Basiq Insights

Open Banking CDR

The Definitive Guide to Open Banking in Australia

The Consumer Data Right and Open Banking is quickly changing the landscape of financial services in Australia.
In this informative article we explore the basics of Open Banking in Australia, looking at its benefits, the key players, accreditation, security and much more.


Open Banking represents a seismic shift in the fabric of financial services. It allows consumers to have greater control over their financial data, which stimulates competition, allowing smaller institutions, startups and fintechs to leverage said data in order to compete with incumbent institutions who have dominated the industry for so long.

What is Open Banking?

Open Banking is an innovative and legislated financial services practice which gives consumers the option of sharing their personal information and financial data with accredited third parties, through the use of application programming interfaces (APIs). This creates an unprecedented ‘open’ network of shareable data between financial institutions, who hold consumer data, and service providers, who use the data to create new offerings under the express consent of the consumer.

Why does Open Banking matter?

Open Banking will change the way consumers and businesses interact with their finances, and increase the ease and efficiency of data sharing between financial institutions. Open Banking gives consumers more control over their financial data and makes it easier to share their data with companies they trust. This efficient transfer of data will also make it easier for companies to offer new products and services, powered by a technical and regulatory framework to allow consumers to securely share their information in a secure manner. Open Banking is the future of financial services – chat to the Basiq team about Open Banking access here

What are the main benefits of Open Banking?

Open Banking gives accredited businesses access to valuable data that was previously siloed and held within larger financial institutions.  In this sense, Open Banking ‘levels the playing field’ for businesses who wish to create new products and services without the overhead of manually integrating with a number of financial institutions. Consumers will now be able to access and share their banking data with trusted and registered third parties in order to improve their own financial situations, for example, by comparing accounts or accessing new products.

Open Banking is dictated by federal legislation known as the Consumer Data Right (CDR), providing a set of  mandated APIs that will provide a stable and reliable connection to customer & financial data, reduce engineering effort, and ultimately improve the customer experience and efficiency of data sharing. These APIs also provide universal data standards across financial institutions, which allows for improved interoperability across financial institutions. 

Value for Consumers

Open Banking will simplify switching banks and sharing information regarding your account information, transaction history and other financial details. This information can be used to analyse, optimise and enhance your financial situation. This concept also applies to a number of use cases, such as: ease by which you will be able to sign up for new credit or debit card, manage your joint accounts, apply for investment loans, and utilise financial products and budgeting tools which track and plan expenditures – ultimately making your money and general financial wellness a more enjoyable and interactive experience.

Benefits for Fintech Companies

Open Banking is empowering for Fintech companies, creating a number of use cases within the financial services industry for those who are using financial data in a novel way. First and foremost, the Open Banking legislation creates competition, challenges the status quo, and levels the playing field of banking, allowing smaller companies and financial institutions equal access to a market which major banks have oligopolised for so long. 

With the data sharing pipes laid, it will be much easier to initiate consumer data sharing between data holder and data recipient, which will make it easy to compare, contrast and swap banks, which will ultimately elevate competition in the financial sector. Smaller banks and Fintechs will be able to compete with their larger counterparts based purely on their product and service offerings.

Introduction to the Consumer Data Right

What is the Consumer Data Right?

The Consumer Data Right (CDR) is the overarching policy that governs Open Banking. CDR dictates a granular, consent-driven set of rules that allows consumers to share their data  with accredited third parties in order for them to provide great products and services. CDR exists as federal legislation at the Treasury level, while the Australian Competition and Consumer Commission (ACCC) is accountable for accrediting potential data recipients, co-regulating compliance with the Office of the Australian Information Commissioner (OAIC) and providing guidance to stakeholders about their rights and obligations.

CDR is currently only being applied to the Financial Services sector in Australia, however it is expected to be implemented into adjacent sectors, such as Energy, Utilities and Telecommunications.

What are the steps to get accredited?

The government has mandated a number of ways to obtain access to Open Banking Data. Due to the inherently sensitive nature of data sharing, there are well-thought out accreditation models dictated by the  ACCC. The Federal Government has incentivised smaller institutions and fintechs to drive innovation and competition in the market, which has led to the genesis of additional accreditation models to make Open Banking more accessible.

What accreditation models are there?

Due to the stringent mandates and restrictions mentioned above, tiered accreditation models have been proposed which would allow regulators different levels of accreditation to participate in CDR. According to the ACCC, they are as follows:

Current models:
Unrestricted ADR

This is the current CDR Accreditation Model, and, as the name suggests, provides unrestricted ADR, as well as allows the service to receive raw CDR data and act as a sponsor or principal.

