Customer¶
| Domain ID | BD01 |
| Owner | Head of Customer Experience |
| Systems | SD02 · SD08 |
| Repos | bank-kyc, bank-app |
| Applicability | Platform — SD02 and SD08 deliver customer-facing capability. In Track 1 the bank is the obligation-holder. In Track 2 tenants own their customer relationships; the platform delivers the technical solution they use to meet KYC, conduct, and privacy obligations. |
All customer-facing activities: onboarding, identity verification, KYC, relationship management, self-service, complaints, and customer data stewardship.
Functions¶
Customer onboarding & KYC · Identity & eIDV · Customer relationship management (CRM) · Complaints & dispute resolution · Customer communications & consent · Vulnerable customer management · Customer data management
Key systems¶
- SD02 KYC Platform — identity verification, CDD, ongoing monitoring
- SD08 App Platform — customer self-service, CRM back office
Regulatory highlights¶
AML/CFT Act 2009 (NZ) / AML/CTF Act 2006 (AU) require identity verification before account activation. CoFI Act 2022 requires a documented fair conduct programme. ASIC RG 271 sets IDR response timeframes.
Risk domains¶
Policies owned¶
- AML-003 — Know Your Customer (KYC) & Identity Verification Policy
- AML-011 — Customer Acceptance Policy
- AML-012 — Customer Risk Rating Policy
- AML-013 — Onboarding Fraud & Identity Integrity Policy
- CON-001 — Customer Fairness & Conduct Policy
- CON-002 — Complaints & Internal Dispute Resolution Policy
- CON-003 — Vulnerable Customer Policy
- CON-007 — Consumer Data Right (CDR) Policy
- CON-008 — Financial Hardship Policy
- CON-009 — NZ DTA Key Information Summary Disclosure Policy
- PRI-001 — Privacy Policy
- PRI-002 — Data Breach Response Policy
- PRI-006 — Customer Data Access & Correction Policy
Policies applicable¶
- DT-001 — Information Security Policy
- AML-010 — AML Training & Awareness Policy
- PRI-002 — Data Breach Response Policy
Compiled 2026-05-22 from source/entities/business-domains/BD01.yaml