Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Select Committee on Financial Technology and Regulatory Technology

MALONE, Mr Brendan, Chief Operating Officer, Raiz Invest Limited

RAETZE, Ms Astrid, General Counsel, Raiz Invest Limited

CHAIR: Welcome. Thank you for your time. Information on parliamentary privilege and the protection of witnesses and evidence has been provided to you. Would either of you like to make a brief opening statement?

Mr Malone : Yes, I'll do one on behalf of us both. Thank you, Chair and Senate select committee, for the opportunity to address you here today. Since Raiz Invest was launched in 2016, it has seen very rapid growth in its customer numbers. More than 800,000 Australians have signed up to the Raiz app, with more than $440 million in funds under management.

Raiz's philosophy is simple: we help everyday Australians invest small amounts regularly. Overall we can say that our experience in the Australian market has been positive. Raiz Invest Ltd began life in 2016 under the original name of Acorns. Since then we have assisted more than one per cent of the Australian population to save and invest their spare change from everyday purchases into a mix of ASX quoted exchange traded funds. We provide our clients with an easy entry into investing with as little as $5. We break down these barriers to entry for saving and investing, which can include high minimum deposits and lock-up periods.

Most of our users are keen to strengthen their financial position, and they want to learn the value of saving and investing from an early age. For this reason, we also have a strong financial literacy built into our application and there is an education component to what we do. We strive to educate our users about the markets, their finances, budgeting and investing. This education and learning aspect of our platform is very popular with our millennial customer base.

The Australian financial services and fintech sector currently have limited competition. It is dominated by a small number of very powerful players. Our customers have highlighted to us how important it is to them to have an alternative to these big current players. With the likes of Raiz, our success in signing up a large number of the Australian population illustrates this. The limited competition and dominant market share of the four big banks create challenges in all aspects of launching a new fintech business such as Raiz. Those challenges are broad; for example, restrictive government policies, capital raising, toehold acquisition, customer acquisition and growing the market share just to name a few.

The purpose of our submission, submitted on 24 December, is, firstly, to provide what we think are the policy levers that will support the creation of a more level playing field for the benefit of all Australians, and, secondly, to contribute to a greater investment into the fintech sector in Australia.

I'll highlight our concerns. Firstly, there is the screen scraping in the ePayments Code. We believe that screen scraping is an effective method for collecting user data, and the law and policy need to be amended to support this functionality. Importantly, screen scraping is regulated by current privacy laws. There is no evidence for claims that a customer's risk of fraud increases during screen scraping or claims that the protections against loss from fraud are invalidated as a result. In fact, we believe that a bank's own environment is riskier for the purpose of fraud and theft than that of Raiz or any aggregation screen-scraping third party.

Secondly, there is the open-banking CDR accreditation. Under the current regime banks or ADIs are automatically accredited to receive data. This automatic accreditation is unfair and fails to create the level playing field we seek. It also automatically assumes that ADIs are fit and proper when they have clearly been shown not to be and the community clearly considers them to fall short of any community standards. Nor do the banks have to hold insurance to compensate investors for a breach of the CDR obligations, and yet in recent times it is the banks that have engaged in the most significant, widespread and systematic breaches of all laws. Therefore, such a regime, which does clearly favour the banks, is completely contrary to the community expectations or to the stance taken by this government following the Hayne royal commission.

Thirdly, there is the compliance burden. The significant compliance burden fintechs will face under the CDR, including liability in the event of a breach of a third-party data service provider, will create a significant cost burden as well without providing customers or consumers with any effective additional protection mechanisms.

The fourth is the open banking consent requirements. This is around the accreditation of data recipients versus data holders. The significant value-added and competitive advantage that the CDR will create for the four large banks at the expense of the fintech sector and the Australian consumer is massive. The CDR allows the banks to freely use their customer data without obtaining similar consent required by other data recipients. In our opinion, the banks do not need to obtain the same specific double consent nor refresh the consent every year. Given the large four banks hold 90 per cent of the transactional data, the ability to use this data freely without the privacy safeguards that the fintech industry will be subject to is a significant and valuable advantage that not only lessens the competition in the banking sector but also, arguably, completely hamstrings competitors. We do, however, recognise and appreciate the government's R&D tax incentive scheme, which has helped our business and many other fintech businesses to date in Australia.

