Comply and Compete for the Consumer Data Right (CDR)

Easily support Australia's CDR Open Banking to expand your business and build trusted relationships with the most comprehensive, future-built IAM platform.

CDR Solution Overview

What Is CDR?

The Consumer Data Right (CDR) legislation aims to provide consumers in Australia with better choice, access, and control of their data, including how it is used and disclosed. CDR will initially apply to the banking industry, with telecommunications and energy retailers following soon afterwards. 

CDR will require that organizations open consumer data to third parties, obtain user consent for data sharing, and apply strong customer authentication for services. To accomplish all of these and meet CDR mandates, leading banks are turning to modern IAM platforms. Built on open standards, the ForgeRock Identity Platform provides a unified solution to address key challenges around customer authentication, secure APIs, customer consent, and identity best practices. With ForgeRock, banks can achieve more than just regulatory compliancethey can also introduce new products and services designed to meet the demands of today’s empowered consumers.

Learn About CDR

Leverage Modern IAM to Comply with CDR and Grow Revenue

CDR requires that banks open their business by providing access to data and controlling how data will be used and managed by third-parties. It also mandates that banks provide consumers with greater transparency and security. Banks must ensure they have the right solutions in place to balance privacy, security, and user experience. Unfortunately, most banks and financial institutions have legacy IAM systems that are unable to support this entirely modern set of requirements. 

With the right IAM platform to make it all happen, CDR presents an excellent opportunity to create new business models that will drive greater revenue and brand trust. As the most comprehensive, modern IAM platform on the market, ForgeRock in collaboration with our trusted partner Middleware NZ enables financial institutions to modernize their IAM to meet CDR requirements, as well as create new business models to grow revenue and customer satisfaction. To comply with CDR specifications, the ForgeRock platform includes: 

  • Application programming interface (API) security with Financial-grade API (FAPI) specifications 
  • Open standards-based support for the CDR specification (OAuth 2.0, OIDC, UMA)
  • Privacy and consent features with a user-friendly dashboard
  • Robust multi-factor authentication (MFA) options with Intelligent Authentication
  • Data residency and data sovereignty
  • Flexible consumption or deployment options for any environment

Download the ForgeRock CDR Accelerators

"ForgeRock followed an API-first, platform-centric approach from the very beginning and already delivers with their highly scalable platform for managing and governing all types of identities.”  

Martin Kuppinger, founder and principal analyst, KuppingerCole 

Open Your Business to New Opportunities with Unsurpassed API Security

Under CDR, third-party providers need a way to access consumer account data on behalf of the consumer. Banks must find the delicate balance of allowing third parties to have consent-driven access to their customers' data while ensuring the utmost security.

ForgeRock provides peace of mind by securing third-party transactions with unsurpassed API security. How? The ForgeRock platform includes and fully supports the Financial-grade API (FAPI) specifications, along with open standards such as OAuth 2.0, OIDC, and UMA, which are core to the CDR specification. This enables users to securely give and manage their consent to share data while enforcing secure access to resources with fine-grained transactional authorization policies.

Our analysts have identified new opportunities for early adopters of the new standard, particularly among voluntary participants who move toward compliance prior to it becoming a requirement. These actors are presented with a once-in-a-generation chance to gain market share by offering innovative, attractive, API-driven services. ForgeRock is here to help you seize this opportunity.

Read the KuppingerCole API Security Leadership Compass

Meet the CDR Strong Customer Authentication Requirement

In an effort to ensure consumer data is secure, CDR requires that, at a minimum, banks provide multi-factor authentication (MFA) in the form of a one-time password (OTP) during authentication and prior to gathering consumer consent. Examples of where MFA is required include:

  • Authorizing data sharing with third-party providers 
  • Managing consent
  • Access to account transaction data
  • Modifications of personal data such as mobile phone, home, and delivery address

ForgeRock Intelligent Authentication addresses the balance between the need for simple administration of secure, risk-aware authentication scenarios and a low-friction login experience for consumers. Additionally, to deliver a truly exceptional login experience, ForgeRock offers passwordless login methods, such as biometrics or push notifications with extra authentication steps only when necessary.

Learn More About Intelligent Authentication


Build Consumer Trust with Consent Management

Giving consumers control over their datafrom who has access to their accounts to managing profile and privacy settingsis essential for most customer-facing solutions. Privacy and consent management helps establish a closer relationship with customers because they can see what personal information a company holds and why. It also helps reduce customer support costs.

The ForgeRock Identity Platform provides a comprehensive, standards-based profile and privacy management dashboard. Users can manage who has access to their personal data, for how long, and under what circumstances. They can also manage their own profile details, the devices connected to their account, and applications they have consented to connect to their account

Learn More About ForgeRock Privacy and Consent Features

Ensure Consumer Data Is Protected with Data Residency and Sovereignty

CDR requires that user data is protected at all times. Additionally, how you store and process user accounts and profile information is subject to regulations and restrictions that protect users' privacy. 

Data residency and data sovereignty are related concepts covering the legalities of where user data resides and the legal authority over the data, regardless of where it resides. To address data residency requirements, the ForgeRock Identity Platform enables fine-grained access controls, privacy-bound user data storage, strong encryption, and fractional replication of personal data. These capabilities allow for secure cross-border transfer and processing of user data that is context-sensitive to a particular jurisdiction. Further, the Forgerock platform operates within any on-premises and cloud environment, giving you complete control over where your valuable customer data is stored.

Learn More About ForgeRock Directory Services

Do Identity Your Way with Consume and Deploy Options

Solution deployments are often lengthy, costly, and complexrequiring many IT resource hours and resulting in slow time to market. With ForgeRock, you can choose to consume or deploy and do identity your way. We have the only comprehensive platform available as a service with the ForgeRock Identity Cloud. The ForgeRock platform is also available with our full DevOps capabilities on premises or in any cloud environment, including multi-cloud and hybrid cloud, saving you as much as 25% on implementation costs.

Learn About ForgeRock Identity Cloud and Deployment Options


Analyst Report

KuppingerCole on the ForgeRock Identity Platform API Security

Will you simply comply or truly compete in the Open API economy?


Get the Facts about CDR Open Banking

Consumer Data Right (CDR), Open Banking and beyond.


Consumer Data Right (CDR) Open Banking Accelerators

Consumer Data Right (CDR)