Open Banking in Australia is implemented under the Consumer Data Right (CDR), a framework that lets accredited recipients receive banking data directly from a customer's bank with the customer's explicit, time-limited consent. For accounting firms, it is the cleanest replacement for screen-scraping and PDF-statement workflows.
What you can actually get
Under CDR banking, an accredited recipient can fetch product data, account data (balances, account details), and transaction data: typically up to seven years of history depending on the institution. Direct debits, scheduled payments and saved payees are also in scope. What you cannot get: business banking products that fall outside the in-scope list, and anything where the customer has not consented.
How consent really works
Three rules to remember
- Consent is per client, time-limited, and revocable in one tap. Re-consent is on the recipient (you) to manage.
- Data must be stored and used only for the purpose the customer consented to. Re-purposing, even within the same firm, needs new consent.
- Data deletion on consent expiry or revocation is mandatory unless the customer separately consents to retention.
What to tell your clients
Most clients have been told for years to never share their banking credentials. CDR is the explicit, regulator-blessed alternative to credential sharing: they consent through their own bank's app, and they can revoke consent at any time. Saying that out loud, once, removes the last common objection to switching to feeds-first compliance work.