Navigating the Journey to Accredited Data Recipient Status

For Non Bank & Consumer Lenders

If you're part of a non-bank lender (NBL) fintech or a consumer lending business, you know how manual loan processing slows down your operations. Moving towards open banking can transform your business by enabling faster, more accurate credit decisions.

But to access customer data through the Consumer Data Right (CDR) framework, you must become an Accredited Data Recipient.

This post guides you through what an Accredited Data Recipient is and how you can become one, so your fintech or lending business can thrive in the new data-driven landscape.

What Is an Accredited Data Recipient?

An Accredited Data Recipient is an organisation authorised by the Australian Competition and Consumer Commission (ACCC) to receive and use consumer data under the CDR rules. This status allows fintechs and lenders to access customer financial data securely and with consent, enabling better loan assessments, personalised offers, and faster approvals.

Being accredited means you meet strict requirements around data security, privacy, and operational capability. It also means you have passed a rigorous assessment process to ensure you handle consumer data responsibly.

For consumer lenders moving away from manual processes, becoming an Accredited Data Recipient is a key step to unlocking open banking benefits. It lets you automate data collection, reduce errors, and improve customer experience.

Why Your Lending Business Needs to Become Accredited

Manual loan processing often involves customers submitting bank statements, payslips, and other documents, which slows down approvals and increases risk. Open banking changes this by allowing direct, secure access to verified financial data.

By becoming an Accredited Data Recipient, your business can:

• Access real-time financial data with customer consent

• Automate credit assessments and reduce manual errors

• Speed up loan approvals and improve customer satisfaction

• Offer personalised lending products based on accurate data

• Stay compliant with evolving data privacy and security laws

  
  

Steps to Become an Accredited Data Recipient

The process to become accredited involves several clear steps. Here’s what you need to do:

1. Understand the CDR Rules and Requirements

Start by familiarising yourself with the Consumer Data Right rules, which outline how data must be handled, consent obtained, and security maintained. The CDR website provides detailed guidance.

2. Prepare Your Business for Accreditation

You must demonstrate your ability to:

• Protect consumer data with strong cybersecurity measures

• Obtain and manage customer consent properly

• Handle data requests and responses reliably

• Maintain operational resilience and incident management

  
  

This often means investing in secure IT infrastructure, staff training, and compliance processes.

Wych provides a structured compliance template to guide the collection of all required documentation. 

Request it via this link.

3. Complete the Technical Testing

You must also pass technical conformance testing. This ensures your systems can securely connect to data holders (like banks) and handle CDR data correctly.

A formal IT assessment will verify:

• Data management systems and controls

• Data storage locations and jurisdictional compliance

• Application hosting environments and jurisdictions

• Security architecture and access controls

  
  

4. Apply for Accreditation with the ACCC

Wych facilitates the application through a formal CDR Representative arrangement, whereby your organisation operates under Wych's ACCC-issued license. 

Upon completion of the compliance assessment and technical testing, Wych is required to formally notify the ACCC of the CDR Representative arrangement.

Appointment as a CDR Representative under the Wych license requires your organisation to demonstrate full compliance with CDR legislative obligations. 

The ACCC reviews your application and may request additional information or clarifications.

5. Get Listed on the CDR Register

Once the ACCC has received formal notification of your request to become a CDR Representative, your application will be submitted for review in the Registrar’s bi-monthly regulator meetings.

If your application is accepted, you will need to be formally activated on the register. This listing allows data holders to recognise your status and share data with you.

Practical Tips for a Smooth Accreditation Process

• Start early: The process can take up to 90 days, so plan accordingly.

• Engage experts: Consider working with experts to guide you.

• Invest in security: Strong cybersecurity is non-negotiable for approval.

• Document everything: Keep clear records of policies, procedures, and testing results.

• Train your team: Ensure everyone understands CDR obligations and data privacy.

  
  

What Happens After You Become Accredited?

Once accredited, your fintech or lending business can:

• Request customer data directly from banks and other data holders

• Use data to improve credit risk models and loan offers

• Build new products that rely on open banking data

• Maintain ongoing compliance through audits and reporting

  
  

Remember, accreditation is not a one-time event. You must continuously meet CDR requirements and update your systems as rules evolve.

Becoming an Accredited Data Recipient is a critical step for NBL fintechs and consumer lenders aiming to modernise loan processing.

It opens the door to faster, smarter lending decisions and better customer experiences.

By following the ACCC’s process carefully and investing in compliance, your business can join the growing number of lenders benefiting from open banking.