Sponsorship Model

The sponsorship model allows organisations to gain access to CDR data by using an unrestricted ADR as a sponsor, which would reduce the cost of accreditation. In this model, all that would be needed is sponsored accreditation (which is still regulated by the ACCC),  and a sponsorship arrangement, which is a commercial arrangement between both parties outlining the mechanisms of consent, data sharing and compliance.  Any company can be a sponsor (also known as an affiliate), however there will always be business considerations when considering sponsorship, such as security, reputation and mutual benefits.

Principal/ CDR Representative Model

This is primarily a business arrangement between an unrestricted ADR and a company, however it differs from the Sponsorship Model as there is no official accreditation required. Under this arrangement, a CDR Representative may only disclose data to their principal (each CDR may have one principal only under this model). This arrangement would also place responsibility (and liability) of the data squarely on the ADR.

CDR Insights Model

This arrangement also does not require external accreditation, and can be utilised with any company who works with an unrestricted ADR. Under the Insights Model, non-accredited parties would receive low-risk insights and data which would benefit their customers in specific ways. This could include verification and management of customer accounts, income, expenses and account balances. 

Trusted Advisor Model

The Trusted Advisor Model would allow CDR data to be shared with trusted advisors and verified professionals, such as qualified accountants, tax agents, financial advisors and mortgage brokers. Again, no external accreditation would be needed, just targeted access to specific data with the customer’s consent through an unrestricted ADR.

For more detail on the intricacies of accreditation, visit the CDR data recipient information page on the Australian Government website or check out Basiq’s latest article on CDR Amendment Version 3.

Introduction to the Consumer Service Provider Model

Basiq has proposed a more inclusive model: the Consumer Service Provider Model. We believe that this model would drastically reduce barriers to participation in Open Banking, as well as better balance the governance needed to support such a system. The Consumer Service Provider Model is based on four key principles:

  1. CDR data should be shareable with non ADRs. Many businesses already handle sensitive customer data i.e. banking, passports and medical data. If these businesses are able to seek consumer consent and handle the data in a safe and CDR-compliant manner, then non-accreditation should not prohibit them from doing so.
  2. ADRs that require direct access and communication with Data Holders should continue to be regulated as per current requirements.
  3. ADRs should be responsible for educating third parties on data security and governance.
  4. Each party should ultimately be responsible for their own actions in the handling of CDR data.

To learn more about this exciting new proposal, read our article: “Response to CDR Amendment Version 3”.

How Open Banking works

Open Banking gives you all the tools you need to leverage data and improve your services. CDR Open Banking is revolutionising data governance, data sharing and data consistency, as well as enabling institutions to deploy multiple use cases on a single platform, develop, test and deploy your application safely and securely.

Mechanics of Open Banking

Open Banking was designed to promote the liquidity of consumer-consented data. As such, the process is stringent considering the privacy and security concerns related to sensitive data. For consumers to share their data via Open Banking, they will need to follow the following steps: 

Open Banking cannot exist without the consumers consent. Before anything happens, you must give permission for the provider to access your data, which you can do through the third party’s webpage, application, or through the CDR website. Equally as important is the concept of “ongoing consent”. The CDR has laid out key principles that must be abided by, and one of these is that consent must be “current”.  Consent is only as current as the consumer’s original intent,  so if attitudes and behaviours change over time, or are impacted by external events or consumer awareness, consent must continue to align with the consumer’s preferences at their discretion.

Verify identity

Verification of identity is key when dealing with sensitive information. Consumers will be required to identify themselves up to the standards mandated by the CDR legislation, which can be accessed either through a bank or the CDR website.

Confirm data sharing

These checks and balances may seem tedious at first, but it is for your own protection. Consumers who use open banking will always be in charge of their data, and will need to provide granular consent whenever it is accessed by third parties. When you give access to a third party, your bank will confirm with you that you want the data to be shared, specify how you want it to be shared, and for how long, before they do so.

Data is shared and used

Once confirmed, your data will be transferred using an API to the third party and it can then be utilised in their service on your behalf. Again, this will all be consented to by the consumer, who will always have the option of stopping data sharing, deleting data stored by third parties or changing the process in any way they see fit. Open Banking exists to serve the consumers, not exploit them.

