Comply with CDR Banking (Open Banking) — major + non-major ADIs
Banking data holders must share consumer data with accredited recipients on consumer consent.
Who must comply
Banking data holders (ADIs); accredited data recipients.
What triggers it
Being an ADI; becoming an ADR.
When due
Continuous; incident notification within 30 days.
Evidence required
CDR Register listing; consumer authorisation records; incident register.
Max penalty
Civil penalties up to $10M / 3× benefit / 10% turnover (CCA s56EV); ACCC + OAIC joint enforcement
Summary
Consumer Data Right (Banking) commenced for major banks July 2020, non-major banks July 2021. Data holders must share product + consumer data via accredited APIs. Accredited data recipients face Privacy Safeguards regime.
Enforced by
Source legislation
Industries
Topics
Related obligations
- CWLTHMajor banks must provide CDR Banking + Action Initiation (2026)CDR Action Initiation lets accredited recipients initiate payments + actions on consumer behalf.
- CWLTHConsumer Data Right (CDR) participant accreditation + complianceBanking, energy and (soon) non-bank lending data sharing — accredited participants must comply with privacy safeguards.
- CWLTHCDR Energy sector — phasedEnergy retailers + distributors must share data via CDR.
Frequently asked questions
- Who must comply with CDR Banking (Open Banking) — major + non-major ADIs?
- Banking data holders (ADIs); accredited data recipients.
- What triggers CDR Banking (Open Banking) — major + non-major ADIs?
- Being an ADI; becoming an ADR.
- When is CDR Banking (Open Banking) — major + non-major ADIs due?
- Continuous; incident notification within 30 days.
- What is the maximum penalty for CDR Banking (Open Banking) — major + non-major ADIs?
- Civil penalties up to $10M / 3× benefit / 10% turnover (CCA s56EV); ACCC + OAIC joint enforcement
- What evidence is required for CDR Banking (Open Banking) — major + non-major ADIs?
- CDR Register listing; consumer authorisation records; incident register.
Source: https://cdr.gov.au/banking. Rules Mate is not a law firm. Always verify against the live regulator source before acting.