Introduction

Data holder white label arrangements bring a distinct set of considerations for data holders representing their organisation and relationships in the CDR. These relationships must align to the CDR rules and be recorded in the CDR Register.

For foundational knowledge on how brands are modelled in the Consumer Data Right Register, please refer to article: Brands in the Consumer Data Right Ecosystem

This paper provides technical commentary on these scenarios and how they are recorded in the CDR Register for the following scenarios:

• Scenario 1: Secondary master brand
  A legal entity owns more than one data holder brand, which are unique and easily distinguished by consumers
• Scenario 2: Distribution only brand
  A data holder brand presents separately marketed lines-of-business such as retail and business, and co-brands with non-data holders
• Scenario 3: Full-service white label brand
  A white labeller data holder services brands provided by non-designated brand owners
• Scenario 4: Portfolio extension
  Brand owner data holder and white label data holder share obligations
• Scenario 5:  Portfolio extension, multiple data holders and/or identity providers

A non-designated brand owner retails many products from different white labellers and customers login to individual white labeller-specific portals.

• Scenario 6: Portfolio extension with separate implementations
  A non-designated brand owner retails many products from different White Labellers and provides a portal to allow their customers to navigate to the appropriate retail channel

Background

Industry has requested ACCC guidance on how to be compliant with CDR where white labelled products are concerned.

Clarification

Clarification on references to ‘data holder’ in the Consumer Data Standards and its correlation to the CDR Rules and CDR Register has been made in the article Brands in the Consumer Data Right Ecosystem. Please refer to it to for context on use of ‘data holder brands’ in this article.

 Guidance on the CDR Rules

At a high level, consumers take up products offered by a brand owner which can be manufactured by a white labeller:

• White labellers are often CDR data holders (ADIs or relevant non-bank lenders), who also market products under their own brands.
• Some brand owners are CDR data holders (ADIs or relevant non-bank lenders), but many are not
• A consumer’s contract is typically with the white labeller, but in many cases the consumer is primarily or exclusively aware of the brand owner’s brand.
• White labellers are usually responsible for complying with existing regulatory obligations, and in most cases white labellers hold most/all product and consumer data.
• There are diverse models for white label products in the market.

The flow of data between a white labeller, brand owner and consumer is illustrated in Figure 1. This includes the potential for data being augmented or generated by the brand owner.  The brand owner is the consumer facing entity that typically interacts with the consumer.

Figure 1: White labelling data flows.

 For guidance on how to comply with the CDR Rules for white labelled products, see:

• section 5.7 and 6.5 of the ACCC’s Compliance guide for data holders in the banking and non-bank lenders sectors
• section 5.1.2 of the ACCC’s Compliance guide for data holders - energy sector.

Example white label arrangements

Data holder brands used in this knowledge article to illustrate examples

For the purposes of illustration, several fictitious data holder brands are presented in this paper to explain a number of variations in white label arrangements.

Table 1: Fictitious Brand Names and entity type

Brand	Brand Name	Type of Entity	Data Holder?
	ABC Bank	Brand owner and white labeller	Yes
	bankACT	Brand owner	Yes
	Bank of Dandenong	Brand owner	Yes
	Beyond Airways	Non-designated brand owner	No
	Credit Bank	White labeller	Yes
	Fresh Money	Non-designated brand owner	No
	Happy Bank	Brand owner	Yes
	Homely	Non-designated brand owner	No
	Occa Home Loans	Non-designated brand owner	No
	AgriBank	Brand owner	Yes

Scenario 1: Secondary Master Brand

Example 1: Data holder owns and operates other master brands

Australian Banking Corporation (ABC) is a large bank which owns a number of smaller regional banks including Bank of Dandenong and bankACT.

Bank of Dandenong and bankACT are both ADIs and hence are designated data holders in the CDR.

Figure 2: Relationship between data holders and secondary master brands

Although ABC owns both bankACT and Bank of Dandenong, both subsidiary banks are are presented to the market as separate data holder brands . Each master brand is presented as a separate brand in the brand selection step for consumers undertaking the consent flow with an ADR.

Example 1 Commentary

While this example concerns banks, this example is also applicable to white labelling arrangements in other sectors, including the NBL sector.

Whether they share some or all of their IT infrastructure with their parent bank, ABC, these secondary master brands are distinct bank brands available in the market. Consumers would be able to access data held by those non- primary brands under the CDR similarly to how they interact with those brands via their internet banking channels today.

However, for all intents and purposes, the banking brands operate separately in the market and the customer logs into each bank using separate credentials.

For example, logging into ABC would not show the customer accounts they hold with Bank of Dandenong.