So what are our quick proposals, amendments and steps forward from here? We propose that the ePayments Code be amended to support and remove the ambiguities around screen scraping, and we've set out those amendments in our submission; that both the code and the CDR be amended to explicitly recognise that screen scraping may continue; that the unfair streamlined accreditation process for ADIs be removed so that all entities, including banks, must obtain it, or at least be extended to other financial institutions subject to similar data security requirements, such as responsible entities, to receive this automatic accreditation; and that the double standard created by the privacy safeguards, particularly in relation to the double consent process and the life of the consent, be removed in the CDR legislation.

Data is the new oil, and the four big banks hold 90 per cent of this data. If fintechs cannot access this data on a level playing field, the banks will not only continue to dominate but also enhance their current competitive advantage. Together, the amendments that we suggest would reduce the competitive advantage that the CDR gives the banks and others.

The Raiz submission is on behalf of all Australians and particularly millennials. As you are aware, thousands of our customers have also made submissions directly to the committee. We are primarily concerned with the current initiatives from the government and regulators that create a skewed competitive environment in Australia, creating barriers for fintech innovation, investment and eventually job creation. They are our opening remarks. We are more than happy to take questions.

Senator MARIELLE SMITH: I will start with screen scraping. I know my colleagues will have a lot of questions, so I will try to keep mine brief. The main thing that I need to understand is: if screen scraping isn't available to you, is your business viable? Is there another way to do it?

Ms Raetze : At the moment, no.

Senator MARIELLE SMITH: With the changes that are on their way, will that—

Ms Raetze : Potentially, yes. We may as well talk about screen scraping, since it is the hot topic. Screen scraping has two camps. There's the bank camp and those fintechs that are funded and supported by banks and their view on screen scraping. Then there are fintechs who are not bank affiliated. Largely, the argument centres around those two camps, with the bank side very clearly saying, 'It's bad; it's wrong; you've got to shut it down,' and the fintech side very clearly saying, 'We need it; and if you shut it down you will ruin our business.' What that argument fails to do is step up a level and have a look at: what is it; why do we have it; and who uses it?

Screen scraping is the technology that is being used very widely throughout the financial services industry at the moment by players like Xero, ANZ and Macquarie Bank. Xero use it to screen-scrape bank information so that they can prepopulate financial statements within their accounting software. It primarily just takes a snapshot of information. It isn't a tool that actually enables you to transact on the bank account. All it does is take a photo of that information and assists you with the use of data.

That, I think, shows you want the screen-scraping argument is actually about. At the heart of it, it is really about data and who not owns the data but who controls it and who has access to it. When you look at it from that perspective, the banks have 90 per cent of the banking data in the Australian market and, therefore, of course, they are not going to be advocates of screening scraping, because that makes the data more freely and readily available. It makes access to data more democratic. Of course, all the fintechs are going to be 100 per cent for it because it's low cost, it's easy to use and it frees up the ability to use the data, which is where all of the value lies.

Will there be other tools to get that data? Yes, there will: they will be under open banking and they will be through APIs. In theory, you could get all of that data now through APIs but, because there's no real regulatory regime around it, it's not used widely. That then brings you to the next argument, which is, 'Okay, let's allow screen scraping up until the point in time when open banking is available and then we'll shut down screen scraping.' What that doesn't take into consideration is the disparity of resources between the two camps. The development costs to build an API are significant and the time lag on it is significant: you're looking at somewhere between six to 12 months and about a million-plus development costs, which is a big allocation of resources. In addition to the development costs, you then actually also have to grapple with the legal framework. You're going to have to put in place a legal contract that regulates the data recipient and the data holder's relationship and the flow of data. That, in itself, is probably another three to six-month job and, depending on how difficult the data holder is, you're probably looking at somewhere around the $200,000 mark to get that up. So you're looking at somewhere between a $1 million to $2 million spend, at minimum, plus a six to 12-month build for one API. I should make it clear that those are guesstimate figures, at best.

