About the schedule

The ACCC monitors and enforces compliance with the CDR obligations set out in the Competition and Consumer Act 2010 (Cth), the Competition and Consumer (Consumer Data Right) Rules 2020 (the CDR Rules) and the Consumer Data Standards.

Data holders’ obligations commenced on various dates - see the CDR rollout

Some data holders have received an exemption from certain obligations under s56GD of the Act. The CDR exemptions register lists all exemptions granted.

This rectification schedule sets out information provided by data holders to the ACCC. We have published this information to provide a reference for accredited data recipients and consumers regarding potential issues in data holders’ CDR implementations.

We expect data holders to promptly rectify their non-compliance or face possible enforcement consideration in line with the ACCC/OAIC Compliance and Enforcement Policy for the Consumer Data Right. Listing an issue on this rectification schedule does not preclude the ACCC from pursuing compliance or enforcement action in-line with this policy.

Data holders that are not currently active on the CDR Register and do not have an exemption from this requirement are listed in a separate rectification schedule.

This table is current as at 19 September 2024.

Banking - major data holders

The data holders listed in the table below are the four major data holders and their non-primary brands.

Data holder (brand) Issue Proposed resolution date

Australia and New Zealand Banking Group Limited

Brand:

ANZ

  1. CDR Standards V1.29.0 CX Standard - Data Holder Dashboards

Amending authorisation details.  Details of each authorisation’s amendment will not be displayed on the consumer’s dashboard.

30 September 2024

Brand:

ANZ Plus

2. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered - Delivered functionality that allows account holders to cease secondary user data sharing for a specific authorisation and also allows account holders to remove the secondary user permission completely.

TBC
Data holder (brand) Issue Proposed resolution date

Commonwealth Bank of Australia 

Brands:

CommBank and Bankwest

1. CBA – Secondary User indication Rules

CBA will build the functionality for account holders to cease secondary user data sharing on an ADR basis

TBC

Commonwealth Bank of Australia

Brand:

Bankwest

2. Bankwest - Secondary User Indication Rules

Bankwest will build the functionality for account holders to cease secondary user data sharing on an ADR basis

TBC

 

Data holder (brand) Issue Proposed resolution date
National Australia Bank Limited

1. NAB currently does not provide transaction ids for non-NPP transactions.

2. Display Name (displayName) values from Get Accounts and Get Account Details API don’t match.

30 September 2024
 

3. Additional transaction service codes provided in Get transactions detail.

Identifier of the applicable overlay service. Valid values are: X2P1.01. NAB also provides X2P1.04 and SCT.04 in some situations.

TBC
 

4. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing.

Implementation paused pending rules review

5. In Account Details API, current “DepositRate” and “LendingRate” is provided to ADRs. However, additional fields present in” Deposit Rates” and “Lending Rates” objects are currently not returned for business and personal products.

6. In Account Details API, “Features” optional object  for the accounts is not returned for business and personal products.  

7. In Account Details API,  “Fee” optional object for the accounts is not returned for business and personal products. 

TBC
  8. Get Transaction Details calls sometimes returns a 404 response. TBC

National Australia Bank Limited

Brand:

UBank

9. Banking APIs populating “nickname” field with “ProductName” value 30 September 2024
 

10. CDR v5 dashboard changes - to display the details of each authorisation’s amendment linked by cdr_arrangement_id - will be delivered prior to the obligation date of 1 July 2024. The following items, as uncovered by the CX guidance on 11 Apr 2024, will be delivered later.

  • additional requirements regarding the latest/current authorisation details being part of the consent history
  • details of the amendment in line with the date of amendment in the consent history
  • highlighting of relevant area(s) changed in the amendment
TBC
Data holder (brand) Issue Proposed resolution date

Westpac Banking Corporation

Brand:

Westpac,

St.George

Bank of Melbourne,

Bank SA

Asgard

1. Secondary User Indication Rules

Westpac received guidance from the ACCC in a letter dated 26 October on the interpretation of rules concerning an account owner’s ability to restrict authorised Secondary Users from further data sharing for specific accredited persons.

Westpac have delivered functionality that allows an account owner to stop continuing data sharing consents authorised by secondary users to ‘an accredited person’. This functionality is in place for all currently delivered scope.

TBC

Westpac Banking Corporation

Brand:

Westpac

St George

BankSA

Bank of Melbourne

RAMS

2. Incorrect status impacting CDR authorisation

Westpac has identified that certain customers have an incorrect status listed on their profile, which in turn impacts CDR authorisation for those customers.