As each bank brand is separately known to consumers in the market, these would show up as distinct entries in the “Brand Selection/Choose your provider” stage of the consent flow. This is based on how the banks are recorded in the CDR Register as data holder brands.

Figure 3: Brand selection for non-primary brands

 CDR Register

Within the CDR Register, this scenario is represented as the parent data holder legal entity owning and managing one or more data holder brands within the CDR ecosystem. Each of these data holder brands contain a dedicated entry in the CDR Register under the associated legal entity.

This relationship would appear in the CDR public register as follows:

Figure 4: Public Register legal entity & associated brands

 Table 2: End point configuration for secondary master brands

Scenario 2: Distribution only brand

Distribution brands are quite common across many sectors of the economy such as Insurance and Telecommunications. Go-to-market strategies may include products, or suites of products separately branded by the data holder (e.g. everyday banking products versus farm business financial products) or co-branded with another organisation (where promotion of the affiliation provides a key product differentiation).

Example 2: White labeller data holder issues co-branded banking products with non-designated data holders that are made available via the white labeller's internet banking channels

Beyond Airways Ltd provides many co-branded credit cards for its loyalty members. Recognising that its frequent flyers like to earn Beyond Frequent Flyer Points but keep all of their banking with the bank of their choice, they partner with many banks to co-label separate credits cards which are made available via the online banking channel of the customer's bank.
    
                   

Figure 5: co-branded distribution only brand credit cards

In this example, ABC offers the ABC Beyond Advantage Card whilst bankACT offers the bankACT Platinum Frequent Flyer Card. Both cards accrue Beyond Frequent Flyer points as they are co-branded arrangements between Beyond Airways and the individual banks.

Figure 6: Relationship to White Labeller for distribution only brands

Example 2 Commentary

While the example concerns banks, this example is also applicable to white labelling arrangements in other sectors, including the NBL sector.

Customers are aware of the financial institution which issues the credit card and the products are available within the digital channels offered by each financial institution. Customers login and manage their credit card directly with their financial institution, not Beyond Airways.

As the products are available within the data holder brand's digital channels, no separate brand is shown to consumers in the "brand selection" step of consent. Instead, they present as a product retailed under the data holder's brand.

Depending on the separation of the distribution brand to other lines of business, the data holder may choose to present a profile selection step (see CX Guidelines, Authorisation to disclose: Selection Functionality) during authentication to establish data sharing for separate customer groups (e.g. retail vs business banking).

Example 3: A data holder retails products under a separate line of business distribution brands available via its internet banking channel

As part of AgriBank's go-to-market strategy, they offer three separately branded lines of business where its retail banking is called Everyday Banking, its agribusiness is called Farm Business and its larger corporate customers is called Better Business Banking. These brands are not master brands, they are simply brands to differentiate the products they retail to separate consumer demographics where separate business systems are typically used to manage these lines of business.

Figure 7: Distribution brands used for separate lines of business

AgriBank provides a profile selection screen (see CX Guidelines, Authorisation to disclose: Selection Functionality) to allow their different customers to connect ADRs to the correct line of business distribution brand when consumers are establishing consent; the consumer does not see these distribution brands represented as separate brands in the ADR brand selection step as shown in Figure 8.

Figure 8: Profile selection screen

Example 3 Commentary

While the example concerns banks, this example is also applicable to white labelling arrangements in other sectors, including the NBL sector.

Although AgriBank uses branding to differentiate market segments, this is only at the level of the line of business to make it easier to run marketing campaigns and target tailored products to key customer demographics. Customers are aware that all products, regardless of the line of business brand are retailed by AgriBank. Customers login via the AgriBank website for all products.

CDR Register Example 2 and 3

The data holder brand platform makes the products available within current digital banking channels. No additional brand entries are required in the CDR Register to facilitate these additional products.

This relationship would appear against the CDR public register as follows:

Figure 9: Public Register legal entity & single brand

Table 3: End point configuration for distribution only brands

 Scenario 3: Full service white label brand

A designated data holder provides the capability for a range of products that are sold and serviced under a separate brand owned by a non-designated organisation.

Example 4: A distribution only brand owner (non-designated) retails products through a full service white labelled arrangement.

Fresh is a supermarket brand which has diversified into retailing other goods and services through white labelling arrangements (such as white labelled mobile and broadband products) including credit cards manufactured by Credit Group that are branded as Fresh Money.

With each distribution channel, the Fresh customer has separate login credentials managed by each white labeller and the brands are presented separately in the market (e.g. Fresh Money vs Fresh Mobile vs Fresh Supermarkets).

