For most of the last decade, how hard a firm worked to prevent scams was a matter of choice. A bank decided how much to invest in detection, how clearly to warn its customers, and how generous to be when someone was deceived into authorising a payment. A customer's protection depended heavily on who they happened to bank with.

New Zealand has decided that this is no longer acceptable and is changing it. It has chosen a different mechanism from Australia. Rather than relying on a single scams statute, New Zealand has built its response through national coordination, an industry alliance, an updated banking code and concrete operational change. That can look less forceful at first glance, but it would understate the practical effect. The mechanism is different, but the direction is similar.

This article sets out where New Zealand has reached, how the pieces fit together, and what the approach means for any firm that has treated scam prevention as discretionary.

Why the response was needed

Scams have changed in character. They are no longer the work of opportunists. They are run by organised criminal groups operating at an industrial scale, often across borders, using professional technology and money-mule networks to move stolen funds. Reported losses in New Zealand have run into the hundreds of millions of dollars a year, and the true figure is widely believed to be higher, because shame and a sense that the victim should have known better deter many people from reporting at all.

New Zealand's earlier anti-scam efforts had developed in an ad hoc way. Government agencies, banks, telecommunications providers and platforms each held part of the picture. Intelligence on active scams sat in different places and moved slowly between them. A scam that crossed sectors, as most now do, met a response that did not. The reforms of recent years are, above all, an attempt to fix that fragmentation.

The Anti-Scam Alliance

The centrepiece of the coordinated approach is the New Zealand Anti-Scam Alliance, a partnership between government, industry and consumer groups, coordinated by the Ministry of Business, Innovation and Employment. It brings together the agencies, banks, telecommunications providers and digital platforms that each hold part of the response. It gives them a shared work programme rather than a set of separate ones.

The Alliance organises its work around four pillars. The first is collaboration: improving the flow of information across industry, government and overseas partners, so that intelligence on active scams moves in something closer to real time. The second is disruption: coordinated action to take down active scams at scale, rather than on a firm-by-firm basis. The third is education and awareness: helping the public recognise scams, since an informed customer is one of the most effective controls. The fourth is voluntary codes: raising the standards that each sector commits to and is measured against.

That fourth pillar is easy to underestimate. Voluntary does not mean unimportant. Once an industry has publicly adopted a code, it becomes part of the standard against which conduct is judged by customers, counterparties, the media and regulators considering related obligations. A firm that falls materially short of a code that its peers are meeting creates conduct, governance, and reputational risks, even where the code does not itself sit in primary legislation.

The updated Code of Banking Practice

The clearest expression of the codes approach is the updated Code of Banking Practice, which introduced a set of new scam protection commitments for retail banks. Through it, banks commit to a defined set of measures: pre-transaction warnings for certain payments, a service that lets customers check the account name they are paying, the identification of and response to high-risk or unusual transactions including the ability to delay or block payments, a round-the-clock channel for customers to report a suspected scam, and the sharing of information about accounts used by criminals so that other banks can act.

The Code also changes the position on compensation, and this is the part that warrants careful description. It is not a blanket reimbursement guarantee and should not be read as one. Where a bank fails to meet its new scam protection commitments, it will compensate eligible customers for all or part of any loss from an authorised payment scam. Banks retain discretion to compensate beyond that where they consider it appropriate, and continue to compensate, as before, where a customer's banking was accessed without their authority. The compensation approach is conditional, defined and tied to whether the bank met its commitments. It deliberately stops short of placing full liability on the bank, on the basis that a scam may begin with a fake advertisement or a fraudulent search result far outside the bank's control.

That design reflects the principle running through the New Zealand approach: shared responsibility. The bank is accountable for the commitments it has made. It is not the insurer of every loss, including losses that begin in parts of the scam chain it cannot see or influence.

Operational change, not just strategy

One feature of the New Zealand approach is worth drawing out because it distinguishes it from a response that exists only on paper. Alongside the strategy and the codes, concrete operational change has already happened.

The most significant is the national rollout of account name checking across retail banks. A customer making a payment can now be told whether the account name they have entered matches the account they are paying. This addresses a specific weakness in common scam typologies, which depend on the payer believing they are sending funds to someone they are not. It is now part of the retail banking baseline rather than something some banks offered, and others did not.

This matters because strategy documents and voluntary codes can, on their own, describe intentions without changing a customer's day-to-day protection. Account name checking is a change a customer actually experiences when making a payment. It shows that the New Zealand approach is producing operational results, not only frameworks.

A wider perimeter

New Zealand's response is also moving beyond banks, as scams span sectors. On 13 May 2026, the Fair Trading Amendment Bill was introduced to Parliament. Among other changes, the Bill would introduce a statutory safe harbour defence intended to protect online service providers from civil liability when they act in good faith to disrupt suspected scam activity and meet the conditions set by the legislation. That matters because it would give platforms and other service providers greater legal confidence to act quickly, while making clear that the position remains at the Bill stage.

The policy direction remains clear. Both New Zealand and Australia treat scams as a cross-sector problem rather than a banking-only problem. Many scams begin on a platform, move through communications channels and reach the banking system only at the point of payment. New Zealand is widening responsibility across that chain through coordination, codes and targeted legislative change, rather than through a single dedicated scams statute.

What firms should be doing

For a New Zealand firm, the absence of a single statutory deadline is not a reason to wait. The relevant commitments and expected standards are now visible in the Code of Banking Practice and the Alliance's work. The operational baseline has already moved to account name checking. A firm should be measuring itself against what its peers are doing, not against a notional minimum.

In practice, that means honestly assessing the firm's controls across the prevent, detect, report, disrupt, and respond cycle: are suspicious payments genuinely being flagged and, where needed, delayed? Is there a real round-the-clock route for a customer to report a scam? Is information about criminal accounts actually being shared and acted on? It means treating the Code commitments as a floor rather than a ceiling, since the compensation position turns on whether those commitments were met. For firms operating on both sides of the Tasman, it also means designing controls that can withstand scrutiny in both jurisdictions, even where the legal architecture differs.

In New Zealand, accountability is being applied through transparency, peer standards, supervisory attention and a conditional compensation regime rather than through a single Act. The effect on firms is still real. A firm that treats scam prevention as discretionary because there is no single scam statute has misread the position.

Final thought

It is tempting to compare the New Zealand and Australian approaches and ask which instrument is better: the single statute or the coordinated framework of codes and operational change. For a firm deciding what to do, that debate is beside the point.

Both countries have reached the same broad conclusion: scam prevention is too important to leave to each firm's discretion, and responsibility must be shared across the chain through which scams travel. New Zealand has pursued that conclusion through coordination, codes and concrete operational change rather than through a dedicated scams statute. The method is different. The expectation placed on firms is not materially lighter. The practical question for any firm is whether it could show that, when a scam succeeds, it did what a responsible firm in its position should have done.