About the schedule

The ACCC monitors and enforces compliance with the CDR obligations set out in the Competition and Consumer Act 2010 (Cth), the Competition and Consumer (Consumer Data Right) Rules 2020 (the CDR Rules) and the Consumer Data Standards.

Data holders’ obligations commenced on various dates - see the CDR rollout.

This rectification schedule sets out information provided by data holders to the ACCC. We have published this information to provide a reference for accredited data recipients and consumers regarding potential issues in data holders’ CDR implementations.

We expect data holders to promptly rectify their non-compliance or face possible enforcement consideration in line with the ACCC/OAIC Compliance and Enforcement Policy for the Consumer Data Right. Listing an issue on this rectification schedule does not preclude the ACCC from pursuing compliance or enforcement action in-line with this policy.

Data holders that are not currently active on the CDR Register and do not have an exemption from this requirement are listed in a separate rectification schedule.

This table is current as at 2 August 2022.

Major data holders

The data holders listed in the table below are the four major data holders and their non-primary brands.

Data holder (brand)

Issue

Proposed resolution date

Australia and New Zealand Banking Group (ANZ)

1. Closed Joint Accounts

Joint account holders will not be able to share a closed joint accounts.

2. Secondary Users on Joint Accounts

Customers classified as a secondary user will not be able to share an active or closed account joint accounts.

3. Notification schedule preference

Customer will not have the ability to set alternative notification schedule, namely not to receive notifications. Customers will receive all notifications as required by the rules.

27 August 2022

Data holder (brand)

Issue

Proposed resolution date

Commonwealth Bank of Australia (CBA)

1. CBA – Corporate credit cards

For six Corporate Credit Card products, the following information is not available for data sharing: rates, annual fees, and individual cardholder transactions.

The six products are: Corporate Charge Card; Business Liability Business Credit Card; Mastercard Corporate; Corporate Credit Card; Procurement Management Account; and Virtual Cards.

2. CBA – Registration of consent

CBA will display an active consent on a consumer dashboard if the CDR consent authorisation process fails due to a JWKS key rotation

31 August 2022

 

3. Bankwest – IsActivated field in the Account Details API

Individual account features will default to ‘activated’ even if they should be disclosed as ‘inactivated’.

30 November 2022

 

Data holder (brand)

Issue

Proposed resolution date

National Australia Bank Limited (NAB)

1. Joint Account Uplift

Disclosure Options Management Service will not be available for Joint Account holder to change or propose a change to the disclosure option that applies to an account. Instead the existing Joint account election will continue to be available to the account holders.

29 July 2022
 

2. Foreign Currency Accounts.

Data sharing is not currently available for foreign currency accounts jointly owned by individual customers and foreign currency accounts owned by non-individual customers.

September 2022

Data holder (brand)

Issue

Proposed resolution date

Westpac Banking Corporation

Brand:

Westpac

1. Customers with >100 accounts - Westpac:

Customers with >100 accounts are unable to grant and manage consent.

2. New Joint Account Functionality

The data sharing of joint accounts continues under join-account-management service, under the previous joint account rules set out in Compilation 3 of the Competition and Consumer (Consumer Data Right) Rules 2020.

The new joint account capability under the latest CDR Rules is not yet available for joint accounts. This includes disclosure-option-management service and notifications requirements for joint account holders.

3. Secondary Users Data-Sharing on Joint Accounts

Account holders are unable to nominate secondary users to data-share on joint accounts.

4. Profile Scope

Authorisation requests for profile scope are not yet supported.

14 August 2022

Westpac Banking Corporation

Brand:

St.George, Bank of Melbourne, BankSA, RAMS, BT, Asgard

5. New Joint Account Functionality

Data sharing of Joint Accounts is not yet available

6. Profile Scope

Authorisation requests for profile scope are not yet supported.

14 August 2022

Non-major data holders

Data holder (brand)

Issue

Proposed resolution date

Australian Central Credit Union Ltd (T/a People’s Choice Credit Union)

1. Data is refreshed once per day, overnight

To be confirmed

 

 

2. Payee data is refreshed once per day, overnight and Get Payees, Get Payee Detail API v2

25 August 2022

Australian Mutual Bank Limited

1. Incorrect handling of response type of code without JARM (Variation 1)

Authorisation Endpoint - Testing of fapirw-id2-ensure response-type-code-fails – allows consent flow without JARM being enforced.