If you switch on open banking and you turn off screen scraping, you'll hamstring the fintech industry. You will effectively be saying that from here on in you will need to build APIs and you will need to deal with the banks, who don't want to deal with you in the first place, in order to put the APIs in place. And that, at the fundamental level, is what this is about. It's about access to data. If you really look at it, it's about consumers and the Australian public's access to their own data, and the ability to direct where that data goes—and stopping incumbent powers from using their lobbying powers, frankly, to stop that access and continuing to control extremely valuable information. So that's our take on screen scraping.

Senator MARIELLE SMITH: We just heard from a bank that their login authentication system makes screen scraping impossible. I'm not sure if all the banks are doing that, but I imagine that if they're not happy with this then that's where they're heading. Is that something you've encountered? Do you think the trend is going to be towards institutions preventing screen scraping anyway, so we need to look at alternative data collection and data access?

Ms Raetze : Yes. I think that's the thing with all technology. I would say that the bank that's just presented has cutting edge technology and it leads the world in this. That will eventually move its way through the industry over time. So, yes: what you say, in my view, is correct. Over time, as a government, you will need to find a policy that enables consumers access to their data and the ability to make sure that data is more freely disseminated to the areas where they want it to go to in a cost-effective, affordable way—which may be open banking over time, but it may not be.

Senator MARIELLE SMITH: You mentioned in your opening statement that the R&D scheme has helped your business and expressed thanks for it. But we are hearing a lot of negative things about the R&D scheme in terms of people being able to access it for software development. Can you step us through your positive experience and where you think that scheme is working, and do you see any opportunity for development or improvement?

Mr Malone : It is a difficult process and it's a long process. I don't know if you know the time lines and the deadlines, but you roll over your 30 June—and we lodge ours in early December. As soon as I roll over 30 June, I start that preparation process for it. It takes a solid three months worth of work, picking it up and putting it down whilst we do other things.

I remember a couple of years ago when we did our first one; it wasn't built for technology. The applications, and even the registration process, weren't built. It was: 'What are you building? What's your widget? What's your agriculture? What's your medicine or buyer?' It was really centred on the old R&D sides. So that matter has increased. It's a process. We do it. We've done it for three years now. Our submissions would be 40 or 50 pages long. We've built processes around our R&D that we do in-house to make sure that it's easier to complete the application forms. We have steps. We have processes. We have changed management processes in place to make it easier to complete the actual administration process.

Ms Raetze : I've had some conversations with accountants who specialise in doing nothing but R&D grants for start-ups, in case it's of help. They say that, if you want to take advantage of the R&D grant as a start-up, you have to make sure you do it in the correct fashion right from the get-go—from the very beginning of your life. If the government is looking at facilitating and helping companies to innovate, the vast majority of start-ups, whether fintech or other, aren't going to even be across that. They'll be looking at the R&D grant six, 12 or 18 months down the track and going, 'Oh, there's a whole pile of costs here that we can't claim, because we didn't set this up right from the beginning.' There's an art form to it. It is difficult and it has obstacles, and that denies access to it to a number of start-ups. It's an easy win for a government that's looking to assist in and support innovation.

Senator MARIELLE SMITH: Am I right in characterising your view as: the scheme is cumbersome, but it's ultimately possible to get the support it's designed to give?

Ms Raetze : If you know about it, and if you know what you're doing from the beginning.

Senator MARIELLE SMITH: Presumably, if you have the right advice, if you're a small start-up—a lot of these people don't have a team of whiz accountants used to dealing with these things.

