Rabobank & BDO NL: Building the Foundation for Continuous, Trusted Audit Data

‍Fully Digital, Consent-Driven Data Access

At the core of the solution is a secure, fully digital consent flow that allows Rabobank customers to share their bank data directly with their auditor via Circit.

For Rabobank, this fits seamlessly with its embedded finance strategy and upcoming regulatory requirements. As Frans van der Lugt, Strategic Partner Manager, Rabobank, explains:

“We are now front running the field of regulations with this product. When accountants need this data, they can retrieve it via their customers and that enhances the customer journey for our end customers and for the accountants. It’s a perfect match and fit.”

Previously, customers manually downloaded CAMT files and batch details and emailed them to their auditor or uploaded them on the auditor's client portal, a process that was time-consuming and introduced risk. As Claire van Ingen, Product Manager for Open Banking at Rabobank describes:

“Every year, customers have to search all of this financial information. That takes a lot of time. It causes friction for the customer and for the accountant and potential fraud elements aren’t addressed, because in handling data in a manual way, there is a risk of data being manipulated or being left out.”

With the new model, customers remain in full control: they can grant and revoke consent at any time. The process is transparent and secure, eliminating manual handling and empowering customers and auditors to turn their attention to tasks that create more value.

As Claire notes, sending sensitive CAMT files manually is inherently risky; the new process is both safer and more complete in one digital flow.

Direct-from-Bank Reliability and Reduced Fraud Risk

For BDO NL, the key breakthrough was reliability. Prior to Circit, the firm already used automated dashboards and analytics, but data acquisition still depended on clients manually downloading from the bank and uploading files to the BDO client portal.

Marco de Kruijk, Senior Manager Audit Innovation & Technology at BDO NL explains:

“With Circit, we can have direct access to transactional data from Rabobank. It’s a lot more reliable to get this data straight from the bank: it means it’s always up-to-date and can't be changed by the client. Before Circit we also used banking data in our audits, but Rabobank customers previously had to download batch details separately, sometimes more than 156 files per engagement when multiple accounts were involved. This created a heavy administrative burden and risk of incomplete submissions.”

By enabling auditors to retrieve source data directly from the bank, the solution removes the risk of file manipulation and significantly reduces the chance of missing transactions. It also strengthens fraud prevention: auditors can track payments back to verified bank data rather than relying solely on internal accounting records.

Automation and Audit Quality at Scale

BDO NL has long been digitally advanced, using automated tests for, amongst others, debtors, creditors, and purchase invoice analysis. However, the addition of verified bank data enhances what is possible with analytics.

Marco explains that direct bank data enables deeper checks:

“When you also have the banking data by Circit, you can go further by also tracking to the payment. You could also check if it's paid to the correct supplier for the correct bank account. That would increase your audit quality.”

The firm’s ambition is to reduce reliance on sampling and replace it with 100% testing. Data analytics and access to reliable, up-to-date bank data supports this and other advanced use cases, such as identifying unusual journal entries.

For Rabobank, this broader data ecosystem is equally strategic. Frans describes Circit as part of the “financial cockpit” of the auditor, enabling insights across fraud prevention, cash flow, and financing opportunities.

The collaboration does not stop at transactional access; it opens the door to entirely new services built on trusted data.

A Foundation for Continuous Audit

Both Rabobank and BDO NL see this as the beginning of a shift toward continuous auditing.

Claire highlights the difference between annual and ongoing data access:

“Receiving this type of data continuously enables users to set up new types of dashboards and real-time workflows.”

For BDO NL, the vision is even broader. Marco describes a future where auditors proactively monitor risks throughout the year:

“We would be able to do more of a continuous audit, where we, for example, automatically receive the transactions periodically, and immediately indicate outliers, anomalies, risks or perform certain audit procedures automatically. That would allow us to be very proactive and could shift our audit from going to the client twice a year to more continuous. Continuous access would allow auditors to alert clients within days or weeks if anomalies are detected, instead of identifying issues later.” - Marco de Kruijk

This not only improves audit quality but increases the value delivered to clients.

Co-Creation Across the Ecosystem

A defining feature of the Rabobank–Circit collaboration was co-creation.

Rabobank had built out its embedded banking and partner management capabilities to support innovation with non-traditional partners. Circit approached the bank with strong market knowledge and persistence. As Frans notes, Circit’s deep understanding of what accountants and auditors need was a “huge help.”

The product was developed through close collaboration between product owners on Rabobank’s and Circit’s side:

“It really was a co-creation: our product owners sitting with the Circit product owners and discussing things together. It was a perfect fit with our target audience and the roles within the ecosystem.” - Frans van der Lugt, Rabobank

For BDO NL, timing was critical. Once Rabobank enabled direct access, it resolved a long-standing pain point, particularly around batch details, making a new pilot with Circit viable and successful.

Circit’s responsiveness stood out to BDO NL:

“The Circit team is very responsive, and our dedicated Customer Success Manager helped a lot."

Security and compliance were equally important. The Circit Trust Centre documentation around PSD2 and SOC 2 helped BDO NL answer client and security officer queries confidently.

Measurable Impact: Time, Satisfaction, and Confidence

While time savings can be difficult to quantify precisely, both organisations report clear efficiency gains.

At BDO NL, colleagues were eager to adopt the solution because of the administrative burden associated with manual downloads.

The finance teams at BDO NL’s clients benefit from reduced information requests, while management appreciates faster audits and more focus on high-level risks rather than administrative detail.

Rabobank has also received strong positive feedback from their customers, particularly around the fully digital nature of the process and its fraud-preventative elements.

The shift also elevates transparency. In the past, customers emailed sensitive files without full clarity about data handling. Today, the consent flow empowers its end users to share their data in a fully secure and digital way, alleviating the worries normally associated with sharing data.

To retrieve a full year of 2025 bank data, consent must be granted by May 16th, 2026, as this is the point at which the 500-day retrieval window reaches back to the start of the financial year. Any consents granted after this date will result in an incomplete data set for the prior year.

Looking Ahead

Both organisations see significant room for expansion.

Rabobank aims to scale adoption first, ensuring customers are comfortable with the new way of working. From there, the data foundation can support AI-driven services, enhanced fraud prevention, and new financing insights built on continuous cashflow visibility.

BDO NL envisions expanding beyond bank data to incorporate external confirmations and, for example, tax authority data, with the long-term goal of simulating a client’s financial administration from external sources for even greater assurance (Digital Twin Auditing).

Ultimately, the partnership demonstrates that innovation does not happen in isolation. As Frans describes, innovation emerges in the collaboration between the banks, their partner (Circit), and the end customer: ‘a unit of three’.

Or, as Claire summarises the partnership: “Open and honest.”

A Model for the Market

Rabobank believes other banks should adopt similar approaches, as this is not an area of competitive differentiation but of customer enablement.

When banks provide secure, standardised access to source data, auditors can work more efficiently, and businesses can focus on what matters most: running and growing their companies.

For BDO NL, the move to direct-from-bank data is a practical step toward a broader ambition: replacing manual processes with continuous data-driven assurance.

Together, Rabobank and BDO NL have demonstrated how secure digital consent, direct data access, and ecosystem co-creation can transform audit workflows, forming the foundation for continuous audit, advanced analytics, and a more transparent, trusted financial ecosystem.