2. Invalid x.fapi-interaction-id does not error

Requests made to API endpoints with malformed x-fapi-interaction-id solution does not produce an error. Impacts all API endpoints.

3. Invalid updated-since for Get Products returns incorrect error

Returns an error of decryption failed rather than Code 404.

31 August 2022
 

4. Incorrect handling of response type of code without JARM (Variation 2)

Authorisation Endpoint – testing fapirw-id2-ensure-response-type-codefails – Submit a PAR request and initiate consent flow. Error produces but JARM encoded despite JARM not being requested. Should Reject.

5. Unable to perform registration with both hybrid and code only flows

During testing unable to perform a registration that allows both methods to be registered at the same time.

6. Incorrect error for missing x-v

Response and error code incorrect – should return Code 400 Header/Missing.

7. Incorrect error for invalid x-v

Response and error code incorrect – should return Code 400 Header/Missing

8. Invalid x-cds-client-headers does not error

Should return Code 400 Header/Missing but no error being produced.

9. Invalid x-fapi-customer-ip-address does not error

When requests are made to API endpoints with a malformed x-fapicustomer-ip-address header the solution does not produce an error.

10. Negative page & page-size does not error

When requests are made to API endpoints with a page or page-size value which is negative the solution does not produce an error.

The solution must present a http response code of 400 with a field/invalid error payload.

11. Page beyond last page produces unexpected Error

When requests are made to all paginated endpoints with a large invalid page value the solution responds with GeneralError/Unexpected.

The solution must present a http response code of 400 with a Field/Invalid error payload.

12. Invalid product category does not error

When requests are made to Product API endpoints with an invalid productcategory requests are not rejected.

The solution must present a http response code of 400 with a Field/Invalid error payload.

13. Invalid payee type does not error

When requests are made to Get Payees API with an invalid type parameter requests are not rejected.

The solution must present a http response code of 400 with a Field/Invalid error payload.

14. Invalid is-owned for Get Accounts does not error

When requests are made to Get Accounts with an invalid open-status the request is not rejected

The solution must present a http response code of 400 with a Field /Invalid error payload

15. Invalid effective for Get Products does not error

When requests are made to Get Products with an invalid effective value the request is not rejected.

The solution must present a http response code of 400 with a Field/Invalid Error payload.

16. Invalid open-status for Get Accounts does not error

When requests are made to Get Accounts with an invalid open-status the request is not rejected.

The solution must present a http response code of 400 with a Field/Invalid error payload

17. Invalid min-amount for Get Transactions returns incorrect error

When requests are made to Get Transactions with an invalid minamount parameter the solution responds with GeneralError/Unexpected.

The solution must present a http response code of 400 with a Field/Invalid error payload.

18. Invalid oldest-time for Get Transactions returns incorrect error

When requests are made to Get Transactions with an invalid oldesttime parameter the solution responds with GeneralError/Unexpected.

The solution must present a http response code of 400 with a Field/Invalid error Payload

19. Invalid updated-since for Get Products returns incorrect error

When requests are made to Get Products with an invalid updated-since parameter the solution responds with GeneralError/Unexpected.

The solution must present a http response code of 400 with a Field/Invalid error payload.

20. Schedules Payments nextPaymentDate Incorrectly Formatted

Within the response structure for scheduled payments the nextPaymentDate attribute within the data.scheduledPayments[].recurrence is incorrectly returned as an RFC3339 formatted date when it must be a CDR Date String of the format YYY_MM_DD.

21. Enter Key caused Cancel to be selected

When proceeding through the consent flow if the Enter key is used (such as accessibility scenarios) the Cancel button is selected rather than Next. This means “mouse-less” operations are impossible to establish an arrangement.

22. Input validation is absent or nonfunctional

Inputs are not validated resulting in noncompliance with specification. Including:

  • URI validation for additionalInfoUri
  • Integer enforcement for minimum age of years additionalValue eligibility criteria
  • Allowing additionalValue eligibility types which do not require it
  • Allowing additionalValue for feature types which do not require it
  • ISO-8601 duration format for additionalValue related to interest free periods
  • No requiring additionalValue for residency status

23. No country presented as blank string

When the country is not known or expected to be defaulted the solution produces a blank string rather than null or an absent attribute.

