New Zealand Banking Association Code of Banking Practice
|
|
| Regulator |
New Zealand Banking Association |
| Jurisdiction |
NZ |
| Status |
live |
| Applicability |
Platform |
The New Zealand Banking Association (NZBA) Code of Banking Practice is a voluntary code
subscribed to by all NZBA member banks. It sets minimum standards for treating customers
fairly, providing clear and transparent product information, supporting customers in financial
difficulty, and handling complaints. The Code is not legislation but breach of its commitments
may be raised in complaints to the Financial Services Complaints Limited (FSCL) and cited by
regulators when assessing conduct standards under the Financial Markets Conduct Act 2013 and
the Customer and Product (CoFI) obligations. Banks are audited against the Code periodically
by the NZBA.
The 2022 edition of the Code introduced strengthened obligations for vulnerable customers
(including elder financial abuse protocols), plain language requirements, and proactive
hardship identification. The Code applies across all personal and small business banking
services offered in New Zealand.
Compliance register
This register maps the Code's material commitments to platform controls and institutional
processes.
Scope legend
| Symbol |
Meaning |
| 🤖 Automated |
Platform enforces or performs the obligation. Primary control mode is GATE, AUTO, CALC, or ALERT. Human action is not required in the normal case. |
| 📊 Evidenced |
Platform captures the evidence trail automatically. Human compliance decision sits on top. Primary control mode is LOG. |
| 🏛 Institutional |
Obligation is met by a process entirely outside the platform — training programmes, board governance, HR, legal. Platform may generate evidence inputs but does not own the process. |
| N/A |
Obligation does not apply to this deployment configuration. |
Build legend
| Symbol |
Meaning |
| ✅ |
Module built and deployed |
| 🔨 |
Module planned — not yet built (build_status: Not started) |
| ❌ |
Uncontrolled gap — no module attributed |
Fair treatment and conduct
| Commitment |
Scope |
Policy |
Platform controls |
Build |
| Treat customers fairly, honestly, and with respect; act in good faith in all dealings |
🤖 Automated |
CON-001 |
MOD-040 (AUTO) — at-risk customers proactively identified and contacted; fair conduct met before customer disengages. MOD-078 (AUTO) — spending limits and card controls set and visible to the customer in real time |
🔨 |
| Do not use unfair, high-pressure, or misleading sales practices |
🤖 Automated |
CON-001 |
MOD-051 (AUTO) — automated actions executed exactly as customer configured, no discretionary deviation; MOD-083 (AUTO) — compliance coaching nudges surfaced to agents in real time during interactions to prevent conduct breaches |
🔨 |
| Manage conflicts of interest to avoid customer harm |
🏛 Institutional |
CON-001 |
Conflicts of interest governance is institutional. MOD-083 logs agent-customer interactions against the interaction record |
🔨 |
| Commitment |
Scope |
Policy |
Platform controls |
Build |
| Provide clear, plain language information about products and services before a customer enters into an agreement |
🤖 Automated |
CON-004, CON-005 |
MOD-050 (GATE) — disclosure obligation met before every product acceptance; system enforces, no agent required. Fee disclosure shown before any fee-generating action |
🔨 |
| Notify customers of material changes to fees, charges, and product terms with adequate advance notice |
🤖 Automated |
CON-005 |
MOD-110 (GATE) — fee posting blocked if the required advance notice period has not elapsed since the fee schedule was last changed |
🔨 |
| Provide customers with access to their transaction history and account information |
🤖 Automated |
CON-001 |
MOD-051 (AUTO) — customers can view and manage their account and transaction history; account status changes reflected immediately |
🔨 |
Financial hardship
| Commitment |
Scope |
Policy |
Platform controls |
Build |
| Proactively identify customers experiencing financial difficulty and provide information about hardship assistance |
🤖 Automated |
CON-008, CON-003 |
MOD-065 (AUTO) — routes customers who meet hardship criteria into the hardship assessment workflow with appropriate communications triggered. MOD-040 (ALERT) — financial stress signals in the customer health score trigger a vulnerable customer flag |
🔨 |
