Open Banking

On 1 Oct 2020 IMB commenced product reference data sharing via our public Open Banking Product Application Solution.  The number of products available for product reference data sharing expanded on 1 February 2021 and again on 1 July 2021, in line with the phased implementation of the Open Banking regulations. Product reference data can be used by third parties to make comparisons of products and prices across the market.

In November 2021 IMB commenced consumer data sharing (phases 1 and 2), allowing eligible customers to share their data with Accredited Data Recipients. Consumer data sharing gives consumers greater access to and control over their data. In October 2022 IMB expanded consumer data sharing allowing eligible joint account customers to share their CDR data with Accredited Data Recipients. IMB will continue with the expansion of consumer data sharing in line with the phased implementation of the Open Banking regulations in line with the phased implementation of the Open Banking regulations, or as discussed with the ACCC (which may include some implementation gaps from time-to-time as outlined in the rectification schedule).

Yes. Customer data security is important to IMB and all requests to access your CDR data must be initiated by you, through a secure environment. IMB cannot do this on your behalf.

Accredited Data Recipients who are providing services by Open Banking must comply with privacy and security requirements and be accredited by the Australian Competition and Consumer Commission (ACCC).

1. Log into IMB Internet Banking
2. From the main menu, click the ‘Home’ menu and select ‘Data sharing’
3. From the drop-down list select ‘Consents’
4. The ‘Consents’ screen displays a list of all the accredited third parties you are sharing CDR data with now and who you have shared with in the past
5. You can also click on an accredited third party to view its details

Yes, you can cancel your consent at any time through Internet Banking. 

Once your permission for us to share your CDR data has been cancelled, we will no longer share your CDR data and will provide you with a notification.

Eligible IMB members can request to share their CDR data for certain IMB products including their IMB savings and transactional accounts, term deposits, credit cards, home loans, personal loans, business loans, overdrafts, lines of credits and numerous other products.

However, IMB has been granted an exemption by the ACCC from making available and providing CDR data in relation to its Retirement Savings Accounts (RSAs). IMB has ceased offering RSAs to new members and the number of active RSAs is very low. IMB is therefore not required to develop the extensive technology infrastructure required to obtain and share the relevant CDR data for this product.

IMB Mastercard* - To start the authorisation process, you will need to go through the Accredited Data Recipient (ADR) you wish to share your CDR data with. Through their CDR data sharing portal, you will be connected to the Citi authorisation portal to provide your authorisation.

_{*MasterCards are issued by Card Services which is a division of Citigroup Pty Limited ABN 88 004 325 080 AFSL No. 238 098 Australian Credit Licence 238098 that provides and administers credit on behalf of IMB Ltd.}

When creating your consent, you can select how long you would like it to stay active. A consent may be for a one-time share, or you may select a period of up to 12 months. The maximum time limit for consent to remain active is 12 months, before it will expire. If you would like to continue sharing CDR data once it has expired, you will need to create a new consent.

Some Accredited Data Recipients (ADRs) may also allow you to amend an active consent on your CDR data sharing accounts. By visiting the ADR’s app, you may have the option to extend a consent or change the accounts within the consent. This can only be activated through the ADR.

You may choose to create more than one consent or different consents for different accounts, depending on the CDR data you wish to share and the length of consent you would like to give.

Certain accounts may be unavailable due to the following:

• Product is ineligible;
• Other joint account holders may not be eligible for CDR data sharing;
• Accounts where you are not the account holder;
• CDR data sharing is not enabled.

Meanwhile, other accounts may not be visible as you may have chosen not to have access to these accounts.

Under the CDR legislation, we will not charge you to share your CDR data with an accredited third party.

We won’t charge an accredited third party to access your CDR data either.

You can view or withdraw your consent for your CDR data sharing arrangements at any time through Internet Banking by going to the Data Sharing tab and selecting Consents. You can also manage your sharing preferences by calling us on 133 462.

For more details on the Consumer Data Right, please refer to IMB’s CDR Policy or visit cdr.gov.au

In accordance with the relevant CDR legislation, eligible joint accounts are already set up for CDR data sharing and you won’t need approval from other joint account holders to share your CDR data with participating accredited parties.

Any eligible joint account holder can stop their CDR data from their joint account from being shared with participating accredited parties at any time. If you choose to disable your joint account, you and all other joint account holders will need to approve and re-enable your consents for CDR data sharing.