31 October 2022

Australian Unity Bank Limited

 

 

1. PNR Access to Customer Consent Dashboard

Australian Unity Bank staff cannot access the customer’s consent dashboard in the Ultracs core banking system to view and/or edit customer consents.

2. Register

If ACCC changes the status of an accredited DR Australian Unity Bank can confirm that the solution stops the data sharing, but Australian Unity Bank cannot verify consent invalidation and registration clean up.

3. Get Transaction for Account

Accredited DR receives transaction details but it may not receive extended information about the transaction. (is DetailAvailable)

31 August 2022

 

4. Profile Scope Data Language

Not able to meet the mandate prescribed date 01 July 2022.

30 September 2022

Bank Australia Limited

1. Profile Scopes

Not able to meet the mandate prescribed date 01 July 2022.

2. Inconsistent Nickname & payeeReference in Scheduled Payment dataset.

3. Rate information for some accounts consumed from Product Catalogue for Get Account Details API.

30 September 2022

 

4. Some internal transactions appearing in transaction history.

5. Osko Payments not appearing in Get Transaction Details during nightly processing.

30 November 2022
Bank of China (Australia) Limited 1. Field “maxRedraw” of BankLoanAccountV2 is not available as it is incorrect. This issue arises as a consequence of splitting a mortgage account into two or more mortgage accounts (e.g. splitting an existing loan into fixed rate and variable rate loan new accounts). 1 October 2022
Bank of Queensland Ltd 1. Some optional fields in relation to Payees, Direct Debits and Scheduled payments will not be available with the rest of the account data on 1 July 2022. 31 October 2022
 

2. Majority of BOQ Specialist customers will need manual intervention to allow data sharing.

3. Product Reference Data (PRD) Get Metrics API data not being reported.

16 December 2022
 

4. Data Latency

Currently, data presented via the CDR Banking API is not commensurate with data presented via other primary digital channels.

31 March 2023
 

5. Pending transactions are not currently shared.

6. Product data optional fields missing in Get Account Detail API.

TBD

Bendigo and Adelaide Bank Ltd

Brand:

Bendigo Bank

1. Historical transactions (in 2017) are not available 30 September 2022
 

2. Data sharing is not currently available for Equipment Finance products

1 July 2023

Bendigo and Adelaide Bank Ltd

Brand:

Rural Bank

3. Rural Bank CDR data is not yet available 31 December 2022

Bendigo and Adelaide Bank Ltd

Brand:

Alliance Bank

4. Alliance Bank – BDCU CDR data is not yet available 31 December 2022
 

5. Alliance Bank – Circle CDR data is not yet available

30 April 2023
 

6. Alliance Bank – Service One CDR data is not yet available

7. Alliance Bank – NOVA CDR data is not yet available

8. Alliance Bank – AWA CDR data is not yet available

30 June 2023

Data holder (brand)

Issue

Proposed resolution date

Coastline Credit Union Ltd

 

1. Obscure email notification when removing sharing for Frollo

2. Failed to get authorisations for member error message in IB Manage Data Sharing

3. Transaction Long Description - Final part of Fix - TL Journal transactions

4. Transaction Long Description - Fix for ATM Tran Log transactions

5. Get transactions not showing full transaction history

6. End to end ID missing on NPP payments

7. Internal transaction should be shown in transaction history

8. Sharing and API data during the nightly processing – locked data.

1 August 2022

 

9. Server Errors when trying to retrieve DirectDebit data

10. HL Transaction History reconciliation - missing transactions and amount mismatch

11. Get Account Details Re Home Equity Advantage

12. Get Scheduled Payments, Calculated payment

7 August 2022
 

13. Revoking sharing arrangement - email notification not always received

14. Schedule Payments - Transfer amount and Nickname appearing as "Test"

15. Schedule payment nickname incorrect

16. Data61 Get Customer Detail City field is a mandatory field and should not be null

17. No Payee Name in Get Transaction Detail when BSB/Account is used

18. 'Specific Account' APIs returning multiple results when the same account id is passed several times