This is where Basiq comes in as a one stop shop. Our advanced APIs allow secure access to customer-consented financial data and financial tools to uncover valuable insights. Basiq provides all the essential data that you will need to build a complete picture of your customer’s finances. Basiq provide services as follows:

  • Data Aggregation and Enrichment: your shared financial data is aggregated, enriched and demystified to provide a single view of your finances – across each of your banks
  • Spending Insights: your shared financial data is analysed to provide insights into spending, including the category of spend
  • Income Insights: your shared data is analysed to identify your income streams including surfacing patterns around regularity and stability
  • Affordability Report: insights above are presented in an easy to read PDF report

Basiq also boasts “Dynamic Switching” using a single unified API. This allows Basiq to switch between CDR Open Banking data collection and digital data capture to ensure a seamless extension of apps with minimal code changes, making it easy for our customers to decipher and make use of the information without having to worry about all “the pipes” (data access methods), as well as providing optionality when a customer may require richer data than what is provided by Open Banking. 

To learn more about the specific functions and applications of our Basiq products,  check out our Basiq products page.

CDR’s Open Banking rollout in Australia

Open Banking will revolutionise banking in Australia, but it is not an overnight sensation. What made the concept feasible in Australia was the Murray (2014) and Harper (2015) reviews, followed by the Federal Government’s 2017 commission’s inquiry into Data Availability, which later triggered the Farrell report the following year which proposed the establishment of the CDR. This sparked the beginning of the rollout, which has led to Open Banking being well on its way to becoming a household term and common financial practice. To learn more about the current state of Open Banking, read our illuminating article: “Open Banking: One Year On”.

The Open Banking Timeline:

  • May 2017 – Government announces CDR commision.
  • May 2018 – Government accepts recommendations and approves the phased implementation of Consumer Data Right. Four major banks are approached to make their data available.
  • July 2019 – Major Banks provide product reference data on Phase 1 products, which include personal basic accounts, GST and Tax accounts, savings accounts and credit and charge cards. Visit the Australian government website for a full list of Phase 1 products.
  • August 1 – Government pass Open Banking legislation.
  • February 2020 – Participating banks provide product reference data on Phase 2 products like home loans, investment property loans and personal loans. Visit the Australian government website for a full list of Phase 2 products.
  • July 2020 – Participating banks provide product reference for Phase 3 products, such as business finances, lines of credit and cash management accounts, as well as account and transaction data.
  • November 2020 – Participating banks provide access to mortgaged personal loans.
  • July 2021 – Other banks must join the participating banks in providing access to data for savings and transaction accounts (Phase 1).
  • November 2021 – Other banks must join the participating  banks in providing access to home and personal loan data (Phase 2).
  • February 2022 – Other banks must join in providing access to business products, retirement accounts and foreign currency accounts (Phase 3).

Visit the ACCC website and to learn more about the project overview.

Which banks use Open Banking?

All the major Authorised Deposit Taking Institutions in Australia are required to operate under the Open Banking framework, and many of the smaller and mid-sized banks are expected to come aboard in the future also. See the full list of current data holders and recipients at the Consumer Data Right.

Security considerations of Open Banking

How safe is open banking in Australia?

Open banking is not only useful, but it is safe and secure.

It has always been common practice to carefully guard our private information and data to prevent security breaches. But Open Banking is a carefully regulated government initiative which can be implemented and operated only by accredited data recipients registered with the ACCC, whose sharing processes have been approved by a number of regulatory bodies, including the CSIRO. We securely share your data, using a consent driven system, and ensure that your banking data will be used only in ways that you consent to.

Basiq never shares personal identifiable data without your permission, we do not use overseas third party providers and we store data in Australian data centres. The data never leaves Australia, and it is not monetised. Basiq provides a dashboard which is created to keep companies up-to-date on what data is being shared, which gives them more control over its capabilities and utilisation.  

What data is shared under CDR Open Banking?

Open banking is used to provide insights into your CDR data, and to allow accredited third parties to use your personal information to offer specialised and personal advice to you as their client. In order to do this, they need access to data related to your accounts, balance details and transaction details. Some of these are as follows:

Account Details

  • Product category, account type and product name ( e.g. TRANS_AND_SAVINGS_ACCOUNTS, termDeposit, 90 Days Deposit)
  • BSB and account number / masked number
  • Account status, nickname, owner (true/false), holder/display name and metadata, such as credit cards, term deposits and loans.cdx

Balance and Transaction Details

  • current balance
  • available funds
  • status (pending / posted)

Learn more about the CDR data standards at Consumer Data Standards Australia.

