About the schedule

The ACCC monitors and enforces compliance with the CDR obligations set out in the Competition and Consumer Act 2010 (Cth), the Competition and Consumer (Consumer Data Right) Rules 2020 (the CDR Rules) and the Consumer Data Standards.

Data holders’ obligations commenced on various dates - see the CDR rollout.

This rectification schedule sets out information provided by data holders to the ACCC. We have published this information to provide a reference for accredited data recipients and consumers regarding potential issues in data holders’ CDR implementations.

We expect data holders to promptly rectify their non-compliance or face possible enforcement consideration in line with the ACCC/OAIC Compliance and Enforcement Policy for the Consumer Data Right. Listing an issue on this rectification schedule does not preclude the ACCC from pursuing compliance or enforcement action in-line with this policy.

Data holders that are not currently active on the CDR Register and do not have an exemption from this requirement are listed in a separate rectification schedule.

This table is current as at 29 November 2022.

Banking - major data holders

The data holders listed in the table below are the four major data holders and their non-primary brands.

Data holder (brand)

Issue

Proposed resolution date

Australia and New Zealand Banking Group Limited (ANZ)

1. Credit Card Instalment Plans

Consumers will not be able to share the credit card instalment plan feature applicable to credit cards they hold

28 February 2023
 

2. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered - Delivered functionality that allows account holders to cease secondary user data sharing for a specific authorisation and also allows account holders to remove the secondary user permission completely.

TBC

Data holder (brand)

Issue

Proposed resolution date

Commonwealth Bank of Australia (CBA)

1. CBA – data sharing for some closed accounts

Data sharing is unavailable for closed accounts relating to the following products: Asset Finance; Home/ Personal Loans; Credit Cards; Domestic Money Markets; Travel Money Cards; Passbooks.

28 February 2023
 

2. CBA – CommSec Margin Loan

CommSec Margin Loan accounts will not be available for data sharing.

3. CBA – CommSec Geared Investments Loan

CommSec Geared Investments Loan accounts will not be available for data sharing.

31 March 2023
 

4. CBA – Secondary User indication Rules

CBA will build the functionality for account holders to cease secondary user data sharing on an ADR basis

TBC

Commonwealth Bank of Australia (CBA)

Brand:

Bankwest

5. Bankwest – IsActivated field in the Account Details API

Individual account features will default to ‘activated’ even if they should be disclosed as ‘inactivated’.

30 November 2022
 

6. Bankwest - Secondary User indication Rules

Bankwest will build the functionality for account holders to cease secondary user data sharing on an ADR basis

TBC

 

Data holder (brand)

Issue

Proposed resolution date

National Australia Bank Limited (NAB)

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements -Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC

Data holder (brand)

Issue

Proposed resolution date

Westpac Banking Corporation

Brand:

Westpac,

St.George,

Bank of Melbourne,

Bank SA,

Asgard

1. Secondary User Indication Rules

Pending rules review.

Westpac have delivered functionality that allows an account owner to stop continuing data sharing consents authorised by secondary users to ‘an accredited person’. This functionality is in place for all currently delivered scope.

TBC

Banking - non-major data holders

Data holder (brand)

Issue

Proposed resolution date

AMP Bank Ltd 1. Partnership accounts: Where a bank account is held in the names of the individual partners, that account is currently treated in the same manner as a joint account. 31 March 2023
  2. Secondary Users and Trust Accounts held by one or more individuals: Data sharing will not be available 30 September 2023
Australian Central Credit Union Ltd (T/a People’s Choice Credit Union)

1. FDO for data holders ignoring unsupported authorisation scopes.

2. FDO for Authorisation CDR Arrangement Endpoint

24 November 2022

 

3. Data is refreshed once per day, overnight.

4. Secondary users and nominated representatives requirements not available.

16 December 2022

  5. FDO for Get Product Detail Version 4 – new data fields will not be populated. Where relevant this detail displays in ‘Other’ field 28 February 2023
  6. Secondary Users functionality to enable an account holder to permanently withdraw authority for a secondary user to share to a specified ADR entity not available
Functionality available to enable account holders to cease secondary user data sharing for a specific authorisation.
TBC

Australian Military Bank

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements -Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC

Australian Military Bank

Brand: RSL Money

2. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements -Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC
Australian Mutual Bank Limited

1. Page beyond last page produces unexpected Error

When requests are made to all paginated endpoints with a large invalid page value the solution responds with GeneralError/Unexpected.

The solution must present a http response code of 400 with a Field/Invalid error payload.

2. Invalid updated-since for Get Products returns incorrect error

When requests are made to Get Products with an invalid updated-since parameter the solution responds with GeneralError/Unexpected.

The solution must present a http response code of 400 with a Field/Invalid error payload.

