Rectification schedule - active data holders with implementation gaps

Following the registration of Treasury Laws Amendment (Consumer Data Right) Act 2024, the name ‘Data Recipient Accreditor’ has changed to ‘CDR Accreditor’. We are working towards making this name change in all ACCC documentation, guidelines and online information.

Until this is completed, the term ‘Data Recipient Accreditor’ should be read as a reference to ‘CDR Accreditor’. The name change does not change the functions and powers of the CDR Accreditor or impact applications, data recipients, data holders or consumers.

About the schedule

The ACCC monitors and enforces compliance with the CDR obligations set out in the Competition and Consumer Act 2010 (Cth), the Competition and Consumer (Consumer Data Right) Rules 2020 (the CDR Rules) and the Consumer Data Standards.

Data holders’ obligations commenced on various dates - see the CDR rollout.

Some data holders have received an exemption from certain obligations under s56GD of the Act. The CDR exemptions register lists all exemptions granted.

This rectification schedule sets out information provided by data holders to the ACCC. We have published this information to provide a reference for accredited data recipients and consumers regarding potential issues in data holders’ CDR implementations.

We expect data holders to promptly rectify their non-compliance or face possible enforcement consideration in line with the ACCC/OAIC Compliance and Enforcement Policy for the Consumer Data Right. Listing an issue on this rectification schedule does not preclude the ACCC from pursuing compliance or enforcement action in-line with this policy.

Data holders that are not currently active on the CDR Register and do not have an exemption from this requirement are listed in a separate rectification schedule.

This table is current as at 14 May 2025.

Banking - major data holders

The data holders listed in the table below are the four major data holders and their non-primary brands.

Commonwealth Bank

Data holder (brand)	Issue	Proposed resolution date
Commonwealth Bank of Australia (CBA) Brands: CommBank and CommBiz	1. Enablement of CDR data sharing for certain accounts under the ‘Trading Entity, Business Name’ customer profile type. CBA is working to enable CDR data sharing for certain accounts accessed via 'CommBiz' and ‘NetBank’ and held under a ‘Trading Entity Business Name’ customer profile type.	TBC

Data holder (brand)

Issue

Proposed resolution date

Commonwealth Bank of Australia (CBA)

Brands:

CommBank and CommBiz

1. Enablement of CDR data sharing for certain accounts under the ‘Trading Entity, Business Name’ customer profile type. CBA is working to enable CDR data sharing for certain accounts accessed via 'CommBiz' and ‘NetBank’ and held under a ‘Trading Entity Business Name’ customer profile type.

TBC

National Australia Bank

Data holder (brand)	Issue	Proposed resolution date
National Australia Bank Limited Brand: National Australia Bank	1. In Account Details API, current “DepositRate” and “LendingRate” is provided to ADRs. However, additional fields present in” Deposit Rates” and “Lending Rates” objects are currently not returned for business and personal products. 2. In Account Details API, “Features” optional object for the accounts is not returned for business and personal products. 3. In Account Details API, “Fee” optional object for the accounts is not returned for business and personal products.	TBC
	4. Customers are not able to share data for NAB Car Loans.	9 May 2025
National Australia Bank Limited Brand: Kogan Money Credit Cards	5. 13 months of transaction history is currently available versus 24 month requirement.	31 May 2025
National Australia Bank Limited Brand: UBank	6. The merchantName field is not being populated in the Get Transactions for Account API.	30 June 2025

Westpac

Data holder (brand)	Issue	Proposed resolution date
Westpac Banking Corporation Brands: St.George Bank BankSA Bank of Melbourne	1. Certain accounts setup by customers operating as sole traders are unable to data share	30 June 2025

Data holder (brand)

Issue

Proposed resolution date

Westpac Banking Corporation

Brands:

St.George Bank

BankSA

Bank of Melbourne

1. Certain accounts setup by customers operating as sole traders are unable to data share

30 June 2025

Banking - non-major data holders

A - B

Data holder (brand)	Issue	Proposed resolution date
AMP Bank Ltd Brand: AMP - Mobile Banking	Customers using the AMP Bank-Mobile banking brand to share data will be authenticated via its digital app using App2App and Web2App technology, rather than by One Time Password (OTP). App2App and Web2App technology forms part of the Data Standards Body DP 327 - Authentication Uplift Phase 1 that includes a recommendation that online customers can authenticate with their Data Holder's app.	TBC
Arab Bank Australia Limited Brand: Arab Bank Australia Limited	Unable to deploy the Get Metrics update, refresh tokens and Enhanced Authentication Flows	29 May 2025
Australian Mutual Bank Ltd Brand: Australian Mutual Bank	LVR Minimum & Maximum values to be added as product constraint options in Product Definitions Overlays added to Get Transaction Detail Various changes to versions of services, flows, error reporting and end points	31 July 2025
Australian Unity Bank Ltd Brand: Australian Unity Bank	NPP service overlays added to Get Transaction Detail	16 November 2025
	2. Supporting Authorization Code Flow (ACF)	16 November 2025
	3. LVR Minimum & Maximum values in Product Definitions	16 November 2025
Auswide Bank Ltd Brand: Auswide Bank Ltd	Auswide Bank currently providing the description of the merchant category code in the merchantName field under the BankingTransaction schema in response to a Get Transaction Detail API call. For example, providing “Grocery Stores, Supermarkets” as the merchantName instead of the actual name of the merchant	25 June 2025
	2. Delay in rollout of v1.33.0 item retiring existing hybrid protocol and supporting Authorisation Code Flow (ACF)	31 July 2025
B & E Ltd Brand: Bank of us	1. Product fee accrualFrequency incorrect format	30 June 2025
	2. Transaction merchantName is set to the MCC (Merchant Category Code) description instead of the merchant name.	30 June 2025
	3. CDR release 1.33.0 – Authorisation Code Flow	14 July 2025
	4. Rate tier information (BankingProductRateTierV3) not utilised as per Rule 2.4(3)(b)	TBC
Bank Australia Limited Brand: Bank Australia	Get Transactions for Account API- no merchant name	31 July 2025
Bank of Queensland Ltd Brands: Bank of Queensland Ltd Virgin Money BOQ Specialist DDH Graham	1. Customers on legacy platforms do not experience commensurate latency	TBC
Bank of Queensland Ltd Brand: Bank of Queensland	2. Certain reversal transactions that are not visible in the primary digital channel are visible in the CDR channel.	30 May 2025
Bank of Queensland Ltd Brand: ME Bank	3. Get Metrics v5 error code implementation delayed for ME Bank	30 May 2025
Beyond Bank Australia Limited Brand: Beyond Bank Australia	High Performance APIs not within threshold limit	TBC
	2. We have identified that Beyond Bank does not provide the ‘Merchant Name’ field in transaction responses when calling the Get Transactions for Account API.	31 July 2025

C - E

Data holder (brand)	Issue	Proposed resolution date
Cairns Penny Savings & Loans Ltd Brand: Cairns Bank	1. Data Quality: When the Scheduled Payment API is called the following conditional fields are not being returned: “onceOff” and “intervalSchedule”. When the Get Account Details API is called the following fields are not returned: “depositRate”, “lendingRate”, “feeAmount”, “feeDiscounts” and “additionalInfo” for fees. Also “isActivated” returns a true response for all features.	31 March 2025
Central Murray Credit Union Limited Brand: Central Murray Credit Union Limited	Incorrect format of Product fee accrualfrequency	16 May 2025
Coastline Credit Union Limited Brand: Coastline Credit Union	Get Metrics v5 Error Metrics Documentation The change relates to error codes caused by ADRs in the 400 range.	14 July 2025
Credit Union SA Ltd Brand: Credit Union SA	1. Missing transaction long description	30 June 2025
	2. Get Metrics v5 Error Metrics Documentation The change relates to error codes caused by ADRs in the 400 range.	14 July 2025

F - G

Data holder (brand)	Issue	Proposed resolution date
First Option Bank Limited Brand: First Option Bank	Data Holders SHALL only support Authorization Code Flow from 12 May 2025	14 July 2025
Ford Co-operative Credit Society Limited	1. Invalid format for accrualFrequency on all product fees	30 June 2025
Gateway Bank Limited Brand: Gateway Bank	Get Metrics v5 Error Metrics Documentation The change relates to error codes caused by ADRs in the 400 range.	14 July 2025
G&C Mutual Bank Limited Brand: G&C Mutual Bank	1. LVR Tier Structured Data: GetProductDetail Accuracy – Inaccurate Data: Rule 2.4(3), Data Quality	1 July 2025
	2. Interest Application Frequency for Term Deposits: GetProductDetail Accuracy – Inaccurate Data	1 July 2025
	3. Invalid format for accrualFrequency on all product fees	1 July 2025

