Restricted Activities Policy¶
| Code | GOV-010 |
| Domain | Governance & Compliance |
| Owner | Chief Compliance Officer |
| Status | Draft |
| Applicability | Platform |
| Jurisdiction | NZ |
| Business domain | BD10 |
| Review date | 2027-04-01 |
Regulations: RBNZ Prudential Returns · NZ Banking Code · DTA Restricted Activities Standard¶
Purpose¶
Define the activities that the platform is restricted from conducting under the terms of its NZ banking licence and RBNZ registration conditions. Establishes controls that prevent the platform from inadvertently engaging in restricted activities and defines the approval process for any activities that require RBNZ notification or consent.
Scope¶
All products, services, and business activities conducted by the platform in New Zealand. Applies to all business domains and technology functions.
Policy statements¶
The platform SHALL maintain a current register of activities that are restricted, prohibited, or subject to RBNZ notification or consent under the NZ banking licence conditions. The register SHALL be reviewed annually and following any licence condition change.
No new product, service, or business activity SHALL be launched if it would constitute a restricted activity, unless prior written consent or notification has been obtained from the RBNZ and documented in the register. Product governance processes SHALL include a restricted activities check before any new product is approved for launch.
The platform SHALL implement system-level controls to prevent the acceptance of deposit products or the conduct of activities outside the permissible scope of the banking licence. Product eligibility rules and cross-border restriction checks SHALL be enforced by the payment and product systems.
Transactions or account openings that would engage a restricted activity — including serving customers in jurisdictions where the platform is not licensed — SHALL be declined at the system boundary with a logged reason code.
Any interaction with RBNZ on restricted activities — including notifications, consents, and correspondence — SHALL be managed by the Chief Compliance Officer and SHALL be recorded in the governance register.
Where a customer inquiry or complaint reveals that a restricted activity may have occurred, the event SHALL be reported to the Chief Compliance Officer within one business day for assessment and, if required, regulatory notification.
Satisfying modules¶
| Module | Name | Mode | Description |
|---|---|---|---|
| MOD-146 | Restricted activities enforcement | GATE |
Product types and features classified as restricted activities under the DTA cannot be enabled in the product catalogue without a documented RBNZ consent or board resolution — the system enforces this at the configuration layer. |
Part of Governance & Compliance · Governance overview
Compiled 2026-05-22 from source/entities/policies/GOV-010.yaml