3. Input validation is absent or non-functional

Inputs are not validated resulting in non-compliance with specification. Including:

  • URI validation for additionalInfoUri
  • Integer enforcement for minimum age of years additionalValue eligibility criteria
  • Allowing additionalValue eligibility types which do not require it
  • Allowing additionalValue for feature types which do not require it
  • ISO-8601 duration format for additionalValue related to interest free periods
  • No requiring additionalValue for residency status

4. Invalid Banking Account not an account ID results in incorrect error

5. Requesting resource out of scope results in wrong error

6. Invalid Header Content type not a content type results in incorrect error

7. Additional scope language clusters are rendered when only scope profile is requested

8. Open banking -token endpoint MTLS error.

31 December 2022
 

9. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements -Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC

Australian Unity Bank Limited

1. FDO for data holders ignoring unsupported authorisation scopes

2. Version 3 (V3) of the ‘Get Metrics’ API

30 November 2022

 

3. Allow business owners to nominate a representative to share data on behalf of the business

4. Secondary users indication rules

Implementation paused pending rules review

30 June 2023
Auswide Bank Ltd

1. Scheduled Payments “nextPaymentDate” attribute incorrectly formatted

Format is RFC3339 format when it should be a CDR Date String format.

2. Invalid x-fapi-customer-ip-address does not error

Malformed x-fapi-customer-ip-address header does not produce an error.

3. Incorrect error for missing x-v

Response code 400 should be returned.

4. Page beyond last page produces unexpected error

Response code 400 should be returned.

5. FDO for data holders ignoring unsupported authorisation scopes.

1 December 2022
 

6. Aspects of the Secondary User obligations for Data Holders relating to the ability of an Account Holder to block a Secondary User from sharing data from a specific account with a specific accredited person (i.e. Data Recipient).

Implementation paused pending rules review

TBC

B&E Ltd (T/a Bank of us)

1. Page beyond last page produces unexpected error when a 400 error should be returned

2. Scheduled Payments nextPaymentDate incorrectly formatted

28 February 2023
 

3. Blocking sharing for specific ADRs in relation to secondary users not supported

Alternative functionality to be delivered

TBC

Bank Australia Limited

1. Inconsistent Nickname & payeeReference in Scheduled Payment dataset.

2. Rate information for some accounts consumed from Product Catalogue for Get Account Details API.

9 December 2022

 

3. Non-Individuals

Not able to meet the mandate prescribed date 01 November 2022

1 July 2023
 

4. Non-Individuals

Ceasing secondary user sharing to specific ADR Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) of the Competition and Consumer (Consumer Data Right) Rules 2020.

Implementation paused pending rules review

TBC

Bank of China (Australia) Ltd

1. The obligations relating to non-individual accounts 1 May 2023
 

2. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements -Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC

Bank of Queensland Ltd

Brand:

BOQ,

Virgin Money Australia,

BOQ Specialist,

DDH Graham

1. Product Reference Data (PRD) Get Metrics API data not being reported. 16 December 2022
  2. The GetMetrics API is combining unattended and low priority call data and reporting it via the low priority call only 31 January 2023
 

3. Email/ SMS not available for joint account and secondary user notifications

4. Data Latency

Currently, data presented via the CDR Banking API is not commensurate with data presented via other primary digital channels

31 March 2023
 

5. Pending transactions are not currently shared.

6. Blocking sharing for specific ADRs in relation to secondary users not supported

Implementation paused pending rules review

TBC

Bank of Queensland Ltd

Brand:

BOQ,

Virgin Money Australia,

BOQ Specialist,

DDH Graham

ME Bank

7. Product data optional fields missing in Get Account Detail API.

TBC

Bank of Queensland Ltd

Brand:

ME Bank

8. Production defects:

a) Direct debits are being incorrectly shared –subsequent direct debits after an initial debit are not being shared

b) Completed scheduled payments are being shared beyond the scheduled expiry date

TBC

Bank of Queensland Ltd

Brand:

BOQ Specialist

9. Majority of customers will need manual intervention to allow data sharing

 

16 December 2022

 

10. Secondary users not supported from 1 November 2022 for credit card secondary card holders TBC

Bank of Queensland Ltd

Brand:

BOQ,

Virgin Money Australia

11. Trust accounts with a single and joint individual trustees are not being shared TBC

Bank of Queensland Ltd

Brands:

BOQ Specialist

DDH Graham

12. Some optional fields in relation to Payees, Direct Debits and Scheduled payments will not be available with the rest of the account data 28 February 2023

Bank of Sydney

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC

Bendigo and Adelaide Bank Ltd

Brand:

Bendigo Bank

1. Joint Account Management (JAMs) is currently aligned to the previous CDR rules requiring all account holders to ‘opt in’ to share accounts, as opposed to the ‘opt out’ model where any joint account holder can elect to share the account data, unless another joint account holder has elected to prevent this sharing.  The associated notification process in support of this process is also not yet enabled. 30 November 2022
 

2. Joint Account Management (JAMs)

CDR rules requiring that a joint account holder has the option to remove a specific account from a specific consent with a specific ADR is not yet enabled.  Under the current solution, if a joint account holder elects not to share, then this will prevent the account being shared with any ADR.