| Provide practical assistance to customers who are experiencing genuine financial hardship, including repayment arrangements |
🤖 Automated |
CON-008 |
MOD-007 (AUTO) — hardship flag triggers account to Protected state; collections activity suppressed automatically |
🔨 |
| Do not pursue collection activity against a customer while a genuine hardship request is being considered |
🤖 Automated |
CON-008 |
MOD-007 (AUTO) — Protected state enforced at the account level; collections modules cannot action a Protected account |
🔨 |
Complaint handling
| Commitment |
Scope |
Policy |
Platform controls |
Build |
| Handle complaints promptly and fairly; provide customers with information about the complaints process and their right to escalate to the FSCL |
🤖 Automated |
CON-002 |
MOD-053 (ALERT) — IDR SLAs enforced automatically; agent cannot ignore a case past SLA without triggering escalation. MOD-083 (AUTO) — IDR complaint obligations surfaced to the agent in real time during customer interactions |
🔨 |
| Maintain a complaints register and report to the NZBA annually |
📊 Evidenced |
CON-002 |
MOD-053 (LOG) — complaint register maintained automatically; feeds the regulatory complaints report |
🔨 |
Card security and online banking
| Commitment |
Scope |
Policy |
Platform controls |
Build |
| Reimburse customers for unauthorised card transactions where the customer was not at fault |
🏛 Institutional |
PAY-005 |
Reimbursement decisions are institutional (fraud operations team). MOD-144 (GATE) — payee name verification reduces misdirected payments. MOD-078 (GATE) — card freeze executed immediately from the app; compromised card removed from the fraud attack surface without delay |
🔨 |
| Provide customers with tools to manage card and account security |
🤖 Automated |
PAY-005 |
MOD-078 (GATE) — instant card freeze from the app removes a compromised card without call centre involvement. MOD-007 (GATE) — fraud-flagged accounts automatically restricted pending investigation |
🔨 |
Restricted activities (NZ banking law compliance)
| Commitment |
Scope |
Policy |
Platform controls |
Build |
| Comply with restrictions on bank activities under NZ banking law; ensure products and features classified as restricted activities have required RBNZ consent before activation |
🤖 Automated |
GOV-010 |
MOD-146 (GATE) — restricted activity classification enforced at the product configuration layer; restricted products cannot be enabled without documented RBNZ consent or board resolution |
🔨 |
| Obligation |
Owner |
Platform evidence input |
| NZBA Code audit — periodic review of compliance against the Code |
Chief Compliance Officer |
MOD-053 complaint register; MOD-047/MOD-083 agent interaction logs; MOD-050 disclosure acknowledgement records |
| Staff training on Code commitments |
Chief People Officer |
Institutional LMS |
| Annual reporting to NZBA |
Chief Compliance Officer |
MOD-053 complaint data; MOD-037 compliance report data |
| Unauthorised transaction reimbursement decision-making |
Head of Financial Crime / Head of Operations |
MOD-144 payee verification; MOD-078 card controls evidence |
Coverage summary
| Area |
Total obligations |
Platform automated 🤖 |
Platform evidenced 📊 |
Institutional 🏛 |
| Fair treatment |
3 |
2 |
0 |
1 |
| Information and disclosure |
3 |
3 |
0 |
0 |
| Financial hardship |
3 |
3 |
0 |
0 |
| Complaint handling |
2 |
1 |
1 |
0 |
| Card and online security |
2 |
1 |
0 |
1 |
| Restricted activities |
1 |
1 |
0 |
0 |
| Total |
14 |
11 (79%) |
1 (7%) |
2 (14%) |
All attributed modules are currently build_status: Not started.
| Policy |
Title |
| CON-001 |
Customer Fairness & Conduct Policy |
| CON-002 |
Complaints & Internal Dispute Resolution Policy |
| CON-003 |
Vulnerable Customer Policy |
| CON-004 |
Product Disclosure & Sales Practice Policy |
| CON-005 |
Fee & Pricing Transparency Policy |
| CON-008 |
Financial Hardship Policy |
| GOV-010 |
Restricted Activities Policy |
| PAY-005 |
Payment Fraud Prevention Policy |
Official documentation
Policies referencing this standard
- CON-001 — Customer Fairness & Conduct Policy
- CON-003 — Vulnerable Customer Policy
- CON-005 — Fee & Pricing Transparency Policy
- CON-008 — Financial Hardship Policy
- CRE-009 — Fixed-Rate Component Break-Cost Methodology Policy
- GOV-010 — Restricted Activities Policy
- PAY-005 — Payment Fraud Prevention Policy
Compiled 2026-05-22 from source/entities/regulations/nz-banking-code.yaml