19. Effective_to date not working as expected

20. Get Customer Detail - Rate not displaying

21. Fee Discounts not flowing through to GetAccountDetails

22. Rates appearing in Get Account Details API but not configured in PRD

23. Scheduled payment APIs - payerReference & payeeReference should return empty string if no data provided

24. Data61 conditional field - Missing Nickname & payeeReference in BankingScheduledPaymentTo

25. Additional Payees in API not showing in Internet Banking

26. Sharing Arrangements During the Nightly - Accounts Missing

27. GET Direct Debits for Account - Incorrect Debits showing

28. Credit Card accounts not showing credit limit when in NonAccrual status

29. Osko Payments During Nightly - Not showing Detail

30. Get Account Details API - Product Reference Data null on some grandfathered products

31. Overdraft can show incorrect Rate

15 August 2022
 

32. One time passcode email notification has no subject line

33. Get Direct Debits for Specific Accounts

34. Customised Fees in PRD not showing against GetAcctountDetail

35. Get Direct Debits | Only Supplier is Displayed

36. GetAccountdetail - Comparison Rate not appearing

37. Get Direct Debits for Account - Authorised Entity

23 August 2022
  38. Service delivery: Profile Scopes and FAPI v1.0 phase 2 implementation 1 October 2022
Credit Union SA Ltd

1. Profile Scopes

Implementation delayed

1 October 2022

 

 

2. Direct debits details do not include the description of the authorised entity or name of the Fl which the direct debit is being executed by or the nickname

3. Loan repayments with a calculated repayment type has a null value

4. During the end of day processing some accounts are not being displayed as eligible for data sharing in CDR

5. Product comparison rate is not showing for all lending products

6. Credit card with a positive balance shows a PaymentAmount and DueAmount which should be null

7. Cheque number is not included in the long description for cheque withdrawals

8. Duplicate Account ID's are being provided for 2 separate items

9. Missing transaction long description

10. Null return for last debit date time and amount for old direct debits

11. Same direct debit supplier showing in API multiple times

31 December  2022

Dnister Ukrainian Credit Co-operative Ltd

 

 

1. Sharing Arrangements During the Nightly - Accounts Missing

31 October 2022

 

Data holder (brand)

Issue

Proposed resolution date

Fire Service Credit Union Ltd

 

1. End to end ID missing

2. Get Direct Debits for Account – Authorised Entity

3. Sharing Arrangements During the Nightly - Accounts Missing

4. Data61 conditional field - Missing Nickname & payeeReference in BankingScheduledPaymentTo

5. Get Customer Detail – Rate not displaying

6. effective to date not working as expected

7. Transaction Long Description - DAEV to work with CBS Fix for ATM Tran Log transactions

8. Transaction Long Description - Final part of Fix - TL_Journal transactions

9. 'Specific Account' APIs returning multiple results when the same account id is passed several times

10. Get Direct Debits for Specific Accounts

11. MI9 - Error  returned for call "Get Transaction Detail"

12. [MI9] Get Customer Details API returned Physical Address details when Physical Address details are not provided in CBS

13. Profile Scopes

31 December 2022

First Choice Credit Union Ltd

1. End to end ID missing

2. Get Direct Debits for Account – Authorised Entity

3. Sharing Arrangements During the Nightly - Accounts Missing

4. Data61 conditional field - Missing Nickname & payeeReference in BankingScheduledPaymentTo

5. Get Customer Detail – Rate not displaying

6. effective to date not working as expected

7. Transaction Long Description - DAEV to work with CBS Fix for ATM Tran Log transactions

8. Transaction Long Description - Final part of Fix - TL_Journal transactions

9. 'Specific Account' APIs returning multiple results when the same account id is passed several times

10. Get Direct Debits for Specific Accounts

11. MI9 - Error  returned for call "Get Transaction Detail"

12. [MI9] Get Customer Details API returned Physical Address details when Physical Address details are not provided in CBS

13. Profile Scopes

31 December 2022

Gateway Bank

1. Profile Scope delivery delay 30 September 2022

 

Data holder (brand)

Issue

Proposed resolution date

Hume Bank Limited

1. As a regional bank we have not always captured local phone numbers with their area code. Some member details also pre-date 8-digit local telephone numbering. Some members are international but don’t have E.164-compliant telephone numbers recorded. Therefore, when a private or business phone number is sourced the area code may be empty or the number not a full 10-digit string. This can result in a null areaCode or an incorrectly formatted fullNumber. This issues predominantly affects old and inactive accounts.

