If you’re operating in finance, fintech, lending, accounting, or any other service that touches money in Australia, you’ll need to fully understand open banking. In Australia, it’s fully regulated, production-grade infrastructure that gives customers power over their banking data and lets businesses build on top of it. Globally, open banking is changing how products are built and how data is handled, and it’s expected to grow by 250% over the next 4 years to reach over 645 million users in 2029.

Below, we’ll explain how open banking in Australia works and how to build with it.

What’s in this article?

• What is open banking in Australia?
  
• How is open banking defined under Australia’s CDR framework?
  
• How can businesses in Australia gain access to customer banking data via open banking?
  
• How does the CDR regulate data sharing?
  
• How is open banking used for businesses and platforms in Australia?
  
• How Stripe Payments can help
  

What is open banking in Australia?

Open banking is a financial services model that lets customers choose to share their banking data with other trusted services such as lenders, budgeting apps, and accounting tools. It gives customers control over their own banking data and is a legal right within Australia’s Consumer Data Right (CDR).

The data flows through secure, permission-based application programming interfaces (APIs). For example, imagine a customer is applying for a loan. With open banking, the customer can use a secure consent flow to authorize the lender to access their last 12 months of transactions. The lender can then assess their application easily, without paperwork or piecemeal statements. The customer can revoke access at any time.

There are many open banking use cases. The system makes money management more convenient and opens the door to better, faster, and more personalized services. It allows apps to offer real-time insight and lenders to make faster credit decisions. People can also switch banks more easily because their data goes with them.

How is open banking defined under Australia’s CDR framework?

As part of the Consumer Data Right, open banking is considered by Australian regulators to be the framework for customers to easily and securely share their banking data with third parties.

Banks and credit unions are known as “data holders” and they’re required to share this data when a customer authorizes them to. On the other side are “accredited data recipients,” which are the services that can receive and use customer data. These can be lenders, budgeting tools, accounting platforms, and more.

Open banking in Australia was enabled in 2019, with requirements for transparent product reference data as well as public info such as fees and features. Beginning in mid-2020, the big 4 banks had to support customer data sharing for certain account types.

Over time, that scope expanded to include all authorized deposit-taking institutions (ADIs), in addition to business and joint accounts. Now, nearly every Australian bank must support secure customer data sharing across most retail and business banking products. Australia’s laws regarding open banking have codified what could otherwise resemble a voluntary initiative or a loose set of tech specs.

How can businesses in Australia gain access to customer banking data via open banking?

Open banking in Australia is a permissioned system. To gain access, businesses need to go through the CDR framework. That requires either becoming accredited or working with someone who is.

There are three main pathways to access.

Become an accredited data recipient (ADR)

To become an ADR, your business must be based in Australia or have an Australian legal presence. You apply through the Australian Competition and Consumer Commission (ACCC) and prove that you can meet the following open banking regulations:

• Securely handle sensitive data, with effective information security controls.

• Operate a trustworthy business via governance, insurance, dispute resolution, and a local presence.

• Pass conformance testing to connect to bank APIs.

The process typically takes several months. Once you’re approved, you’re listed as an ADR and can start requesting data, with customer consent. This pathway gives you the most control and flexibility, but it also comes with the highest application and compliance burden.

Work under a sponsor

Rather than get full accreditation, your business can become an affiliate under a sponsoring ADR. You go through an easier accreditation process, and your sponsor handles the technical integration and holds liability for the data exchange. This setup is suitable if you don’t want full accreditation but need more independence than is possible with the representative model below.

Act as a CDR representative

To act as a CDR representative, you partner with an unrestricted ADR. This entity, called your “principal,” collects the data and passes it to you under a formal arrangement. This model is useful if you want to use CDR data without getting any specific accreditation.

How does the CDR regulate data sharing?

The CDR is a full legal and technical framework for data movement. It makes data sharing safe, transparent, and customer-controlled. Here’s how it works.

Accreditation sets the bar

To directly receive CDR data, a business must be accredited by the ACCC. That means meeting detailed requirements for the following:

• Security: ADRs have strong open banking security controls across access management, encryption, monitoring, and incident response.

