New Zealand's identity verification code of practice (IVCOP) is getting a significant upgrade. The Department of Internal Affairs (DIA) has released a discussion paper proposing updates to modernise and clarify how reporting entities verify identity under the AML/CFT regime.
Consultation is now open, with submissions due by 19 January 2026. This is an important opportunity for reporting entities to provide feedback on the practicality, operational impact and clarity of the proposed requirements.
This blog summarises the proposed changes to help you understand where things are heading and how these updates might influence your compliance programmes and verification practices.
Context and timeline
- Consultation period: open now to 19 January 2026
- Testing of final proposals: early 2026 with experts, industry representatives, supervisors and technology providers
- Expected publication of final IVCOP: April 2026
While no immediate changes are required, now is the time to analyse potential impacts, assess system readiness and make sure your verification technology and workflows can adapt once final requirements are issued in 2026.
1. Verification pathways (no change proposed)
The DIA proposes no change to the three existing pathways:
- Original identity documents
- Certified copies
- Electronic identity verification (EIV)
This maintains continuity for reporting entities.
2. Proposed changes to documentary identity verification
Overseas passports
The signature page of overseas passports would no longer be required. This simplifies document collection and reflects international variations in passport formats.
Kiwi Access Card
The Kiwi Access Card would be formally recognised as an acceptable secondary form of ID, providing additional flexibility for customers who rely on this document
Face-to-face verification
Where documentary verification is completed face-to-face, agents would need to:
- Meet the end user in person
- Confirm likeness
- Compare the identity document photos with the individual
This strengthens expectations around physical interaction and likeness checks.
3. Proposed changes to documentary certification
Certification remains a valid pathway but expectations would tighten.
Certification only when face-to-face is impossible
Certification should only be used when there is a genuine inability to meet face-to-face. Reporting entities would need to record why an in-person meeting could not occur.
Wet-ink certification
The wet-ink requirement would be retained. Electronic copies of certified documents would still be acceptable if they comply with section 226 of the Contract and Commercial Law Act 2017.
Clear and legible photo
Certified copies would need to include a clearly visible photograph to ensure the document is usable for verification purposes.
Strengthened certification wording
Certifiers would need to explicitly state that a document is "a true copy of the original", with an additional linking mechanism or assurance required to bind the certified copy to the individual, e.g. EIV-ing the name and date of birth on the document.
Certification validity extension
Certification validity would be extended to six months, giving customers more time before documents expire for verification purposes.
4. EIV (Electronic Identity Verification) changes
The proposals introduce more flexibility and recognise advancements in digital identity technology.
One government source for name verification
Where the name is verified using a New Zealand government agency source (e.g. DIA or NZTA), only one matching data source would be required. This reduces duplication and simplifies EIV processing.
NFC (biometric / e-) passport verification
The DIA notes emerging adoption of NFC chip-reading for passports globally. This technology can enhance accuracy and reduce reliance on certified documents, particularly for overseas customers.
Reporting entities should consider whether their current electronic identity verification providers can support NFC scanning, as this potentially allows foreign customers or customers with no New Zealand identity document to verify their identity using their smartphone rather than finding a certifier; streamlining the onboarding process.
5. DISTF accreditation
Digital Identity Services Trust Framework (DISTF) accredited providers would be recognised as capable of verifying to:
- Level 3 (remote)
- Level 2 (in person)
This formalises the role of accredited digital identity providers in the verification ecosystem.
Other provisions
6. High-risk customers
The IVCOP would also apply to high-risk customers, with no proposed change.
7. Persons acting on behalf (AOB)
Supervisors propose maintaining or reducing requirements for verifying AOB individuals.
The options under consideration include:
- Remaining with the current IVCOP requirements.
- Removing IVCOP requirements entirely for these individuals (allowing reporting entities to self-determine verification steps based on risk).
- Applying IVCOP only for high-risk customers.
- Introducing a tiered approach with different verification standards based on customer risk ratings.
Importantly, no additional obligations are proposed. The focus is on potential regulatory relief whilst maintaining satisfactory identification.
Preparing for the future. Steps to consider now
While these updates are not yet final, the proposed direction strongly signals an increased emphasis on more robust identity assurance, a clearer justification for using certification and an emphasis on more modern methods of electronic verification.
To prepare for the 2026 implementation, reporting entities should consider the readiness of their current verification processes, particularly around EIV.
Assessing whether current identity verifications workflows can adapt
Consider if your current identity verification process and provider provide the following:
- Flexible data-source matching logic and configurable verification thresholds
- Government-source integrations to verify name and date of birth
- Collection of additional data fields (e.g. reasons for using certification)
- Record keeping for face-to-face verification and certification requirements
- Capability to incorporate emerging technologies including NFC passport verification
- Integration with your onboarding workflow as requirements evolve
Conclusion
The IVCOP consultation marks an important step towards modernising identity verification in New Zealand. While the proposed changes keep the existing verification pathways intact, they introduce clearer, more contemporary expectations around certification, EIV and documentary verification.
Compliance teams should familiarise themselves with the proposals, consider how these might impact systems and processes in the future, and take the opportunity to submit feedback before 19 January 2026.
By preparing early and ensuring verification systems are flexible and future-proof, organisations can transition smoothly once the final IVCOP is released in April 2026.
Additional resources
- Discussion Paper: Updating the Identity Verification Code of Practice
- Fact Sheets explaining the proposals
- Fact Sheets explaining the consultation process
- Consultation response form
- Existing and new pathways to verify ID
- FAQ
- AML/CFT supervisors consult on updating the Identity Verification Code of Practice - MinterEllisonRuddWatts
About First AML
First AML comes from the perspective of both a technology provider, but also as compliance professionals. Prior to releasing, First AML’s all-in-one AML workflow platform, we processed over 2,000,000 AML cases ourselves. Understanding the acute problem that faces firms these days as they try to scale their own AML, is in our DNA.
That's why First AML now powers thousands of compliance experts around the globe to reduce the time and cost burden of complex and international entity KYC. Source stands out as a leading solution for organisations with complex or international onboarding needs. It provides streamlined collaboration and ensures uniformity in all AML practices.
Keen to find out more? Book a demo today!