22 December 2022

llawarra Credit Union Ltd

1. Historical CDR data available from 1 January 2017: Transactional data is not available from 1 January 2017 to 1 October 2018. Transactional data is available from 2 October 2018 onwards.

Illawarra Credit Union is unable to restore the transactional data to be available for CDR requests.

Historical transactional data is available to consumers through internet banking in PDF format.

No proposed resolution date

Laboratories Credit Union

1. Over the past 90 days (3/19/2022 to 6/16/2022), our brand has been identified as providing GetMetrics data that does not meet the Non-functional Requirements of the Consumer Data Standards. 31 August 2022
 

2. Incorrect handling of response type of code without JARM (Variation 1).

3. Invalid x-fapi-interaction-id does not error.

4. Invalid updated-since for Get Products returns incorrect error.

5. Profile Scopes not appearing in requested clusters.

30 September 2022

Macquarie Bank Ltd

 

1. ID Permanence

Obfuscation of the Customer Identifier in the Profile Scope.

31 August 2022

 

2. ID Permanence

Changes in the tokenisation of all the Resource Identifiers (other than Customer Identifier) in the Profile Scope to meet the CDR Standards requirements.

31 October 2022
 

3. GETTransaction Details – OSKO in-bound payments

The CDR Standards requirements relating to the NPP OSKO overlay service (X2P1.01) for inbound payments to Macquarie Transaction (including Offset), Savings, Business Savings Accounts (when publicly launched) and Aussie Home Loans Transaction (including Offset) Accounts.   

15 December 2022
Newcastle Permanent Building Society Limited

1. Data gap of Business Credit Card account data when the owner is a sole trader

Data gap identified during UAT whereby NPBS is not able to share any account data for our business credit card product where the owner is a sole trader.

2. Performance times not aligned to non- functional requirements in limited cases

Testing has identified that NPBS response times for some endpoints are greater than the required response times. Average response time over all endpoints is currently 2.6 seconds.

3. Emojis not included in transaction description field

Transactions containing emojis - are not translated into unicode - instead a '?' is returned.

4.‘BankingScheduledPaymentTo’ schema response providing incorrect ‘ToUtype’ in specific limited cases

For ‘scheduledPayments’ data requests, whereby the second owner has established the scheduled payment, the data is providing an Incorrect 'ToUtype' and detail.

5. Error response for scheduled multi-part payments

Get Scheduled Payments Bulk, Get Scheduled Payments for Account, and Get Scheduled Payment For Specific Account, will fail (500 error) if an account includes a scheduled multi-part payment.

6. Credit Card transaction detail latency may not be commensurate to the primary digital channel.

The ‘getTransactionDetail’ and ‘getTransactionsForAccount’ request will include relevant data however data latency may not be commensurate to primary digital channel.

1 November 2022

Data holder (brand)

Issue

Proposed resolution date

PayPal Australia Pty Ltd (PPAU) 1. The last payment date/time and last payment amount information is not being returned within the Direct Debit API. In addition, the merchant name is not being returned within the Scheduled Payments API.  This impacts consents related to our personal and premier digital wallet accounts. 19 August 2022
  2. When amending the scope or duration of a consent, PPAU’s consumer dashboard solution does not explicitly indicate where a dataset is being added or a disclosure duration is being amended, noting that the consent flow does present the proposed dataset and duration, as amended.  This impacts consents related to our personal and premier digital wallet accounts. 30 September 2022

Police & Nurses Limited

Brands:

P&N Bank

bcu

1. OBS-732: Nickname & payee reference not displaying in schedule payment information.

29 July 2022

 

2. OBS-607, OBS-592, OBS-523: Missing VISA transaction long description – interim fix implemented, full description displays the day after the transaction is processes

3. OBS-717, OBS-690: Some Direct Debits not displayed

4. OBS-761: Some Direct Debits duplicated

5. OBS-766: PRD – Additional Value on constraints is not displayed with 2 decimal places, when there is an amount

6. OBS-697: Sharing Arrangements during the nightly refresh of the Core Banking System, do not display any data

7. OBS-665, OBS-765: GetAccountdetails – Comparison rate not displaying on existing product a member holds

8. OBS-676: Scheduled Payments, a Calculated repayment payment is not showing as Calculated

9. OBS-572: Reference displayed on transaction in internet banking is not displayed

10. Profile Scope Data Language

30 September 2022
Qudos Bank 1. Profile Scopes
Delivery of Profile Scopes functionality
1 October 2022

Queensland Country Bank Ltd

 

