Open Banking

The type of data that an ADR can access includes account information, transaction history, and balance information. Before receiving consumer data, an ADR must disclose the type of data it would like to access and obtain consent from the customer. 

As an ADR, Westpac will only receive and collect CDR data for a service offering where the customer has provided consent. For example, where the customer has granted consent to share account and transaction details for income verification. 

No fees are charged by Westpac for importing your data from your Data Provider using Open Banking. 

Westpac requires this information to provide the features outlined in the service offering.

For example, account details are required to identify where your income is deposited, and transaction details are required to verify your income.

The Data Provider list in the consent flow displays all the available Data Providers that Westpac can currently collect data from. You can use the search function to find the Data Provider you are interested in. Note that Westpac does not currently support data collection from all financial institutions. Data Providers not contained in the list are currently unavailable.

CommBank is one of the brand names of Commonwealth Bank. We display Data Providers and their brand logos as they are registered in the Open Banking ecosystem with the regulator, the Australian Competition and Consumer Commission (ACCC). 

The number of times Westpac accesses your data is dependent on the service offering. 

When you sign up to Westpac’s service offering, we will inform you of the proposed sharing period before you consent to the data sharing arrangement. Your consent remains active for the sharing period and will expire when the sharing period ends.

Sharing periods can vary (as a once off request or on an ongoing basis, for a maximum of 12 months) based on Westpac service offering. However, it will never exceed the maximum limit of 12 months.

Westpac sends an email notification to a customer when consent is successfully granted. This email notification provides information about the consent including the date consent was granted, expiry date, sharing period, and Data Provider. 

You can view, manage, and cancel your consent on the Westpac data sharing dashboard by logging into your Westpac service, and search for data sharing, or on your data sharing dashboard with your Data Provider. The data sharing consent can be cancelled or withdrawn by you at any time. 

When the consent is cancelled or expires, Westpac will delete your data that we have collected, unless we have a legal obligation to retain it.

If you are unable to select the accounts that you have with your Data Provider, please contact your Data Provider to discuss whether those accounts are eligible for data sharing. The accounts you hold with your Data Provider are confidential between you and your Data Provider. Westpac has no access to this information. 

You can manage consents and view your accounts for an active consent on the data sharing dashboard, by logging into your Westpac service.

On the dashboard select the ‘Active’ tab and open a consent to view additional information.  Select the ‘Accounts’ section on the screen to display all the accounts that are currently available for data sharing. Note that his service will obtain real-time information from your Data Provider so the accounts currently being shared may differ based on the point in time response received from your Data Provider.

Westpac will never revoke or cancel your consent before the expiry date unless instructed by you or your Data Provider. Please check with your Data Provider if your consent has been revoked or cancelled before the consent expiry date. If you revoke your consent with your Data Provider, your Data Provider will inform Westpac that your consent has been cancelled.

As part of your online application Westpac may offer you the ability to import Open Banking data to verify your income from selected Banks.

One of the purposes of Open Banking is to increase competition across financial services and potentially allow customers to negotiate better deals and save money. Open Banking means that you will be able to share your data with Accredited Data Recipients (ADRs). This will give you access to products and services offered by ADRs that may suit your needs.

Westpac is committed to ensuring that your data is safe including via Open Banking. Customers who want to use Open Banking will need to be registered for online banking.
 

Accredited Data Recipients who are providing services by Open Banking must comply with privacy and security requirements and be accredited by the Australian Competition and Consumer Commission (ACCC).

It is entirely your choice if you wish to use Open Banking.
 

For personal customers, Open Banking requires you to be registered for online banking to authorise data sharing with an ADR. You will use your Westpac Customer Number and a One Time Password through Westpac Protect SMS, to authorise any sharing of information. If you change your mind, you can revoke your authorisation to share data with ADRs at any time using your data sharing dashboard on Westpac Online Banking.
 

For business customers, Open Banking requires a Nominated Representative to register for online banking to authorise data sharing of the company with an ADR. The Nominated Representative will use their Westpac Customer Number and a One Time Password through Westpac Protect SMS,  to authorise any sharing of information. (see further Frequently Asked Questions below for more information about data sharing authorities and Nominated Representatives). If you change your mind, your Nominated Representative(s) can revoke consents for sharing your data with ADRs at any time, using the data sharing dashboard on Westpac Online Banking.

