Open Banking More control of your banking data Talk to us Phone us Email us Breadcrumbs Firefighters Mutual Bank What is Open Banking? What is Open Banking? Open banking gives you more control over your banking data. What is Open Banking? What is data sharing? Joint Account management for Open Banking Secondary user data sharing Non-individual or partnership account data sharing What is Open Banking? In 2019 the Australian Government passed the Consumer Data Right (CDR) legislation. In a nutshell, it gives you, the consumer, more access and control when it comes to the data that’s linked to the products and services you have with us, including your personal banking data. This is referred to as “Open Banking”. Open Banking gives you more control of your banking data and who you choose to share it with. Why Open Banking? Open Banking aims to increase competition between major banks and financial institutions. More competition is good news for you as a consumer. With Open Banking it will be much easier for you to compare banking products and services across the market to find the best price or product for your needs. The bottom line? You will have more control of who you share your data with, safely and securely, in a way that works for you. How does Open Banking work? With Open Banking you have the power to share specific types of banking data with accredited third parties, like other banks and financial institutions. To begin with, you are able to share account data, including account details, transactions and any fees you might be paying. At your request, third parties will then be able to use this information to compare products and prices for you. Is Open Banking safe to use? Your safety and security is our number one priority and Open Banking is no exception. With Open Banking you have complete control of how and when you choose to share your banking information – we never share your data unless you authorise it and you can cancel sharing at any time too. Under the CDR legislation, your data is protected by new privacy safeguards. These safeguards put you in control and strictly limit how your data is used by Open Banking participants, such as other banks and financial institutions. Accreditation All Open Banking participants are required to be accredited by the Australian Competition and Consumer Commission (ACCC) and the Australian Information Commissioner (OAIC) and must comply with strict privacy and security standards. Our Consumer Data Right Policy Our Consumer Data Right Policy describes what data is available for you to share, how to share your data, and how to make a complaint. Download our Consumer Data Right Policy. Learn more about the Consumer Data Right by visiting the CDR website. Are you a developer? Find information about our Open Banking APIs What is data sharing? What is data sharing? Data Sharing allows you to select data from your nominated accounts and share with an Accredited Data Recipient in order to use the services they offer. An Accredited Data Recipient will provide a consent Request service that allows you to securely connect to the Bank to authorise us to share your data with that Data Recipient. Only data you authorise us to share will be available to your Accredited Data Recipient and will only be shared for the period you consent to. The Accredited Data Recipient has policies and procedures in place as to how your data is used and what happens to that data when you stop sharing that data. You may exit from the consent process at any time prior to approval and you will be returned to your Accredited Data Recipient's internet site. You can also stop sharing at any time. Categories of data sharing The data you can share can be categorised in to: Name, Occupation, Contact Details. Account balance and details Transaction details Direct Debits and Schedule Payments Saved Payees During the journey of giving consent to sharing you will initially choose which categories of data you wish to share with the Accredited Data Recipient, and these selections will then be confirmed once you confirm consent. You can then later review the categories of data you are sharing, including a more detailed breakdown of what is included in those categories, within the Consumer Dashboard in Internet Banking. What happens to my data? Once you have authorised us to share your data we will share the selected data with your Data Recipient on the agreed frequencies. Your Accredited Data Recipient will use the data to provide the services or products that you have consented to. Your data may either be deleted or de-identified by the Accredited Data Recipient when it is no longer required. Your Accredited Data Recipient has specific policies in place for how they handle your data once it's no longer required. Accredited Data Recipient Accredited Data Recipients will only be able to access your data if you provide your consent. In consenting to share data you will be able to authorise the data you want to share with your selected Accredited Data Recipient. You can also stop sharing at any time via the Consumer Dashboard provided by the Accredited Data Recipient, our Consumer Dashboard in Internet Banking or in writing to us. Why can’t I share accounts? As of 1 November 2021 some Joint Accounts, Business related accounts, closed accounts or blocked accounts may not be eligible for Consumer Data Sharing. Joint Account sharing is limited by the number of Joint Account Holders while Account Holder age limits are also applied when determining if an account is available to share. Consumer Dashboard We provide you with a Consumer Dashboard where you are able to review all your Data Sharing arrangements. You can also request us to stop sharing your data. This dashboard is available from within Internet Banking. Withdrawing Consent You may stop sharing your data at any time via your Consumer Dashboard or in writing to us. You may also stop sharing by notifying your Data Recipient. If you stop sharing your data the services provided as a result of this sharing arrangement may be impacted. You should with your Data Recipient before you stop sharing data to understand the consequences. Managing an Accounts Sharing Status Open Banking Consent Management allows you to change the status of accounts previously selected during authorisation. Changing approval status of eligible accounts can be performed in the Accounts Shared section of an active sharing arrangement on our Consumer Dashboard in Internet Banking. This will allow you to withdraw sharing approval for an existing account, or reinstate sharing of a withdrawn account at a later time. These changes will only applied to the sharing arrangement being maintained. Only accounts that are currently eligible for data sharing allow sharing will allow sharing to be withdrawn or reinstated. You should consider the impact of withdrawing account sharing approval on the services being provided by your Accredited Data Recipient before updating the status of any account. Joint Account management for Open Banking Data relating to eligible joint accounts can be shared with accredited third-parties by any joint account owner. All joint accounts are defaulted to the pre-approval disclosure option and are therefore enabled for CDR data sharing. Should one joint account owner wish to disable