Question 1

Accreditation: what's required?

Accepted Answer

In Australia, only providers accredited by the Australian Competition and Consumer Commission (ACCC) can offer services using the Consumer Data Right.  
The ACCC accreditation process is rigorous, and requires providers to demonstrate they meet a number of obligations, including insurance, information security, technical and operational capabilities. 
Wych's ACCC CDR conformance testing was completed early in March 2022 with full activation by the end of March.

Question 2

Accredited Data Recipient

Accepted Answer

Accredited data recipients are the ‘receivers’ in the Consumer Data Right system and receive a consumer’s data after the consumer has given consent. The providers can then use it, although only for the purpose the consumer has requested – for example, to request switching from one bank to another. 
To receive data a provider needs to apply to become an accredited data recipient under Consumer Data Right and pass a whole lot of tests relating to technical capability, insurance, privacy and security and dispute resolution. They must also demonstrate they can comply with strict requirements to receive data.

The amount of open consumer data will grow over time, as more and more providers become accredited across banking, finance and other industries like energy, telecommunications and more.

Question 3

API

Accepted Answer

API refers to a set of application programming interfaces (APIs) which in Open Banking allow authorised third-party service providers to access and use financial data held by banks and other financial institutions. 
These APIs enable secure communication between different software applications so they can share data and provide customers with more personalised and innovative financial services.
Some examples of services that can be built using open banking APIs include budgeting and financial management tools, payment initiation services, and loan and mortgage applications. Open banking APIs can also be used to enable customers to securely share their financial data with third-party providers, such as personal finance apps or accounting software.

Question 4

Consent

Accepted Answer

Consent is the principle where a customer gives express permission for the collection, use and disclosure of their data. In many regions it's a requirement to request  consent before interacting with a customer’s data. Without express consent, you should not able to collect, use, or disclose customer data. When a customer consents they are agreeing to a specific usecase, think of this as the "terms" of the consent.

This information needs to be shared with the customer when requesting their data:
 • Who is requesting access
 • What they are requesting access to
 • Why they are requesting access
 • How long is the access required for
 • How the data will be handled
 • How they can revoke consent

Question 5

Consumer Data Right (CDR)

Accepted Answer

Australia’s Consumer Data Right (CDR) gives consumers more control over their own data, enabling them to share it with accredited third parties so they can access better deals on everyday products and services.
The Consumer Data Right is an opt-in service, giving consumers the choice about whether to share their data, with full visibility of who it’s being shared with and the purpose for sharing it.
The CDR can make it easier to:
 • compare products and services
 • access better value and improved services
 • assist financial and cashflow management.
Information is transferred using secure automated data technology called APIs (application programming interfaces — are a software intermediary allowing two applications to talk to each other securely). 
Wych is an accredited CDR data recipient. We provide and maintain  integrations with over 100 data holders so our customers can focus on using the data and delivering better offers to customers.

Question 6

Data Holder

Accepted Answer

Data holders are the ‘givers’ in the Australian Consumer Data Right system. They hold the consumer data – for example, a bank or mortgage lender. 
Registered data holders are required to share a consumer’s data when the consumer directs them to, and only for the period of time allowed, which can be a single use or for a set period of time up to a maximum of one year, after which the consumer must provide consent again. they are required to provide a consent management system enabling a consumer manage their consent and privacy, including the right to be forgotten.
Wych can help providers in Australia do the heavy lifting on achieving and maintaining compliance as a data holder. Connect to the Australian CDR ecosystem using our white label Data Holder Service and significantly reduce operational costs. We provide consent management,  a full suite of APIs, identity and access management.

Frequently Asked Questions