Business customers with an active data sharing authority can also disable this authority at any time by completing an Open Banking Data Sharing Authority form. Once the data sharing authority is inactive, business network administrators cannot manage data sharing on behalf of their Organisation, including creating Nominated Representative(s) to grant, amend and manage consent to share data. Once disabled, business network administrator(s) will need to complete the Open Banking Data Sharing Authority form to re-activate the feature.

You may ask us to share your Westpac consumer data, or other consumer data you have given us permission to collect, in order to get a banking product or services from another organisation, such as another bank.
 

For example, if you apply for a loan with another bank and they request to see data on your Westpac savings account as part of their assessment, you can give us permission to share your Westpac consumer data relating to that savings account with them if they are accredited to receive data by the ACCC. 

We will only share your Westpac consumer data with an Accredited Data Recipient (ADR) if you give us permission to do so.

For personal customers, to start the consent process, you will need to visit the Open Banking consent portal of the Accredited Data Recipient (ADR) you wish us to share your data with. This ADR may be another bank or fintech. Once you have granted your consent to the ADR to collect data on your behalf through their consent portal, you will be connected to Westpac, where we will ask you to authorise us to share your data with the ADR.

For business customers, your Nominated Representative(s) will need to visit the Open Banking consent portal of the ADR you wish us to share your data with (see “What’s New for Open Banking” above for more information about data sharing authorities and Nominated Representatives). The business network administrator can manage Nominated Representatives through the Administration module on Online Banking. An Organisation must have at least one active Nominated Representative before we can share data with an ADR.

For your own security and in accordance with industry standard, you will not be able to use your online banking password for the purposes of data sharing. To data share, you need to register for Westpac SMS Protect in order to receive a One Time Password (OTP) to your registered mobile phone. This is a simple process and the instructions are here.

If you currently use a SecureID token, you will not be able to use the OTP generated on your token for data sharing. However, you can switch to SMS Protect easily. Once you have set up your data sharing arrangement, you can switch back to SecureID token if you wish.

Under the Consumer Data Right, we will only share your Westpac consumer data with another organisation if you give us permission to do so, unless required by law.

You can use your data sharing dashboard in Westpac Online Banking to track all the permissions you have given to us to share your data. For business customers, Nominated Representative(s) can access this data sharing dashboard to track all permissions they have given to us to share data on your Organisation’s behalf.  We will always notify you via the data sharing dashboard as soon as practicable after sharing your data.

You may withdraw your permission for us to share your consumer data on any account at any time by using your data sharing dashboard through Westpac Online Banking.

Once your permission for us to share your data has been withdrawn, we will no longer share your data and will provide you with a notice of this as soon as practicable.

For business customers, Nominated Representatives may withdraw permission for us to share your consumer data on any account at any time by using the data sharing dashboard through Online Banking. 

Your data sharing dashboard on Westpac Online Banking will show you all your active consents and also any previous consents that you have provided, which have expired or been revoked or cancelled.

For business customers, only Nominated Representatives have access to view any active and archived consents that have been provided. All Nominated Representatives will view the same dashboard and can revoke or cancel a consent regardless of which Nominated Representative granted or amended the consent. 

When creating your consent, you can select how long you would like it to stay active. A consent may be for a one-time share, or you may select a period of up to 12 months. The maximum time limit for consent to remain active is 12 months, before it will expire. If you would like to continue sharing data once it has expired, you will need to create a new consent.

Some Accredited Data Recipients (ADRs) may also allow you to amend an active consent on your data sharing accounts. By visiting the ADR’s app, you may have the option to extend a consent or change the accounts within the consent. This can only be activated through the ADR. 

You may choose to create more than one consent or different consents for different accounts, depending on the information you wish to share and the length of consent you would like to give. 

