What is open banking, how does it work, and who needs it?
Open banking gives Australian businesses and consumers the right to share their bank transaction data with accredited third parties via secure APIs — regulated under the Consumer Data Right (CDR). This guide explains what it means, how access works, and where ACSISS fits.
Open banking, explained simply
Open banking is a federal government initiative that gives Australian consumers and businesses the right to share their bank account data — transactions, balances, account details — with any accredited third party they choose. The data is shared via secure, standardised APIs, with explicit consent, and can be revoked at any time.
Before open banking, your financial data was locked inside your bank. If you wanted a lender to assess your cash flow, or your accounting software to automatically reconcile transactions, someone had to manually download a CSV, email a statement, or share login credentials. Open banking eliminates all of that.
In Australia, open banking is governed by the Consumer Data Right (CDR) — federal legislation administered by the ACCC. It mandates that all Authorised Deposit-Taking Institutions (ADIs) make customer data available via standardised APIs to accredited recipients.
Key distinction: Open banking does not mean banks share your data with anyone. It means you can authorise sharing with specific accredited organisations, for a defined purpose and duration. Your consent drives everything.
Consumer or business gives consent
Via a digital consent journey — no passwords shared, no paper forms. Consent specifies purpose, data type, and duration.
Bank verifies identity and authorises
The consumer authenticates through their bank's own interface. The bank confirms exactly what data will be shared.
Data is retrieved via CDR API
The Accredited Data Recipient (ADR) pulls transaction, balance, and account data using standardised APIs.
Data delivered to your platform
Your software receives clean, structured data — ready for reconciliation, credit assessment, or financial analysis.
How open banking APIs work
Open banking uses RESTful APIs that conform to the Consumer Data Standards (CDS) — a uniform technical specification for how data is formatted, requested, and secured across all participating banks. This standardisation is what makes it practical for platforms to integrate once and access data from any ADI.
What data is available via open banking?
- Account names & numbers
- Account type & status
- BSB details
- Credit limits
- Loan details
- Transaction description
- Amount & currency
- Date & reference
- Transaction type
- Up to 2 years history
Account types covered
Unlike direct bank feeds (which are limited to transaction accounts at select banks), open banking via CDR covers:
- ✓ Transaction and savings accounts
- ✓ Credit and charge cards
- ✓ Home loans and personal loans
- ✓ Business finance accounts
- ✓ Term deposits and investment accounts
| Open banking (CDR) | Screen scraping | |
|---|---|---|
| Password required | Never | Yes |
| Bank-sanctioned | ✓ | ✗ |
| Regulated & auditable | ✓ | ✗ |
| Revocable consent | ✓ | ✗ |
| Standardised data format | ✓ | ✗ |
The ACCC is phasing out screen scraping as CDR coverage expands. Open banking is the long-term infrastructure.
The Consumer Data Right (CDR) — what it means for your business
The CDR is Australian federal legislation that mandates open banking. It's administered by the ACCC (accreditation, compliance) and the OAIC (privacy oversight), with technical standards set by Data Standards Australia. Understanding the CDR is essential for any business using or planning to use open banking data.
Banks & ADIs
Authorised Deposit-Taking Institutions must make customer data available via CDR APIs when a customer consents. All four major banks plus 100+ other institutions participate.
Accredited Data Recipients (ADRs)
Businesses registered with the ACCC to receive open banking data. ADRs like ACSISS hold full accreditation and can receive raw CDR data and act as a principal or sponsor for other organisations.
Consumers & businesses
The individuals and entities whose data is being shared. They control who accesses their data, for what purpose, and for how long — and can revoke consent at any time.
Key CDR obligations to know
Consent must be explicit and current
Consumers must actively grant consent, and it can only last up to 12 months before re-consent is required. You cannot assume ongoing access.
Data can only be used for the stated purpose
Open banking data retrieved for credit assessment cannot be repurposed for marketing or other uses. Purpose is bound to consent.
Deletion on request is mandatory
When a consumer revokes consent, the ADR must delete all CDR data collected under that consent on request. ACSISS manages this on behalf of platform customers.
Security standards are mandatory
ADRs must maintain security standards including ISO 27001 certification and compliance with FAPI security profiles. SISS Data Services is ISO 27001 certified and all data is hosted on Microsoft Azure in Australia.
CDR access models — which one applies to you?
The government created multiple access models so organisations of different sizes and risk profiles can participate in open banking without having to obtain full ADR accreditation. Most software platforms and fintechs work through an ADR like ACSISS rather than becoming accredited themselves.
Unrestricted ADR
Full, direct access to CDR data. An unrestricted ADR can receive raw data, sponsor affiliates, and act as a principal. Requires ACCC registration, ISO 27001 certification, and significant compliance overhead. SISS Data Services is an unrestricted ADR.
