Open Banking

Got a question on Open Banking?

Can I share both my personal accounts and business accounts in the same consent I create with an Accredited Data Recipient?

No, the ability to share CDR data for personal accounts (individual or jointly owned) is managed separately to a CDR data sharing arrangement for business accounts. For example, if you wish to share CDR data for ABC Pty Ltd as a Nominated Representative you will need to create a separate CDR data sharing consent purely for accounts owned by ABC Pty Ltd, versus any CDR data sharing consents for your personal accounts (individual or jointly owned).

What is the eligibility criteria for a Nominated Representative to share CDR Data?

For a Nominated Representative to be able to share CDR Data in relation to an IMB account held by a business, they must meet the following criteria:

Be 18 years of age or over
Have IMB Internet Banking access
Have provided IMB with their mobile number (required to support authentication using a One-Time Password)
Has been authorised as a Nominated Representative for a business and the business has an open account.

‍

I am a Nominated Representative for an IMB business member, so why can’t I share CDR data about an account?

If you are a Nominated Representative but can’t share CDR data about a business account, it is likely that one of the eligibility criteria has not been met:

Business must be eligible for Open Banking
Business must have at least one open account
Nominated Representative must also meet the eligibility criteria (refer below)
Account must be CDR eligible:
Joint business accounts not eligible for CDR data sharing
Account must have been opened or closed less than two years ago in order to allow for CDR data sharing.

‍

Can I authorise more than one Nominated Representative to manage CDR data sharing for my IMB business accounts?

Yes. The individuals that control a business member can authorise one or more Nominated Representatives to share CDR data on all eligible IMB accounts that are owned by the business. Please contact us on 133 462 or visit a branch for further assistance.

As a Nominated Representative of an IMB business account, what can I do?

Once properly authorised by the individual/s that control an IMB business account, a Nominated Representative can within IMB Internet Banking, view and manage (stop) consumer data sharing arrangements for the business on any of the eligible open and closed accounts held by the business with IMB.

IMPORTANT: a Nominated Representative will be able to share CDR data (including transactions, balances and payees) for all accounts owned by the business. This includes accounts closed within the last two years and accounts the Nominated Representative may not have transactional access to currently within their IMB Internet Banking profile. For example, an individual may only have access to complete transactional banking on one of the business’ accounts (e.g. daily transactional account) as an Authority to Operate, however, via consumer data sharing, a Nominated Representative can share CDR data (not transact) on any accounts held by the business which may include other savings, investment and loan accounts.

If a Nominated Representative’s authority is removed by the individuals that control the business:

They will no longer be able to set up or manage CDR data sharing arrangements or access the CDR data sharing dashboard within IMB Internet Banking.
Any active CDR data sharing arrangements created by the Nominated Representative will remain active until they expire, or until such time that the business (i.e. individuals that control a business entity) asks IMB to stop sharing the CDR data. Refer below in respect to revoking CDR data sharing arrangements.

To stop a consumer data sharing arrangement established by a Nominated Representative, or, to remove an individual as a Nominated Representative you will need to complete the 'Business Member CDR Data Sharing Nomination & Cancellation Form’. Click here for the form, or alternatively, please contact us on 133 462 or visit a branch for further assistance.

‍

How do I authorise a Nominated Representative to share CDR data for my Business?

The individuals that control your business will need to complete the Business Member CDR Data Sharing Nomination & Cancellation Form. Click here for the form, or alternatively, please contact us on 133 462 or visit a branch for assistance.

How do I share CDR data on my IMB business accounts?

To share CDR data about your business accounts, one or more Nominated Representatives must be authorised by the individuals that control the business. Depending on the type of business, these authorisations will need to be made by one or more owners, directors, partners, trustees or Committee members. Once an authorisation is made, the Nominated Representative/s can then share and disable CDR data sharing arrangements on behalf of the business. Contact us on 133 462 or visit a branch for information about how to authorise a Nominated Representative for your business.

I’m an IMB business member, can I share data about my IMB business accounts through the Consumer Data Right (CDR)?

Yes. The individuals that control a business entity are able to authorise one or more individuals as Nominated Representatives to share CDR data about the accounts held by a business member with IMB and manage the CDR data sharing arrangements on behalf of the business.
More about Nominated Representative data sharing can be found in the Business User FAQs.

I am enabled as a Secondary User so why can’t I share CDR data on the account?