30 September 2024

Westpac Banking Corporation

Brand:

Westpac

3. Westpac is not providing error messages/ redirects to Accredited Data Recipients in some circumstances where consumers do not complete the consent flow. 30 November 2024

Westpac Banking Corporation

Brand:

Westpac

St.George

Bank of Melbourne

Bank SA

4. Non individuals may experience issues with CDR authorisation if they are setup for both phone and internet banking service arrangements with these brands. 22 November 2024

Banking - non-major data holders

Data holder (brand) Issue Proposed resolution date

AMP Bank Ltd

Brand:

AMP Bank

1. Get Metrics v5 - unable to provide a number of fields for amended consents or abandoned consent flows. 30 September 2024
  2. Home loan product descriptions in PRD are not aligned to website.
Home loan fee information in PRD does not contain references to $0/nil fees.
20 December 2024
  3. Information Security Profile - refresh tokens
Missed implementation related to cycling refresh tokens.
TBC
 

4. Rule1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements – Ceasing secondary user data sharing.

Alternate functionality of allowing account holders to withdraw secondary user account sharing for specific authorisations was delivered on 23/6/23. 

Further implementation has been paused pending rules review.

TBC
  5. Data Holder Dashboards - Delays in implementing the amending authorisation details and data recipient handling details  30 September 2024
Australian Military Bank

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements -Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC

Australian Military Bank

Brand: RSL Money

2. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements -Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC
Australian Mutual Bank Limited

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered - Delivered functionality that allows account holders to cease secondary user data sharing for a specific authorisation and also allows account holders to remove the secondary user permission completely.

30 September 2024
  2. CDR Release 1.29.0 - Dashboard CX standards update (Rule 1.15(3)(h)) 30 September 2024

Australian Unity Bank Limited

Brand:

Australian Unity Bank

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements -Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC

Auswide Bank Ltd

Brand: 

Auswide Bank

1. CDR Standards Release 1.29.0 Dashboard Customer Experience (CX) standards update:

  • Amending authorisation details: Unable to display the details of each authorisations amendment on the consumer dashboard. (rule 1.15(3)(h))
  • Data recipient handling details: A message advising customers to “check with the relevant data recipient for information about how their data may be handled.” is unable to be displayed.
30 September 2024
 

3. Aspects of the Secondary User obligations for Data Holders relating to the ability of an Account Holder to block a Secondary User from sharing data from a specific account with a specific accredited person (i.e. Data Recipient).

Implementation paused pending rules review

TBC

B&E Limited

Brand:

Bank of us

1. CDR Release 1.29.0 - Dashboard CX standards update 30 September 2024
  2. Credit card listed payment amounts 30 September 2024
 

3. Blocking sharing for specific ADRs in relation to secondary users not supported

Alternative functionality to be delivered

TBC
  4. Nominated Representative Onboarding Process TBC

Bank Australia Ltd

Brand:

Bank Australia

  1. Some fees with $0 value are missing on some Personal Loans, Credit Cards and Commercial Products.
30 September 2024
  2. Some fees with $0 value are missing on some Deposit products including transaction, saver and Term Deposit accounts. 30 October 2024
  3. Some fees with $0 value are missing on some Mortgage lending products including home and investment loans. 15 December 2024
Bank of China (Australia) Ltd

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements -Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC

Bank of Queensland Ltd

Brands:

Bank of Queensland Ltd

Virgin Money

BOQ Specialist

DDH Graham

1. Customers on legacy platforms do not experience commensurate latency  TBC
  2. Blocking sharing for specific ADRs in relation to secondary users not supported TBC

Bank of Queensland Ltd

Brands:

Bank of Queensland Ltd

Virgin Money

ME Bank - ME Go

3. Transaction descriptions provided in the CDR APIs may differ from transaction descriptions provided in the primary digital channel in very limited circumstances 31 October 2024

Bank of Queensland Ltd

Brand:

BOQ Specialist

4. Adjustment transactions that are not visible in the primary digital channel are visible in the CDR channel. This materialises in very rare circumstances and is isolated to customers who are sharing home loans with linked offset accounts. 31 October 2024
Bank of Sydney

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC

Bendigo and Adelaide Bank Ltd

Brand:

Bendigo Bank

  1. Accounts opened via a newly developed trial eBanking app will not initially have access to Open Banking, during a proof of concept trial period. 
17 March 2025
 

2. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements – Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC

Beyond Bank Australia Ltd

Brand:

Beyond Bank

  1. CDR v5 dashboard changes were introduced on 11 April 2024, which require displaying the details of each authorisation’s amendment linked by cdr_arrangement_id  with an obligation date of 1st July 2024.
31 December 2024
Data holder (brand) Issue Proposed resolution date
Cairns Penny Savings & Loans Ltd t/as Cairns Bank 1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing
Alternative functionality to be delivered
TBC
 

2. Data Quality:

  • When the Scheduled Payment API is called the following conditional fields are not being returned: “onceOff” and “intervalSchedule”.
  • When the Get Account Details API is called the following fields are not returned:  “depositRate”, “lendingRate”, “feeAmount”, “feeDiscounts” and “additionalInfo” for fees. Also “isActivated” returns a true response for all features.
31 March 2025
Central Murray Credit Union Limited
  1. Amending authorisation details. CMCU will be unable to display the details of each authorisations amendment on the consumer dashboard (rule 1.15(3)(h)).
  2. Data recipient handling details: CMCU is unable to display the message advising customers to “check with the relevant data recipient for information about how their data may be handled.
30 September 2024
 

3. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC
Central West Credit Union Ltd 1. Amending authorisation details: Unable to display the details of each authorisations amendment on the consumer dashboard. (Rule 1.15(3)(h)) 30 September 2024
 

2.  Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC

Coastline Credit Union Limited

Brand:

Coastline Credit Union

1. Fixed Term Deposit Term Disclosure 31 December 2024
 

2. CDR v5 dashboard changes:

  • additional requirements regarding the latest/current authorisation details being part of the consent history
  • details of the amendment in line with the date of amendment in the consent history
  • highlighting of relevant area(s) changed in the amendment
31 December 2024

Community First Credit Union

Brand:

Community First Credit Union; Easy Street

  1. CDR Release 1.29.0 - Dashboard CX standards update (Rule 1.15(3)(h))
  • Amending authorisation details: Unable to display the details of each authorisations amendment on the consumer dashboard. (Rule 1.15(3)(h))
  • Data recipient handling details: A message advising customers to “check with the relevant data recipient for information about how their data may be handled.” is unable to be displayed.
30 September 2024
 

2. Rule 15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC
Credit Union Australia Ltd (T/a Great Southern Bank)

1. Stop Personal Delegate Sharing with Specific ADR.

Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements – Ceasing Secondary User Data Sharing

Alternative functionality to be delivered.

TBC

Credit Union SA Ltd

Brand: 

Credit Union SA

  1. CDR v5 dashboard changes:
  • additional requirements regarding the latest/current authorisation details being part of the consent history
  • details of the amendment in line with the date of amendment in the consent history
  • highlighting of relevant area(s) changed in the amendment
31 December 2024
  2. Missing transaction long description 31 December 2024
 

3. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Account holders will be unable to indicate that they no longer approve of data disclosure to a particular accredited person in response to a request made by a particular secondary user. 

Implementation paused pending rules review 

TBC
Defence Bank Limited

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC

 

Data holder (brand) Issue Proposed resolution date
Family First Credit Union Limited

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC
Fire Service Credit Union Ltd
  1. CDR v5 dashboard changes - to display the details of each authorisation’s amendment linked by cdr_arrangement_id - was delivered to production prior to the 1 Jul 2024 obligation date. Consumers now have the ability to view and access all historical amendments made to each data sharing arrangement via a Consent History section in digital channels

However, the following items are an implementation gap to be delivered before 31 December 2024:

  • additional requirements regarding the latest/current authorisation details being part of the consent history
  • details of the amendment in line with the date of amendment in the consent history
  • highlighting of relevant area(s) changed in the amendment
31 December 2024
 

2. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC
First Option Bank Ltd

1. CDR Standard v1.29.0 – Data Holder Dashboard CX Changes:

  • Data Holder Dashboard: Amending authorisation details
  • Data Holder Dashboard: Data recipient handling details
30 September 2024
 

2. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC
Ford Co-operative Credit Society Limited (T/a Geelong Bank)
  1. CDR Standard v1.29.0
  • Amending authorisation details: Unable to display the details of each authorisations amendment on the consumer dashboard. (rule 1.15(3)(h))
  • Data recipient handling details: A message advising customers to “check with the relevant data recipient for information about how their data may be handled.” is unable to be displayed.
30 September 2024
 

2. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC

Gateway Bank Ltd

Brand

Gateway Bank

1. CDR v5 dashboard changes - to display the details of each authorisation’s amendment linked by cdr_arrangement_id - was delivered to production prior to the 1 Jul 2024 obligation date. Consumers now have the ability to view and access all historical amendments made to each data sharing arrangement via a Consent History section in digital channels

However, the following items are an implementation gap to be delivered before 31st December 2024:

  • additional requirements regarding the latest/current authorisation details being part of the consent history
  • details of the amendment in line with the date of amendment in the consent history
  • highlighting of relevant area(s) changed in the amendment
31 December 2024

G&C Mutual Bank Limited

Brand:

 G&C Mutual Bank

CDR Standard v1.29.0

  1. Our provider has not yet commenced testing of the v1.29.0 update and has advised we will likely not be able to have it installed prior to 30th September 2024.

    The following functionality will not be implemented prior to the compliance date of 1st July 2024:

  • New Dashboard standard: Data holders MUST advise consumers to check with the relevant data recipient for information about how data recipients may handle their data
  • Notify the Accredited Data Recipient that the Sharing Arrangement status has been set to ‘Revoked’.
  • Notify the CDR Consumer that the arrangement is ‘Revoked’, or the accounts sharing approval has been removed, except for ineligibility arising from the authorising consumer’s death.
  • Notify other joint account owners that the arrangement has been ‘Revoked’ where one of the account owners becomes ineligible.
  • Record the ‘Revoked’ action on the Sharing Arrangement for display in the Consumer Dashboard.
  • Flag the ineligible accounts as ‘Revoked’ on Sharing Arrangements authorised by other Account Owners and Secondary Users.

2. The paymentDueAmount field in the BankingCreditCardAccount schema is now populated with the same amount as the minPaymentAmount field: the minimum payment amount for the credit card account.

30 September 2024
  3. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing
Alternative functionality to be delivered
TBC
 
  1. Product Reference Data Compliance - GetProductDetail Accuracy – Inaccurate Data Rule 2.4(3), Data Quality for Home_Loan-_Other_Real_Estate_Mortgage_Loans_(Variable)
10 September 2024
Goulburn Murray Credit Union Co-operative Limited

2.Consumer Data  Standards Version 1.28.0 

3. Get Payee Detail

4. Consumer Data Standards Version 1.29.0 

5. Open Banking – Long 

6. Text Messages

7. Get Account Detail 

8. Get Metrics

9. Get Transactions For Account 

11. Product Comparator Transactions sent to Authorised Data Recipients 

12. Update Data Recipient Registration 

30 September 2024
 

13. In reference to Compliance Assessment (ACCC-ACCCANDAER.FID3897645), Item 1.4 in relation to Home_Loan-_Other_Real_Estate_Mortgage_Loans_(Variable): GMCU is scheduled to launch its new website on Tuesday 10 September 2024, where the changes have been made to the Other Real Estate Mortgage Loan product to being a Business / Farm / Commercial product.

Product Reference Data Compliance - GetProductDetail Accuracy – Inaccurate Data Rule 2.4(3), Data Quality for Variable Owner-Occupied Home Loans - Equity Access

11 October 2024
 

14. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC

 

Data holder (brand) Issue Proposed resolution date
Heartland Bank Australia Limited
  1. A single repayment made towards loans in arrears, is displayed as a single transaction in our channels but displayed as multiple transactions via the  API.
30 June 2025
 
2. Parameter to be introduced to reflect that transaction filter by Text is not supported.
30 June 2025
  3. Unable to retrieve pending transactions via API. 30 June 2025
  4. The ‘postingDateTime’ tag in the transaction API is defaulting time to 00:00:00. 30 June 2025
  5. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing. TBC

Heritage and People's Choice Ltd

Brand:

People's Choice Credit Union

  1. Rule 2.4(3)(b) certain fees are missing for disclosures in respect of mortgage products.
  2. Rule 4.6 certain fees are missing for disclosures in respect of residential mortgage products and credit card products, which are no longer publicly offered.
  3. Rule 2.4(3)(b) details of frequency are missing for term deposits.
30 September 2024
  4. Rule 1.13(1)(c)(i) Members with People’s Choice branded sole trader business accounts are not able to nominate more than one nominated representative for sharing on those accounts. 13 December 2024
 

5. Secondary Users functionality to enable an account holder to permanently withdraw authority for a secondary user to share to a specified ADR entity are not available.