CDR Representative (Principal Model)
No formal accreditation needed. Your platform uses ACSISS as the ADR, accessing CDR data under our accreditation. Fastest path to market — go live in weeks, not months. The ADR holds data responsibility.
Sponsored Affiliate
Formal arrangement with an ADR sponsor. The affiliate gets the same data access privileges as an ADR but at lower cost and faster timeline. Suited to larger organisations wanting some regulatory standing.
CDR Insights Model
Non-accredited parties receive derived insights (income, expenses, account balances) rather than raw data. No formal accreditation required. Suited for verification workflows where raw transaction data isn't needed.
ACSISS recommendation: For most software platforms and fintechs, the CDR Representative model offers the fastest path to live open banking — without the accreditation overhead. You integrate our API once and go live across all participating banks. Talk to us about the right model for your use case →
Open banking vs direct bank feeds — what's the difference?
Open banking (CDR) and direct bank feeds are two separate technical approaches to accessing bank transaction data. Most platforms only offer one or the other. ACSISS is unique in Australia in combining both — giving your users more complete coverage and fewer data gaps.
| Feature | Open banking (CDR) | Direct bank feeds |
|---|---|---|
| Banks supported | All Australian ADIs (100+ brands) | ANZ, CBA, NAB, Westpac, St George, BOQ, Bendigo, BankSA, Bank of Melbourne, Macquarie |
| Account types | All — transaction, savings, credit cards, loans, deposits | Transaction accounts only |
| Historical data | ✓ Up to 2 years | ✗ No historical data |
| Consent process | Fully digital — online only | ANZ & Westpac online; other banks require paper forms |
| Instant approval | ✓ Yes, all banks | ANZ only |
| Consent duration | Max 12 months, then re-consent required | Ongoing — no annual re-consent |
| Password sharing | Never required | Never required |
| Bank-approved connection | ✓ | ✓ |
| Best for | Broad coverage, lending decisions, new bank relationships | Long-running integrations with major bank customers, no re-consent workflows |
Why ACSISS combines both
No single connection method covers every scenario. Open banking misses long-running integrations where re-consent is friction; direct feeds miss smaller banks and broader account types. ACSISS uses both — automatically routing each account through the best available connection — to give your platform the most complete, gap-free bank data in Australia.
See the ACSISS Platform →Who uses open banking, and for what?
Open banking data has commercial value wherever real-time, accurate financial data improves a decision or reduces friction. In Australia, the most active use cases are in lending, accounting, and ERP — all areas ACSISS serves.
Faster, better credit decisions
Lenders use open banking transaction data for income verification, expense categorisation, and ongoing portfolio monitoring — replacing slow manual document collection with real-time data access. ACSISS Enrich and Risk Score are built specifically for this workflow.
ACSISS for lenders →Automatic bank feeds & reconciliation
Accounting software uses open banking APIs to automatically pull transaction data into the ledger — eliminating manual CSV uploads, reducing errors, and accelerating month-end close. Partners including Intuit QuickBooks, Reckon, and Wiise use ACSISS for this.
ACSISS Platform →Automated transaction processing
Enterprise platforms use open banking feeds to automate bank reconciliation, streamline accounts payable/receivable, and eliminate manual data handling. ACSISS Connect provides pre-built integrations for Microsoft Business Central, SAP Business One, SYSPRO, and Jiwa 7.
ACSISS Connect →Australia's most complete open banking infrastructure
SISS Data Services (ACSISS) is a CDR Accredited Data Recipient with 15+ years of bank data experience. Unlike providers that launched when the CDR was introduced, SISS built bank data infrastructure before open banking existed — which means the reliability and data quality of a mature operator, combined with the regulatory access of a CDR accreditor.
Open banking API for platforms
Bank data feeds via Open Banking and direct connections for accounting, lending, and B2B platforms. REST APIs with 90-day sandbox access.
Learn more →Pre-built ERP bank feed integrations
Native open banking feeds for Business Central, SAP Business One, SYSPRO, and Jiwa 7. No custom development required.
Learn more →Enrich + Risk Score for lenders
Transaction enrichment, categorisation, and periodic SME risk scoring for credit decisioning, onboarding, and portfolio monitoring.
Learn more →By leveraging the power of Open Banking's accurate, real-time client financial data enabled by SISS, we are creating the essential data foundation for Intuit QuickBook's AI-driven expert platform to transform the way businesses, accountants and brokers operate.
Partnering with SISS to power faster, better credit decisions helps us deliver ongoing credit to Australian businesses with more agility.
Is open banking safe?
Open banking in Australia is one of the most regulated data-sharing frameworks in the world. Because it is legislated — not just industry-agreed — the security, consent, and liability requirements are mandatory for every participant.
-
✓No password sharing
Consumers authenticate directly with their bank. Credentials are never shared with or stored by the ADR.