3. Joint Account Management (JAMs)

CDR rules requiring joint account owners being able to preference which notifications they receive, how often and when for notification preferences is not yet enabled.  Under the current solution, all required notifications will be sent to joint account holders.

30 June 2023
 

4. Data sharing is not currently available for Equipment Finance products

5. Nominated representatives of business entities, and secondary users of individually owned accounts, are not yet able to share CDR data

1 July 2023
 

6. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements – Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC

Beyond Bank Australia

1. Non-individual

Facilitate compliance with the CDR rules for non-individual/partnership accounts and Secondary users for Financial Institutions.

1 July 2023
 

2. Non-Individuals

Ceasing secondary user sharing to specific ADR Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) of the Competition and Consumer (Consumer Data Right) Rules 2020.  Alternative functionality to be delivered.

TBC

Beyond Bank

Brand:

Warrnambool (SWCU)

3. Profile Scope

Facilitate compliance with DSB Profile Scope CX standards for Data Holder(s)

4. Joint Accounts

31 March 2023
 

5. FDO for data holder ignoring unsupported authorisation scopes

6. Non-individual

Facilitate compliance with the CDR rules for non-individual/partnership accounts and Secondary users for Financial Institutions

15 April 2023

Data holder (brand)

Issue

Proposed resolution date

Cairns Penny Savings & Loans Ltd t/as Cairns Bank

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC

Central Murray Credit Union Limited

1. Page beyond last page produces unexpected error when a 400 error should be returned

2. Scheduled Payments nextPaymentDate incorrectly formatted

28 February 2023
 

3. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC

Central West Credit Union Ltd

1. FDO for data holder ignoring unsupported authorisation scopes

1 December 2022
 

2. Open Banking Nominated Representatives

3. Open Banking Secondary Users

4. Open Banking Standards Update

Implementation paused pending rules review

TBC
Challenger Bank Ltd 1. Joint Account Management and Complex Accounts

2. Data quality

a.   Transactions returned in API requests include non-statemented transactions.

b.   Transaction descriptions on transaction data are system descriptions not transaction narratives.

c.    Biller name is incorrect in Scheduled Payments response and Transaction response.

d.   Deposit maturity is being reported as rolled over before the maturity date

e.   Interest type is being provided as principal and interest for interest only loans.

f.    PayerReference and PayeeReference are blank in scheduled payments response.

g.   Special characters are being return in product data in Account Details response.

h.   AvailableBalance is missing in getBalance response.

i.     If Payee request is requested by 'Type', payee details are not being returned in the response.

3. API error

a.   404 error is returned on Account Details where an account has a closed status.

b.   API failure where interest rate is fixed or floating.

c.    Future scheduled payments has an empty string where it should be providing a payer reference.

d.   Account Details response fails for new home loans created after 21 August 2022 due to a new debit interest property in home loan product configuration.

4. Consent management

a.   Consent authorisation is failing when customer does not have any open accounts, only closed accounts.

b.   Revoked consents are still reflecting as active.

c.    Consent withdrawn date not being populated in dashboard.

d.         Consent creation date is incorrect where consent was created prior to 10am EST.

31 March 2023
 

5. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC
Coastline Credit Union Ltd

1. Display of rate information

The display of rate information in some cases may display incorrect when shared.

2. Scheduled Payments

Schedule payments data calculation may show no data or use wrong calculation

3. Get Account Details

In rare cases get account info may return duplicate account ID for separate items

4. Scheduled Payments Info

Payments API is showing incorrect Nickname value in some cases.

5. Fee Discounts Display

Fee discounts not flowing through to  GetAccountDetails

6. effective_to date issues

The effective_to date is not working as expected.

7. Get Direct Debits error

Some accounts are not returning all direct debit transactions

8. Product Catalogue – system variable fees

System variable fees are not showing in PRD when value is 0.00l

9. Features with Additional value type Decimal are not presenting at least 2 decimal places

10. Maintenance Iteration 9 Physical Addresses showing when no data is present

11. Product Catalogue – Card Art

Card Art links no longer showing in PRD output.

12. Duplicated Account Numbers across different account types causing issues with data sharing

30 November 2022
 

13. Maintenance Iteration 11

Implementation of MI-11 per requirements.