I am interested in the consumers you service. What we are hearing a lot from fintechs is that they are able to fill space or a product to a consumer base who may otherwise be overlooked by more traditional institutions or don't feel that traditional institutions offer them a product which is suitable for their needs. You mentioned that millennials are one of your strong customer bases. Can you step me through how much of your customer base they make up and how you think about targeting your products to that cohort. Do you see the product you offer as something which will grow with millennials as they develop and their needs change, or as something that you want largely focused on the entry level into financial engagement and financial literacy long term?

Mr Malone : Good question. We have 800,000 sign-ups and 380,000-odd investment accounts that have passed the KYC—they're valid accounts—and we have an active customer base of 200,000 to 215,000. Of those, 70 per cent are aged between 23 and 34, and 67 per cent of them are male, which has been a big swing. The whole process of customer acquisition for us is about education and about online. We have targeted our online acquisition to increase the male-female switch. At the same time we are looking at the different cohorts out there. So it's about getting the education and letting people know that there's an opportunity to get market experience, financial literacy and education for as little as a $5 investment in our app. That's the key. The key hook for the acquisition is this round-up mechanism. So you spend $3.50 on your debit card, you link your bank account to the account, the screen scraping comes in, we see the transaction with Starbucks, we round that up, we take that 50c and we put it into the portfolio of your choice. So it's giving people access at such a low cost, and very quickly.

Ms Raetze : In relation to growing with the millennial user base—do you want to talk to that?

Mr Malone : Yes. We came up with the Acorns app, now Raiz, for getting them in and getting them educated. Our customers have asked us for a further and better financial services product. Our end goal, as a start-up, as a fintech company, is to be a full financial services organisation. We're doing investments. We're doing some payment stuff. We're looking at releasing similar products in conjunction with FlexiGroup over the next couple of months. There is an insurance offering in there.

Just as an example: six months after we launched, the millennial customer base said: 'Hey, this is great, but we would love an investment portfolio with what we believe in. Can you create an ethical portfolio?' So we've got an ESG based portfolio. We built it, they came, and it is now the second-biggest portfolio. Six months after that, the customers were saying: 'Hey, wouldn't it be great if you guys had super? I would love to see my super in my Raiz app as well.' They are realising that it's real time. They can see their transactions, they can see their investments and they can see what the market means to them from that education. They may see in the paper that $3 billion has been wiped off the ASX and that's X percentage. They look in their own app and they realise it's one per cent and they've lost a minimal amount. So it's an education, to say what it means when they see it on the news. So we're building our product, and it's pretty much all based on what our customers are asking, but we do want to take them on that journey.

Senator MARIELLE SMITH: Is your growth through expanding products to your existing customer base, as customers grow and become more literate, or is your growth through innovation in the products you're currently offering, and doing that better?

Mr Malone : Both: the user experience on the current offering that we have, whilst adding products based on what the customers are asking for.

Senator MARIELLE SMITH: Thank you.

CHAIR: Thanks for your submission. One thing we're trying to nail down today is people's views on the regulatory environment and regulatory culture. Is it your view that Australia is open for business, or do you have a different view?

Ms Raetze : We are definitely open for business. We try, anyway.

CHAIR: By 'we' I mean Australia. Is Australian open for fintech business?

Ms Raetze : Australia is not the go-to choice for fintech business. The go-to choice for fintech business would be the US and the UK. If you were looking at Asia, it would probably be Singapore and then Hong Kong, to be frank. The reason for that is not the regulation. Our regulations are no worse or more onerous than in any of those jurisdictions that I've named, nor are our regulators any more difficult to deal with that any of the regulators in those countries.

CHAIR: So what's holding us back?

Ms Raetze : I think it's market size, population size and perception. If you're a young millennial interested in putting together a fintech and you want access to capital to grow your business and grow it fast, where are you going to go? Are you going to go to Hong Kong, Singapore or the UK, or are you going to come to Australia? It's really around access to capital and the ability to grow fast. I think they're the primary drivers. Would you agree with that, Brendan?