-
✓Revocable at any time
Consumers can revoke consent and request data deletion at any time through their bank or directly via the ADR's consent dashboard.
-
✓ACCC-registered participants only
Only ACCC-accredited organisations can receive CDR data. Accreditation requires security audits, privacy assessments, and ongoing compliance reporting.
-
✓Hosted in Australia on Microsoft Azure
ACSISS processes and stores all data on Microsoft Azure infrastructure domiciled in Australia. Data never leaves Australian jurisdiction.
Registered with the ACCC under the Consumer Data Right. Holds the highest level of CDR accreditation — unrestricted ADR status.
International information security management standard. Independently audited and certified — covering data handling, access controls, and incident response.
All data processed and stored in Australian Azure data centres. Meets Australian data sovereignty requirements for financial data.
Operating since before open banking existed. Trusted by Commonwealth Bank, ANZ, Westpac, and Macquarie as a data infrastructure partner.
Frequently asked questions about open banking in Australia
What is open banking in Australia?
Open banking in Australia is a government-legislated framework under the Consumer Data Right (CDR) that allows consumers and businesses to securely share their bank transaction data with accredited third parties via standardised APIs. It is administered by the ACCC, covers all Authorised Deposit-Taking Institutions (ADIs), and gives the data subject full control over who accesses their data and for how long.
What is the difference between open banking and the Consumer Data Right?
The Consumer Data Right (CDR) is the legislation; open banking is its application in the banking sector. CDR is an economy-wide reform — it has been applied to banking first, then energy, with telecommunications to follow. When people say "open banking in Australia," they mean the CDR as it applies to banks and financial data.
Which banks support open banking in Australia?
All Authorised Deposit-Taking Institutions (ADIs) in Australia are required to participate in the CDR framework. This includes the four major banks (ANZ, Commonwealth Bank, NAB, Westpac) and over 100 other brands including credit unions, building societies, and regional banks. The full list is maintained by the ACCC on the CDR website.
What is a CDR Accredited Data Recipient, and why does it matter?
A CDR Accredited Data Recipient (ADR) is an organisation formally registered with the ACCC to receive consumer data under the Consumer Data Right. Only ADRs can directly access open banking data from banks. SISS Data Services (ACSISS) holds full ADR accreditation — meaning our platform customers access open banking data through us without needing their own ACCC registration. For most platforms, working with an ADR is significantly faster and cheaper than self-accreditation.
How does open banking differ from screen scraping?
Screen scraping requires consumers to share their bank login credentials with a third party, which then logs in and scrapes data from the banking interface. It's unsanctioned by banks, unregulated, and carries security risks. Open banking via the CDR uses bank-sanctioned APIs — no passwords are shared, consent is explicit and revocable, and the data is standardised across all institutions. The ACCC is progressively restricting screen scraping as CDR coverage expands.
How long can open banking consent last?
Under the CDR rules, open banking consent can last a maximum of 12 months before re-consent is required. After 12 months, the consumer must actively reauthorise data sharing. This differs from direct bank feeds, which can operate on ongoing consent without an annual re-authorisation requirement.
Can businesses use open banking, or is it just for consumers?
Both. The CDR introduced "CDR Business Consumer" provisions for entities holding an active ABN operating a B2B business. Business customers can consent to share their transaction data with accredited third parties — including accountants, lenders, and software platforms — under what is called a "Business Consumer Disclosure Consent." ACSISS supports both consumer and business consent journeys.
How quickly can my platform go live with open banking via ACSISS?
ACSISS offers 90-day free sandbox access so you can build and test integrations before going live. For platforms operating under the CDR Representative model (the most common path), go-live typically takes weeks rather than months — you integrate the ACSISS API once and immediately have access to all participating banks. Visit the developer portal to get started.
Is open banking data stored in Australia?
Yes — for ACSISS customers. All data processed and stored by SISS Data Services is hosted on Microsoft Azure infrastructure in Australian data centres. It does not leave Australian jurisdiction, meeting both CDR requirements and Australian data sovereignty expectations for financial data.
Related guides & resources
What does "accounting-grade" bank data mean?
Why data quality matters — and what separates accounting-grade from standard transaction data.
CDR reforms that could unlock $1.2 billion a year
The policy changes that could dramatically expand what open banking can do for Australian businesses.
ACSISS Platform — open banking API for platforms
Bank data feeds via Open Banking and direct connections, in a single REST API. 90-day free sandbox.
Open banking for lenders
How ACSISS Enrich and Risk Score use open banking data for credit decisioning and portfolio monitoring.
Open banking bank feeds for ERP
Pre-built integrations for Business Central, SAP Business One, SYSPRO, and Jiwa 7.
Developer documentation
API reference, getting started guides, and sandbox access for ACSISS open banking APIs.
Ready to build on open banking?
Talk to our team about the right access model for your platform — or get straight into the sandbox.