Functionality available to enable account holders to cease secondary user data sharing for a specific authorisation.

TBC
Horizon Credit Union Ltd (T/a Horizon Bank)

1. Delay in implementing changes to support the new Data Holder Dashboard CX standards for the Open Banking dashboard (1.29.0):

a) Amending authorisation details: Unable to display the details of each authorisations amendment on the consumer dashboard. (rule 1.15(3)(h))

b) Data recipient handling details: A message advising customers to “check with the relevant data recipient for information about how their data may be handled.” is unable to be displayed.

30 September 2024
 

2. Account holder unable to cease data sharing to a particular accredited person in response to a request made by a secondary user (Rule1.15(5)(b)(i)).

Implementation paused pending rules review.

TBC
HSBC Bank Australia Limited (HSBC)

1. Data Quality:

  1. When the Scheduled Payment API is called the following conditional fields are not being returned: “onceOff” and “intervalSchedule”.
  2. When the Get Account Details API is called the following fields are not returned:  “depositRate”, “lendingRate”, “feeAmount”, “feeDiscounts” and “additionalInfo” for fees. Also “isActivated” returns a true response for all features.
31 March 2025
 

2. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements-Ceasing Secondary User Data Sharing.

Implementation paused pending rules review.

TBC

HSBC Bank Australia Limited

Brands:

HSBC 

HSBC Wholesale Banking

3. CDR v5 dashboard changes requiring the display of each authorisation’s amendment linked by cdr_arrangement_id as per the CX guidelines released on the 11 April 2024. 31 March 2025
  4. The ‘postingDateTime’ is defaulting to 00:00:00 for a sub-set of transactions. TBC

HSBC Bank Australia Limited

Brand:

HSBC Wholesale Banking

5. When the Get Account Details API is called the following fields are not returned: “depositRate”, “lendingRate”, “feeAmount” and “additionalValue”. 31 March 2025
  6. Performance times not aligned to non-functional requirements. TBC
Hume Bank Limited
  1. CDR Release 1.29.0

    Data Holder Dashboard CX standards update: changes to display the details of each authorisation’s amendment linked by cdr_arrangement_id.

30 September 2024
 

2. FDO for data holders ignoring unsupported authorisation scopes

3. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC
Illawarra Credit Union Ltd
  1. Amending authorisation details: Unable to display the details of each authorisations amendment on the consumer dashboard. (Rule 1.15(3)(h))
30 September 2024
  2. Data recipient handling details: A message advising customers to “check with the relevant data recipient for information about how their data may be handled.” is unable to be displayed. 30 September 2024
 

3. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC
  2. Historical CDR data available from 1 January 2017: Transactional data is not available from 1 January 2017 to 1 October 2018. Transactional data is available from 2 October 2018 onwards. No proposed resolution date
IMB Ltd (T/a IMB Bank) 1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements – Ceasing Secondary User Data Sharing Implementation paused pending rules review TBC
Laboratories Credit Union Limited 1. Implementation of Consumer Data Right (CDR) Standards v1.28.0 and v1.29.0 to be bundled and released simultaneously 30 September 2024
 

2. Secondary User obligations for Data Holders relating to the ability of an Account Holder to block a Secondary User from sharing data from a specific account with a specific accredited person. Non-compliance with Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) from Secondary Users/Nominated Representatives Nov 1 Update

Implementation paused pending rules review.

TBC
Macarthur Credit Union Ltd

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC

Macquarie Bank Ltd 

Brand: 

Macquarie Bank

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing.Alternate functionality of allowing account holders to withdraw secondary user account sharing for specific authorisations is in place.Further implementation has been paused pending Rules review to allow account holders to restrict authorised secondary users from further data sharing for specific accredited persons. TBC
Maitland Mutual Limited

1. CDR Data Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) due 1 November 2022 – Secondary Users obligations (non- account holders) to share data on the account owner(s) behalf

Alternative functionality to be delivered

TBC
Members Banking Group Limited (t/a RACQ bank)

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC

MyState Bank Limited

Brand:

MyState Bank

1. Delayed delivery of Joint Accounts requirements

 

31 October 2024
  2. Delayed delivery of non-individuals, or partnerships, or nominated representatives or secondary users 31 October 2024
  3. Delayed delivery of CX Standards: Data Holder Dashboard: Amending authorisation details and Data Holder Dashboard:  Data recipient handling details 31 October 2024
  4. Missing amounts in the Get Transactions For Account API TBC

Newcastle Greater Mutual Group Limited

Brand:

Newcastle Permanent Building Society

1. Compliance with Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) of the Competition and Consumer (Consumer Data Right) Rules 2022.