Mr Malone : Yes, it's access to investment, and I think the other one that's been touched on is access to a skilled labour force, the talent that is required to move these fintechs quickly.

CHAIR: One of the themes in your submission is very focused on the four large banks. Do you have a view on the four pillars policy and how we do things in Australia in relation to larger and smaller financial institutions?

Ms Raetze : Yes, I'm happy to answer that, but I'm also happy to answer your previous question, on the regulators, because we really didn't answer that; we sort of got sidetracked.

CHAIR: About regulatory culture?

Ms Raetze : Yes, your question on regulatory culture. I think the regulatory culture in Australia is very rigorous and is certainly stricter than what it was in the past, particularly given the royal commission. We deal a lot with ASIC, and they try really hard. They're very informed, they engage and they have an innovation hub. They do try very hard. We do have a very high level of regulation to overcome, but no jurisdiction really hasn't. The sandpits don't really get start-ups across the line anywhere. So, on the whole, with regulatory culture here in Australia there's room for improvement, but it's not terrible.

CHAIR: Do you have a view about the large banks?

Ms Raetze : The four pillars policy? We've got quite a firm view on that. You'll remember that the four pillars policy was put in place by Paul Keating back in the 1990s, and he did it because he wanted to prevent the big four merging or a major international bank coming in and taking any one of them over. In other words, the policy was put in place initially to maintain a competitive banking market. Fast forward 30 years, and the four pillars policy is actually now a policy that maintains the competitive advantage for the banks; in fact, it's now the complete opposite of what the intention was in putting it in place in the first place.

The Productivity Commission looked at this question back in 2018. You would no doubt have got that report as part of your considerations. They've already said—back in February 2018—it's time to put it in the cupboard, and we belong to that way of thinking where the four pillars policy is concerned. It does nothing other than create an extremely unlevel playing field. It continues to favour the incumbents. It's used for justifying that it contributes to the financial stability of the Australian market. Our view is that that's a confused argument, that it doesn't actually do that, and that it has facilitated and encouraged some of the poor behaviour that we saw during the royal commission. If the government is genuinely interested in creating a level playing field and increasing competition, and therefore improving pricing in banking products for all of us, then we need to break down that four pillars policy and we need to open the field up for new entrants—foreign banks, new Australian banks and fintechs.

CHAIR: I want to now come to the issue of screen scraping. A number of people have offered a view on this today. Some of them have said, 'Once you have open banking up and running, then you can do away with screen scraping.' I understand that your comments were that that wouldn't work for you. You would be aware of the issues that people have raised about this; you've read the submissions. So what is the way forward for screen scraping in conjunction with open banking? Thinking about our deliberations, how could you best help us present your view?

Ms Raetze : Screen scraping has a place, and it will continue to have a place once open banking is in place. So you'd run them together.

CHAIR: How do you reconcile that against all the consumer advocates and other people who've said that it runs counter to the general principle that you shouldn't give away your name and your password?

Ms Raetze : You shouldn't give away your BSB and your account number and you shouldn't use your credit card or give your credit card details away online either—and everyone does it. So the way I would address the consumer advocacy groups that have made a submission is that they are focusing on one angle of the issue around screen scraping only, as opposed to looking at it on a holistic basis. Their argument is similar to, 'You shouldn't have cars because they cause car accidents.' It's the same thing with screen scraping. Yes, it's a piece of technology that we use for multiple different reasons and it is open to misuse. Most technology is open to misuse. In my view, the answer is not to therefore throw it out altogether or not allow it, but to address the misuse and make sure that it is properly regulated. Parts of it are regulated, from a privacy law perspective—so the data you get is regulated—but other parts of it are not. The ePayments Code is voluntary. You could make the ePayments Code like actual law, and you could make it really clear in the ePayments Code that, whether you're giving your BSB and account details or whether you're giving your password and your logon details, provided that is authorised and to a reputable banking or financial service provider, you're protected under your terms and conditions with your financial service provider. And that, to me, is about allowing innovation by providing flexibility and choice. And you do that if you have both open banking and APIs and screen scraping available, at least for the medium term.

