CAP-060 — CDR Data Holder compliance & consent management¶
| Category | Open Banking |
| Business goal | BG-013 · BG-014 |
| Satisfying modules | MOD-061 Open Banking API gateway · MOD-049 Consent capture |
| Mode | GATE |
| BD owner | BD06 Payments |
| Human needed | No |
Full compliance with AU Consumer Data Right (CDR) Data Holder obligations and NZ Open Banking API standard participation — exposing customer account and transaction data to accredited third parties only with valid, active customer consent. MOD-049 manages the consent lifecycle (creation, scope, expiry, revocation); MOD-061 enforces consent at the API layer. No data is shared without a current consent record.