Figure 10: Relationship to Full Service White Labeller for distribution brands

Figure 11 - Brand selection for non-designated data holder brands

As Fresh Money is the branded channel which customers interact with, Fresh Money, serviced by Credit Group, is shown in the ADR brand selection step. Credit Group provide the CDR implementation including customer authentication.

Example 5 Distribution brand owned by designated data holder retails the data holder's white labelled products through a separate retail channel to the data holder

ABC white labels lending products through a distribution brand owned wholly by ABC (Homely). Although it is a distribution brand, the customer logs into a Homely branded banking channel and sees only their Homely products and does not see those products within their ABC banking channels. In this situation, Homely is presented by ABC as a separate data holder brand within CDR where ABC is the data holder.

Figure 12: Relationship between data holder brand distributing products for the data holder

Alternatively, ABC may prefer to show the Homely distribution brand in a profile selection step within ABC if their customers understand the relationship between Homely and ABC.

Example 6: Non-designated brand owner retails credit cards via a white label data holder but looks after authentication

Figure 13: Relationship between non-designated brand owner and white labeller

Beyond Airways provides a white-labelled credit card, under their Aero Money brand, to their loyalty rewards customers. This credit card is manufactured by Credit Group acting as a white labeller. Beyond Airways is not designated as a data holder, however it provides external authentication for Aero Money. This allows customers to login with their frequent flyer loyalty programme credentials. As the data holder, Credit Group is the entity responsible for CDR obligations but delegates authentication to Beyond Airways.

Figure 14: Non-designated brand owner authentication flow

Because Aero Money is the branded channel which customers interact with, Aero Money is serviced by Credit Group as a master brand that is shown in the ADR brand selection step in Figure 14. Credit Group provide the CDR implementation.

Figure 15: Brand selection for Aero Money

CDR Register

The brand owner is not a designated data holder and therefore will not have a legal entity on the CDR Register. The designated data holder, acting as the white label provider, is responsible for maintaining the brand entry in the CDR Register for the non-designated brands. This entry is stored against the white label provider’s legal entity and could also be present alongside the white label provider’s own brand(s).

This relationship would appear against the CDR public register as follows:

Figure 16: Public Register legal entity and white labelled non-designated data holder brands

 Table 4: End point configuration for distribution only brands

Scenario 4: Portfolio Extension

A designated data holder offers a series of products but extends their portfolio with a product white labelled by a different designated data holder. The white label product is seen to be part of the customer’s portfolio with the brand owner and a single authentication is used to service both the directly offered products and the white labelled products.

Example 7: Data holder augments its banking products with credit cards issued by a white label data holder but makes them accessible through their own banking channels

Happy Bank is a data holder. Happy Bank manufactures most of their products however they rely on a white labeller to manufacture their credit cards.

Figure 17: Relationship between brand owner and white labeller

For all intents and purposes, Happy Bank customers are unaware of the white label arrangement with Credit Group. Credit cards issued by Credit Group are branded as Happy Bank credit cards.

Under this arrangement, the white label credit cards are accessible via Happy Bank's existing digital banking channels. As such, the expectation within the CDR is that Happy Bank provides access to the credit card data via Happy Bank's CDR implementation. Customers select Happy Bank during the brand selection stage and authenticate using their Happy Bank credentials. At the account selection stage, the consumer can select both Happy Bank accounts as well as credit cards that are white labelled by Credit Group for Happy Bank.

How Happy Bank and Credit Group integrate and fulfil their obligations is outside the scope of the technical standards.

CDR Register

This scenario has the equivalent CDR Register impact as scenario 2 where the brand owner is a designated data holder. No additional brand entries are required in the CDR Register to facilitate the additional products.

Table 5: End point configuration for Portfolio Extension

Scenario 5: Portfolio extension, multiple data holders and/or identity providers

A brand owner retails many products from different white labellers and provides a portal to allow their customers to navigate to the appropriate retail channel.

 Instead of both direct and white label products being serviced under a single implementation, customers use different backends to access separate facilities for the white labelled products.

Panel arrangements offered by mortgage brokers are a common example where the broker retails products by a variety of ADIs and non-bank lenders under separate distribution brands. The brand owner often presents a “login page” where the customer selects the branded login point for the products they own and they are then redirected from the brand owner to the white labeller's banking channel which is presented under the brand owner’s look and feel.

In this scenario, consumers do not use the same credentials to access data associated with each different brand. This may be due to different data holders servicing the different brands, or the same data holder using different identity providers for different business lines for various technical or business reasons.

