Navigating the Journey to Accredited Data Recipient Status

For Non Bank, PFM Apps & Fintechs

If you're ready to access compliant, secure customer financial data to transform your business, you'll need to become an Accredited Data Recipient.

This post guides you through what an Accredited Data Recipient is and how you can become one, so your fintech or lending business can thrive in the new data-driven, opne banking landscape.

What Is an Accredited Data Recipient?

An Accredited Data Recipient is an organisation authorised by the Australian Competition and Consumer Commission (ACCC) to receive and use consumer data under the CDR rules. This status allows fintechs and lenders to access customer financial data securely and with consent, enabling better loan assessments, personalised offers, and faster approvals.

Why Your Business Needs to Become Accredited

You can't just ask a bank for someone's transaction history and expect to receive it — the government has built a formal gatekeeping system to protect consumers - The CDR Framework.

The CDR framework is built on the principle that consumers own their data, not the banks. If anyone could request that data, it creates enormous privacy and fraud risk.

Accreditation is essentially the government saying: "We've vetted this business, checked their security practices, and trust them to handle sensitive financial data responsibly."

Being accredited means you meet strict requirements around data security, privacy, and operational capability. It also means you have passed a rigorous assessment process to ensure you handle consumer data responsibly.

By becoming an Accredited Data Recipient, your business can:

• Access real-time financial data with customer consent

• Automate credit assessments and reduce manual errors

• Speed up loan approvals and improve customer satisfaction

• Offer personalised lending products based on accurate data

• Stay compliant with evolving data privacy and security laws

  
  

Steps to Become an Accredited Data Recipient

The process to become accredited involves several clear steps. Here’s what you need to do:

1. Understand the CDR Rules and Requirements

Start by familiarising yourself with the Consumer Data Right rules, which outline how data must be handled, consent obtained, and security maintained. The CDR website provides detailed guidance.

2. Prepare Your Business for Accreditation

You must demonstrate your ability to:

• Protect consumer data with strong cybersecurity measures

• Obtain and manage customer consent properly

• Handle data requests and responses reliably

• Maintain operational resilience and incident management

  
  

This often means investing in secure IT infrastructure, staff training, and compliance processes.

Wych provides a structured compliance template to guide the collection of all required documentation. 

3. Complete Technical Testing

You must also pass technical conformance testing. This ensures your systems can securely connect to data holders (like banks) and handle CDR data correctly.

A formal IT assessment will verify:

• Data management systems and controls

• Data storage locations and jurisdictional compliance

• Application hosting environments and jurisdictions

• Security architecture and access controls

  
  

4. Apply for Accreditation

Wych facilitates the application through a formal CDR Representative arrangement, whereby your organisation operates under Wych's ACCC-issued license. 

Upon completion of the compliance assessment and technical testing, Wych is required to formally notify the ACCC of the CDR Representative arrangement.

Appointment as a CDR Representative under the Wych license requires your organisation to demonstrate full compliance with CDR legislative obligations. 

The ACCC reviews your application and may request additional information or clarifications.

5. Get Listed on the CDR Register

Once the ACCC has received formal notification of your request to become a CDR Representative, your application will be submitted for review in the Registrar’s bi-monthly regulator meetings.

If your application is accepted, you will need to be formally activated on the register. This listing allows data holders to recognise your status and share data with you.

Practical Tips for a Smooth Accreditation Process

• Start early: The process can take up to 90 days, so plan accordingly.

• Invest in security: Strong cybersecurity is non-negotiable for approval.

• Document everything: Keep clear records of policies, procedures, and testing results.

• Train your team: Ensure everyone understands CDR obligations.

  
  

What Happens After You Become Accredited?

Once accredited, your fintech or lending business can:

• Request customer data directly from banks and other data holders

• Use data to improve credit risk models and loan offers

• Build new products that rely on open banking data

• Maintain ongoing compliance through audits and reporting

  
  

Remember, accreditation is not a one-time event. You must continuously meet CDR requirements and update your systems as rules evolve.

Becoming an Accredited Data Recipient is a critical step for NBL fintechs and consumer lenders aiming to modernise loan processing.

It opens the door to faster, smarter lending decisions and better customer experiences.

By following the ACCC’s process carefully and investing in compliance, your business can join the growing number of lenders benefiting from open banking.