13 February 2023

Community First Credit Union

Brand:

Community First Credit Union; Easy Street; Amigo

1. FDO for data holders ignoring unsupported authorisation scopes 1 December 2022
 

2. Incorrect error for missing x-v - Response and error code incorrect 

3. Invalid x-fapi-customer-ip-address does not error

4. Page beyond last page produces unexpected error when a 400 error should be returned

5. Scheduled Payments nextPaymentDate incorrectly formatted

16 December 2022
  6. Rule 15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing
Alternative functionality to be delivered
TBC

Credit Union Australia Ltd (T/a Great Southern Bank)

1. Data Sharing Delegation for a Business - Closed Account

Data Sharing of Inactive/Closed accounts in the existing Banking solution will need to be enhanced

2. Personal Data Sharing Delegation for a Closed Account

Data Sharing of Inactive/Closed accounts in the existing Banking solution will need to be enhanced.

3. Team Member Delegation for CDR Consumer Business (Use case - a Trust whose sole trustee is a company

Team Member unable to assist CDR consumer to select/nominate a representative where the sole trustee is a company.

31 December 2022
 

4. Power of Attorney

Existing business processes to be enhanced in order to comply with Power of Attorney guidance provided by the ACCC.

28 February 2023
  5. Stop Personal Delegate Sharing with Specific ADR.

Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements – Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC

Credit Union SA Ltd

1. Duplicate Account ID's are being provided for 2 separate items

2. Missing transaction long description

31 March 2023
  3. Non-personal account data sharing not available 1 July 2023
 

4. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Account holders will be unable to indicate that they no longer approve of data disclosure to a particular accredited person in response to a request made by a particular secondary user. 

Implementation paused pending rules review 

TBC
Defence Bank Limited

1. During end of day processing some accounts are not being displayed as eligible for data sharing.

2. Missing transaction long description for certain ATM and over the counter transactions.

31 December 2022
 

3. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC

Dnister Ukrainian Credit Co-operative Ltd

 

 

1. Sharing Arrangements During the Nightly - Accounts Missing

22 November 2022

 

Data holder (brand)

Issue

Proposed resolution date

Family First Credit Union Limited

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC

Fire Service Credit Union Ltd

 

1. End to end ID missing

2. Get Direct Debits for Account – Authorised Entity

3. Sharing Arrangements During the Nightly - Accounts Missing

4. Data61 conditional field - Missing Nickname & payeeReference in BankingScheduledPaymentTo

5. Get Customer Detail – Rate not displaying

6. Effective to date not working as expected

7. Transaction Long Description - DAEV to work with CBS Fix for ATM Tran Log transactions

8. Transaction Long Description - Final part of Fix – TL Journal transactions

9. 'Specific Account' APIs returning multiple results when the same account id is passed several times

10. Get Direct Debits for Specific Accounts

11. MI9 - Error returned for call "Get Transaction Detail"

12. [MI9] Get Customer Details API returned Physical Address details when Physical Address details are not provided in CBS

13. Profile Scopes

31 December 2022

 

14. Non-individuals

Delivery of Non-individuals functionality

1 July 2023
 

15. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC
First Choice Credit Union Ltd

1. End to end ID missing

2. Get Direct Debits for Account – Authorised Entity

3. Sharing Arrangements During the Nightly - Accounts Missing

4. Data61 conditional field - Missing Nickname & payeeReference in BankingScheduledPaymentTo

5. Get Customer Detail – Rate not displaying

6. Effective to date not working as expected

7. Transaction Long Description - DAEV to work with CBS Fix for ATM Tran Log transactions

8. Transaction Long Description - Final part of Fix – TL Journal transactions

9. 'Specific Account' APIs returning multiple results when the same account id is passed several times

10. Get Direct Debits for Specific Accounts

11. MI9 - Error returned for call "Get Transaction Detail"

12. [MI9] Get Customer Details API returned Physical Address details when Physical Address details are not provided in CBS

13. Profile Scopes

31 December 2022
  14. Non-individuals
Delivery of Non-individuals functionality
1 July 2023
 

15. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC

First Option Bank Ltd

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC

Ford Co-operative Credit Society Limited (T/a Geelong Bank)

1. Page beyond last page produces unexpected Error

2. Scheduled Payments nextPaymentDate Incorrectly Formatted

28 February 2023
 

3. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC

G&C Mutual Bank

1. FDO for data holders ignoring unsupported authorisation scopes 1 December 2022
  2. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing
Alternative functionality to be delivered
TBC

Gateway Bank

1. Gateway Bank is unable to deliver data sharing for business customers by 1 November 2022. 30 June 2023
 

2. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC

Goulburn Murray Credit Union

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC

 

Data holder (brand)

Issue

Proposed resolution date

Horizon Credit Union Ltd (T/a Horizon Bank)