To enable CDR data sharing (in Internet Banking):

• Go to the Data Sharing tab, select Sharing Permissions, then choose the joint account you would like to share and enable CDR data sharing;
• A message will be sent to your other joint account holder(s) asking them to approve or decline your request to share CDR data relating to the joint account;
• To approve or decline the request the other joint account holder(s) will need to log into Internet Banking, select the Transfer and BPAY tab, select Authorisations Option and approve or decline;
• If they approve, your CDR data relating to your joint account will be enabled, and you can select it from the list of accounts eligible for CDR data sharing.

All joint account holders must follow steps above and select ‘Authorise’ within seven days of the request being created, or the request will expire.

Please note:

• If a request expires or is rejected, the joint account permission ‘Data sharing not enabled’ will remain,
• All joint account holders are notified of the outcome of the request by email,
• Once all joint account holders have approved the request, CDR data sharing will be enabled on the joint account,
• Any joint account holder with CDR data sharing enabled on an account can create a CDR data sharing arrangement from the Accredited Data Recipient’s app or website,
• CDR data sharing enabled joint account(s) will be displayed under ‘Available accounts’ on the account selection screen, in the data sharing process.

When you are the one sharing joint account CDR data you will receive notifications via SMS, this cannot be disabled.

When another joint account holder shares CDR data relating to an eligible joint account, the other joint account holders will receive a notification via SMS. You can use IMB’s Internet Banking to manage whether you wish to receive these notifications, and how you wish to receive them – either via SMS or email (or both).

To manage your joint account CDR data sharing notifications, login to Internet Banking, select Alerts, then Register and De-register. When you are the one sharing joint account data you will receive notifications via SMS, this cannot be disabled. 

Giving your IMB Internet Banking password to a third-party breaches IMB's Internet Banking terms and conditions.

When you use open banking, you won't be asked for your banking password; a one-time password will be sent to your phone instead.

Secondary Users are individuals that have been granted permission by an account holder to share CDR data for that account. 

IMB refers to Secondary Users as both an:

• ‘Authority To Operate’ (ATO or ‘authorised agent’ ) within the meaning provided in IMB Bank’s Member Guide to Transaction Banking - Product Disclosure Statement (‘PDS’) and Internet Banking Terms and Conditions (‘IB T&Cs’) documents.”
• ‘Power of Attorney’ (POA or Attorney or ‘authorised agent’) within the meaning provided in IMB Bank’s PDS and IB T&Cs documents.

• Be 18 years of age or over;
• Have IMB Internet Banking access;
• Have provided IMB with their mobile number (required to support authentication using a One-Time Password);
• Enabled by the account holder to share CDR data via IMB’s Internet Banking as either a ATO or POA within the meaning of IMB Bank’s PDS and IB T&Cs documents.

Once they have been authorised to share data about an account by an account holder, a Secondary User can choose to share account data, transaction details and product specific CDR data with an ‘Accredited Data Recipient’. They are not able to share the customer data of the account holder/s.

A Secondary User cannot:

• Share customer specific information of the account holder/s e.g. contact details.
• Enable or disable other Secondary Users.
• View data sharing arrangements established by the accountholder/s.

• View the CDR data sharing arrangements created by the Secondary User that relate to their account.
• Stop sharing data about their account in active CDR data sharing arrangements created by the Secondary User (i.e. override the Secondary User’s CDR data sharing arrangement in relation to their account).
• Enable and disable a Secondary User.

An account holder can enable or disable CDR data sharing capability for a Secondary User by:

• Logging on to Internet Banking;
• Clicking on the Data Sharing tab and selecting the ‘Sharing Permissions’ option.  This will display the account holder’s eligible accounts; and eligible accounts that have another individual appointed on them as an ATO or POA;
• Select the account that has the Secondary User associated with it; and
• Click on the ‘Enable Sharing’ or the ‘Disable sharing’ option.

When an account holder disables the authorisation of a Secondary User to share CDR data about their account:

• Sharing of the account in any existing CDR data sharing arrangements created by the Secondary User will stop.
• The Secondary User will not be able to create any new CDR data sharing arrangements that include that account.

