Comply with CDR Banking (Open Banking) — major + non-major ADIs
Banking data holders must share consumer data with accredited recipients on consumer consent.
Who must comply
Banking data holders (ADIs); accredited data recipients.
What triggers it
Being an ADI; becoming an ADR.
When due
Continuous; incident notification within 30 days.
Evidence required
CDR Register listing; consumer authorisation records; incident register.
Max penalty
Civil penalties up to $50M / 30% turnover; ACCC + OAIC joint enforcement
Summary
Consumer Data Right (Banking) commenced for major banks July 2020, non-major banks July 2021. Data holders must share product + consumer data via accredited APIs. Accredited data recipients face Privacy Safeguards regime.
Enforced by
Source legislation
Industries
Topics
Source: https://cdr.gov.au/banking. Rules Mate is not a law firm. Always verify against the live regulator source before acting.