Australia's open banking ecosystem includes a range of ways to access consumer data, but the one that offers the most options is to become an Accredited Data Recipient (ADR). Obtaining ADR status allows you maximum freedom within the open banking ecosystem, as you can access your customers' data, with their permission, and also use APIs like those offered by TrueLayer to connect with banks and other data holders. As you would expect, given that ADR status brings the privilege of ultimate flexibility, it is also the most complex to obtain.The time to make the application and be approved can take as long as 4-6 months, and there is a budget required for the legal and assurance reports alone. You may also be required to upgrade some internal processes before the Australian Competition and Consumer Commission (ACCC) approves your application.Everyone’s starting situation before beginning the application will be different, so there is no one-size-fits-all approach. We recommend researching the ADR requirements and starting your accreditation process as early as possible. Please reach out to us to discuss your needs and how we can help you in the process. To find out more about the specifics of becoming an ADR, you can download our guide here.
If becoming an ADR is the right go-to-market strategy for you, reach out to us to find out how we can help you through the process.
Are you ready to become an ADR?
The steps to becoming an ADR require you to prove you have internal processes, information security and IT systems that meet the ACCC's requirements for handling consumer financial data and comply with the CDR rules. Before launching your application, there are some resources you need to review first:- Accredited Data Recipient support package,
- Accreditation checklist
- Sample application forms
- Consumer Data Right Participant Portal user guide
Step 1: Apply
Your application to the ACCC outlines what you intend to use consumers' financial data for, identifies the key people involved, and shows you have the right processes in place.You must prove you can meet minimum security requirements, such as having Consumer Data Right (CDR)-compliant digital infrastructure that ensures customer data is safe and information security governance policies. You must also prove your business is prepared to take on the responsibility of handling consumer data within the open data framework. You must have a consumer-facing CDR policy, a fit and proper person policy and ongoing attestations for the individuals involved, and a dispute resolution process and policy to manage any complaints.Step 2: Assessment
The ACCC will assess the application and may ask for more information or even consult with other Australian and overseas government authorities, such as the Office of the Australian Information Commissioner (OAIC), Australian Prudential Regulation Authority (APRA) and Australian Securities and Investments Commission (ASIC).Step 3: Conformance Test Suite (CTS) and Onboarding
The Conformance Test Suite is a critical step as it allows potential ADRs to test their compliance with the Consumer Data Standards (CDS) and Consumer Data Right Register design. This testing takes place in a secure environment without exposing consumer data, nor interfering with live software products and brands.Participants must pass the Conformance Test Suite before they receive an ‘active’ status on the Consumer Data Right Public Register. You are ready to begin conformance testing when you have:- Passed accreditation as an ADR
- Have a production-ready ADR software product that follows the CDS and the CDR Register design
- Have access to the CDR Participant Portal
- Completed and submitted your CTS enrolment form
- Performed the tasks outlined in the CTS test preparation section
Step 4: Active
Once you've received accreditation and passed the final testing, you will have 'active' status on the Consumer Data Right Public Register and be ready to offer your customers access to open banking services.Your 9-step checklist to becoming an open banking ADR
- Create an account on the CDR Portal and review the ACCC ADR page
- Review the accreditation criteria, guidelines, FAQs, ADR resources, legal requirements, IT requirements and sample application. Prepare a business case and engage internal stakeholders
- Prepare an application on the CDR portal. Check out the sample application for the type of information you will need to provide
- Demonstrate Fit & Proper persons will manage CDR data. See 5.1 of CDR guidelines
- Demonstrate information security & controls, supported by an external assurance report (see RSM global assurance guide). See also 5.2 of the CDR guidelines
- Demonstrate suitable insurance coverage (see 5.4) and internal & external dispute resolution processes (see 5.3)
- The ACCC will review your application and request additional information where required
- The ACCC will provide you with a decision, and if successful, require CDR registration & testing
- Once accredited by the ACCC, you can commence onboarding
If becoming an ADR is the right go-to-market strategy for you, reach out to us to find out how we can help you through the process.
