10 Facts for Non-Bank Lenders with CDR Obligations

1. CDR is now law for your sector

As of February 2025, non-bank lenders are formally included under the Consumer Data Right (CDR) Rules.

The compliance countdown is underway, with data sharing obligations commencing as early as July 2026.

2. CDR applies even if you’re not APRA-regulated

This is not just about the big banks.

If you’re a registrable corporation under the Financial Sector (Collection of Data) Act 2001, you may be a “relevant non-bank lender” - even if you aren’t an ADI or don’t report directly to APRA.

3. Size matters, so does structure

If your business crosses these thresholds:

• > $1 billion in loans or leases
• > 1,000 customers

...you’re likely to qualify as a large provider, with mandatory CDR data sharing obligations.

If you meet the financial threshold but have fewer than 1,000 customers, you’re still required to notify the ACCC.

4. You could be non-compliant and not know it

Many lenders will be automatically obligated under CDR if thresholds are met - even if you haven’t actively sought accreditation or registration.

If you haven’t yet assessed your status under the CDR Rules, now’s the time.

5. Associated entities can push you over the threshold

Your corporate structure matters.

If your subsidiaries or associated lenders report significant lending volumes to APRA, their figures will count towards your group’s CDR thresholds.

Don’t get caught out, run a group-wide assessment.

6. Product offering determines your obligations

It’s not just about size, it’s also about what you offer.

If you only offer certain niche or non-standard products (e.g. margin loans, certain leases), you may avoid mandatory obligations, for now.

But if you offer any of the following, you’ll be required to share data:

• Home loans
• Personal and business credit
• BNPL products
• Standard leases
  …and more.

7. Early participation is allowed - and could be strategic

Non-bank lenders can voluntarily participate in CDR before their mandatory dates.

Why would you?

• Test your infrastructure
• Refine customer experience
• Differentiate your digital offering
• Build early trust in the market.

8. Not all products are equal

Some products are excluded from mandatory CDR:

• Reverse mortgages
• Margin loans
• Non-standard vehicle finance (e.g. novated leases).

For these, data sharing is voluntary.

9. Complex requests are excluded - for now

You are not required to process “complex requests” under CDR:

• Joint accounts
• Secondary users
• Nominated representatives.

This helps reduce initial implementation complexity, but expect the scope to evolve.

10. CDR opens doors for digital lending innovation

Forward-thinking non-bank lenders are already exploring ways to turn CDR from compliance cost to competitive advantage:

✓ Smarter credit risk models
✓ Real-time verification for faster onboarding
✓ Seamless switching and refinancing journeys
✓ Improved customer transparency and trust

Compliance without blowing project timelines, budgets or roadmaps?

That’s where Fiskil fits in. We give non-bank lenders a faster path to compliance with:

• Plug-and-play CDR data sharing infrastructure
• Developer-friendly APIs that don’t get in your way
• Built-in support for evolving CDR standards - no rework required

No costly internal builds. No regulatory guesswork. Just a smarter way to get CDR done right.

If you’d like to learn how we can help your business turn CDR into an opportunity, not just an obligation - get in touch.