Algorithmic Accountability

AI Model Governance for New Zealand Organisations

New Zealand has no prescribed model governance framework. The FMA and RBNZ expect sound model risk management, but the standards are yours to define. That gap is not freedom -- it is exposure.

We build model governance programmes for New Zealand banks, insurers, and financial services firms that satisfy regulatory expectations before those expectations become enforcement actions.

See Our Approach
Model governance dashboard showing validation status and drift monitoring

The Absence of Rules Is Not the Absence of Risk

New Zealand does not have a mandated model risk management standard equivalent to the US SR 11-7 or the EU AI Act model provisions. That means every organisation is writing its own rules -- and the FMA is watching to see who gets it wrong first.

No Prescribed Standards

The FMA expects financial services firms to manage model risk proportionately. But it has not published a model governance framework. Neither has the RBNZ. ANZ NZ, BNZ, Westpac NZ, ASB, and Kiwibank all deploy models across credit, pricing, and risk -- each with different governance maturity. Without a common standard, boards cannot benchmark their exposure.

Population Bias Exposure

Credit scoring, insurance pricing, and lending models trained on historical data carry embedded biases against Maori and Pacific populations. Under the CoFI Act, fair conduct obligations extend to algorithmic decisions. Under Te Tiriti o Waitangi, outcome equity is not optional. Most organisations have not tested their models for disparate impact across these populations.

Converging Legal Obligations

Model inputs and outputs must comply with the Privacy Act 2020's 13 Information Privacy Principles. Model-driven decisions must not mislead under the Fair Trading Act. The CoFI Act requires fair conduct in all customer dealings, including automated ones. Three separate statutes, one model, zero coordinated compliance in most organisations.

How We Build Model Governance for the NZ Market

A four-phase approach designed for a regulatory environment where the framework is yours to define, but the consequences of getting it wrong are not

01

Model Landscape Audit

We identify every model in your organisation -- credit decisioning, premium setting, fraud detection, algorithmic trading, customer segmentation. We classify each by risk tier, map data lineage, and assess documentation completeness. Most NZ firms discover 30-50% more models than they thought they had.

02

Framework Design

We construct your model risk management framework from first principles, drawing on international standards (SR 11-7, SS1/23) adapted for New Zealand's regulatory context. The framework addresses FMA conduct expectations, RBNZ prudential requirements, Privacy Act data handling, and CoFI fair conduct obligations in a single coherent governance structure.

03

Validation and Bias Testing

Independent validation of high-risk and material models, with specific bias detection across NZ demographic groups. We test for disparate impact on Maori, Pacific, and other populations using both statistical parity measures and outcome-based fairness metrics. Validation reports are structured for board consumption and regulatory inquiry.

04

Monitoring and Escalation

We design ongoing monitoring infrastructure that tracks model performance, data drift, and fairness metrics in production. Escalation protocols route material findings to appropriate governance forums. Revalidation triggers are defined so models are reassessed before failures compound.

What You Receive

Concrete deliverables, not advisory slide decks. Every engagement produces artefacts your governance team can implement, your board can review, and your regulators can examine.

FMA-Aligned Model Risk Framework

A complete model risk management policy and procedures suite designed for the New Zealand regulatory environment, structured to demonstrate sound governance to the FMA and RBNZ.

  • Model risk appetite statement
  • Three-tier risk classification scheme
  • Development-to-retirement lifecycle procedures
  • Governance committee terms of reference

Bias Detection for NZ Populations

Structured bias testing tailored to New Zealand's demographic context, with specific analysis of model outcomes across Maori, Pacific, Asian, and other population groups.

  • Disparate impact analysis by ethnicity
  • Training data representativeness assessment
  • Proxy variable identification and mitigation
  • Te Tiriti outcome equity reporting

Privacy Act Model Compliance

Assessment of model data flows against the Privacy Act 2020's 13 Information Privacy Principles, ensuring model inputs, processing, and outputs meet statutory requirements.

  • Data collection purpose alignment (IPP 1-4)
  • Storage and security assessment (IPP 5)
  • Access and correction rights mapping (IPP 6-7)
  • Cross-border data transfer review (IPP 12)

Independent Model Validation Reports

Per-model validation documenting conceptual soundness, data quality, performance benchmarking, and fairness testing. Structured for board reporting and regulatory examination.

  • Methodology and assumption review
  • Out-of-sample and out-of-time testing
  • Sensitivity and stress testing results
  • Findings, conditions, and remediation plan

Production Monitoring Design

Monitoring specifications for models in production, covering performance degradation, input drift, and ongoing fairness tracking across NZ populations.

