which can attract significant penalties if the ACCC commences court proceedings,” Crone said.

ING Bank removed the allegedly false or misleading representation from its website after the ACCC raised its concerns.

The ACCC can issue an infringement notice when it has reasonable grounds to believe a person or business has contravened certain provisions of the CDR Rules or the Australian Consumer Law.

CDR gives consumers the right to safely access data about them, held by data holders, and direct this information to be transferred to accredited third parties, potentially to access new products and services, including better deals on everyday products and services.

ING spokesperson said that delays in commitments delivery were caused by ‘unforeseen technical compatibility issue’.

“We started our Open Banking journey in 2019 and have approached the delivery of this program with the best of intentions for Australian bank customers. In fact, we were the first non-major bank to release our product reference data to developers for Open Banking.

“However, in more recent times our delivery commitments were delayed mostly due to an unforeseen technical compatibility issue that became apparent as the Open Banking regime requirements evolved. This issue has now been resolved.

“While we accept and have paid the fine, not resolving the compatibility issue would have jeopardised our ability to transfer customer data to the Open Banking ecosystem in a safe and secure manner. This is not something we were prepared to compromise on, even if it meant falling behind on delivery timelines.

“ING’s commitment to Open Banking remains a key priority for the organisation. We will continue to cooperate with the ACCC and we have a plan in place to deliver the remaining Open Banking functionality in 2023.”