Open Banking in Australia: CDR, Data Sharing & What It Means

What Is Open Banking?¶

Open Banking is the principle that customers own their financial data and should be able to share it securely with third parties of their choosing. In Australia, this is implemented through the Consumer Data Right (CDR) — a legislative framework that gives individuals and businesses the right to access and direct the sharing of their data held by banks, energy companies, and telecommunications providers.

For banking specifically, the CDR means that if you bank with Apex Bank, you can authorise a trusted third-party provider — such as a budgeting app, a mortgage broker, or a competing bank — to access your transaction history, account balances, product details, and more. The data flows through secure, standardised APIs rather than the risky practice of screen-scraping that previously dominated the fintech landscape.

How the CDR Works in Practice¶

The CDR framework involves three key participants:

• Data Holders: Banks and financial institutions that hold customer data. All ADIs (Authorised Deposit-taking Institutions) are required to participate, including Apex Bank.
• Accredited Data Recipients (ADRs): Third-party companies accredited by the ACCC to receive and use consumer data. Accreditation requires meeting strict security, privacy, and governance standards.
• Consumers: Individuals or businesses who consent to their data being shared between data holders and accredited recipients.

When you initiate a data-sharing request, you authenticate directly with your bank through a secure consent flow. You choose exactly which data sets to share, for how long, and can revoke consent at any time. No passwords or login credentials are shared with the third party.

Data Categories Available Under CDR¶

Benefits for Apex Bank Customers¶

The CDR delivers tangible advantages that go well beyond the abstract notion of "data portability":

Easier rate comparison: Rather than manually gathering statements from multiple banks, you can authorise a comparison service to pull your actual rates, fees, and balances. This provides a like-for-like comparison that accounts for your specific product features and usage patterns — not just headline rates.

Streamlined loan applications: When applying for a home loan or personal loan, sharing CDR data can replace weeks of gathering payslips, bank statements, and expense records. Apex Bank's home lending team can receive verified transaction data directly, accelerating the assessment process and reducing the documentation burden on applicants.

Better budgeting tools: Fintech applications like budget trackers and savings optimisers can access your real transaction data with your consent, providing personalised insights rather than generic advice. These tools can identify subscription creep, highlight spending patterns, and suggest actionable savings strategies.

Faster account switching: One of the longstanding barriers to switching banks has been the friction of moving direct debits, salary credits, and recurring payments. CDR data enables receiving banks to identify all your existing arrangements and facilitate a smoother transition.

How Apex Bank Participates¶

Apex Bank is a fully compliant CDR Data Holder, meaning we support inbound and outbound data sharing requests from our customers. Our implementation includes:

• Secure consent dashboard: Available in Apex Internet Banking and the Apex Mobile App, the dashboard shows all active data-sharing arrangements, the data being shared, and the expiry date of each consent.
• One-click revocation: You can withdraw consent for any data-sharing arrangement instantly. Once revoked, the accredited recipient must delete your data within a prescribed timeframe.
• Proactive notifications: We notify you whenever a new data-sharing consent is established and send periodic reminders about active arrangements.
• CDR support team: Our dedicated support line can assist with questions about data sharing, consent management, or accredited recipient verification.

Data Security and Privacy¶

Security is the cornerstone of the CDR framework. Several layers of protection are built into the system:

1. Accreditation gatekeeping: Only companies that pass the ACCC's rigorous accreditation process — covering information security, insurance, and dispute resolution — can receive CDR data.
2. Encryption in transit and at rest: All data flows are encrypted using TLS 1.2+ and must be stored with AES-256 encryption or equivalent.
3. Consent granularity: Consumers choose precisely which data sets to share. A budgeting app does not need your mortgage details, and you are not required to share them.
4. Time-limited consent: Sharing arrangements have a maximum duration of 12 months, after which they expire automatically unless renewed.
5. Data minimisation: Accredited recipients may only collect and retain data that is reasonably necessary for the service they provide.

The Future Roadmap¶

The CDR continues to expand. Action initiation — the ability for accredited third parties to not only read data but to initiate transactions such as payments and account openings on your behalf — is in active development, with Treasury consulting on the framework through 2026. This evolution would enable scenarios like a budgeting app automatically sweeping surplus funds into a higher-yield savings account, or a broker submitting a loan application directly to multiple lenders simultaneously.

Apex Bank is actively engaged in the Treasury consultation process and is investing in API infrastructure to support action initiation capabilities as they become available.

This article is general information only and does not constitute financial or legal advice. For questions about your CDR rights, visit cdr.gov.au or contact Apex Bank's CDR support team.