1. FDO for data holders ignoring unsupported authorisation scopes

2. Incorrect error for missing x-v –Response and error code incorrect

3. Invalid x-fapi-customer-ip-address does not error

4. Page beyond last page produces unexpected error when a 400 error should be returned

5. Scheduled Payments nextPaymentDate incorrectly formatted

1 December 2022
  6.  Account holder unable to cease data sharing to a particular accredited person in response to a request made by a secondary user (Rule1.15(5)(b)(i))
Implementation paused pending rules review
TBC

HSBC Bank Australia Limited (HSBC)

1. Functionality for joint account customers to invite other account holders to indicate disclosure option is not currently available. A manual workaround is available for customers.

2. Secondary user data sharing not supported

Implementation paused pending rules review

30 June 2023
  3. Trust accounts with single and joint individual trustees are not being shared 30 September 2023
  4. Performance times not aligned to non-functional requirements in limited cases. 31 December 2023

HSBC Bank Australia Limited –

Brand:

HSBC Bank Australia Limited -

Wholesale Banking

5. Direct debit issue – HSBC is not able to share customer direct debit reference data.

6. Payee details issue - HSBC is not able to share customer Payee details.

7. Scheduled payments issue - HSBC is not able to share customer Scheduled payment details

8. HSBC revised its corporate account authorisation amendment functionality in Q1 2022 to ensure compliance with the ACCC's requirements.

9. Historical transaction data older than 60 days will not be available for CMB and GBM corporate accounts until 31 March 2023.

30 June 2023
  10. Closed accounts issue – Data sharing for corporate accounts that have been closed for over 180 days is not available at this time. 31 December 2023

Hume Bank Limited

1. As a regional bank we have not always captured local phone numbers with their area code. Some member details also pre-date 8-digit local telephone numbering. Some members are international but don’t have E.164-compliant telephone numbers recorded. Therefore, when a private or business phone number is sourced the area code may be empty or the number not a full 10-digit string. This can result in a null areaCode or an incorrectly formatted fullNumber. This issues predominantly affects old and inactive accounts.

22 December 2022

 

2. FDO for data holders ignoring unsupported authorisation scopes

3. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC
llawarra Credit Union Ltd

1. Page beyond last page produces unexpected error when a 400 error should be returned

2. Scheduled Payments nextPaymentDate incorrectly formatted

28 February 2023
 

3. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC

 

4. Historical CDR data available from 1 January 2017: Transactional data is not available from 1 January 2017 to 1 October 2018. Transactional data is available from 2 October 2018 onwards.

.

No proposed resolution date
IMB Ltd (T/a IMB Bank)

1. Implementation of Secondary Users requirements due on 1 October 2022.

2. Implementation of Nominated Representatives requirements due on 1 October 2022.

31 March 2023

ING Bank (Australia) Ltd (ING)

1. Account Details API

The Account Details API is not available for Phase 1 or Phase 2 products

2. Joint Accounts

ING is not able to share joint accounts

3. Secondary Users

Secondary users are not able to share CDR Data

28 February 2023
 

4. Accounts owned by Business Entities

Nominated Representatives of Business Entities are not able to share CDR Data

30 June 2023

Laboratories Credit Union

1. FDO for data holders ignoring unsupported authorisation scopes

2. Incorrect error for missing x-v – Response and error code incorrect

3. Invalid x-fapi-customer-ip-address does not error

4. Page beyond last page produces unexpected error when a 400 error should be returned

5. Schedules Payments nextPaymentDate incorrectly formatted

1 February 2023
 

6. Secondary User obligations for Data Holders relating to the ability of an Account Holder to block a Secondary User from sharing data from a specific account with a specific accredited person. Non-compliance with Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) from Secondary Users/Nominated Representatives Nov 1 Update

Implementation paused pending rules review

TBC

Macarthur Credit Union Ltd

1. FDO for data holders ignoring unsupported authorisation scopes

2. Incorrect error for missing x-v – Response and error code incorrect

3. Invalid x-fapi-customer-ip-address does not error

4. Page beyond last page produces unexpected error when a 400 error should be returned

5. Schedules Payments nextPaymentDate incorrectly formatted

1 December 2022
 

6. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC

Macquarie Bank Ltd

 

1. Enabling Consumer Data Sharing for Business Banking Products (including individuals and non-individuals entities) for clients with Macquarie Business Online access.

5 December 2022

 

2. Joint Accounts Notifications

Inclusion of Joint Accounts in the Macquarie CDR Consumer Data for which a valid email address for the account holders is not held. 

