Helping Clients Feel Confident Consenting to RateTraker (Open Banking Explained)

At a glance

Government-regulated framework: Open Banking sits under Australia’s Consumer Data Right (CDR). Treasury writes the rules; ACCC and OAIC monitor and enforce them.
Client permission first: Data is only shared with the client’s explicit consent, and clients can withdraw consent at any time.
Bank-level sign-in: Clients authenticate via their own banking app (Data Holder). They never share online banking usernames or passwords with Sherlok or RateTraker.
Purpose-limited: Data can only be used for the purpose agreed during the data connection process (i.e., monitoring loan competitiveness and refinancing).

Why RateTraker Needs Consent (the value story)
RateTraker continuously monitors a client’s mortgage and alerts you the moment a rate becomes uncompetitive. That lets you act quickly to secure better terms—protecting the client from overpaying and strengthening your relationship. To do this accurately, RateTraker uses Open Banking to access only the minimum data necessary, and only for the specific, consented purpose.

How to Explain Open Banking to Clients (talk track)

“Open Banking is a government-regulated system called the Consumer Data Right. The rules are set by Treasury and enforced by the ACCC and OAIC.

With your permission, RateTraker securely receives your loan data so I can monitor your rate and let you know if better options appear. You’ll be redirected to your own banking app to sign in—we never see your bank username or password.

You’re in control: nothing is shared without your consent, and you can withdraw consent at any time. We can only use your data for the specific purpose you agree to—monitoring your loan’s competitiveness.”"Open Banking (the Consumer Data Right) is a government-backed system that lets you safely share only the data you choose to get better deals.

Only accredited providers can access your data, and they must meet strict security and privacy standards. You stay in control—decide what to share and stop sharing or request deletion at any time.

Strong privacy safeguards apply, with investigations and penalties for breaches. Learn more at CDR.gov.au."

⚙️Client Journey: what they’ll see

Invite received → You send the RateTraker invitation.
Consent screen → Client reviews the data to be shared and grants consent.
Secure authentication → Client is redirected to their banking app (Data Holder) to log in securely.
Connection complete → Sharing begins only for the agreed purpose.
Ongoing control → Client can withdraw consent any time.

📃Common Concerns & Clear Responses:
“Is this safe?”

Yes. Open Banking is a regulated system under CDR. Only eligible businesses operating under CDR access models can request data, and they must follow strict privacy and security rules.

“Do I have to share my bank password?”

No. Clients authenticate through their bank’s own app. They never share their online banking username or password with Sherlok or RateTraker.

“Can you use my data for anything else?”

No. Open Banking is purpose-limited. Data can only be used for the specific purpose the client authorises during the data connection process.

“Can I change my mind?”

Yes. Clients can withdraw consent at any time, which stops any further sharing.

📝Copy-and-paste snippets (email/SMS/portal)
One-liner:

“RateTraker uses government-regulated Open Banking to monitor your loan and alert me if your rate becomes uncompetitive—you sign in via your bank app, and you can stop sharing anytime.”

Short email paragraph:

“To set up RateTraker, click the link and follow the prompts. You’ll be taken to your banking app to sign in securely—no passwords shared with us. You’re in control: consent first, and you can withdraw at any time. We’ll only use your data to monitor your mortgage rate and let you know if better options appear.”

✍️Broker checklist (before sending invites)

- I can explain what RateTraker does (monitor + alert + faster savings).
- I can articulate the Open Banking guardrails (CDR, ACCC/OAIC oversight).
- I can describe the client’s control (consent first, withdraw anytime).
- I’m ready with a follow-up call for clients who pause mid-process.

🔒Security & compliance notes

Restricted access: Only eligible CDR participants can receive Open Banking data.
Consent-based: No data sharing without explicit client consent; revocable at any time.
Authentication: Client logs in via their banking app (Data Holder)—no sharing of bank credentials with Sherlok or RateTraker.
Purpose limitation: Data is used only for the purpose specified during the data connection (monitoring loan competitiveness and refinancing).

Helping Clients Feel Confident Consenting to RateTraker (Open Banking Explained)

To help you address consent and security questions with confidence, we’ve distilled the key CDR essentials so you can reassure and support clients throughout the process.

At a glance

Government-regulated framework: Open Banking sits under Australia’s Consumer Data Right (CDR). Treasury writes the rules; ACCC and OAIC monitor and enforce them.

Client permission first: Data is only shared with the client’s explicit consent, and clients can withdraw consent at any time.

Bank-level sign-in: Clients authenticate via their own banking app (Data Holder). They never share online banking usernames or passwords with Sherlok or RateTraker.

Purpose-limited: Data can only be used for the purpose agreed during the data connection process (i.e., monitoring loan competitiveness and refinancing).

How to Explain Open Banking to Clients (talk track)

“Open Banking is a government-regulated system called the Consumer Data Right. The rules are set by Treasury and enforced by the ACCC and OAIC.

With your permission, RateTraker securely receives your loan data so I can monitor your rate and let you know if better options appear. You’ll be redirected to your own banking app to sign in—we never see your bank username or password.

Only accredited providers can access your data, and they must meet strict security and privacy standards. You stay in control—decide what to share and stop sharing or request deletion at any time.

Strong privacy safeguards apply, with investigations and penalties for breaches. Learn more at CDR.gov.au."

