Regional Australia Bank developed its CDR system using Microsoft Azure with API Management Services providing integration to the wider banking ecosystem.
Rob Hale, Chief Digital Officer of Regional Australia Bank, said: “The CDR means we were one of the first businesses to be able to consume CDR data from the initial Data Holders- the big four.
“Being a Data Recipient means we can streamline processes, saving customers time and effort. Our initial CDR use case is being optimised to take the bad friction out of online lending – the uploading of bank statements and asking applicants to say how much they spend on education, transport, travel etc,” Hale said.
“We can automate that whole process which creates more time to have a human conversation about someone’s financial needs. Being a Data Holder also has value in our minds – if our customers can get a service they like elsewhere, perhaps a personal financial management solution or some budget tool that’s better than the one we offer, then we want to facilitate their safe use of that tool.
“We used Azure for CDR because we have it as an established and trusted cloud provider for our organisation’s infrastructure. Azure became our chosen platform because of its rigorous demonstrated adherence to APRA regulated privacy and security principles.
“It has provided us with a good platform for hosting containerised micro-services securely within segregated VNETs behind trusted firewalls and API management.”
On the security of data moving from bank to bank, Hale said: “We collect CDR data, have it processed and delete the original data all within a matter of seconds. There is no record of the original data stored on our systems from that point on. We create a high-level summary of the analysed CDR data and that is stored securely against the user’s loan application on our existing, mature core systems,” Hale commented.
“During transit, the user’s data is encrypted at all times. And during those few seconds where the data is on our secure systems being processed, it is effectively anonymous data, it does not contain any information to link it to any individual.
“In addition to API Management Services, we’ve leaned on Azure container groups, firewalls, log analytics, private DNS, key-vault, SQL databases, virtual networks as well as subnets with security groups to deliver our solution.
“This has allowed us to reliably template deployments, manage our costs, provide visibility while appropriately isolating the solution from our other services in a secure manner.”