28 February 2023

 

3. Support for certain APIs for Consumer Data Sharing of Business Banking products as follows:

a. Get Account Detail,

b. Get Direct Debits for Account,

c. Get Bulk Direct Debits,

d. Get Direct Debits for Specific Accounts,

e. Get Scheduled Payments for Account,

f. Get Scheduled Payments Bulk, and

g. Get Scheduled Payments for Specific Accounts.

4. Upgrade of:

a. Get Payee and Get Payee Details to version V2,

b. Get Account Details and Get Customer Details to version V2, and

c. Get Metrics API to version V3.

5. Support for Pushed Authorisation Request (PAR).

31 March 2023
  6. Availability of Consumer Data Sharing for certain Business Banking clients yet to be migrated to Macquarie Business Online. 31 July 2023
 

7. Availability of closed Joint Accounts in the Macquarie CDR Consumer Data.

8. For some joint accounts, the account holders do not receive email or push notifications related to consent and disclosure options management.

9. Availability of alternative notification schedules for joint account notifications

10. Rectify incorrect mapping of "postingDate" for Get Transaction API call.

11. Availability of Business Banking joint accounts for Consumer Data Sharing.

12. Supporting Secondary Users for Consumer Data Sharing.

13. Availability of Consumer Data Sharing for Personal Banking accounts held by non-individual entities.

31 August  2023
Maitland Mutual Limited

1. CDR Data Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) due 1 November 2022 – Secondary Users obligations (non- account holders) to share data on the account owner(s) behalf

Alternative functionality to be delivered

TBC

Members Banking Group Limited (t/a RACQ bank)

1. 865 non-personal members do not have access to CDR. 30 June 2023
 

2. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC
MyState Bank Limited

1. Delayed delivery of Joint Accounts requirements

2. Delayed delivery of non-individuals, or partnerships, or nominated representatives or secondary users

Implementation paused pending rules review

30 June 2023
Newcastle Permanent Building Society Limited

1. Performance times not aligned to non- functional requirements in limited cases

Testing has identified that NPBS response times for some endpoints are greater than the required response times.

2. Business+ Credit Card transaction detail latency may not be commensurate to the primary digital channel

1 April 2023
 

3. Compliance with Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) of the Competition and Consumer (Consumer Data Right) Rules 2022.

Alternative functionality to be delivered

TBC

Data holder (brand)

Issue

Proposed resolution date

Orange Credit Union Ltd 1. FDO for data holders ignoring unsupported authorisation scopes December 2022
 

2. Rule 1.15 (5)(b)(b) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC
PayPal Australia Pty Ltd

1. Within the FDO for Information Security Profile, JARM is not yet supported. 

2. Within our data sharing dashboard, the date that CDR data was first disclosed is not being displayed.  This impacts consents related to our personal and premier digital wallet accounts. 

16 December 2022
 

3. The payee/ merchant name for scheduled payments is not being returned. This impacts consents related to our personal and premier digital wallet accounts and will impact business digital wallet accounts.

31 July 2023
 

4. In relation to the non-individual CDR consumer data sharing obligations (with a compliance date of 1 November 2022), PayPal merchants who use their own Identity Provider (idP) and related Single Sign On based authentication to log into their enterprise PayPal business accounts will be unable to complete CDR authentication. 

This issue does not impact PayPal CDR consumers (individual or non-individual) who do not use this authentication model with PayPal.

31 December 2023
 

5. In relation to the non-individual CDR consumer data sharing obligations (with a compliance date of 1 November 2022), PayPal merchants who hold multiple PayPal business accounts under the same merchant entity and therefore have multiple users with access to the PayPal merchant’s business digital wallet, will be unable to:

  • Include more than one business account within a single CDR consent
  • Include closed business accounts within a CDR consent 

This issue does not impact PayPal CDR consumers (individual or non-individual) who do not hold multiple PayPal accounts.

1 November 2025

Police & Nurses Limited

Brands:

P&N Bank

bcu

1.OBS-780: Missing VISA transaction long description – interim fix implemented, full description displays the day after the transaction is processes

2. OBS-697: Sharing Arrangements during the nightly refresh of the Core Banking System, do not display any data if there is an ownership change

3. OBS-665, OBS-765: GetAccountdetails – Interest rate is displaying incorrectly sometimes

4. OBS-676: Scheduled Payments, a Calculated repayment payment is not showing as Calculated

5. OBS-572: Reference displayed on transaction in internet banking is not displayed

30 December 2022
  6. OBS-732: Nickname & payee reference not displaying in schedule payment information. 30 April 2023
 

7. OBS-797: Incorrect BSB displaying, bcu BSB is displaying as P&N BSB

8. Non-individuals – Delivery of Non-Individuals functionality.

30 June 2023
 

9. Non-individuals - Ceasing secondary user sharing to specific ADR Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) of the Competition and Consumer (Consumer Data Right) Rules 2020.