If you are enabled as a Secondary User to share CDR data about an account, but that account is not showing as available when you attempt to provide a new consent or make a CDR data request, it is likely that one of the following eligibility criteria is not being met:

The account holder/s of the relevant account must be eligible to share data:

Be 18 years or over
Have IMB Internet Banking access
Have provided IMB with their mobile number (required to support authentication using a One-Time Password)
The account itself must be eligible for CDR data sharing
In the case of a joint account, all accountholders must have agreed to enable it for CDR data sharing.

You as the Secondary User must meet the following eligibility criteria:

Be 18 years or over
Have IMB Internet Banking access
Have provided IMB with your mobile number (required to support authentication using a One-Time Password)
Enabled by the account holder to share CDR data via IMB’s Internet Banking as either a ATO or POA within the meaning of IMB Bank’s PDS and IB T&Cs documents.

‍

I am an Account holder and have an ATO on my account. I do not want them to be able to share CDR data about my account as a Secondary User. How do I confirm this?

An Authority to Operate (ATO ) that you have appointed on your account cannot automatically share CDR data about that account as a Secondary User. As the account holder, you control whether you wish to enable them to share CDR data about your account or not. By default, Secondary Users are not able to share CDR data and must first be enabled by you as the account holder to do so. To check who you have enabled to share CDR data on your account, select the Data Sharing tab, then Sharing Permissions in Internet Banking.

‍

What happens when a Secondary User is Disabled?

When an account holder disables the authorisation of a Secondary User to share CDR data about their account:

Sharing of the account in any existing CDR data sharing arrangements created by the Secondary User will stop.
The Secondary User will not be able to create any new CDR data sharing arrangements that include that account.

When an account holder disables the authorisation of a Secondary User this only removes their ability to share CDR data about that account. Their removal as a Secondary User has no effect on their transactional banking access or any other entitlements they have to that account as an ATO or POA (e.g. the ability to perform transactions or seek information from IMB about the account). To remove an ATO or POA access to your account please contact IMB on 133 462 or visit an IMB Branch.

‍

Can an account holder enable or disable CDR data sharing capability for a Secondary User?

An account holder can enable or disable CDR data sharing capability for a Secondary User by:

Logging on to Internet Banking;
Clicking on the Data Sharing tab and selecting the Sharing Permissions option. This will display the account holder’s eligible accounts; and eligible accounts that have another individual appointed on them as an ATO or POA;
Select the account that has the Secondary User associated with it; and
Click on the Enable Sharing or the Disable Sharing option.

‍

What can Secondary Users do?

Once they have been authorised to share data about an account by an account holder, a Secondary User can choose to share account data, transaction details and product specific CDR data with an ‘Accredited Data Recipient’. They are not able to share the customer data of the account holder/s.

A Secondary User cannot:

Share customer specific information of the account holder/s e.g. contact details
Enable or disable other Secondary Users
View data sharing arrangements established by the accountholder/s.

When an account holder has authorised a Secondary User to share CDR data about an account, through IMB Internet Banking the account holder can:

View the CDR data sharing arrangements created by the Secondary User that relate to their account
Stop sharing data about their account in active CDR data sharing arrangements created by the Secondary User (i.e. override the Secondary User’s CDR data sharing arrangement in relation to their account)
Enable and disable a Secondary User.

The account holder/s will be notified of any CDR data sharing actions completed by the Secondary User on their account by way of SMS notification.

What is the eligibility criteria for CDR Secondary Users?

For a Secondary User to be able to share CDR data in relation to an IMB account they must meet the following eligibility criteria:

Be 18 years of age or over
Have IMB Bank Internet Banking access
Have provided IMB with their mobile number (required to support authentication using a One-Time Password)
Enabled by the account holder to share CDR data via IMB’s Internet Banking as either a ATO or POA within the meaning of IMB Bank’s PDS and IB T&Cs documents.

‍

What is a Secondary User in Open Banking?

Secondary Users are individuals that have been granted permission by an account holder to share CDR data for that account.

IMB refers to Secondary Users as both an:

‘Authority To Operate’ (ATO or ‘authorised agent’ ) within the meaning provided in IMB Bank’s Member Guide to Transaction Banking - Product Disclosure Statement (‘PDS’) and Internet Banking Terms and Conditions (‘IB T&Cs’) documents.”
‘Power of Attorney’ (POA or Attorney or ‘authorised agent’) within the meaning provided in IMB Bank’s PDS and IB T&Cs documents.

‍

How do I change my joint account CDR data sharing notifications?

When you are the one sharing joint account CDR data you will receive notifications via SMS, this cannot be disabled.

