CDR Representative 101: the risks and rewards of CDR’s most popular new access model


It’s been almost a full year since the new CDR access models were introduced into CDR legislation, and it is already clear that the CDR Representative model has been the biggest hit.

As the leading CDR tech provider in market with 14 Representatives on our platform, the Adatree team has a pretty solid understanding of the risks and rewards of becoming a CDR Representative. So we’d like to share those insights along with some details on how Adatree can help you take advantage of the CDR’s most popular regulatory model while upholding your compliance obligations.

What is a CDR Representative?

A CDR Representative is an organisation or entity brought into the CDR ecosystem by another party with an unrestricted CDR accreditation who can act as their ‘Principal’. This accredited Principal then facilitates CDR access for the unaccredited CDR Representative.

Despite not being accredited by the ACCC, a CDR Representative is still required to abide by the majority of the CDR’s accreditation requirements through reference to its Principal. This includes needing to have appropriate technical controls in place, as well as needing consumer consent to access data and provide services.

The CDR Representative model is similar to other regulated frameworks like those used in payments or even within the financial services sector. A CDR Representative (your organisation) exists under the regulatory wing of their Principal (Adatree).

Becoming a CDR Representative is not a way to avoid requirements of being an Accredited Data Recipient, but the assistance of your Principal can certainly simplify the process. There are no shortcuts to anywhere worth going, and a lot of these requirements are industry best practices that – let’s face it – you as a consumer would want in place. In return, you get to access incredibly rich regulated datasets with much less effort, time and maintenance, all thanks to your Principal.

What are the benefits of being a CDR Representative?

Compared to the other CDR access models, there are a number of key benefits to being a CDR Representative. Chief among these is that you’ll report primarily to your CDR Principal, removing the need to engage directly with the regulator almost entirely. You can leverage many of your Principal’s existing processes and go through the entire journey of getting access to and use of CDR data without encountering any pesky ‘bureaucratic blockers’. Additionally, your Principal takes on the bulk of the responsibility for collecting data from Data Holders, sparing you from one of the most technically complex aspects of CDR participation.

The Principal is responsible for ensuring that you meet your initial and ongoing CDR obligations. An effective Principal will have streamlined processes and significant expertise to ensure you are meeting your requirements. In some instances they may even be able to take on responsibility for processes that you would otherwise fall to you. But if your Principal gives you access to CDR data without doing any due diligence to assess your compliance, then they may be leaving you both exposed if the regulator comes calling.

What is the risks of being a CDR Representative?

The biggest risk of becoming a CDR Representative is that your access to the CDR is entirely conditional upon your Principal – and ALL of its other CDR Representatives – doing the right thing.

As mentioned above, you can only be a CDR Representative if you have a Principal with unrestricted CDR accreditation. If a Principal or any of their CDR Representatives breach their CDR obligations, the Principal can have their accreditation suspended or revoked. This means that, unless your Principal is taking appropriate steps to ensure the compliance of everyone in their ecosystem, your access to CDR could be shut off at a moment’s notice through no fault of your own.

This is a huge risk to your service and product, and it illustrates how critical it is to choose a Principal who – like Adatree – has a complete understanding of the CDR’s regulatory requirements and prioritises technical and regulatory conformance as the primary consideration in every business initiative.

If you are considering becoming a CDR Representative, it is important to think carefully about how your prospective Principal is going to safeguard your ongoing access to data. If they’re not taking steps to ensure the compliance of everyone in their ecosystem, you should probably reconsider your choice of CDR provider.

What does Adatree do as a CDR Principal?

Adatree is an ADR with unrestricted accreditation and the Principal to a number of CDR Representatives already accessing CDR data. As Australia’s leading RegTech, it’s our commercial obligation to ensure that anyone joining our ecosystem won’t jeopardise access to CDR data for any of our other clients. It’s also central to our business’ values of trust and transparency. As such, we take sensible and appropriate steps to ensure that each of our CDR Representatives are able to satisfy their obligations when they enter the system and remain compliant with the CDR’s Rules and Standards on an ongoing basis.

To integrate any new CDR Representative into our system, we take steps to assess their ability to qualify for streamlined CDR accreditation under the Rules, as well as any other relevant existing qualifications or certifications they may have acquired recently (like a SOC2 audit). We also require that our partners notify us of material changes to how they comply with their requirements under the Rules.

These processes mirror many of the requirements of ADRs and are intended to ensure that we adopt a responsible and risk-based approach to guarantee continued access to the CDR ecosystem for all our Representatives.

Like any commercial relationship, there should be warranties and expectations of what each party needs to prove to the other. If a CDR provider suggests that the road to becoming a Representative is anything simpler than what we’ve outlined above, that could signify a risky interpretation or attitude towards the regulations.

Additionally, with Adatree as your CDR Principal you’ll experience a more streamlined and well-supported journey to accessing CDR data than any other solution.

Before committing to becoming a CDR Representative, it is worthwhile assessing whether any of the other access models – like Trusted Adviser or CDR Insight Recipient – would better serve your use case. Adatree’s expertise is to understand the unique needs of every business. We’ll articulate the regulatory considerations and help you identify the best solution to bring your use case to life using our award-winning CDR platform.

If you’re interested in getting access to CDR through any of the available access models (we support them all!), then get in touch with our team and start your CDR journey.