Industry standards¶

International and industry standards applicable across both jurisdictions. These are not government-mandated regulations but are referenced in RBNZ and APRA prudential frameworks, required by contractual obligations (card schemes, payment networks), or adopted as best practice baselines.

Capital and liquidity¶

Standard	Subject	Page
Basel III / Basel IV	BCBS international capital adequacy, leverage, liquidity, and disclosure framework — implemented in NZ (RBNZ) and AU (APRA)	industry-basel-iii.md

Financial messaging and payments¶

Standard	Subject	Page
ISO 20022	Global standard for financial messaging — used in NZ RTGS, NPP (AU), and cross-border payments	industry-iso20022.md
Visa / Mastercard rules	Card scheme operating rules — acceptance, fraud liability, chargebacks, dispute resolution	industry-card-scheme-rules.md

Information security¶

Standard	Subject	Page
ISO 27001	Information Security Management System (ISMS) — framework for managing information security risk	industry-iso-27001.md
PCI DSS v4.0	Payment Card Industry Data Security Standard — mandatory for card data handling	industry-pci-dss.md
OWASP ASVS	Application Security Verification Standard — secure development and testing baseline	industry-owasp-asvs.md

Business continuity¶

Standard	Subject	Page
ISO 22301	Business Continuity Management Systems — international BCM standard	industry-iso-22301.md

AML/CFT and tax compliance¶

Standard	Subject	Page
FATF 40 Recommendations	Financial Action Task Force — international AML/CFT standards underpinning NZ AML/CFT Act and AU AML/CTF Act	industry-fatf.md
FATCA	Foreign Account Tax Compliance Act — US tax reporting obligations for foreign financial institutions	industry-fatca.md
CRS / AEOI	Common Reporting Standard — OECD automatic exchange of financial account information	industry-crs-aeoi.md

Financial reporting¶

Standard	Subject	Page
IFRS 9	Financial instruments — classification, measurement, and expected credit loss (ECL) provisioning	industry-ifrs-9.md