Following an accusation by the Australian Competition & Consumer Commission (ACCC) for breaching consumer data rules, Commonwealth Bank of Australia (CBA) was required to pay a fee of approximately USD 524,000.

The ACCC issued CBA with four infringement notices due to alleged non-compliance with the Consumer Data Right (CDR) rules. The bank reportedly failed to enable data sharing for certain business and partnership accounts, which is intended to facilitate easier access to better deals from accredited third parties.

The Largest Fines to Date Under the CDR Rules

According to the ACCC, this fine represents the highest penalty issued so far for alleged breaches of CDR rules. The regulator stressed that such actions should serve as a warning to all financial institutions regarding their obligations under the CDR framework.

The complaints were related to difficulties consumers faced in accessing CDR-enabled services and products. Despite being fined, CommBank stated it had discovered the breach independently after National Australia Bank was penalized. The bank also promised to contact affected customers and offer remediation where applicable.

Enhancing Security Measures

During 2025, CommBank collaborated with several entities to strengthen its fraud prevention capabilities. One such collaboration saw the bank team up with Telstra in February to introduce Fraud Indicator, a tool designed to detect unusual mobile service usage and prevent fraudulent account openings.

In July of the same year, CBA partnered with Apate.ai to incorporate AI-driven security measures that could intercept scamming attempts through text and voice interactions. This initiative is expected to significantly improve CommBank’s ability to counteract fraud.