⚙️Client Journey: what they’ll see

Invite received → You send the RateTraker invitation.

Consent screen → Client reviews the data to be shared and grants consent.

Secure authentication → Client is redirected to their banking app (Data Holder) to log in securely.

Connection complete → Sharing begins only for the agreed purpose.

Ongoing control → Client can withdraw consent any time.

📃Common Concerns & Clear Responses:
“Is this safe?”

Yes. Open Banking is a regulated system under CDR. Only eligible businesses operating under CDR access models can request data, and they must follow strict privacy and security rules.

“Do I have to share my bank password?”

No. Clients authenticate through their bank’s own app. They never share their online banking username or password with Sherlok or RateTraker.

“Can you use my data for anything else?”

No. Open Banking is purpose-limited. Data can only be used for the specific purpose the client authorises during the data connection process.

“Can I change my mind?”

Yes. Clients can withdraw consent at any time, which stops any further sharing.

📝Copy-and-paste snippets (email/SMS/portal)
One-liner:

“RateTraker uses government-regulated Open Banking to monitor your loan and alert me if your rate becomes uncompetitive—you sign in via your bank app, and you can stop sharing anytime.”

Short email paragraph:

✍️Broker checklist (before sending invites)

I can explain what RateTraker does (monitor + alert + faster savings).

I can articulate the Open Banking guardrails (CDR, ACCC/OAIC oversight).

I can describe the client’s control (consent first, withdraw anytime).

I’m ready with a follow-up call for clients who pause mid-process.

🔒Security & compliance notes

Restricted access: Only eligible CDR participants can receive Open Banking data.

Consent-based: No data sharing without explicit client consent; revocable at any time.

Authentication: Client logs in via their banking app (Data Holder)—no sharing of bank credentials with Sherlok or RateTraker.

Purpose limitation: Data is used only for the purpose specified during the data connection (monitoring loan competitiveness and refinancing).

Helping Clients Feel Confident Consenting to RateTraker (Open Banking Explained)

To help you address consent and security questions with confidence, we’ve distilled the key CDR essentials so you can reassure and support clients throughout the process.

At a glance

Government-regulated framework: Open Banking sits under Australia’s Consumer Data Right (CDR). Treasury writes the rules; ACCC and OAIC monitor and enforce them.

Client permission first: Data is only shared with the client’s explicit consent, and clients can withdraw consent at any time.

Bank-level sign-in: Clients authenticate via their own banking app (Data Holder). They never share online banking usernames or passwords with Sherlok or RateTraker.

Purpose-limited: Data can only be used for the purpose agreed during the data connection process (i.e., monitoring loan competitiveness and refinancing).

How to Explain Open Banking to Clients (talk track)

“Open Banking is a government-regulated system called the Consumer Data Right. The rules are set by Treasury and enforced by the ACCC and OAIC.

With your permission, RateTraker securely receives your loan data so I can monitor your rate and let you know if better options appear. You’ll be redirected to your own banking app to sign in—we never see your bank username or password.

Only accredited providers can access your data, and they must meet strict security and privacy standards. You stay in control—decide what to share and stop sharing or request deletion at any time.

Strong privacy safeguards apply, with investigations and penalties for breaches. Learn more at CDR.gov.au."

⚙️Client Journey: what they’ll see

Invite received → You send the RateTraker invitation.

Consent screen → Client reviews the data to be shared and grants consent.

Secure authentication → Client is redirected to their banking app (Data Holder) to log in securely.

Connection complete → Sharing begins only for the agreed purpose.

Ongoing control → Client can withdraw consent any time.

📃Common Concerns & Clear Responses:“Is this safe?”

Yes. Open Banking is a regulated system under CDR. Only eligible businesses operating under CDR access models can request data, and they must follow strict privacy and security rules.

“Do I have to share my bank password?”

No. Clients authenticate through their bank’s own app. They never share their online banking username or password with Sherlok or RateTraker.

“Can you use my data for anything else?”

No. Open Banking is purpose-limited. Data can only be used for the specific purpose the client authorises during the data connection process.

“Can I change my mind?”

Yes. Clients can withdraw consent at any time, which stops any further sharing.

📝Copy-and-paste snippets (email/SMS/portal)One-liner:

“RateTraker uses government-regulated Open Banking to monitor your loan and alert me if your rate becomes uncompetitive—you sign in via your bank app, and you can stop sharing anytime.”

Short email paragraph:

✍️Broker checklist (before sending invites)

I can explain what RateTraker does (monitor + alert + faster savings).

I can articulate the Open Banking guardrails (CDR, ACCC/OAIC oversight).

I can describe the client’s control (consent first, withdraw anytime).

I’m ready with a follow-up call for clients who pause mid-process.

🔒Security & compliance notes

Restricted access: Only eligible CDR participants can receive Open Banking data.

Consent-based: No data sharing without explicit client consent; revocable at any time.

Authentication: Client logs in via their banking app (Data Holder)—no sharing of bank credentials with Sherlok or RateTraker.

Purpose limitation: Data is used only for the purpose specified during the data connection (monitoring loan competitiveness and refinancing).

📃Common Concerns & Clear Responses:
“Is this safe?”

📝Copy-and-paste snippets (email/SMS/portal)
One-liner: