Open banking

What will the regulations do?

The regulations will improve New Zealanders’ ability to digitally share their banking data with other businesses, such as fintechs, to enable new and innovative low-cost services, such as payments and accounting software.

The 5 largest banks in New Zealand have begun implementing a voluntary standardised system for sharing banking data. This system has been designed collaboratively between banks and digital technology companies under the auspices of the API Centre, which is part of Payments NZ.

The regulations will accelerate this industry-led work and will ensure that open banking occurs in a secure and regulated fashion. The regulations will fulfil a recommendation from the Commerce Commission in its report on banking competition in 2024

Market study into personal banking services(external link)   — Commerce Commission

The Government has agreed to the overarching policy settings for the regulations. The Government is currently drafting these regulations. The agreed policy settings are laid out below.

Designated banks

ASB, ANZ, BNZ and Westpac must provide payment initiation and customer account information from 1 December 2025.

Kiwibank must provide payment initiation from 1 June 2025 and customer account information from 1 December 2026.

Other banks and deposit takers may opt in by giving notice to MBIE. 

Designated customer data and actions

Designated customer data will include:

• information identifying the customer, such as the customer’s name
• information identifying the type of customer, such as whether the customer is an individual, trustee or company
• the customer’s contact details
• information about the following aspects of the customer’s use of transactional accounts, savings accounts, credit card accounts and lending accounts:
  • Information identifying the account, such as the account name and account number
  • Information about the type of account, such as the currency
  • Account balances
  • Transactions (previous two years)
  • Bank statements (previous two years)
  • Interest charges and credit fees
  • Payment obligations
  • Authorisations for transactions given in respect of accounts, such as automatic payments and direct debits
  • Payees
  • Information about offers available to the customer in respect of the account, such as balance transfers and promotional interest rates

The designation will only apply for customers who have digital access to designated account types, such as via bank websites or mobile banking applications.

The designation will also include initiation of domestic payments.

Only accredited requestors will be able to request customer data and payments initiation from banks. The designation will not cover the ability of customers to request data and payments initiation from banks directly.

Restrictions on fees and charges

Banking data holders must publish their pricing for regulated data services.

Banking data holders will be prohibited from charging customers for requests made by accredited requestors.

Bank charges to accredited requestors for requests must not exceed the following levels:

• For payments, 5 cents per payment
• For customer data requests, 1 cent per successful API call, or a maximum of $5 per month per customer for near-real-time access to transaction records.

Payment limits

Banking data holders may not limit the amount of payments under the designation to less than the limit imposed on transactions the customer can initiate through internet or mobile banking, unless the customer requests a lower limit.

Accreditation

In addition to the accreditation criteria in the Act, accredited requestors in the banking sector must meet the following criteria:

• They must hold adequate insurance to address the risk that they are unable to meet liabilities incurred in connection with data or payments requested under the Act, unless this risk is adequately addressed through other means (such as related company guarantees)
• They must be registered as a financial service provider, if required by the Financial Service Providers (Registration and Dispute Resolution) Act 2008.

If they are acting as an intermediary (e.g. providing data or requested actions for customers of another unaccredited business) the data requestor must have adequate processes to ensure that this does not pose undue risks to customers.

Accredited requestors must notify MBIE of changes in circumstances affecting their accreditation, such as changes to directors or senior managers.

On-boarding obligation

Banking data holders will be required to provide the information necessary for an accredited requestor to establish connections with the bank’s electronic system within five working days of receiving a notification in writing from an accredited requestor.

Customer authorisations

In addition to meeting the authorisation requirements in the Act, accredited requestors with active customer authorisations will be required to notify customers at least every 12 months about those authorisations and inform customers of how to withdraw them.

Timeline and key documents for the open banking regulations

Pre-2020

In 2017 and 2019, former Ministers of Commerce and Consumer Affairs wrote to New Zealand’s banks to encourage them to advance sector-led initiatives for open banking.

2024

From 29 August to 10 October 2024, MBIE consulted on policy settings for banking regulations under the Customer and Product Data Act.

See all submissions(external link)

2025

In April 2025, Cabinet agreed to the overarching policy settings for banking regulations under the Customer and Product Data Act.

Press release(external link)  — beehive.govt.nz

The Government is currently drafting these regulations. They will be in force on 1 December 2025.

Key documents relating to the economy-wide Customer and Product Data Act

Please email us if you would like to be added to our mailing list to receive updates on regulations and standards under the Act: consumerdataright@mbie.govt.nz