CHAIR: What do you mean by the medium term?

Ms Raetze : Well, if you wind back to the old Beta video days, then we had the videotape, and then we went from there to CDs, and now we stream everything. There's a period of time where there's a significant overlap in technologies, but eventually everything kind of devolves to the latest form.

CHAIR: One of the options that's been put forward by some other submitters today is sunsetting. Is that what you're saying?

Ms Raetze : I'm not advocating sunsetting. I am advocating that the government recognises that you need flexibility and to allow both forms of technology to exist for the foreseeable future—recognising that, over time, society generally in itself devolves to the latest form of technology, and at that point in time you can reassess it. If you put a sunset clause in place, all that's really going to happen is that you'll approach the sunset clause, you'll get hammered with a whole pile of people who are not yet ready to let go of an existing technology, you'll push costs into the industry when it's already got a lot of costs and you'll force people to do expensive API builds and expensive contract negotiations when their business is not quite ready. So I'm not an advocate of a sunset clause; I think that's a false end.

CHAIR: Just so I understand: your position would be that the consumer applicants are mistaken—

Ms Raetze : Not mistaken; they're only focusing on one misuse of screen scraping, which I think is possible to address.

CHAIR: So they're taking a narrow view.

Ms Raetze : Yes.

CHAIR: Your view is that the ePayments Code should be amended, that there should not be a sunset clause and that this can continue—

Ms Raetze : Indefinitely.

CHAIR: That's your position.

Ms Raetze : Excellent summary, thank you.

CHAIR: You know that there are a full range of positions on this matter.

Ms Raetze : Yes.

CHAIR: The last thing I wanted to ask you about is the R&D. Are you a member of any industry bodies or industry association groups?

Mr Malone : Yes, FinTech Australia.

CHAIR: One of the issues that has been raised is the R&D issue of software—of what is new and what's not new. We've asked some other groups to take on notice what they see as the best way forward, given that historically, as you've raised, it may not have fitted well into the R&D framework. So, given people have raised it as a concern, I think that we should look to try and get some drafting from people. We're very happy to take anything from you or from your industry body if you think it is important enough.

Mr Malone : We can take it on notice and provide something, and I'll talk to the fintech association and make sure of what their views are as well.

Senator SCARR: I'd like to go back to screen scraping. I want to tease out a few issues so I can fully understand the argument, so please don't interpret my questioning as indicating a position I hold; I'm just trying to tease out some of the positions. In terms of your customers, is it true to state that when I sign up, however I do that, I'm specifically consenting to your organisation engaging in screen scraping? Is that correct? Is that made clear to me?

Ms Raetze : It's a part of our terms and conditions.

Senator SCARR: Secondly, putting aside the behaviour of the big four banks, from your perspective are there any genuine risks to me as a consumer in terms of me agreeing to do that?

Ms Raetze : No—no risks from you doing that as a consumer that are any different from what you would have with your existing bank. We have the same level of security, and we do not transact on your account, so there are no risks to you.

Senator SCARR: Is that because you are a reputable provider of a service to me? Presumably, if I signed up with someone else based in the Bahamas and agreed to do this, it might not have the same outcome. There could be a risk if I gave all those details to someone who doesn't have your corporate governance standards.

Ms Raetze : That's correct, yes. And we comply with our legal obligations, which mean that we keep your data safe and secure, and we don't misuse it and we obtain your consent when we do use it.

Senator SCARR: In the experience of your company, have you had any issues with your customers making complaints about inappropriate use of screen scraping or unintended consequences from their perspective? Have they raised any concerns or complaints with you?

Ms Raetze : No, none at all.

Senator SCARR: No complaints at all from any of your customers?

Mr Malone : No, not one on screen scraping.

Senator SCARR: You mentioned that if we moved to open banking and screen scraping was prohibited, you would have to develop an API and that would cost—as a guesstimate—maybe $1 million.