Alternative functionality to be delivered

TBC
  2. When applying Rule 1.10B & Part 2 of Schedule 3, CDR Consumer Eligibility is determined at the Brand level (Newcastle Permanent) not the Legal Entity level (NGM Group). TBC
  3. CDR v5 dashboard changes to display the details of each authorisation’s amendment linked by cdr_arrangement_id TBC
 

4. Rule 2.4(3), Product Reference Data Quality:

  • In relation to some home loan products within BankingProductRateTierV3, where more than one criteria (loan to value ratio and loan balance) applies in relation to eligibility for a particular interest rate, only one criteria is displayed in structured unitOfMeasure fields. The secondary criteria is described in the additionalInfo field.
TBC
Norfina Limited

1.  Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC

Northern Inland Credit Union Limited

Brand: 

Northern Inland Credit Union

  1. CDR Standards 1.28 & 1.29 implementation
30 September 2024
  2. Wrong Account Number for Get Balances for Specific Accounts. Receive unexpected error code 400-Expected Error Encountered. Expected error code 422-Invalid Banking Account. TBC
  3. Request Page beyond the Last Page for Get Products. Unexpected error code 500-unexpected error. Expected error code 422 Invalid Page. TBC
  4. Rule 1.15 (5)(b)(b) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing TBC

 

Data holder (brand) Issue Proposed resolution date

Orange Credit Union Ltd

Brand:

Orange Credit Union

1. Not supporting Decision Proposal #334 within CDR v1.29  30 September 2024
 

2. Not supporting Decision Proposal #306 with CDR v1.28 which consists of:

  • Get Products (v4) & Get Product Detail (v5)
  • Get Account Detail (v4)
30 September 2024
 

3. Rule 1.15 (5)(b)(b) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC
PayPal Australia Pty Ltd 1.‘Get Metrics’ version 5; unable to provide a number of fields for amended consents or abandoned consent flows. 31 January 2025

Police & Nurses Limited

Brands:

P&N Bank

bcu

1. PNL Group has identified some Product Reference Data is incomplete and will add all probable and zero fees to PNL’s product request service. 31 October 2024
 

2. End to End ID not shown in Get Transaction Detail.

 

 

30 April 2025
 

3. CDR v5 dashboard changes - to display the details of each authorisation’s amendment linked by cdr_arrangement_id - was delivered prior to the obligation date of 1 July 2024.

Additional Items uncovered during CX Guideline review on the 9 April 2024:

Dashboard Enhancement on Consent History - Introduce additional text to the consent history page

8 December 2024
  4. Fixed Term Deposit Term Disclosure 31 December 2024
 

5. Non-individuals - Ceasing secondary user sharing to specific ADR Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) of the Competition and Consumer (Consumer Data Right) Rules 2020.

Alternative functionality has been delivered however rules are still under review.

TBC
Police Credit Union Ltd

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC
Police Financial Services Limited (T/a BankVic)
  1. CDR v1.28 -

Proposed changes in Consumer Data Right Standards v1.28.0 were released on 10th November 2023.

These standards include a ‘candidate’ release of the Non-Bank Lending standards which will have a significant impact when formalised however no date has yet been set and Ultradata are awaiting the next standards release.

Two changes have been flagged as requiring solution updates:

Get Products (v4) and Get Product Detail (v5)

Get Account Detail (v4) 
 

30 September 2024
 

2. CDR v1.29 -

Proposed changes in Consumer Data Right Standards v1.29.0 were released on 21 Dec 2023.

The changes identified are from Decision Proposal #334: Added Dashboard Standards section to include detail for Data Holder Dashboards - in particular, a text change required for the Data Holder Dashboard which is required by 1st July 2024 and will require a solution update.

30 September 2024
 

3. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC

QPCU Limited

Brand:

QBANK

1.Data Holder Dashboard: Amending authorisation details 30 September 2024
  2. Data Holder Dashboard: Data recipient handling details 30 September 2024
  3. GetAccountDetails 18 November 2024
  4. Rule 2.4(3)(b) BankingProductRateTierV3 TBC
 

5. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered. Awaiting core banking provider.