• Governance: ADRs are evaluated on everything from executive oversight to dispute resolution processes.

• Liability coverage: ADRs must carry appropriate insurance in case something goes wrong.

• Trustworthiness: Key personnel must pass a “fit and proper” test.

Privacy is built in

When a service wants access to a customer’s banking data, it redirects the customer to their bank’s secure interface to review the request. Authentication happens directly with the bank, which keeps credentials private. Access also runs on encrypted tokens rather than logins.

Consent is ongoing

CDR consent flows are specific, unambiguous, and customer-driven. Users see exactly what data will be shared, for what purpose, and for how long. They approve exactly which data is shared (e.g., balances, transactions), for what purpose, and for how long (up to 12 months max). They can withdraw consent at any time through a dashboard. When they do, access stops and data must be deleted, with a few narrow exceptions such as legal obligations.

Data use is specific

The CDR sets strict use limits: you can use data only for purposes the customer has agreed to. Consent must be reobtained if the use case changes, and you can request only the minimum data needed to deliver your service. Selling data to others, or using it for marketing, is prohibited.

Accountability comes from the top

The system is overseen by the ACCC and the Office of the Australian Information Commissioner (OAIC). Accredited parties are subject to regular audits and compliance reporting, with potential penalties for noncompliance. Customers can file complaints and seek compensation if data is mishandled.

How is open banking used for businesses and platforms in Australia?

Finance, accounting, and digital service businesses in Australia are already building with open banking. The framework is bringing compounding advantages to companies and customers.

Here are some of the benefits.

Faster, cleaner credit decisions

Open banking lets lenders replace manual document collection with direct data access since it can provide alternative credit data. With customer consent, they can pull account activity straight from banks and use it to make faster, more accurate risk assessments.

Direct-from-bank data is difficult to falsify and more comprehensive than static credit scores, and it’s often the only way to evaluate thin-file borrowers. Fintech lenders and brokers in Australia are using it to shorten decision time from days to minutes for personal lending, mortgages, and small business credit.

Real-time personal finance reporting

With open banking, budgeting and personal finance management apps can show people all their accounts in one place. Users can categorize spending, gain data-driven insight, and stay fully informed about their finances. The Commonwealth Bank of Australia’s own app supports this kind of aggregation.

In-sync accounting

Open banking makes it easier for small businesses to reconcile transactions. With permission, accounting platforms can pull bank feeds directly so books update automatically. This reduces the error-prone work of uploading comma-separated values (CSVs) and eliminates reliance on third-party data feeds, which can break when a bank changes its interface.

Smarter onboarding and verification

Brokers, lenders, rental platforms, and other services that need to verify financial status can use open banking to fetch verified financial data on demand. This requires fewer forms and enables faster onboarding. It also lets businesses build more responsive flows without sacrificing compliance.

Open payments

Currently, Australia’s open banking system supports only “read access,” but accredited providers could eventually use the CDR to move money or make payments as well. This would enable account-to-account payments, automatic switching, and money movement tools within financial apps. Although these functions aren’t live yet, infrastructure such as PayTo and upcoming CDR changes are laying the foundation.

How Stripe Payments can help

Stripe Payments provides a unified, global payment solution that helps any business—from scaling startups to global enterprises—accept payments online, in person, and around the world.

Stripe Payments can help you:

• Optimize your checkout experience: Create a frictionless customer experience and save thousands of engineering hours with prebuilt payment UIs, access to 125+ payment methods, and Link, a wallet built by Stripe.

• Expand to new markets faster: Reach customers worldwide and reduce the complexity and cost of multicurrency management with cross-border payment options, available in 195 countries across 135+ currencies.

• Unify payments in person and online: Build a unified commerce experience across online and in-person channels to personalize interactions, reward loyalty, and grow revenue.

• Improve payment performance: Increase revenue with a range of customizable, easy-to-configure payment tools, including no-code fraud protection and advanced capabilities to improve authorization rates.

• Move faster with a flexible, reliable platform for growth: Build on a platform designed to scale with you, with 99.999% historical uptime and industry-leading reliability.

Learn more about how Stripe Payments can power your online and in-person payments, or get started today.