Rules Mate

Comply with CDR Banking (Open Banking) — major + non-major ADIs

Banking data holders must share consumer data with accredited recipients on consumer consent.

highcurrentongoing

Who must comply

Banking data holders (ADIs); accredited data recipients.

What triggers it

Being an ADI; becoming an ADR.

When due

Continuous; incident notification within 30 days.

Evidence required

CDR Register listing; consumer authorisation records; incident register.

Max penalty

Civil penalties up to $10M / 3× benefit / 10% turnover (CCA s56EV); ACCC + OAIC joint enforcement

Summary

Consumer Data Right (Banking) commenced for major banks July 2020, non-major banks July 2021. Data holders must share product + consumer data via accredited APIs. Accredited data recipients face Privacy Safeguards regime.

Enforced by

Source legislation

Industries

Topics

cdropen-banking

Related obligations

Frequently asked questions

Who must comply with CDR Banking (Open Banking) — major + non-major ADIs?
Banking data holders (ADIs); accredited data recipients.
What triggers CDR Banking (Open Banking) — major + non-major ADIs?
Being an ADI; becoming an ADR.
When is CDR Banking (Open Banking) — major + non-major ADIs due?
Continuous; incident notification within 30 days.
What is the maximum penalty for CDR Banking (Open Banking) — major + non-major ADIs?
Civil penalties up to $10M / 3× benefit / 10% turnover (CCA s56EV); ACCC + OAIC joint enforcement
What evidence is required for CDR Banking (Open Banking) — major + non-major ADIs?
CDR Register listing; consumer authorisation records; incident register.

Source: https://cdr.gov.au/banking. Rules Mate is not a law firm. Always verify against the live regulator source before acting.