Alternative functionality to be delivered

TBC
Police Credit Union Ltd

1. FDO for data holders ignoring unsupported authorisation scopes

2. Incorrect error for missing x-v - Response and error code incorrect 

3. Invalid x-fapi-customer-ip-address does not error

4. Page beyond last page produces unexpected error when a 400 error should be returned

5. Scheduled Payments nextPaymentDate incorrectly formatted

1 December 2022
 

6. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC
Police Financial Services Limited (T/a BankVic)

1. Incorrect error for missing x-v- Response and error code incorrect

2. Invalid x-fapi-customer-ip-address does not error

3. Page beyond last page produces unexpected error when a 400 error should be returned

4. Scheduled Payments nextPaymentDate incorrectly formatted

28 February 2023
 

5. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC
QPCU Limited
(QBANK)

1. Obligation for V1.18.0

30 November 2022
 

2. FDO for data holder appears to ignore unsupported authorisation scope

3. Error for missing x-v appears incorrect - Response and error code incorrect 

4. Invalid x-fapi-customer-ip-address does not result in an error.

5. Page after final page gives unexpected error. Expecting 404/400 error as the result.

6. Scheduled Payments nextPaymentDate in an invalid format.

7. GetMetrics API does not allow reporting of secondary data holder responses (GetMetrics V3)

28 February 2023
 

8. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered.

TBC
Qudos Bank 1. Non-individuals

Delivery of Non-Individuals functionality

1 July 2023

 

 

2. Non-individuals

Ceasing secondary user sharing to specific ADRRule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) of the Competition and Consumer (Consumer Data Right) Rules 2020. Seeking clarification on requirements to determine changes and impact to delivery timeline.

TBC

Queensland Country Bank Ltd

1. OBS-676 Get Scheduled Payments, Calculated payment

2. OBS-665, OBS-765 GetAccountDetails – Interest rate is displaying incorrectly at times

3. OBS-732 Missing nickname & payee refence in banking scheduled payment

4. OBS-706 Get Account details returns duplicate account ID’s for two separate items

5. OBS-773 Fees discounts not flowing through to GetAccountDetials

6. OBS-776 Effective to date not working as expected

7. OBS-782 Get Direct debits for specific accounts

8. OBS-840 Product catalogue – System variable fees are not showing in the PRD where the CBS value is 0.00/0.001 example: lending fees

9. OBS-841 Features with additional value of required type ‘Decimal’ are not presenting at least 2 decimal places.

10. OBS-842 Maintenance Iteration 9 – Physical addresses showing when no data is present

11. OBS-843 Product catalogue – Card art links no longer showing in production output

12. OBS-844 Duplicate account numbers across different account types causes issues with data sharing.

31 December 2022
 

13. Non-individuals

Delivery of Non-Individuals functionality

1 July 2023
  14. The obligations relating to non-individual customers 31 July 2023
 

15. Non-individuals

Ceasing secondary user sharing to specific ADRRule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) of the Competition and Consumer (Consumer Data Right) Rules 2020. Seeking clarification on requirements to determine changes and impact to delivery timeline

TBC

Data holder (brand)

Issue

Proposed resolution date

Rabobank Australia Ltd

1. A Joint Account Holder that has left a Joint Entity, or a Secondary User that has had their Secondary User Instruction removed from an eligible account – if they remain eligible for consumer data sharing with Rabobank, cannot view the data sharing arrangements they established during the time they were a Joint Account Holder of the Joint Entity or were acting in the capacity of a Secondary User on an eligible account.

31 January 2023
  2. Data sharing is not currently available for recurring payments on debit cards made by Farm Business customers who are an individual or a sole trader. 27 March 2023
 

3. The functionality for an Account Holder to block their Secondary User from data sharing from an account with a specified Accredited Data Recipient is currently unavailable.

Implementation paused pending rules review

TBC

Regional Australia Bank Ltd

1. Delayed support for joint accounts

2. Delayed support for non-individuals, partnerships, nominated representatives and secondary users

31 January 2023
 

3. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC
Southern Cross Credit Union Ltd 1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC

South West Slopes Credit Union Ltd

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC
Summerland Financial Services Ltd (T/a Summerland Credit Union)

1. Get Account Detail - Comparison Rate not appearing correctly

2. Get Direct Debits for Account - Authorised Entity missing

3. Get Scheduled Payments – Non-Calculated Payment being flagged as calculated

4. Creating sharing arrangements during the System Nightly process is resulting in Accounts Missing

31 December 2022
 

5. Non-individuals

Delivery of Non-Individuals functionality

1 July 2023
 

6. Non-individuals

Ceasing secondary user sharing to specific ADR Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) of the Competition and Consumer (Consumer Data Right) Rules 2020. Seeking clarification on requirements to determine changes and impact to delivery timeline

TBC
Suncorp-Metway Limited (T/a Suncorp Bank) 1.  Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC

Data holder (brand)

Issue Proposed resolution date

Teachers Mutual Bank Ltd

1. Incorrect error for missing x-v

Response and error code incorrect should return Code 400 Header/Missing.

2. Page beyond last page produces unexpected Error

When requests are made to all paginated endpoints with a large invalid page value the solution responds with GeneralError/Unexpected.

The solution must present a http response code of 400 with a Field/Invalid error payload.

3. Invalid payee type does not error

When requests are made to Get Payees API with an invalid type parameter requests are not rejected.

The solution must present a http response code of 400 with a Field/Invalid error payload.

4. Invalid effective for Get Products does not error

When requests are made to Get Products with an invalid effective value the request is not rejected.

The solution must present a http response code of 400 with a Field/Invalid Error payload.

5. Schedules Payments nextPaymentDate Incorrectly Formatted

Within the response structure for scheduled payments the nextPaymentDate attribute within the data.scheduledPayments[].recurrence is incorrectly returned as an RFC3339 formatted date when it must be a CDR Date String.

31 March 2023
 

6. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements- Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC
The Broken Hill Community Credit Union Ltd

1. Rate Information from PRD (665)

2. Scheduled Payments – calculated Payment (676)

3. Get Account Detail duplicate account ids in specific scenario (706)

4. Scheduled Payment Nickname incorrect (732)

5. Fee Discount info not showing in Get Account Detail (773)

6. PRD – Effective_To date not working as expected (776)

7. Get Direct Debits for Specific Accounts (782)

8. PRD – System generated variable fees (840)

9. Features with Decimal Additional Value Type not showing 2dp (841)

10. Physical addresses showing when no data present (842)

11. CardArt links no longer showing in PRD output (843)

12. Duplicated account numbers across different account types (844)

30 November 2022
  13. Maintenance Iteration 11 31 March 2023
 

14. Non-individuals

Delivery of Non-Individuals functionality

1 July 2023
 

15. Transaction long description (Teller Journal Transactions) (780)

16. NPP End to end ID missing - Get Transaction Detail (572)

17. Non-individuals - Ceasing secondary user sharing to specific ADR Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) of the Competition and Consumer (Consumer Data Right) Rules 2020. Seeking clarification on requirements to determine changes and impact to delivery timeline

TBC
The Capricornian Ltd

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC
Transport Mutual Credit Union Limited

1. FDO for data holders ignoring unsupported authorisation scopes

2. Incorrect error for missing x-v - Response and error code incorrect

3. Invalid x-fapi-customer-ip-address does not error

4. Page beyond last page produces unexpected error when a 400 error should be returned

5. Scheduled Payments nextPaymentDate incorrectly formatted

1 February 2023

Unity Bank Limited

Brands: Unity Bank

Reliance Bank

1. Page beyond last page produces unexpected error when a 400 error should be returned

2. Scheduled Payments nextPaymentDate incorrectly formatted

28 February 2023
 

3. Existing software does not cater for Rule 1.15 (5)(b)(i) and Rule 4.6A(a)(ii) in relation to account holders ceasing a sharing arrangement to a data recipient made by a secondary user

Alternative functionality to be delivered

TBC

Victoria Teachers Limited (t/a Bank First)

1. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Implementation paused pending rules review

TBC

Warwick Credit Union Ltd

1. FDO for data holders ignoring unsupported authorisation scopes December 2022
  2. Rule 1.15(5) (b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing
Alternative functionality to be delivered
TBC

WAW Credit Union Co-Operative Ltd

1. FDO for data holders ignoring unsupported authorisation scopes

2. Incorrect error for missing x-v - Response and error code incorrect 

3. Invalid x-fapi-customer-ip-address does not error

4. Page beyond last page produces unexpected error when a 400 error should be returned

5. Scheduled Payments nextPaymentDate incorrectly formatted

9 December 2022

 

6. Get Customer Details - areaCode and fullNumber in CommonPhoneNumber for purpose HOME  

Ongoing
 

7. Rule 1.15(5)(b)(i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC

Woolworths Team Bank

1. FDO for data holders ignoring unsupported authorisation scopes 30 November 2022
 

2. Rule 1.15(5)(b) (i) and Rule 4.6A(a)(ii) requirements - Ceasing Secondary User Data Sharing

Alternative functionality to be delivered

TBC

Energy - initial retailers

Data holder (brand)

Issue

Proposed resolution date

Origin Energy

 

1. Nominating a representative for non-individuals and partnerships functionalities

2. Non-migrated customers in Origin’s legacy system

15 May 2023
  3. Get Energy Account Detail’ API fields 1 November 2023