What data guidelines does the CDR prescribe?

Stringent Consumer Data Standard (CDS guidelines) have been developed by the Australian Government to ensure that Consumer Data Right legislation gives Australians greater control over their data. These guidelines cover general standards, security profiles, consumer experience, banking, admin and common APIs, schemas, known issues and non-functional requirements.  

Each company is also bound by the mandated security guidelines, and will have implemented advanced security measures to ensure data can be shared without fear or worry of it being compromised. These security protocols prevent security breaches, efficiently deal with breaches in the unlikely case that they occur, automatically review and prevent incidents happening in the future and optimise performance overall.

Basiq is committed to keeping customers’ data secure, which is why our security approach focuses on security governance, risk management and compliance. Basiq ensures that our physical infrastructure is hosted and managed in certified data centres with restricted network access, that all data is encrypted at rest and in transit, and that multi-factor authentication and real-time monitoring are employed to keep our system secure. To learn more about our security practice read our in-depth article on Basiq CDR Policy.

Open Banking on the global stage

Who are global Open Banking leaders?

The Competition and Markets Authority (CMA) initiated open banking in the UK to generate competition and innovation in a market heavily dominated by large financial institutions. A similar concept was formulated under the name Second Payment Services Directive (or PSD2, for short) which Governed the EU. In 2018, and, under their mandate, nine of the largest banks in the UK began to implement open banking and produce open APIs to assist with the process.

Open Banking in Australia does have some key differences compared to its earlier counterparts in the UK and the EU.  The core principles of Open Banking are the same between the two regions, however there are differences in approach, mechanisms and scope. For instance licensing is different, with Australia not having an equivalent to the UKs Payment Services Regulations (2017), however the overall requirements in both regions accomplish similar outcomes regarding regulation. 

There are also many similarities. Firstly, the reasoning behind Open Banking is the same — to encourage competition in the market. Like Australia, the Open Banking ecosystem and its participants in the UK are strictly registered, and there is a standardised and mandatory way of collecting and sharing data, as well as how banks and third parties connect. Both regions use a central authority to prevent mishandling of data, issue certificates to trusted affiliates and identify each other.

Looking to the future of Open Banking

Open Banking will cause a seismic shift in the way consumers interact with their data, change the way businesses operate and yield economy-wide benefits. By February 1, 2022, the date that ‘full data transfer for consumers’ will be available, there will be a seismic shift in innovation and there are a plethora of innovative use cases that will be able to leverage the CDR consent framework and Open Banking data made available. This will mean consumers have a lot more options, in no small part because of the inevitable unbundling of a large number of products currently provided by the Big Four. This is undoubtedly the most exciting part of the Open Banking journey.

To learn more about the future use case for Open Banking fill out the form to download the white paper.

Examples of Open Banking at work

Basiq allows customers all the tools they need to leverage financial data, access account and transaction data in real time, enhance transactions with merchant data, gain deeper insights into customer’s finances and, will eventually be equipped with insight-driven automation.

View Basiq partner showcases here to learn more about access to financial data in action.

Open Banking – Frequently Asked Questions

What is Open Banking in Australia?

Open Banking is an exciting initiative in Australia, and one which is primed to explode  as more and more consumers uptake services with Open Banking-enabled capabilities and more companies realise the benefits for them and their customers. 

Is Sharing my Financial Data Safe?

Yes. In sharing your personal and financial data you are afforded the utmost consumer protections, architected by years of regulatory policy, technical design with privacy at the forefront., This is a highly secure initiative which is just as safe as sharing your personal data with your financial institution. Authorised banks and third parties must adhere to strict accreditation criteria to be eligible, so there is absolutely nothing to worry about. Your data is safe.

It is also important to keep in mind that you are completely in control of what data you share, and can revoke consent to share it at any time. In this case, all personally identifiable data will be deleted.

What Banks use Open Banking?

All the big banks now provide open banking, with many of the smaller and mid-sized banks quickly following suit. Over 200 Fintechs and banks rely on Basiq’s platform to share data and deliver innovative financial solutions across lending, payments, wealth and digital banking. The potential of Open Banking is generating huge growth and transition in the banking sector, and experts expect a boom in usage in the future.

See the full list of current data holders and recipients at the Consumer Data Right to familiarise yourself with the institutions involved in open data sharing.

What are some Open Banking examples?

All of your banking, including changing banks, signing up for new credit cards or applying for loans or mortgages, will eventually ALL be able to be done over the internet through sharing of CDR data.