When another joint account holder shares CDR data relating to an eligible joint account, the other joint account holders will receive a notification via SMS. You can use IMB’s Internet Banking to manage whether you wish to receive these notifications, and how you wish to receive them – either via SMS or email (or both).

To manage your joint account CDR data sharing notifications, login to Internet Banking, select Alerts, then Register and De-register. When you are the one sharing joint account data you will receive notifications via SMS, this cannot be disabled.

‍

How do I enable a joint account for CDR data Sharing?

In accordance with the relevant CDR legislation, eligible joint accounts are already set up for CDR data sharing and you won’t need approval from other joint account holders to share your CDR data with participating accredited parties.

Any eligible joint account holder can stop their CDR data from their joint account from being shared with participating accredited parties at any time. If you choose to disable your joint account, you and all other joint account holders will need to approve and re-enable your consents for CDR data sharing.

To enable CDR data sharing (in Internet Banking):

Go to the Data Sharing tab, select Sharing Permissions, then choose the joint account you would like to share and enable CDR data sharing;
A message will be sent to your other joint account holder(s) asking them to approve or decline your request to share CDR data relating to the joint account;
To approve or decline the request the other joint account holder(s) will need to log into Internet Banking, select the Transfer and BPAY tab, select Authorisations Option and approve or decline;
If they approve, your CDR data relating to your joint account will be enabled, and you can select it from the list of accounts eligible for CDR data sharing.

All joint account holders must follow steps above and select Authorise within seven days of the request being created, or the request will expire.

Please note:

If a request expires or is rejected, the joint account permission ‘Data sharing not enabled’ will remain,
All joint account holders are notified of the outcome of the request by email,
Once all joint account holders have approved the request, CDR data sharing will be enabled on the joint account,
Any joint account holder with CDR data sharing enabled on an account can create a CDR data sharing arrangement from the Accredited Data Recipient’s app or website,
CDR data sharing enabled joint account(s) will be displayed under ‘Available accounts’ on the account selection screen, in the data sharing process.

‍

Where can I go for further information on the Consumer Data Right?

For more details on the Consumer Data Right, please refer to IMB’s CDR Policy or visit cdr.gov.au.

How do I manage my CDR data sharing preferences?

You can view or withdraw your consent for your CDR data sharing arrangements at any time through Internet Banking by going to the Data Sharing tab and selecting Consents. You can also manage your sharing preferences by calling us on 133 462.

Will I be charged a fee for using Open Banking?

Under the CDR legislation, we will not charge you to share your CDR data with an accredited third party.

We won’t charge an accredited third party to access your CDR data either.

‍

Why are some of my accounts not visible or unavailable to share with Open Banking?

Certain accounts may be unavailable due to the following:

Product is ineligible
Other joint account holders may not be eligible for CDR data sharing
Accounts where you are not the account holder
CDR data sharing is not enabled.

Meanwhile, other accounts may not be visible as you may have chosen not to have access to these accounts.

‍

How long does my Open Banking consent remain active?

When creating your consent, you can select how long you would like it to stay active. A consent may be for a one-time share, or you may select a period of up to 12 months. The maximum time limit for consent to remain active is 12 months, before it will expire. If you would like to continue sharing CDR data once it has expired, you will need to create a new consent.

Some Accredited Data Recipients (ADRs) may also allow you to amend an active consent on your CDR data sharing accounts. By visiting the ADR’s app, you may have the option to extend a consent or change the accounts within the consent. This can only be activated through the ADR.

You may choose to create more than one consent or different consents for different accounts, depending on the CDR data you wish to share and the length of consent you would like to give.

‍

How do I authorise Third Party Products?

IMB Mastercard* To start the authorisation process, you will need to go through the Accredited Data Recipient (ADR) you wish to share your CDR data with. Through their CDR data sharing portal, you will be connected to the Citi authorisation portal to provide your authorisation.

_{*MasterCards are issued by Card Services which is a division of Citigroup Pty Limited ABN 88 004 325 080 AFSL No. 238 098 Australian Credit Licence 238098 that provides and administers credit on behalf of IMB Ltd.}

‍

What products are available to share in Open Banking?

Eligible IMB members can request to share their CDR data for certain IMB products including their IMB savings and transactional accounts, term deposits, credit cards, home loans, personal loans, business loans, overdrafts, lines of credits and numerous other products.

However, IMB has been granted an exemption by the ACCC from making available and providing CDR data in relation to its Retirement Savings Accounts (RSAs). IMB has ceased offering RSAs to new members and the number of active RSAs is very low. IMB is therefore not required to develop the extensive technology infrastructure required to obtain and share the relevant CDR data for this product.

