How CDR rules affect you and your clients

This article was current at the time of publication

From 28 January this year consumers can request that a bank sharing banking information on overdrafts and business finance (for example) deal directly with their trusted adviser.

It is the third stage in the Consumer Data Right (CDR) rollout and has significant implications for practitioners. 

Clients seeking help with banking products or other financial information must first nominate a trusted adviser, who can then receive that client’s data directly from data recipients accredited by the Australian Competition and Consumer Commission, such as various financial institutions. 

Accredited data recipients are also commonly referred to as ADRs or accredited providers. 

However, a trusted adviser is a legislated term and you must belong to the class as defined under Competition and Consumer (Consumer Data Right) Amendment Rules (No.1) 2021 (CDR Rules) to access such data.

CPA Australia has readily accessible information on the CDR system to help practitioners navigate the new terminology.

What is CDR?

The purpose of CDR is to help consumers better compare and access different products. It’s designed to allow greater choice and control over the personal data a business has about consumers, with the expectation that it will encourage competition between service providers. 

This should lead not only to better prices for customers but more innovative products and services.

Already in operation in the banking sector, the system is now being released into the energy and telecommunications sectors and will likely apply in other key areas of the Australian economy in the coming years to be known as “Open Finance” such as general insurance, superannuation, merchant acquiring and non-bank lending service providers.  

How does this affect you?

Effective immediately, a client may nominate you to access their data via a CDR channel to help them more effectively evaluate advice or service, such as mortgage refinancing.  

Having been nominated as their trusted adviser to an ADR, that body will, in turn, release your client’s data to you. This is known as trusted adviser disclosure consent. 

However, given the sensitive nature of the data being shared, the ADR could want confirmation that you belong to the trusted adviser class as prescribed under the CDR Rules. This means that beforehand, you may have to verify you are a member of CPA Australia.

Where the onus lies

The onus is on the ADR to objectively satisfy your entitlement to receive CDR data.

An ADR may search your registration via a public register (for example, the Tax Practitioners Board), obtain a form of contractual warranty, attestation or representation (statutory declaration being another example), proving that you are a member of CPA Australia and belong to a class defined in the applicable rules. 

Of course, depending on the complexity of the data being shared, an ADR may seek no further verification at all.

Regardless, you could still be asked to regularly verify your trusted adviser status to an ADR to confirm that you remain a CPA Australia member. The current guidance is every 12 months. 

Further information on such disclosures has been published by the Office of the Australian Information Commissioner (OAIC).

CPA Australia, along with Chartered Accountants Australia and New Zealand, Institute of Public Accountants, and Institute of Certified Bookkeepers collectively lobbied hard on behalf of their respective members to enable the non-disrupted flow of client data. 

Trusted advisers are not deemed to be CDR participants under the CDR Rules. As such, members are not subject to the additional privacy safeguards or other obligations that exist under the system.  

Even so, the OAIC strongly recommends that trusted advisers who receive CDR data consider their professional obligations when handling client data and “handle that data transparently … in a way the client would expect”.

Kristen Beadle CPA is CPA Australia’s Manager Public Practice and SME – Professional Standards and Business Support.

Kristen Beadle CPA | February 2022

This article was current at the time of publication

From 1 February this year consumers can request that a bank share banking information on overdrafts and business finance (for example) directly with their trusted adviser.

It is the third stage in the Consumer Data Right (CDR) rollout and has significant implications for practitioners. 

Clients seeking help with banking products or other financial information must first nominate a trusted adviser, who can then receive that client’s data directly from data recipients accredited by the Australian Competition and Consumer Commission, such as various financial institutions. 

Accredited data recipients are also commonly referred to as ADRs or accredited providers. 

However, a trusted adviser is a legislated term and you must belong to the class as defined under Competition and Consumer (Consumer Data Right) Amendment Rules (No.1) 2021 (CDR Rules) to access such data.

CPA Australia has readily accessible information on the CDR system to help practitioners navigate the new terminology.

What is CDR?

The purpose of CDR is to help consumers better compare and access different products. It’s designed to allow greater choice and control over the personal data a business has about consumers, with the expectation that it will encourage competition between service providers. 

This should lead not only to better prices for customers but more innovative products and services.

Already in operation in the banking sector, the system is now being released into the energy and telecommunications sectors and will likely apply in other key areas of the Australian economy in the coming years to be known as “Open Finance” such as general insurance, superannuation, merchant acquiring and non-bank lending service providers.  

How does this affect you?

Effective immediately, a client may nominate you to access their data via a CDR channel to help them more effectively evaluate advice or service, such as mortgage refinancing.  

Having been nominated as their trusted adviser to an ADR, that body will, in turn, release your client’s data to you. This is known as trusted adviser disclosure consent. 

However, given the sensitive nature of the data being shared, the ADR could want confirmation that you belong to the trusted adviser class as prescribed under the CDR Rules. This means that beforehand, you may have to verify you are a member of CPA Australia.

Where the onus lies

The onus is on the ADR to objectively satisfy your entitlement to receive CDR data.

An ADR may search your registration via a public register (for example, the Tax Practitioners Board), obtain a form of contractual warranty, attestation or representation (statutory declaration being another example), proving that you are a member of CPA Australia and belong to a class defined in the applicable rules. 

Of course, depending on the complexity of the data being shared, an ADR may seek no further verification at all.

Regardless, you could still be asked to regularly verify your trusted adviser status to an ADR to confirm that you remain a CPA Australia member. The current guidance is every 12 months. 

Further information on such disclosures has been published by the Office of the Australian Information Commissioner (OAIC).

CPA Australia, along with Chartered Accountants Australia and New Zealand, Institute of Public Accountants, and Institute of Certified Bookkeepers collectively lobbied hard on behalf of their respective members to enable the non-disrupted flow of client data. 

Trusted advisers are not deemed to be CDR participants under the CDR Rules. As such, members are not subject to the additional privacy safeguards or other obligations that exist under the system.  

Even so, the OAIC strongly recommends that trusted advisers who receive CDR data consider their professional obligations when handling client data and “handle that data transparently … in a way the client would expect”.

Kristen Beadle CPA is CPA Australia’s Manager Public Practice and SME – Professional Standards and Business Support.