TBC

Qudos Mutual Ltd

Brand:

Qudos Bank

1. CDR v5 dashboard changes:

  • additional requirements regarding the latest/current authorisation details being part of the consent history
  • details of the amendment in line with the date of amendment in the consent history
  • highlighting of the relevant area(s) changed in the amendment
31 December 2024
Data holder (brand) Issue Proposed resolution date
Rabobank Australia Ltd
  1. High Priority Tier not meeting the nominated threshold
28 February 2025
  2. Low Priority Tier not meeting the nominated threshold 28 February 2025
 

3. The functionality for an Account Holder to block their Secondary User from data sharing from an account with a specified Accredited Data Recipient is currently unavailable.

Implementation paused pending rules review

TBC

Railways Credit Union Limited 

Brand:

MOVE bank

1. MOVE Bank’s Core Banking vendor has advised that there are delays in implementing changes to support the new Data Holder Dashboard Customer Experience (CX) standards for the Open Banking dashboard (1.29.0) until the Proposed Resolution Date.

The above will impact the following obligations which are due to be effective 1 July 2024:

  • Amending authorisation details: Unable to display the details of each authorisation’s amendment on the consumer dashboard. (rule 1.15(3)(h))
  • Data recipient handling details: A message advising customers to “check with the relevant data recipient for information about how their data may be handled.” is unable to be displayed.
30 September 2024
Regional Australia Bank Ltd 1. Rule 4.A6 requirements - Joint account arrangement visibility 5 September 2024
 

2. Product data fields are missing in GetAccountDetail call response.

3. Historical transactions older than around three years are not being shared.

4. Term deposit details are missing in GetAccountDetail API response.

5. ScheduledPayment nickname is not being shared.

30 September 2024
  6. Rule 4.A6 requirements - Joint account approval withdrawal per arrangement 7 November 2024
 

7. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC
Southern Cross Credit Union Ltd 1. Data holder dashboard: Amending authorisation details and data recipient handling details 30 September 2024
 

2. Proposed changes in Consumer Data Right Standards v1.29. Core Banking provider is still conducting user acceptance testing and not made a solution available for Southern Cross Credit Union.

3. Consumer Data Right Standards v1.28. Core Banking provider is still conducting user acceptance testing and not made a solution available for Southern Cross Credit Union.

Data Holders must implement the following CX Standards by 1 July 2024:

  • Data Holder Dashboard: Amending authorisation details
  • Data Holder Dashboard: Data recipient handling details
     
30 September 2024
 

4. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC
South West Slopes Credit Union Ltd

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC
Data holder (brand) Issue Proposed resolution date

Teachers Mutual Bank Limited

Brand: 

Teachers Mutual Bank

Firefighters Mutual Bank

Health Professionals Bank

Hiver Bank

Unibank

  1. Implementation of CX Standard 5CM1.00.28 requiring advice to consumers on the consumer dashboard to check with the relevant data recipient for information about how their data may be handled is not yet available
31 October 2024
 

2. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC
The Broken Hill Community Credit Union Ltd

1.The following items, as uncovered by the CX guidance on 11 Apr 2024:

• additional requirements regarding the latest/current authorisation details being part of the consent history
• details of the amendment in line with the date of amendment in the consent history
• highlighting of relevant area(s) changed in the amendment

 2. Transaction long description (Teller Journal Transactions) (780)

3. NPP End to end ID missing - Get Transaction Detail (572)

4. PRD Fixed Term Deposits and Interest Rate/Term Tiers

31 December 2024
  5. Non-individuals - Ceasing secondary user sharing to specific ADR Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) of the Competition and Consumer (Consumer Data Right) Rules 2020. Seeking clarification on requirements to determine changes and impact to delivery timeline TBC
The Capricornian Ltd

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC
Transport Mutual Credit Union Limited

1. CDR Standard v1.29.0 – Data Holder Dashboard CX Changes:

Data Holder Dashboard: Amending authorisation details

30 September 2024
 

2. CDR Standard v1.28 -

Proposed changes in Consumer Data Right Standards v1.28.0 were released on 10th November 2023.

These standards include a ‘candidate’ release of the Non-Bank Lending standards which will have a significant impact when formalised however no date has yet been set and Ultradata are awaiting the next standards release.

Two changes have been flagged as requiring solution updates:

  • Get Products (v4) and Get Product Detail (v5)
  • Get Account Detail (v4) 
30 September 2024
 

3. Non-individuals - Ceasing secondary user sharing to specific ADR Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) of the Competition and Consumer (Consumer Data Right) Rules 2020.

Alternative functionality to be delivered

TBC

Unity Bank Limited

Brands:

Unity Bank

Reliance Bank

1. CDR Standard v1.29.0

Vendor testing is delayed and therefore our testing in our development environment to meet this standard, has been delayed.

The following functionality therefore cannot be implemented by 1 July 2024:

  • New Dashboard standard: Data holders MUST advise consumers to check with the relevant data recipient for information about how data recipients may handle their data
  • Notify the Accredited Data Recipient that the Sharing Arrangement status has been set to ‘Revoked’.
  • Notify the CDR Consumer that the arrangement is ‘Revoked’, or the accounts sharing approval has been removed, except for ineligibility arising from the authorising consumer’s death.
  • Notify other joint account owners that the arrangement has been ‘Revoked’ where one of the account owners becomes ineligible.
  • Record the ‘Revoked’ action on the Sharing Arrangement for display in the Consumer Dashboard.
  • Flag the ineligible accounts as ‘Revoked’ on Sharing Arrangements authorised by other Account Owners and Secondary Users.
  • The paymentDueAmount field in the BankingCreditCardAccount schema is now populated with the same amount
30 September 2024
 

2. Existing software does not cater for Rule 1.15 (5)(b)(i) and Rule 4.6A(a)(ii) in relation to account holders ceasing a sharing arrangement to a data recipient made by a secondary user

Alternative functionality to be delivered

TBC
Victoria Teachers Limited (t/a Bank First)

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC
Warwick Credit Union Ltd 1. CDR 1.29 - Data holders MUST advise consumers to check with the relevant data recipient for information about how data recipients may handle their data September 2024
  2. Rule 1.15(5) (b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing
Alternative functionality to be delivered
TBC

WAW Credit Union Co-Operative Ltd

Brand:

bankWAW

1. CDR v1.29 - Proposed changes in Consumer Data Right Standards v1.29.0 were released on 21 Dec 2023.

The changes identified are from Decision Proposal #334: Added Dashboard Standards section to include detail for Data Holder Dashboards - in particular, a text change required for the Data Holder Dashboard which is required by 1st July 2024 and will require a solution update

30 September 2024
  2. Get Customer Details - areaCode and fullNumber in CommonPhoneNumber for purpose HOME 31 December 2024
 

3. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC

Woolworths Team Bank Limited

Brand:

Woolworths Team Bank

1. Rule 2.4(3), Data Quality

Inaccurate Product Data being returned, did not include information regarding fees, however the information is available on our website.

31 August 2024
 

2. Rule 2.4(3) Data Quality
Inaccurate Product Reference Data related to Home Loan Interest rates and LVR being returned.

Information returned did not use the structured field as required by the standard.

30 September 2024
 

3. Rule 1.15(5)(b) (i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC

Energy - retailers

 

Data holder (brand) Issue Proposed resolution date

Blue NRG Pty Ltd

Brand:

Blue NRG

1. Blue NRG acknowledges a delay in meeting the obligations outlined in Rule 4.6(4) of Part 4 of the Rules, which require the disclosure of necessary consumer data pertaining to accredited consumer data requests.

On 29 April 2024, Blue NRG submitted a Rectification Schedule addressing delays in meeting its Consumer Data Right (CDR) obligations due to challenges encountered during the implementation of the Flux billing solution, with a proposed resolution date of 1 June 2024. In line with this timeline, by 31 May 2024, Blue NRG passed all internal tests and received ACCC approval as compliant with its CDR obligations. However, thereafter, Blue NRG identified ongoing non-compliance issues stemming from the FLEXIBILL component of Flux billing system, impeding Blue NRG's progress towards achieving full compliance with CDR requirements for complex requests.

31 March 2025
Data holder (brand) Issue Proposed resolution date

Ergon Energy Queensland Pty Ltd

Brand:

Ergon Energy Retail

1. Ergon Retail are unable to accurately report Banded Supply Charges until a planned update is released by the DSB. TBC
Data holder (brand) Issue Proposed resolution date
Origin Energy Limited

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Implementation paused pending rules review.

TBC