‍

Can I cancel my consent?

Yes, you can cancel your consent at any time through Internet Banking.

Once your permission for us to share your CDR data has been cancelled, we will no longer share your CDR data and will provide you with a notification.

‍

Viewing my CDR data sharing arrangements in Internet Banking

Log into IMB Internet Banking
From the main menu, click the ‘Home’ menu and select ‘Data sharing'
From the drop-down list select ‘Consents
The ‘Consents’ screen displays a list of all the accredited third parties you are sharing CDR data with now and who you have shared with in the past
You can also click on an accredited third party to view its details

‍

Can I opt out of Open Banking?

It is your choice to use Open Banking. Open Banking requires you to authorise any sharing of CDR data. If you change your mind, you can revoke your authorisation to share CDR data with ADRs at any time using your data sharing dashboard in IMB Internet Banking.

Is Open Banking secure?

Yes. Customer data security is important to IMB and all requests to access your CDR data must be initiated by you, through a secure environment. IMB cannot do this on your behalf.

Accredited Data Recipients who are providing services by Open Banking must comply with privacy and security requirements and be accredited by the Australian Competition and Consumer Commission (ACCC).

‍

When did IMB launch Open Banking?

On 1 Oct 2020 IMB commenced product reference data sharing via our public Open Banking Product Application Solution. The number of products available for product reference data sharing expanded on 1 February 2021 and again on 1 July 2021, in line with the phased implementation of the Open Banking regulations. Product reference data can be used by third parties to make comparisons of products and prices across the market.

In November 2021 IMB commenced consumer data sharing (phases 1 and 2), allowing eligible customers to share their data with Accredited Data Recipients. Consumer data sharing gives consumers greater access to and control over their data. In October 2022 IMB expanded consumer data sharing allowing eligible joint account customers to share their CDR data with Accredited Data Recipients. IMB will continue with the expansion of consumer data sharing in line with the phased implementation of the Open Banking regulations in line with the phased implementation of the Open Banking regulations, or as discussed with the ACCC (which may include some implementation gaps from time-to-time as outlined in the rectification schedule).

‍

View All

Open Banking

What is Open Banking?

Sharing CDR Data

How to set up and manage CDR data sharing

Step 1

Step 2

Step 3

Step 4

Got a question on Open Banking?

Information for developers

Your security, our priority

How to stay secure

Types of fraud and scams

Security updates

Need support?

Contact us

Locate us

Open Banking

What is Open Banking?

We are accredited.

Sharing CDR Data

Who can share CDR Data?

What CDR Data can I share?

IMB's CDR Policy

How to set up and manage CDR data sharing

Step 1

Step 2

Step 3

Step 4

Got a question on Open Banking?

Can I share both my personal accounts and business accounts in the same consent I create with an Accredited Data Recipient?

What is the eligibility criteria for a Nominated Representative to share CDR Data?

I am a Nominated Representative for an IMB business member, so why can’t I share CDR data about an account?

Can I authorise more than one Nominated Representative to manage CDR data sharing for my IMB business accounts?

As a Nominated Representative of an IMB business account, what can I do?

How do I authorise a Nominated Representative to share CDR data for my Business?

How do I share CDR data on my IMB business accounts?

I’m an IMB business member, can I share data about my IMB business accounts through the Consumer Data Right (CDR)?

I am enabled as a Secondary User so why can’t I share CDR data on the account?

I am an Account holder and have an ATO on my account. I do not want them to be able to share CDR data about my account as a Secondary User. How do I confirm this?

What happens when a Secondary User is Disabled?

Can an account holder enable or disable CDR data sharing capability for a Secondary User?

What can Secondary Users do?

What is the eligibility criteria for CDR Secondary Users?

What is a Secondary User in Open Banking?

How do I change my joint account CDR data sharing notifications?

How do I enable a joint account for CDR data Sharing?

Where can I go for further information on the Consumer Data Right?

How do I manage my CDR data sharing preferences?

Will I be charged a fee for using Open Banking?

Why are some of my accounts not visible or unavailable to share with Open Banking?

How long does my Open Banking consent remain active?

How do I authorise Third Party Products?

What products are available to share in Open Banking?

Can I cancel my consent?

Viewing my CDR data sharing arrangements in Internet Banking

Can I opt out of Open Banking?

Is Open Banking secure?

When did IMB launch Open Banking?

Information for developers

Your security, our priority

How to stay secure

Types of fraud and scams

Security updates

Need support?

Contact us

Locate us