Example 8: Distribution brands are presented as separate master brands by each white label data holder on Occa's behalf

Occa Home Loans, in conjunction with their white label data holders, has chosen to align their CDR branding with their market strategy. Under this arrangement, each distribution brand is presented as a full-service white label brand. Thus, each distribution brand shows up as a separately in the "brand selection" step. Consumers must present different credentials to authenticate successfully with the different brands.

CDR Register

All brands have independent entries in the CDR Register. Each data holder is designated and therefore will have its own legal entity entry present on the Register. All brands belonging to the data holder will be published under this legal entity.

Table 6: End point configuration alternative for multiple lines of business

Because both products are presented to consumers under Occa Home Loans branding, it is recommended that both white labellers use the brandGroup field. The recommendation is that the value for brandGroup should be immediately recognisable to the consumer. In this example an appropriate value would be “Occa Home Loans”.

Figure 18: Brand selection for Occa

Two different data holders would appear on the CDR Public Register, each with their own data holder brand for Occa:

Figure 19: CDR Register for Occa, with multiple data holders

Scenario 6: Portfolio extension with separate implementations

NB This scenario is considered less likely to occur than the previous scenarios. These niche examples considered here for reference.

This scenario differs from Scenario 5 in that consumers use the same credentials to access data associated with each different brand.

If the customer accesses all products through a single customer identity and one servicing facility, Example 9 (below) is relevant. In this situation, the brand owner needs to negotiate with their panel of white labellers that are designated data holders as to which data holder provides the ADR facing CDR solution and integration to the remaining white label data holders. The brand owner themselves may also choose to provide the technical solution and integration to each white labeller. Under this arrangement, a single master brand is presented in the brand selection page and upon redirection to the data holder, the customer is presented with the profile selection to select which portfolio brand they connect.

If the customer accesses all products through separate servicing facilities, then Example 10 (below) is relevant with each distribution brand is presented separately.

Example 9: Non-designated data holder offers different line of business products under separate distribution brands each serviced by different White Label DHs under a "brand portal"

Occa offers different home loan products under separate white label arrangements for differentiated market segments. It offers its customers a "brand portal" allowing their customer to navigate to their relevant home loan products. Each market segment is marketed under a different Occa distribution brand.

Figure 20: Lines of business offered by non-designated data holder

The guidance for Scenario 4 is adopted but, within the constraints of the CDR federation statements in the standards, the customer is asked which identity they wish to share from prior to the authentication step of the consent authorisation flow. The path they select will determine which authentication is used and which accounts are available to be shared. All consumers will use a single identity provider in this case. As in Scenario 4, any technical integration as between the different participants is outside the scope of this guidance. Brand grouping is not relevant to this example because only one data holder brand appears in the Register, even though there are multiple brands in the market. For the purposes of this example, it is assumed that ABC Bank, as a designated data holder, is fulfilling all relevant obligations under the CDR.

This relationship would appear against the CDR public register as follows:

Figure 21: Occa Home Loans brand in Public Register

Example 10: Occa continues to operate a "brand portal" for CDR-designated distribution brands

Example 10a

Occa maintains the "brand portal" concept and develops a profile selection screen (see CX Guidelines, Authorisation to disclose: Selection Functionality) presented to the consumer after redirection from the ADR and allows customers to redirect to the appropriate distribution brand. The consumer is present with a single brand – in this example Occa Home Loans – at the provider selection step, and all consumers use the same identity provider. Brand grouping is not relevant to this example because only one data holder brand appears in the Register, even though there are multiple brands in the market.

The consumer must have sufficient context to know that the banking profile is part of the brand and will therefore select the relevant brand.

Figure 22: Profile selection for multiple lines of business

CDR Register

All banking profiles will be represented under the one brand within the CDR Register, as shown in Figure 21

Table 7: End point configuration for multiple lines of business

Example 10b

The two different facilities are considered master brands and have their own independent entries in the CDR Register. Whether the technical implementation for the white labelled brand is managed by the brand owner (aligned to Scenario 1) or by each white labeller (aligned to Scenario 3) is a decision to be determined by the various parties. Consumers use the same credentials to access the different brands.

Because there are multiple data holder brands and because the relevant products are presented to consumers under Occa Home Loans branding, it is recommended that both data holder brands use the brandGroup field. The recommendation is that the value for brandGroup should be immediately recognisable to the consumer. In this example an appropriate value would be “Occa Home Loans”. The brand configuration in this case is as described in Table 7 above.

Conclusion

This is not an exhaustive list of all such arrangements however the DSB and ACCC are seeking feedback on any that fall outside of those described here. To provide feedback, please raise a ticket through the CDR support portal.