All Posts

Consumer Data Right

The Consumer Data Right Is Coming to Non-Bank Lenders: 10 Things You Need to Know

The Consumer Data Right (CDR) is about to transform the non-bank lending sector. With new data sharing obligations kicking in from 2026, lenders must now decide: treat CDR as a compliance cost - or leverage it as a competitive advantage.

1. CDR is now law for your sector

As of February 2025, non-bank lenders are formally included under the Consumer Data Right (CDR) Rules.

The compliance countdown is underway - with data sharing obligations commencing as early as July 2026.

2. CDR applies even if you’re not APRA-regulated

This is not just about the big banks.

If you’re a registrable corporation under the Financial Sector (Collection of Data) Act 2001, you may be a “relevant non-bank lender” - even if you aren’t an ADI or don’t report directly to APRA.

3. Size matters - but so does structure

Here’s where it gets interesting.

If your business crosses these thresholds:

  • > $1 billion in loans or leases
  • > 1,000 customers

...you’re likely to qualify as a large provider, with mandatory CDR data sharing obligations.

If you meet the financial threshold but have fewer than 1,000 customers, you’re still required to notify the ACCC.

4. You could be non-compliant and not know it

Many lenders will be automatically obligated under CDR if thresholds are met — even if you haven’t actively sought accreditation or registration.

If you haven’t yet assessed your status under the CDR Rules, now’s the time.

5. Associated entities can push you over the threshold

Your corporate structure matters.

If your subsidiaries or associated lenders report significant lending volumes to APRA, their figures will count towards your group’s CDR thresholds.

Don’t get caught out — run a group-wide assessment.

6. Product offering determines your obligations

It’s not just about size — it’s also about what you offer.

If you only offer certain niche or non-standard products (e.g. margin loans, certain leases), you may avoid mandatory obligations — for now.

But if you offer any of the following, you’ll be required to share data:

  • Home loans
  • Personal and business credit
  • BNPL products
  • Standard leases
    …and more.

7. Early participation is allowed — and strategic

Non-bank lenders can voluntarily participate in CDR before their mandatory dates.

Why would you?

  • Test your infrastructure
  • Refine customer experience
  • Differentiate your digital offering
  • Build early trust in the market.

8. Not all products are equal

Some products are excluded from mandatory CDR:

  • Reverse mortgages
  • Margin loans
  • Non-standard vehicle finance (e.g. novated leases).

For these, data sharing is voluntary.

9. Complex requests are excluded — for now

You are not required to process “complex requests” under CDR:

  • Joint accounts
  • Secondary users
  • Nominated representatives.

This helps reduce initial implementation complexity — but expect the scope to evolve.

10. CDR opens doors for digital lending innovation

Forward-thinking non-bank lenders are already exploring ways to turn CDR from compliance cost to competitive advantage:

Smarter credit risk models
Real-time verification for faster onboarding
Seamless switching and refinancing journeys
Improved customer transparency and trust

Final thought: The early movers will win

Non-bank lenders face a choice:

  • Treat CDR as a tick-box compliance project — and risk falling behind.
  • Or leverage it to build better customer experiences and smarter lending models.

At Fiskil, we help non-bank lenders achieve both:

  • Compliance-ready data sharing infrastructure
  • Modern APIs that enable innovation
  • Flexibility to adapt to evolving CDR standards

If you’d like to learn how we can help your business turn CDR into an opportunity — not just an obligation — get in touch.