H - N

Data holder (brand)	Issue	Proposed resolution date
Heartland Bank Australia Limited Brand: Heartland	1. Missing interest component for savings and transactional accounts	30 May 2025
	2. Transactional data from 1 November 2020 onwards can be retrieved through transaction API. Any transactional data prior to this period is available upon request and can be provided manually.	TBC
Heritage and People's Choice Ltd Brand: Heritage Bank	1. Rule 4.22A – Amendment of data sets for consents authorised prior to 24 October 2024, in respect of Heritage Bank branded products, is unavailable.	25 October 2025
HSBC Bank Australia Limited Brand: HSBC Wholesale Banking	1. When the Get Transactions and Get Transaction Details APIs are called, the current day transactions are correct and aligned to digital channels. However, previous day transaction information is not received until after 2pm daily, and therefore may not align to digital channels.	31 July 2025
Hume Bank Limited Brand: Hume Bank	1. The ‘merchant name’ field is not populating as per CDR standards, for most transactions.	30 May 2025
Liberty Financial Pty Ltd Brand: Liberty Financial	1. Secondary user functionality (Rules 1.13(1)(e) and 1.15(5)) Products not designed for secondary user functionality. Manual functionality available in limited circumstances (where necessary).	TBC
Macarthur Credit Union Limited Brand: The Mac	Implementation of CDR standard v1.33.0	31 July 2025
MyState Bank Limited Brand: MyState Bank	1. Missing amounts in the Get Transactions For Account API	TBC
National Australia Bank Limited Brand: Kogan Money Credit Cards	1. 13 months of transaction history is currently available (there is a 24 month requirement)	31 May 2025
Newcastle Greater Mutual Group Limited Brand: Newcastle Permanent Building Society Greater Bank	1. When applying Rule 1.10B & Part 2 of Schedule 3, CDR Consumer Eligibility is determined at the Brand level (Newcastle Permanent and Greater Bank) not the Legal Entity level (NGM Group).	TBC
Newcastle Greater Mutual Group Limited Brand: Newcastle Permanent Building Society	2. CDR v5 dashboard changes to display the details of each authorisation’s amendment linked by cdr_arrangement_id	TBC
	3. Rule 2.4(3), Product Reference Data Quality: In relation to some home loan products within BankingProductRateTierV3, where more than one criteria (loan to value ratio and loan balance) applies in relation to eligibility for a particular interest rate, only one criteria is displayed in structured unitOfMeasure fields. The secondary criteria is described in the additionalInfo field.	30 June 2025
Norfina Limited (Suncorp-Metway) Brand: Suncorp Bank	The reference field in Get Transaction API is not being populated where the transaction is an internal transfer.	TBC
Northern Inland Credit Union Limited Brand: Northern Inland Credit Union	CDR v1.33.0 [ACF]	31 July 2025
	2. Rule 2.4(3) Product Reference Data Quality	TBC

O - Q

Data holder (brand)	Issue	Proposed resolution date
Orange Credit Union Ltd Brand: Orange Credit Union	1. Some retired Term Deposit Products are displaying as ‘Unavailable for sharing’	22 May 2025
Police & Nurses Limited Brands: P&N Bank bcu	1. End to End ID not shown in Get Transaction Detail on rare instances.	31 July 2025
	2. Get Metrics v5 Error Metrics Documentation The change relates to error codes caused by ADRs in the 400 range.	31 July 2025
	3. merchantName missing from Get Transaction from Account API	31 July 2025
	4. High Performance API’s not within threshold limit	TBC
QPCU Limited Brand: QBANK	1. Rule 2.4(3)(b) - Data Quality: All info available via other channels must be included in response BankingProductRateTierV3	TBC
	2. Fees ‘accrualFrequency’ does not conform with ISO8601 Duration standards	8 May 2025
	3. Inaccurate rate disclosure of fixed “5.49%” in product “CLASSIC_HOME_LOAN_OO_PNI”	TBC
Qudos Mutual Ltd Brand: Qudos Bank	No merchantName in the Get Transactions for Account API	25 May 2025
Queensland Country Bank Limited Brand: Queensland Country Bank	According to the CDR specification, the merchantName field should be populated when available. However, the response omits this field, even for transactions where the data is expected to be present.	25 May 2025

R - S

Data holder (brand)	Issue	Proposed resolution date
Regional Australia Bank Ltd Brand: Regional Australia Bank	1. Term deposit details are missing in GetAccountDetail API response.	30 June 2025
Southern Cross Credit Union Limited Brand: Southern Cross Credit Union	CDR Standards v1.33.0 - Retirement of existing hybrid protocol and only supporting Authorization Code Flow from 12 May 2025 will be delayed.	14 July 2025

Data holder (brand)

Issue

Proposed resolution date

Regional Australia Bank Ltd

Brand:

Regional Australia Bank

1. Term deposit details are missing in GetAccountDetail API response.

30 June 2025

Southern Cross Credit Union Limited

Brand:

Southern Cross Credit Union

CDR Standards v1.33.0 - Retirement of existing hybrid protocol and only supporting Authorization Code Flow from 12 May 2025 will be delayed.

14 July 2025

T - Z

Data holder (brand)	Issue	Proposed resolution date
The Broken Hill Community Credit Union Ltd Brand: Broken Hill Bank	1. Get Outages API missing mandatory "data" section.	TBC
Warwick Credit Union Limited Brand: Warwick Credit Union	Authorisation Flow Control	31 July 2025
Woolworths Team Bank Limited Brand: Woolworths Team Bank	CDR v1.33.0 - Unable to meet Mandate deadline 12 May 2025 due to constraints from External Software provider.	14 July 2025

Data holder (brand)

Issue

Proposed resolution date

The Broken Hill Community Credit Union Ltd

Brand:

Broken Hill Bank

1. Get Outages API missing mandatory "data" section.

TBC

Warwick Credit Union Limited

Brand:

Warwick Credit Union

Authorisation Flow Control

31 July 2025

Woolworths Team Bank Limited

Brand:

Woolworths Team Bank

CDR v1.33.0 - Unable to meet Mandate deadline 12 May 2025 due to constraints from External Software provider.

14 July 2025

Energy - retailers

Blue NRG

Data holder (brand)	Issue	Proposed resolution date
Blue NRG Pty Ltd Brand: Blue NRG	1. Blue NRG acknowledges a delay in meeting the obligations outlined in Rule 4.6(4) of Part 4 of the Rules, which require the disclosure of necessary consumer data pertaining to accredited consumer data requests. On 29 April 2024, Blue NRG submitted a Rectification Schedule addressing delays in meeting its Consumer Data Right (CDR) obligations due to challenges encountered during the implementation of the Flux billing solution, with a proposed resolution date of 1 June 2024. In line with this timeline, by 31 May 2024, Blue NRG passed all internal tests and received ACCC approval as compliant with its CDR obligations. However, thereafter, Blue NRG identified ongoing non-compliance issues stemming from the FLEXIBILL component of Flux billing system, impeding Blue NRG's progress towards achieving full compliance with CDR requirements for complex requests.	16 May 2025

Data holder (brand)

Issue

Proposed resolution date

Blue NRG Pty Ltd

Brand:

Blue NRG

1. Blue NRG acknowledges a delay in meeting the obligations outlined in Rule 4.6(4) of Part 4 of the Rules, which require the disclosure of necessary consumer data pertaining to accredited consumer data requests.

On 29 April 2024, Blue NRG submitted a Rectification Schedule addressing delays in meeting its Consumer Data Right (CDR) obligations due to challenges encountered during the implementation of the Flux billing solution, with a proposed resolution date of 1 June 2024. In line with this timeline, by 31 May 2024, Blue NRG passed all internal tests and received ACCC approval as compliant with its CDR obligations. However, thereafter, Blue NRG identified ongoing non-compliance issues stemming from the FLEXIBILL component of Flux billing system, impeding Blue NRG's progress towards achieving full compliance with CDR requirements for complex requests.

16 May 2025

Ergon Energy

Data holder (brand)	Issue	Proposed resolution date
Ergon Energy Queensland Pty Ltd Brand: Ergon Energy Retail	1. Ergon Retail are unable to accurately report Banded Supply Charges until a planned update is released by the DSB.	7 May 2025

Data holder (brand)

Issue

Proposed resolution date

Ergon Energy Queensland Pty Ltd

Brand:

Ergon Energy Retail

1. Ergon Retail are unable to accurately report Banded Supply Charges until a planned update is released by the DSB.

7 May 2025