Confirmation of payee at scale: what IAM teams can learn

TL;DR: New Zealand rolled out a national Confirmation of Payee scheme to cover more than 95% of consumer bank accounts in six months and twelve days, with banks connecting through a central trust framework, according to Raidiam. The result shows how shared identity and verification infrastructure can cut fraud risk, reduce friction, and support future API-based services.

NHIMG editorial — based on content published by Raidiam: How New Zealand Reimagined Confirmation of Payee

By the numbers:

• Ten banks went live initially, now thirteen, covering over 95% of consumer bank accounts.
• In other markets, CoP rollouts had taken years and cost individual banks over £100 million.

Questions worth separating out

Q: How should organisations design shared verification controls across multiple institutions?

A: They should define a common trust framework, standardise the verification API, and keep sensitive records under local ownership.

Q: Why do ecosystem trust models matter for IAM and identity governance?

A: They matter because they move verification from isolated systems into a shared governance layer.

Q: What do security teams get wrong about payment verification controls?

A: They often treat them as customer experience features rather than governance controls.

Practitioner guidance

• Map verification points to the decision moment Identify where your organisation still assumes trust before an action is taken.
• Separate trust governance from local data ownership Design shared verification services so the coordinating layer sets standards while each participant retains control of its own records and entitlements.
• Build reusable onboarding contracts Standardise the API, assurance, and exception-handling model for every participant so future services can reuse the same trust rails.

What's in the full article

Raidiam's full research covers the operational detail this post intentionally leaves for the source:

• How the central trust platform was structured for bank-to-bank verification and onboarding
• What the two-API connection model meant for integration effort inside participating banks
• How the GetVerified governance model was set up to support future data-sharing services
• Why the rollout path mattered for cost, scale, and extensibility across the ecosystem

👉 Read Raidiam's case study on New Zealand's confirmation of payee rollout →

Confirmation of payee at scale: what IAM teams can learn?

Explore further

View Full Forum →  |  NHI Foundation Course →