Yes, data sharing for in-scope joint accounts is currently available.  On 4 August 2022, Westpac commenced the implementation of changes to the way that data sharing is authorised for joint accounts held by individual customers:
 

1. If a joint account has already been enabled for data sharing (prior to 4 August 2022), it will continue to be enabled for data sharing.
2. If a joint account has previously been disabled for data sharing by a joint account holder, it will remain disabled for data sharing.  When a joint account is 'disabled' for data sharing, this means that Westpac will not share any data relating to the joint account with an Accredited Data Recipient (ADR) (even if Westpac receives a valid data sharing request from an ADR). If the joint account is disabled for data sharing and the joint account holders wish to enable data sharing, either joint account holder may propose to change the data sharing status of the joint account through the online consent dashboard in Online Banking. All joint account holders must approve the proposal before the joint account is enabled for data sharing, within a specified period of time.
3. If a proposal to enable data sharing is 'pending' approval (if not all joint account holders have approved the proposal to enable data sharing prior to 4 August 2022), the joint account holders will have a specified period of time to respond to the request and if a response is not received, the joint account will remain disabled for data sharing.

Any joint account holder can at any time view the joint account's data sharing option or change it to disabled at any time through the online consent dashboard in Online Banking. Once the data sharing is set to disabled:
 

1. data sharing will cease for the joint account with respect to any existing data sharing authorisations;
2. no joint account holder will be able to share data from that account;
3. any subsequent request made on the online consent dashboard in Online Banking to enable data sharing on the joint account will need to be approved by all joint account holders within a specified period of time.

If you have been granted the ability to make transactions on an in-scope account held by another person and meet certain eligibility criteria, that person can nominate you as a ‘Secondary User’ for data sharing for that account under Open Banking.

Data sharing for eligible accounts with Secondary Users has been extended to include joint accounts with Secondary Users.

Secondary Users need to be given access by the account owner through the Secondary User Data Sharing Preferences service in the data sharing dashboard. Once access is granted, the Secondary User will be able to grant consent for any joint or individual account they have access to. 

Westpac has been approved by the ACCC as an Accredited Data Recipient under the Consumer Data Right/ Open Banking.  At this stage Westpac is not receiving open banking data from other banks. Ultimately Open Banking should result in customers getting better access to products that meet their needs. We are excited about the possibilities from Open Banking and over time we expect to allow customers to use Open Banking to more easily bring their banking data from other banks to Westpac. In the meantime, your Westpac banker is able to discuss suitable products with you and assist with data required from other financial institutions to support your needs.

As Westpac launches services that make use of Open Banking, we will provide information to help customers use these services including transferring their Open Banking data from other banks to Westpac. We will continue to update this internet page with updates as further data sharing services become available.

If your business network was registered before 1 November 2021, your business network owner(s) will need to complete and submit the Open Banking Data Sharing Authority form to activate the feature for the network. This process authorises business network administrators to nominate themselves and/or other business network users to grant, amend and manage consents for data sharing on behalf of the Organisation (Nominated Representatives).

For business networks registered after 1 November 2021, or for existing business networks that have opted in via the form, the Open Banking data sharing feature will be activated for your business network. Business network administrators will be able to create Nominated Representatives to grant, amend and manage consents for data sharing on behalf of the Organisation, within the ‘Administration’ menu on Westpac Online Banking.

A business network administrator can create a Nominated Representative by adding the ‘Open Banking data sharing permission’ to the access permissions of a business network user. Only users who have had their identity verified by Westpac can be authorised to share data as a Nominated Representative.

Business network administrators can also grant Nominated Representative authority to a user when they are adding a new user to their business network.

Nominated Representatives who have been created as described above will be able to share data on accounts eligible for data sharing on behalf of the Organisation.

A business network administrator can also revoke a Nominated Representative authority at any time by removing the ‘Open Banking data sharing permission’ through ‘Administration’ on Westpac Online Banking. Any active data sharing consents established by the Nominated Representative who has been removed will remain until the consent expires, unless revoked by another Nominated Representative. 

Business customers may authorise one or more Nominated Representatives to share data on all accounts eligible for data sharing owned by the business network. This includes accounts closed within the last two years and/or accounts the Nominated Representative may not have access to currently within their Online Banking profile. Your business network administrator will have the ability to nominate and revoke this authority through ‘Administration’ on Westpac Online Banking.

All Nominated Representatives need to be identified by Westpac and have an active business network profile status. All Nominated Representatives will need to be registered for Online Banking and SMS Protect.

A Nominated Representative can grant, amend, manage and view an Organisation’s consents for data sharing.

Disabling a Nominated Representative’s authority to share data also removes their access to the data sharing consent dashboard. Any active data sharing consents created by the Nominated Representative will remain active until the consent expires. Another Nominated Representative within the business network may revoke the consents at any time.