Skip To Content

CDR Access Models

Organisations must choose a pathway for participation or ‘access model’ to be able to use Open Banking data under the Consumer Data Right.

Read on to discover more about the different options and how Basiq can help.

Outlining the access models under CDR

Accredited Data Recipient (ADR)

Accreditation granted by the ACCC with unrestricted access to CDR data (the highest level of accreditation for participation).

For businesses that provide CDR services, share CDR data and/or want to use CDR data for ongoing use cases.

ADR’s can send and receive (with customer consent) raw CDR data, which they can use to deliver a product or service. It also allows them to act as a Sponsor or Principal to other businesses under other access models who need CDR data for their own service delivery.

ADR’s are accredited by the ACCC and the application process can take an extended period of time to complete. It’s the most complex of all the access models and applicants must meet stringent compliance requirements. Basiq has been an ADR since 2021.

Sponsored Affiliate

Accreditation granted by the ACCC with access to CDR data via an ADR acting as the Sponsor.

For businesses that want to use CDR data for ongoing use cases.

Businesses who become a Sponsored Affiliate have accredited access to data via an ADR acting as a Sponsor. This model allows Sponsored Affiliates some of the same privileges and access to CDR data as an ADR, but at a lower cost and in less time.

Although it is an accelerated path to accreditation, Sponsored Affiliates must be approved by the ACCC and can take between 1-3 months. They also must provide a self-assessment to prove they are compliant with the relevant CDR rules and submit a re-attestation every two years. Basiq is a Sponsor for the first ever accredited Sponsored Affiliate.

Principal & Representative

No official accreditation required with access to CDR data via an ADR acting as the Principal.

For related entities and subsidiaries of the ADR.

The Principal and Representative Model is an accelerated way businesses can access Open Banking data. There is no official accreditation needed, instead a business is able to access data as a Representative via an ADR that acts as a Principal.

Basiq is a Principal to a number of Representatives listed on the CDR website and has been able to provide some businesses with access in as little time as a week.

Trusted Advisor

No CDR accreditation but must hold another acceptable accreditation.

Trusted Advisers who wish to use CDR data and have the relevant accreditation and licence.

This model allows consumer consented data to be shared with ‘trusted advisors’, including financial advisers, mortgage brokers, accountants, tax agents and/or lawyers.

Trusted Advisors don’t require CDR accreditation, but they must hold appropriate accreditation or licenses in their respective professions as outlined in the CDR rules. Trusted Advisors can access data by having a contractual relationship with an ADR. As always, data can only be shared with a consumer’s permission.

CDR Insights

No official accreditation required with distinct CDR insights made available.

For business that can use the limited insights for low risk purposes outside of the CDR control.

CDR rules allow consumers to share insights with individuals or organisations outside the CDR ecosystem for specific low-risk purposes, including verifying a consumer’s identity, account balance, or details of transactions to or from specified accounts.

Businesses can access CDR data via this model by having an agreement with an ADR, but there are limitations on what data can be obtained under CDR insights.

Outsourced Service Provider (OSP)

Operates under an outsourcing arrangement with a principal.

For business that collect CDR data from a CDR participant on behalf of the principal or provide goods or services to the principal using CDR data.

While this is not a CDR access model, an ADR (the Principal) can engage an OSP to collect CDR data on their behalf or provide goods and services using the CDR data it has collected.

An OSP must have a written contract with the ADR outlining the purpose of the arrangement and can only obtain data with consumer consent. They also have a responsibility to protect the data as if they were accredited.

Ready to get started with Basiq?

Get in touch with one of our team members or create an account