TL;DR: New Zealand rolled out a national Confirmation of Payee scheme to cover more than 95% of consumer bank accounts in six months and twelve days, with banks connecting through a central trust framework, according to Raidiam. The result shows how shared identity and verification infrastructure can cut fraud risk, reduce friction, and support future API-based services.
NHIMG editorial — based on content published by Raidiam: How New Zealand Reimagined Confirmation of Payee
By the numbers:
- Ten banks went live initially, now thirteen, covering over 95% of consumer bank accounts.
- In other markets, CoP rollouts had taken years and cost individual banks over £100 million.
Questions worth separating out
Q: How should organisations design shared verification controls across multiple institutions?
A: They should define a common trust framework, standardise the verification API, and keep sensitive records under local ownership.
Q: Why do ecosystem trust models matter for IAM and identity governance?
A: They matter because they move verification from isolated systems into a shared governance layer.
Q: What do security teams get wrong about payment verification controls?
A: They often treat them as customer experience features rather than governance controls.
Practitioner guidance
- Map verification points to the decision moment Identify where your organisation still assumes trust before an action is taken.
- Separate trust governance from local data ownership Design shared verification services so the coordinating layer sets standards while each participant retains control of its own records and entitlements.
- Build reusable onboarding contracts Standardise the API, assurance, and exception-handling model for every participant so future services can reuse the same trust rails.
What's in the full article
Raidiam's full research covers the operational detail this post intentionally leaves for the source:
- How the central trust platform was structured for bank-to-bank verification and onboarding
- What the two-API connection model meant for integration effort inside participating banks
- How the GetVerified governance model was set up to support future data-sharing services
- Why the rollout path mattered for cost, scale, and extensibility across the ecosystem
👉 Read Raidiam's case study on New Zealand's confirmation of payee rollout →
Confirmation of payee at scale: what IAM teams can learn?
Explore further
Shared verification infrastructure is becoming a governance control, not just a payments feature. New Zealand’s model shows that when multiple banks rely on the same trust framework, the control point moves from individual institution logic to ecosystem coordination. That changes the security conversation from isolated account checks to shared assurance, shared standards, and shared accountability. Practitioners should read this as evidence that verification controls are increasingly architectural.
A few things that frame the scale:
- 88.5% of organisations acknowledge that their non-human IAM practices lag behind or are merely on par with their human identity and access management efforts, according to 2024 Non-Human Identity Security Report.
- 23.5% of security professionals are unsure about the biggest threat to their non-human identities, which shows how often governance gaps start with poor threat clarity.
A question worth separating out:
Q: How do you know if a trust framework is actually working?
A: You should look for consistent onboarding, low-friction participant integration, and clear decision outcomes at the point of action. If banks or partners still need bespoke logic for each connection, the trust model is not really reusable and the governance burden has merely shifted elsewhere.
👉 Read our full editorial: New Zealand’s confirmation of payee model shows trust at scale