  • Population stability index tracking
  • Characteristic stability monitoring
  • Fairness metric dashboards by ethnicity
  • Escalation triggers and revalidation rules

NZ Financial Services Model Coverage

Deep domain expertise across model types used by New Zealand banks, insurers, fund managers, and non-bank deposit takers.

  • Credit decisioning and scoring models
  • Insurance premium-setting algorithms
  • Algorithmic trading and execution models
  • Anti-money laundering detection models

Built for the NZ financial services landscape

Built for a Market Without a Rulebook

NZ Regulatory Fluency

We understand how the FMA, RBNZ, and OPC operate in practice -- their supervisory styles, their enforcement patterns, and where model risk sits on their priority lists. Our frameworks are designed for the New Zealand regulatory environment specifically, not adapted from offshore templates.

Treaty-Informed Bias Analysis

Model fairness in Aotearoa New Zealand requires analysis that goes beyond generic protected-class testing. We assess training data representativeness for Maori and Pacific populations, identify proxy variables that encode historical disadvantage, and measure outcome equity in ways that are meaningful under Te Tiriti obligations.

Cross-Statute Integration

Models in NZ financial services sit at the intersection of the Privacy Act 2020, the Fair Trading Act, the CoFI Act, and FMA/RBNZ prudential expectations. We build governance frameworks that address all four obligations in a single structure, eliminating the compliance gaps that emerge when each statute is addressed in isolation.

Technical Depth, Not Consulting Theatre

Our validators have hands-on experience building credit models, pricing algorithms, and trading systems. We assess model risk by examining code, data pipelines, and statistical methodology -- not by reviewing PowerPoint documentation at arm's length.

Model Governance in the New Zealand Context

Is model governance legally required in New Zealand?

There is no single statute that mandates a model governance framework. However, the obligation arises from multiple sources. The FMA expects licensed financial services providers to manage operational risks, which includes model risk. The RBNZ expects registered banks to demonstrate sound risk management practices. The Privacy Act 2020 requires that personal information used in automated decisions is handled lawfully. The CoFI Act requires fair conduct, which extends to algorithmic decision-making. The legal requirement is not "have a model governance framework" -- it is "manage the risks your models create." The practical consequence is the same.

How do we test for bias against Maori and Pacific populations?

We apply multiple fairness metrics: demographic parity (equal approval rates), equalised odds (equal true positive and false positive rates), and predictive parity (equal precision) across population groups. Beyond statistical tests, we examine training data for historical representation gaps, identify proxy variables (such as geographic postcode or employment type) that may encode ethnicity, and assess whether model outputs produce materially different outcomes for Maori and Pacific applicants compared to the general population. Where disparities are identified, we recommend specific mitigations ranging from feature exclusion to model recalibration.

What does the Privacy Act 2020 require for models that process personal information?

Models that use personal information as inputs must comply with all 13 Information Privacy Principles. Key requirements: information must be collected for a lawful purpose and that purpose must cover model use (IPP 1-4). Individuals have the right to know their information is being used in a model and to request correction (IPP 6-7). Information must not be kept longer than necessary (IPP 9). Disclosure to third parties, including offshore model vendors or cloud providers, must comply with IPP 11-12. The Privacy Commissioner has indicated that automated decision-making using personal data is an area of increasing focus.

How does the CoFI Act affect our models?

The Financial Markets (Conduct of Institutions) Amendment Act 2022 (CoFI Act) requires financial institutions to treat consumers fairly. Fair conduct obligations apply to all aspects of the consumer relationship, including decisions made by automated systems. If a credit model systematically produces worse outcomes for a demographic group, or an insurance pricing model uses factors that operate as proxies for protected characteristics, this may constitute a breach of fair conduct obligations. Our model governance frameworks include CoFI compliance assessment as a standard component.

Our parent bank has an offshore model governance framework. Can we adopt it?

Many NZ banks operate frameworks inherited from Australian or global parents. These frameworks often address regulatory requirements that do not exist in New Zealand (and miss ones that do). A parent framework designed around offshore prudential standards will not address Privacy Act 2020 obligations, CoFI fair conduct requirements, or bias risks specific to NZ populations. We recommend a gap analysis of your parent framework against NZ-specific requirements, followed by targeted adaptation rather than wholesale adoption.

Start Your AI Model Governance Programme

Organisations that build robust model governance now will define industry practice. Those that wait will be measured against standards they had no hand in shaping.

Initial engagement includes model landscape audit, regulatory gap assessment, and bias risk scoping for NZ populations