When an account holder disables the authorisation of a Secondary User this only removes their ability to share CDR data about that account. Their removal as a Secondary User has no effect on their transactional banking access or any other entitlements they have to that account as an ATO or POA (e.g. the ability to perform transactions or seek information from IMB about the account. To remove an ATO or POA access to your account please contact IMB on 133 462 or visit an IMB Branch.

If you are enabled as a Secondary User to share CDR data about an account, but that account is not showing as available when you attempt to provide a new consent or make a CDR data request, it is likely that one of the following eligibility criteria is not being met:

The account holder/s of the relevant account must be eligible to share data:

• Be 18 years or over;
• Have IMB Internet Banking access;
• Have provided IMB with their mobile number (required to support authentication using a One-Time Password);
• The account itself must be eligible for CDR data sharing; and
• In the case of a joint account, all accountholders must have agreed to enable it for CDR data sharing.

You as the Secondary User must meet the following eligibility criteria:

• Be 18 years or over;
• Have IMB Internet Banking access;
• Have provided IMB with your mobile number (required to support authentication using a One-Time Password);
• Enabled by the account holder to share CDR data via IMB’s Internet Banking as either a ATO or POA within the meaning of IMB Bank’s PDS and IB T&Cs documents.

Yes. The individuals that control a business entity are able to authorise one or more individuals as Nominated Representatives to share CDR data about the accounts held by a business member with IMB and manage the CDR data sharing arrangements on behalf of the business.
More about Nominated Representative data sharing can be found in the FAQ's below.

The individuals that control your business will need to complete the 'Business Member CDR Data Sharing Nomination & Cancellation Form’. Click here for the form, or alternatively, please contact us on 133 462 or visit a branch for assistance. 

Once properly authorised by the individual/s that control an IMB business account, a Nominated Representative can within IMB Internet Banking, view and manage (stop) consumer data sharing arrangements for the business on any of the eligible open and closed accounts held by the business with IMB.

IMPORTANT: a Nominated Representative will be able to share CDR data (including transactions, balances and payees) for all accounts owned by the business. This includes accounts closed within the last two years and accounts the Nominated Representative may not have transactional access to currently within their IMB Internet Banking profile. For example, an individual may only have access to complete transactional banking on one of the business’ accounts (e.g. daily transactional account) as an Authority to Operate, however, via consumer data sharing, a Nominated Representative can share CDR data (not transact) on any accounts held by the business which may include other savings, investment and loan accounts.

If a Nominated Representative’s authority is removed by the individuals that control the business:

• They will no longer be able to set up or manage CDR data sharing arrangements or access the CDR data sharing dashboard within IMB Internet Banking.
• Any active CDR data sharing arrangements created by the Nominated Representative will remain active until they expire, or until such time that the business (i.e. individuals that control a business entity) asks IMB to stop sharing the CDR data. Refer below in respect to revoking CDR data sharing arrangements.

To stop a consumer data sharing arrangement established by a Nominated Representative, or, to remove an individual as a Nominated Representative you will need to complete the 'Business Member CDR Data Sharing Nomination & Cancellation Form’. Click here for the form, or alternatively, please contact us on 133 462 or visit a branch to assist further.

Yes. The individuals that control a business member can authorise one or more Nominated Representatives to share CDR data on all eligible IMB accounts that are owned by the business. Please contact us on 133 462 or visit a branch for further assistance.

If you are a Nominated Representative but can’t share CDR data about a business account, it is likely that one of the eligibility criteria has not been met:

• Business must be eligible for Open Banking:
  • Business must have at least one open account;
  • Nominated Representative must also meet the eligibility criteria (refer below).
• Account must be CDR eligible:
  • Joint business accounts not eligible for CDR data sharing;
  • Account must have been opened or closed less than two years ago in order to allow for CDR data sharing.

For a Nominated Representative to be able to share CDR Data in relation to an IMB account held by a business, they must meet the following criteria:

• Be 18 years of age or over;
• Have IMB Internet Banking access;
• Have provided IMB with their mobile number (required to support authentication using a One-Time Password);
• Has been authorised as a Nominated Representative for a business and the business has an open account.

No, the ability to share CDR data for personal accounts (individual or jointly owned) is managed separately to a CDR data sharing arrangement for business accounts. For example, if you wish to share CDR data for ABC Pty Ltd as a Nominated Representative you will need to create a separate CDR data sharing consent purely for accounts owned by ABC Pty Ltd, versus any CDR data sharing consents for your personal accounts (individual or jointly owned).