Nov 30, 2021 • 7 minutes read

Australian CDR - how are banks welcoming it?

While at a first glance Consumer Data Right (CDR) might seem an intruder to the peace that Australia’s financial institutions have built for themselves, CDR is here to stay and bring benefits to all players involved, provided that we all make it work.  

The Australian Competition and Consumer Commission (ACCC) defines CDR as a mechanism requiring Data Holders to allow third parties to securely access bank data, with the end customer’s consent. While it can be easy to tag it along with other Open Banking initiatives, the CDR has a much broader scope than PSD2 or Open Banking in the UK for so many reasons beyond the industries it will apply to (banking, energy, telecom, etc). It grants real power to the users, securely replacing pain points like filling out numerous forms, the complexity of bureaucracy, and the lack of transparency. All this makes banking something truly adjustable to numerous daily life events, in a useful and invisible manner.

So how open is banking in Australia?

Open banking starts from Data Holders truly opening access to Consumer Data and keeping the APIs’ availability stable all the way. So far, out of 97 authorised deposit-taking institutions (ADIs) mandated to be CDR compliant as Data Holders, over 60% appear live on the ACCC site. All of them share Public Product data and only half of them (30) share both Product and Consumer Data.

CDR pie

The ACCC offered detailed documentation on the CDR standard, but only 8 banks have a developer portal or offer some kind of information on their websites about their APIs, keeping open banking quite closed to any third party that would want to test the APIs without being an Accredited Data Recipient (ADR) yet. High costs to get accredited as an ADR and no means of testing are a challenge to enforcing competition, thus limiting the involvement to larger businesses only and cutting off medium and smaller ones from participating.

The deadline for Data Holders to open access to Consumer Data (accounts, transactions, balances) has passed, and their struggle to meet the requirements is visible: tardiness in accepting that CDR is here to stay and no proper planning for it, no clear commercial risks and opportunities for banks, significant additional expenses to bear, suppliers that don’t deliver just yet.

What do banks gain from true Data Holder compliance?

CDR is about opening access to Consumer Data, which is difficult to be perceived as something other than an extra expense by a bank. Accept that change is a part of business and that new opportunities will constantly appear. Having a working environment in place that can support new initiatives will be important. The experience of other markets shows that benefits are visible only when everyone is participating consciously, not just to tick a box.

By opening access to Product and Consumer Data, Data Holders can:

  • become Data Recipient themselves, easily. One bank can leverage another banks’ data, simplifying important processes such as account switching, end users’ verification, automatic loan granting based on financial history received from other financial and credit institutions, identification of funds or income sources, automating treasury management processes for business & corporates, and so much more. Once banks become Data Recipients, besides Data Holders, they will understand the importance of open banking for all parties involved;
  • get a new distribution channel for their products – the third parties (fintechs, non-bank lenders, insurance companies, other banks, accounting and ERPs, etc) that will be able to compare products and offer multi-banking options to end-users. Not opening up the data through working APIs means that your users won’t be able to leverage the open banking perks provided by modern fintech services, which can lead to loss of current client base and potential new users, who’ll simply switch to more modern services ensured by your competitors;  
  • deliver better products with better user experience, useful and functional even in times of lockdown, when visiting your branch for sharing access to our accounts or getting bank statements is simply not safe;
  • get access to ongoing consumer behavior “research” with 3rd parties connected to their data. Also, the new business models of these 3rd parties can inspire the bank to create new services, new monetisation methods, and new partnerships;
  • build premium APIs on top of CDR in order to generate new revenue streams and new channels for promoting bank services via the above-mentioned Data Recipients.

cdr data holder

2 years of PSD2 later had more than 80% of the European banks affirming that the directive comes with more opportunities aboard than threats, the latter being seriously outweighed by the advantages that compliant banks are now benefiting from. 

Is there an easy way to open banking?

I’ll play the captain and say that the easy way is doing it the right way straight from the beginning: delegate. Since everybody has limited resources, focus on what brings value to your business and leave the CDR to a 3rd party provider. For the medium and small banks, that’s the only solution saving them additional expenses, providing the Open Banking expertise, innovative business model experience, and slacking them of the need for operational interaction with the ADRs. 

Here are just some of the things any Data Holder should pay attention to when deploying the CDR APIs:

  1. Have good documentation in place, available on your website, and make it possible for Data Recipients to test your connections through environments mimicking the live ones: less friction with developers – fewer issues to solve from the ADRs;
  2. Make sure that anyone has access to the testing facility until accreditation is received so that there are no issues for Data Recipients providing their services to end-users when they go live;
  3. Have a transparent ticketing system for issue resolution between Data Holders and Data Recipients with reasonable SLAs. Inform them in advance of maintenance events you plan. Business continuity of the Data Recipients will now depend on the APIs and their availability provided by Data Holders;
  4. Integrate the user dashboard with consent management on your web/mobile banking interface. Your CDR compliance provider should provide you the API delivering that functionality;
  5. Have one interface to manage all CDR components: ADR consents, API statistics, different environments, tickets, overview on reporting to ACCC, etc.

Request all the above elements from your vendor and in addition ask for support with the Conformance Tests, all kinds of audits. A good vendor will take care of everything for you, and will make the relationship with ADRs feel like a partnership more than a competition.

Salt Edge has launched its solution for Data Holders under CDR that will cover banking, energy, and all the sectors yet to come. More on the solution can be read here. Our experience in building Open Banking APIs for more than 100 institutions and consuming the ones of five thousand Open Banking APIs across the world validated our approach. Our solution promises 3 things that are important in Open Banking: cover all regulatory requirements, fast and secure deployment, and will actually work.

About Salt Edge

Salt Edge – a financial API platform with Open Banking solutions. The company has two main vectors of activity: enabling third parties to get access to bank channels via a unified gateway, and developing the technology necessary for banks to become compliant with the open banking regulations globally. ISO 27001 certified, the company employs the highest international security measures to ensure stable and reliable connections between financial institutions and their customers. The company is integrated with 5000+ financial institutions in 50+ countries.

More information:
Phone number: +44 203 936 3505


Subscribe to receive our latest news and updates


By submitting your email address you agree to receive emails from Salt Edge in accordance with Terms of Service and Privacy Policy.