WANT ACCESS TO CONSUMER DATA?

Becoming A CDR Representative
The Accreditation Process

Under the Consumer Data Right regime administered by the Australian Competition and Consumer Commission (ACCC), entities seeking to access and share consumer financial data are legally obligated to obtain Data Recipient accreditation.

Wych facilitates this accreditation through a formal CDR Representative arrangement, whereby your organisation operates under Wych's ACCC-issued license.

This is not merely a commercial agreement - it is a legally binding arrangement governed by the Competition and Consumer Act 2010 and CDR Rules.

Regulatory Compliance Requirements

(What You’ll Need To Provide)

Appointment as a CDR Representative under the Wych license requires your organisation to demonstrate full compliance with CDR legislative obligations.

You must provide comprehensive evidence of your:

Information security framework and controls
Privacy and consent management systems
Data handling, usage and storage protocols
Governance and risk management procedures

The Accreditation Process

Wych will guide you through the ACCC's accreditation requirements, ensuring your organisation meets all statutory obligations for consumer data protection.

This process involves rigorous assessment of your systems and policies to ensure compliance with the CDR regime's strict security and privacy standards.

This process involves 5 distinct stages, over an approximate 90 Day Duration period.

Get Started

Timeframe:

Up to 8 weeks

Responsible:

The Data Recipient

API Developer Agreement & Build

Register your entity (Link here)
Sign the API Developer Agreement to access our API and interact with our software
Wych will provide you with an account and API credentials to access the API
Select an API package -Tier-based, invoiced monthly from contract date
Build and validate the data you want to share including penetration testing

Timeframe:

Up to 14 days

Responsible:

Wych & The Data Recipient

Mandatory Compliance Assessment

As your accrediting Data Holder, Wych bears legal responsibility under the CDR Rules to assess and verify that your organisation maintains continuous compliance with ACCC requirements.
This is a statutory obligation we must fulfill before and throughout your appointment as a CDR Representative.

Required Documentation and Policy Review

Your organisation must undergo a comprehensive compliance assessment covering:

Information security policies and frameworks
Privacy and consent management procedures
Data handling, usage, retention and destruction protocols
Professional indemnity and cyber insurance coverage
Technical and operational capabilities

Wych will provide a structured compliance template to guide the collection of all required documentation.

This template reflects the ACCC's assessment criteria and ensures nothing is omitted.

Policy Verification and Remediation

Our compliance team will conduct a thorough review of your submitted policies against CDR legislative requirements.

Where gaps or inconsistencies are identified - including matters relating to security controls, data storage, processing locations, or use restrictions - you will be required to remediate these before accreditation can proceed.

Technical Infrastructure Assessment

A formal IT assessment is mandatory to verify:

Data management systems and controls
Data storage locations and jurisdictional compliance
Application hosting environments and jurisdictions
Security architecture and access controls

Regulatory Non-Negotiables

The CDR regime establishes strict, non-negotiable requirements for consumer data protection.

Wych's assessment ensures your organisation meets these legislative standards before we can confirm your suitability to the ACCC.

Timeframe:

2 days

Responsible:

Wych

Formal ACCC Notification and Liability Framework

Upon completion of the compliance assessment, Wych is required to formally notify the ACCC of the CDR Representative arrangement.
This notification must occur within 5 business days of commencement of the arrangement and confirms that your organisation has satisfied all statutory requirements for appointment as a CDR Representative under Wych's unrestricted accreditation.

This notification constitutes Wych's formal attestation to the regulator that your organisation meets the legislative standards required to operate under our accreditation.

Principal Liability Under CDR Legislation

Operating as a CDR Representative under Wych's unrestricted accreditation means that Wych, as the CDR Representative Principal, assumes full legal liability under the CDR Rules for your organisation's use and disclosure of consumer data.

Under section 56ED(3) of the Competition and Consumer Act 2010 and the CDR Rules, Wych is legally responsible for:

All CDR data handling activities conducted by your organisation
Compliance with Privacy Safeguards 1-13
Adherence to all CDR Rules governing data collection, use, storage and disclosure
Any breach of consumer data protection obligations

This liability framework is non-negotiable and is prescribed by the Competition and Consumer Act 2010.

It underscores why Wych's compliance assessment must be rigorous and why ongoing adherence to CDR obligations is mandatory throughout the arrangement.

Timeframe:

2-4 Weeks

Responsible:

Wych & ACCC

Approval & Activation

Once the ACCC has received formal notification of your request to become a CDR Representative, your application will be submitted for review in the Registrar’s bi-monthly regulator meetings.
If your application is accepted, Wych will be notified directly.
Once we receive confirmation, we will formally activate you within 48 hours.

Ready to get started?

Data Recipients

Data Holders

WANT ACCESS TO CONSUMER DATA?

Becoming A CDR Representative
The Accreditation Process

Regulatory Compliance Requirements

(What You’ll Need To Provide)

The Accreditation Process

Timeframe:

Up to 8 weeks

Responsible:

The Data Recipient

API Developer Agreement & Build

Timeframe:

Up to 14 days

Responsible:

Wych & The Data Recipient

Mandatory Compliance Assessment

Timeframe:

2 days

Responsible:

Wych

Formal ACCC Notification and Liability Framework

Timeframe:

2 Business Days

Responsible:

Wych

CDR Representative Contract

Timeframe:

2-4 Weeks

Responsible:

Wych & ACCC

Approval & Activation

Ready to get started?

Data holder
Your data sharing requirements
Activate CDR
Achieve compliance
View technical documentation

Data recipient
Access CDR
Your Compliance Requirements
90 day process
View technical documentation

Policies
Open Financial Data
CDR Policy
Disputes Policy
Open Data Dictionary
Terms & Conditions
Privacy Policy

Get started
Contact Us
Set up a Free Account
Request a Demo
FAQ

WANT ACCESS TO CONSUMER DATA?

Becoming A CDR Representative The Accreditation Process

Regulatory Compliance Requirements

(What You’ll Need To Provide)

The Accreditation Process

Timeframe:

Up to 8 weeks

Responsible:

The Data Recipient

API Developer Agreement & Build

Ready to get started?

Data holder Your data sharing requirements Activate CDR Achieve compliance View technical documentation

Data recipient Access CDR Your Compliance Requirements 90 day process View technical documentation

Policies Open Financial Data CDR Policy Disputes Policy Open Data Dictionary Terms & Conditions Privacy Policy

Get started Contact Us Set up a Free Account Request a Demo FAQ

Becoming A CDR Representative
The Accreditation Process

Data holder
Your data sharing requirements
Activate CDR
Achieve compliance
View technical documentation

Data recipient
Access CDR
Your Compliance Requirements
90 day process
View technical documentation

Policies
Open Financial Data
CDR Policy
Disputes Policy
Open Data Dictionary
Terms & Conditions
Privacy Policy

Get started
Contact Us
Set up a Free Account
Request a Demo
FAQ