Data Sharing Fair Use Policy

Limited to a maximum of five requests per second.

Rate limit as agreed, sufficient to enable each of their Fourth Parties to achieve a maximum of five requests per second.

Aggregators must manage Fourth Party requests to ensure fair and equitable use between them and maintain a five requests per second limit for each Fourth Party.

Aggregators must provide 20 days’ notice to ANZ if their rate limits need to be reviewed to account for new Fourth Parties.

Third Parties and/or Fourth Parties must cache data received and avoid re-requesting previously received data unless strictly necessary.

ANZ may optionally provide unique transaction identifiers. Where provided, these must be cached and referenced when determining minimum possible scope.

All requests for data from ANZ should be for the minimum possible scope. For example:

• During Customer setup/onboarding, only request data strictly required for setup, e.g. an initial request could be for 30 days of data, with the full account history progressively requested as needed.
• When assessing whether new Transactions have occurred, first query the balance of relevant accounts. Once a balance change is observed, a scope minimised request for Transactions can be submitted.
• Requests to the Transactions endpoint must be date range-limited to only cover the period between the current date and the most historic Pending Transaction cached for a Customer.
• Bugs or other misconfigurations that make requests when not needed.

Third Parties or Fourth Parties are required to justify their assessment of minimum scope to ANZ on request, and make modifications as requested.

Customer Initiated Requests are where Customer activity directly creates the requirement for the request for data from ANZ. For example:

• A Customer launching or logging in to a Business’ channel
• A Customer completing a form or application that requires additional data to proceed
• A Customer signing up for a new service
• A Customer requesting the refresh of data.

Customer Initiated Requests can be submitted as frequently as required, subject to other Fair Use controls.

Automated Requests refers to all requests for data from ANZ other than in direct response to Customer Initiated Requests. For example:

• The periodic requesting of new data, such as overnight batch updates
• Monitoring for changes in a Customer’s accounts.

Each Customer Consent can be used for an Automated Request no more than 3 times per day, subject to other Fair Use controls.

Automated Requests must also not be used to monitor the status of ANZ Open Services.

ANZ may optionally agree to provide Third Parties or Fourth Parties with notification when balance changes have occurred for certain accounts.

A single successful request can be submitted for that account in response to every notification from ANZ, subject to other Fair Use controls.

Requests to the Transaction’s endpoint for more than 180 days of data must be submitted as multiple requests.

Third Parties are required to notify ANZ if they expect their usage to change materially (more than 25%) from recent average.

ANZ may agree to modify rate limits and/or require this additional traffic within specific hours. For example:

• Onboarding a new Fourth Party
• Signing up a significant number of new Customers
• Migrating an existing Customer base onto Open Services
• Updating/rebuilding previously cached data.