1. Missing transaction long description – interim fix

2. Missing nickname & payee reference in banking scheduled payment to

31 July 2022

 

3. Get Scheduled Payments, Calculated payment

4. Sharing Arrangements During the Nightly - Accounts Missing

5. End to end ID missing

6. GetAccountDetail- Comparison rate not appearing

30 September 2022
  7. Profile Scopes Data Language Standard (mandatory from 1 July 2022) 31 January 2023

Data holder (brand)

Issue

Proposed resolution date

Rabobank Australia Ltd

1. Data sharing is not currently available for recurring payments on debit cards made by Farm Business customers who are an individual or a sole trader.

2. Data for accounts closed by Farm Business customers within the last 2 years is not currently available for individuals or sole trader that have two or more customer IDs linked to the same login username/password and all the accounts for one of the customer IDs are closed.

3. The optional debit card product feature defaults to activated for all Cash Management accounts held by Farm Business customers who are an individual or a sole trader.

1 November 2022

Southern Cross Credit Union Ltd

 

1. A customer revoking data sharing consent in Internet Banking does not send a valid revocation message to the ADR, albeit data-sharing consent is revoked in SCCU’s core banking system and no member data is at risk of being shared without consent. We continue to escalate this issue with our software provider who is working on a solution.

31 August 2022

Summerland Financial Services Ltd

 

1. Get Account Detail - Comparison Rate not appearing correctly

2. Get Direct Debits for Account - Authorised Entity missing

3. Get Scheduled Payments – Non-Calculated Payment being flagged as calculated

4. Creating sharing arrangements during the System Nightly process is resulting in Accounts Missing

30 September 2022

Data holder (brand)

Issue

Proposed resolution date

Teachers Mutual Bank Ltd

1. Invalid x-fapi-interaction-id does not error

2. Invalid account-id for Get Banking Accounts returns incorrect error

Prior 15 August 2022
 

3. Unable to perform registration with both hybrid and code only flows

4. Incorrect error for missing x-v

5. Invalid x-cds-client-headers does not error

6. Invalid x-fapi-customer-ip-address does not error

7. Negative page & page-size does not error

8. Page beyond last page produces unexpected Error

9. Invalid product category does not error

10. Invalid payee type does not error

11. Invalid is-owned for Get Accounts does not error

12. Invalid effective for Get Products does not error

13. Invalid open-status for Get Accounts does not error

14. Invalid min-amount for Get Transactions returns incorrect error

15. Invalid oldest-time for Get Transactions returns incorrect error

16. Invalid updated-since for Get Products returns incorrect error

17. Schedules Payments nextPaymentDate Incorrectly Formatted

18. Enter Key caused Cancel to be selected

19. No country presented as blank string

31 October 2022

The Broken Hill Community Credit Union Ltd

1. Maintenance Iteration 9

31 August 2022

 

2. Profile Scopes

3. FAPI v 1.0

1 October 2022
 

4. Osko Payments during the nightly – Not showing detail

5. One time passcode email notification no subject line

6. Get Calculated Payments, Calculated Payment

7. Effective to date not working as expected

8. Schedule payment nickname incorrect

9. Server errors when trying to retrieve DirectDebit data

10. Get Direct Debits for Account – Authorised Entity

11. Get Account Details Re Home Equity Advantage

12. Overdraft Incorrect Rate

13. Revoke sharing arrangement – Email notification not received

14. Internal transaction shown in transaction history

15. End to end ID missing

16. Additional Payees in API not showing in IB

17. No Payee Name in Get Transaction Detail when BSB/Account is used

18. Transaction Long Description – DAEV to work with CBS fix for ATM Tran Log Transactions

19. Transaction Long Description – Final part of fix – TL Journal Transactions

31 December 2022

WAW Credit Union Co-Operative Ltd

 

1. Get Customer Details - areaCode and fullNumber in CommonPhoneNumber for purpose HOME  

Ongoing