Ms Raetze : It would cost $1 million plus, yes.

Senator SCARR: A million dollars plus the time involved in that. Would the time and the cost be the only barriers to your business model dovetailing with open banking?

Ms Raetze : The primary barrier is going to be the preparedness of the data holder to engage and to be prepared to build that API. So we would have to actually persuade CBA to allow us to build an API to receive their data, and negotiate with CBA, just as an example. The other thing I did just want to add onto my comments that I made with Senator Bragg is that the open banking and the API feed is a full data feed. It may be more information than you actually need, if you see what I mean, whereas the screen scrape is short and fast and it's just a photo; it's a snapshot. If you have a sunset clause or if you unwind screen scraping, you end up stopping technology that's short, sharp and fast and pushing everybody into a form of technology that may provide them with more than they need.

Senator SCARR: If you were general counsel for CBA, or a major financial institution—putting aside the competition element, and whether or not the motivation is to frustrate competition or whether or not there's a bona fide issue that they have—what bona fide risks are there for CBA? Let me give you one possible example: what risks are there for their consenting in their terms and conditions to their customers in the contract with CBA being able to give out their password et cetera to organisations like you? For example, say I'm acting for CBA and one of my customers gives their password et cetera to maybe a less reputable company and possibly their bank account's cleaned out, and the customer then approaches me, the CBA, and says, 'Well, you're responsible for that; you shouldn't have allowed that to happen'—notwithstanding the fact that you, the customer, are the one who gave your password. From the CBA's perspective, from the perspective of the major financial institution, if you were advising them—and I know you're not—do they have any basis for legitimate concern in that regard, in the context of my example?

Ms Raetze : They do, but it's the exact same concern as they would have with an API under open banking, because the same thing can happen. It is also the exact same concern that they would have with the fact that you share your BSB and your account details. That is why, when Nigerian phishing hits your account, they're always asking for BSB and account numbers, not for passwords and logons. So, 100 per cent they have that concern, but it's the exact same concern across all those methodologies, and the banks therefore have mechanisms for dealing with that.

Senator SCARR: Okay, but would I have less practical concern if I was in the open banking context and I was dealing with a company that, by definition, had to have invested through into an API and gone through those negotiations? Am I given some practical comfort in that context that I'm dealing with a more substantive organisation?

Ms Raetze : No, because you have to grant access to have screen-scraping ability in the first place, as the CBA or any other bank. And you have to build API into the system of the bank. Screen scraping happens because the intermediary accesses CBA's system and takes a snapshot of the information. CBA can shut that off. So they actually have to allow that access for screen scraping. It's the same access points on both sides.

Senator SCARR: I will just change tack for one quick final question, a practical question. Say I've got $1,650 that I've invested from my change. Can I just redeem that at any time? Is that how the model works?

Ms Raetze : You can withdraw it—intraday, yes.

Senator SCARR: That's very interesting.

CHAIR: Have you had negotiations with the CBA?

Ms Raetze : We've tried.

CHAIR: How would you describe those?

Ms Raetze : As difficult—'stonewalling' springs to mind.

CHAIR: Say I'm a hypothetical new company with a new idea and I'm trying to negotiate with a large company like that—beyond trying to have discussions with them, what are the options?

Ms Raetze : Do you mean if you were a start-up or a fintech and you wanted to engage with the CBA?

CHAIR: Part of your success is tied to what they do. You've obviously thought about this. What sorts of options do you have?

Mr Malone : If we can't get access to them or talk to them or work out a solution, there is nothing else.

CHAIR: Have you given any thought to what we as a government could do to incentivise large businesses to collaborate with smaller businesses? It is a thing that's come up today. You could take it on notice.

Mr Malone : I think, just generally, we've tried, but it just hasn't been successful. That's the hardest part. In the middle of last year CBA issued a product that is in the competitive realms of us. So, they are understanding the threat from us and then they come out with what we believe is anticompetitive behaviour.

CHAIR: Do you have any thoughts on that collaboration between large and small—just to be clear, and for the record—

Ms Raetze : What kind of incentives are you thinking—

CHAIR: Speaking for myself, I recognise that a big part of the potential success of a start-up sector, and getting more innovative products to market, and more competition and choice in Australia, is reliant upon large businesses and government creating an ecosystem where these things can happen. So, we should look at what we do as the Commonwealth. Are we doing everything we can do, through procurement and everything else? But, also, I think that as this committee carries on its business we will look at what large businesses can do to create that ecosystem in Australia—that new ideas can come to market and new products can get into people's hands. I think it is entirely legitimate for us to ask you, as someone who has been through a process, what can be done to create a more harmonious form of collaboration. You don't have to answer it, if you don't want to.

Mr Malone : I think it is difficult. We just have to be mindful of what or who those big businesses are investing in that will benefit themselves, which they tend to do.

Ms Raetze : From the policy perspective you really have only a carrot or a stick. The carrot generally consists of tax breaks or tax concessions of some form and the stick is usually penalties. Both of them are quite cumbersome tools really. But it is a very interesting question and I think we might take it away and see if we can come up with something interesting in response.

CHAIR: That would be lovely.

Senator MARIELLE SMITH: We are over time, so I'll be quick and perhaps you can be quick in response. Getting back to screen scraping. If a 19-year-old millennial joins up to your product and they consent to screen scraping, how do you obtain consent from them and how do they understand what it is that they are giving over to you, and what the risks or implications are of that? How do you communicate with them about that?

Ms Raetze : All through their mobile phone.

Senator MARIELLE SMITH: But how? Is it like 0.4 font in a PDF document of 12 pages, or is it more open and transparent than that?

Mr Malone : It is very clear and very transparent. That is the key to our business. We are very transparent, even to the point that if you want to withdraw your money there is a button that says 'Withdraw'. We don't make it difficult at all. If you want to close your account there is a big red button to do that—

Senator MARIELLE SMITH: Where is it transparent?

Mr Malone : It is all very transparent—in the app, because we are a mobile-first app. It is written in the PDS or the explanation, the key being that the 19-year-old understands what he is actually doing. There is an education process around our app—it comes through what we do in the PDS and the terms and conditions and our additional information document.

Senator MARIELLE SMITH: You are confident that 19-year-old millennials using your product read the PDS and the terms and conditions?

Mr Malone : They have consented to reading the PDS. There is a consent box saying that your name is correct and all the information is accurate and correct and you have given consent and read the PDS.

Senator MARIELLE SMITH: But it is reasonable to assume that a 19-year-old who is signing up may not have done that. Do most 19-year-olds understand the concept of screen scraping?

Mr Malone : I haven't spoken to 19-year-olds to confirm that. I can't answer that.

Senator MARIELLE SMITH: But there is no explicit effort on your part, beyond the PDS and the terms and conditions, to communicate that particular layer of data collection.

Mr Malone : Not that data collection—no. There is an education journey that they—

Ms Raetze : There are additional consents and additional disclaimers within the app. But if your question is whether we think that most people read PDSs in detail—

Senator MARIELLE SMITH: No. You talk about financial literacy and educating the users of your app. Is this something you are actively involved in educating them on, because it is a pretty considerable part—

Ms Raetze : It is such an issue for Raiz and it has been escalated to quite a degree. We have done a lot of email communications with our users—that they understand how it works and what the consequences are. This is in addition to and separate from what is in the app and in the PDS. So you get the disclaimer in the app, you get the information in an email that is sent to you, which has the PDS in it, and, in addition to that, there are a whole pile of questions, FAQs, on our website, where you can look at it, and we do separate email communications to our users that explain it all.

Senator MARIELLE SMITH: Specifically on that issue, of how you use the—

Ms Raetze : Yes, and we can send you what we send out, if you're interested in it.

Senator MARIELLE SMITH: That would be helpful, thank you.

CHAIR: Thank you very much for your time.