How to become a CDR Representative

Source Node: 1274191

From 19 October 2021, there is an accelerated route into Australia’s open banking ecosystem to access Consumer Data Right (CDR) information, without the full demands of unrestricted accreditation. It’s called the CDR Representative model and it comes with an added bonus: you can also use it to access open banking data while waiting to become fully accredited. Of all the ways to access open banking data in Australia, the CDR Representative model is one of the most flexible. You can interact with your customer as if you are accredited yourself: seeking consent from them to access financial data, in order to supply your product or service.

How it works

Under the CDR representative model, an unrestricted Accredited Data Recipient (ADR) like TrueLayer acts as your principal. They fetch open banking data for you and support your compliance.So, by becoming a CDR Representative of TrueLayer, you can access full CDR data without becoming accredited yourself. You simply reference our arrangement as a background detail to your customer, who must be given the option of using a pseudonym. You can only be a CDR Representative of one ADR and, because your principal is fully liable for your actions with CDR data, you must only use the data as specified in the contractual arrangements and comply with all necessary CDR policies and procedures. The CDR Representative model closely aligns with TrueLayer’s agency model in the UK. With over five years of experience, and more than 50 agents in the UK alone, TrueLayer understands how this model works commercially and with regards to compliance, for the benefit of both parties. We will keep records of the arrangement, the steps taken to ensure compliance, and we are ultimately responsible for dispute resolution. If you think this is the right access model for you, contact us to find out how we can help.

The due diligence process

You need to formally apply to work with TrueLayer as our Representative and go through our due diligence process. Our risk assessment process comes down to two questions: is your business ready, and is your technology and data environment ready?Because you are working with us as your principal, and not being assessed on a “pass / fail” basis by the regulator, your preparation is easier and we support you every step of the way. We have a network of advisors, partners, templates and guides to help you through the process.For example, we have a checklist to make sure you are ready to become a Representative of TrueLayer. These checks include questions around:

  • your use case
  • fit and proper persons
  • whether you’ve ever had an information security audit
  • whether you have cyber security insurance.

A CDR Representative is not required by the regulator to have an external audit for information security assurance (ASAE 3150) but your principal needs to make sure you are compliant with the rules. TrueLayer needs sufficient information on how you plan to process, store and transmit the open banking data, and your information security controls.Depending on the risk profile of your data architecture, TrueLayer may suggest you speak with someone in our network of advisors and partners for some extra support.

If your business is ready, we can get you set up in weeks instead of months.

Source: https://australianfintech.com.au/how-to-become-a-cdr-representative/

Time Stamp:

More from Australian Fintech