Commonwealth Bank Faces $792,000 in Penalties for Alleged Consumer Data Right Breaches

What Business Owners Need to Know | Bane Legal Services

Based on and crediting the original media release published by the Australian Competition and Consumer Commission (ACCC) on 9 December 2025.

The Australian Competition and Consumer Commission (ACCC) has confirmed that the Commonwealth Bank of Australia (CBA) has paid $792,000 in penalties after the regulator issued four infringement notices for alleged breaches of the Consumer Data Right (CDR) Rules.

For Australian businesses, particularly those relying on digital accounting systems, fintech tools or secure data-sharing platforms, this development is a timely reminder of how essential CDR compliance has become.

At Bane Legal Services, we do not provide legal advice. However, as Australia’s trusted commercial legal matchmaking service, we help business owners find the right commercial, consumer, data governance or technology lawyer when regulatory issues arise.

What the ACCC Alleges Happened

According to the ACCC, CBA failed to meet key obligations under the CDR Rules by not enabling consumer data sharing for certain business accounts, including partnership accounts and accounts linked to Trading Entity Business Names (TEBNs).

This failure meant many business customers could not fully access CDR-enabled services such as digital accounting integrations or secure automated data transfers. Some customers were forced to revert to manual processes or less secure data-sharing methods.

The ACCC reported receiving numerous complaints from affected businesses.

Why the Penalties Matter

This is the highest penalty issued by the ACCC to date for alleged CDR rule breaches.

ACCC Deputy Chair Catriona Lowe emphasised that the regulator will continue prioritising enforcement settings to ensure Australian consumers and businesses can fully benefit from the CDR framework, particularly increased choice, easier comparison of products and more secure financial management tools.

CDR uptake is also expanding rapidly. In the first half of 2025, participation in the system increased by 55 per cent, and more growth is expected as the CDR extends to the non-bank lending sector in mid-2026.

Earlier this year, National Australia Bank Limited also paid $751,200 in penalties for alleged CDR rule breaches linked to data quality.

The ACCC’s message is clear: CDR participants who fail to meet their obligations should expect enforcement action.

CBA’s Commitments: Remediation and Compliance

CBA has cooperated with the ACCC’s investigation and entered into an administrative resolution. Under this resolution, CBA has committed to:

1. Enable full consumer data sharing

CBA must complete implementation for all remaining TEBN accounts by 19 December 2025.

2. Provide remediation to affected business customers and accredited data recipients

This includes:

• Goodwill payments to eligible business customers

• Additional compensation to customers who can demonstrate further financial or non-financial loss

• A structured remediation program commencing from 19 January 2026

• Direct communication to affected customers and public guidance on CBA’s website

The ACCC notes that payment of an infringement notice is not an admission of wrongdoing.

What Is the Consumer Data Right (CDR)?

If your business uses digital tools, cloud accounting, or comparative financial services, the CDR plays a growing role in how your data is accessed, transferred and protected.

The CDR is an economy-wide reform gradually rolling out across banking, energy and (soon) non-bank lending. It allows consumers, including businesses, to safely transfer data from one provider to another through accredited, government-regulated channels.

The system aims to:

• improve competition

• reduce operational costs

• enhance security

• make it easier for consumers to access better deals

The ACCC and the Office of the Australian Information Commissioner regulate compliance.

What This Means for Australian Businesses

The CDR is no longer a future concept. It is now a core operational and compliance requirement across banking, and soon across multiple industries.

For businesses, the CDR offers benefits such as:

• secure access to real-time financial data

• more efficient bookkeeping and accounting solutions

• better comparison tools for financial and energy products

• safer data-sharing without manual workarounds

However, when major institutions fall short of compliance obligations, business owners may face disruption, unexpected manual tasks, or lost efficiency.

Need Guidance? Bane Legal Services Can Connect You with the Right Lawyer

Bane Legal Services is not a law firm and does not provide legal advice.

But when issues involve CDR compliance, fintech integrations, data governance, or banking disputes, we help business owners find the most suitable commercial or consumer law specialist from our trusted national network.

With more than 30 years of business experience, we ensure you are matched with a lawyer who understands your industry, your risk profile and your commercial priorities.

If your business has been affected by data-sharing issues or you need support navigating emerging CDR obligations, we can connect you with the right legal professional today.