Accreditation rules relaxed as govt ramps up Consumer Data Right


Denham Sadler
Senior Reporter

The federal government has significantly relaxed the accreditation rules around the Consumer Data Right, with participating companies to be able to “sponsor” smaller firms to take part in the scheme without accreditation.

Under version three of the Consumer Data Right (CDR) rules, released by Treasury this week, companies with accreditation under the scheme will be able to “sponsor” other parties to participate and receive consumer data without going through the onerous accreditation process.

Jane Hume
Financial Services and Digital Economy Minister Jane Hume hopes the changes will encourage greater participation in the CDR. 

The rule changes will also allow consumers to share their data with “trusted professional advisers” such as their accountant or tax agent, without them being accredited.

The reforms are an effort to improve the uptake and participation in the Consumer Data Right, which has had a slow start since it was officially launched last year. There have been significant concerns about the accreditation process, including that it is too intensive and time-consuming to participate in, particularly for smaller players such as fintechs.

About 17 companies have received “unrestricted” CDR accreditation, but 11 of these, including the National Australia Bank and Beyond Bank, are not yet active. Only six accredited parties are currently using CDR data, including the Commonwealth Bank and fintech firm Frollo.

The rule changes will encourage greater participation in the CDR scheme, Financial Services and Digital Economy Minister Jane Hume said.

“The rules made today are an important step in supporting the development of a vibrant data economy that provides benefits to business and consumers,” Senator Hume said in a statement.

“The government is committed to supporting businesses and consumers to participate in the Consumer Data Right and will continue to ensure that the rules support that objective.”

The key change introduces a new “sponsored accreditation” tier, meant to allow large CDR players such as the big banks to work with smaller firms or “affiliates” to receive consumer data and to allow them to participate in the scheme without going through the full accreditation process.

An approved affiliate company does not need to provide an independent third-party assurance report on its information security and will instead self-assess against the CDR rules. The sponsoring party will retain liability for their actions with the consumer data.

This new level of accreditation is “designed to reduce barriers to entry for parties who wish to participate in the CDR regime as accredited persons”.

“The sponsored level of accreditation is for persons with or who intend to have an arrangement with an unrestricted accredited person who is willing to act as their sponsor in the CDR regime,” the explanatory statement said.

“Persons with sponsored accreditation are restricted from accessing CDR data directly from data holders.”

Sponsored participants will be subject to the same obligations as accredited parties, including around dispute resolution and privacy and consent rules.

The other changes announced this week, which will come into effect in February next year, include allowing consumers to share their data with trusted financial advisers, enabling them to disclose limited data insights outside of the CDR for a specific purpose such as to verify their identity or check their bank account balance, and reforms to simplify data sharing processes for holders of joint accounts.

A recent survey of CDR participants found that the big banks are reluctant to invest in new features for the scheme due to a perceived lack of consumer interest, which in itself is making the scheme less enticing for consumers.

Do you know more? Contact James Riley via Email.

Leave a Comment