an account from sharing CDR data they can do so via internet banking by following the steps below. If you are not registered for internet banking, data relating to your joint account cannot be shared as that joint account is not eligible for CDR data sharing. If you choose to disable your joint account from data sharing and change it to the non-disclosure option, the account will be removed from any active Data Sharing Arrangements and all joint account owners will be notified. To re-enable that joint account for CDR data sharing, all joint account owners will need to log into internet banking and confirm via the steps below. To disable a joint account from CDR data sharing: Log into internet banking Navigate to Self Service>Manage Data > Joint Account Service Go to “Available Accounts”, find the joint account you want to disable and select “no” Confirm the action and the joint account will now be disabled from data sharing To re-enable a joint account for CDR data sharing: Log into internet banking Navigate to Self Service>Manage Data > Joint Account Service Go to “Unavailable Accounts”, find the joint account you want to enable and select “yes” By confirming the action, all joint account owners will be notified of your decision and be asked to log into internet banking and accept your proposed change, following the steps above Once all account owners have accepted the proposed change, the joint account will be enabled for data sharing Note: All joint account owners have to accept the proposed change within 7 days. The joint account will be enabled for sharing once all joint account owners have accepted the proposed change. If all joint account owners do not accept the proposed change, or the time expires, the joint account will remain disabled for data sharing. Will you be notified about data sharing in relation to your joint account? We will notify you about changes to data sharing in relation your joint account, including new sharing arrangements, or when the disclosure option for an account is changed. You can view these notifications in the CDR dashboard in Internet Banking. Where permissible, you can manage how and how frequently we send you these notifications by other methods in the CDR dashboard in Internet Banking. We may not give you certain notifications where we consider doing so is necessary to prevent physical, psychological or financial harm or abuse to any person. Secondary user data sharing Allowing a third party to share data on your behalf as a secondary user An account holder (who is an individual) can allow a third party as a secondary user to share data from your accounts. For account holders who are non-individuals or partnership i.e. business account holders, see No. 7 below). This applies to accounts held by you in your sole name as well as in joint names. Note a secondary user is not joint account holder. They are individuals whom you have given permission to make transactions on your accounts. We call this the secondary person having account privileges. They are usually individuals like an attorney transacting under your power of attorney or third party whom you have given an “Authority to Operate” your accounts. A secondary user must be at least 18 years of age. You as the account holder must has given instruction to us to treat this person as a secondary user for the purposes of CDR rules. What data can a secondary user share? A secondary user may consent to the disclosure of your account data, transaction date and product specific data (see "What is data sharing" tab for information of categories of data sharing) but not your customer data. A secondary user cannot share your personal information. What control do you have as an account holder over the secondary user? We provide you as an account holder with online functionality for making and withdrawing a secondary user instruction. Where you withdraw a secondary user instruction in relation to a particular account, the person will no longer be a secondary user of that account, If you have made that person a secondary user for more than one account, the secondary user will be able to continue to share from those other accounts until you withdraw your secondary user instruction on every account. Secondary user and joint accounts: Once a secondary user instruction is in place for a joint account: if a pre-approval option applies to the joint account and the disclosure option of the account is set to pre-approved, secondary users can independently authorise the sharing of data on the joint account, creating an approval as they do so. Oversight is provided to the joint account holders through notifications and the consumer dashboard. if the disclosure option of the account is set to no disclosure, then secondary users will not be able to share data from that account. Non-individual or partnership account data sharing How do non-individual or partnership account holders (business account holders) share its consumer data? An account holder who is a non-individual or partnership must nominate at least one individual as a nominated representative for CDR data to be shared on its behalf. Once nominated, the nominated representative can authorise and manage consumer data sharing arrangements on behalf of the non-individual or partnership. The business account holder can only have view function of the CDR data sharing arrangement. A non-individual or partnership account holder will not be able to share consumer date if it does not have any nominated representative. We provide non-individual and partnership account holders with a service through our branch network or over the telephone to nominate one or more nominated representatives who can then use our online service to grant and manage authorisations to disclose consumer data on behalf of the business. We also provide service over the phone or at our branch for the non-individual or partnership account holders to: revoke such nominations and to nominate other representatives; and withdraw any authorisation to share CDR Data that had been given and managed by the nominated representative. A nominated representative must be: an individual 18 years or older Have an operational relationship with at least one existing business account that is open and has internet banking access with internet banking login that: is enabled for data sharing; is not blocked; has either full or enquiry access to the account that they are sharing data from. He or she must also be: an existing signatory to the business account or holds a valid “Authority To Operate”; and have been authorised by the business to act as an agent for the business and authorised to transact on the business account. We will require the nominated representative’s identity to be verified according to our processes before he is accepted as a nominated representative. Scope of a nominated representative’s authority to share CDR data on behalf of the business: Once nominated as a data sharing representative, the nominated representative can share data from the account or accounts which they have been authorised by the account holder. As per section 4 above, the nominated representative can choose to share either Account data, Transaction data, or Product specific data. They cannot share customer data pertaining to any other account holders.