The New Zealand Anti-Scam Alliance has published its 2026 work programme, and among its forward actions is the development of a framework intended to guide the creation of sector-specific scam prevention codes.
The banking and telecommunications sectors already operate under voluntary codes; now, the framework is designed to extend that structure across other industries. The insurance sector is not named in the document, but the framework’s stated purpose – to inform and support the development of sector-specific codes – positions it as a mechanism through which formal scam prevention obligations could eventually reach insurers.
The programme was published on June 10, 2026, and covers both what the alliance has delivered since its formation in July 2025 and what it plans to do between June and December 2026. It comes as gross reported fraud losses to New Zealand banks reached $265 million in the 12 months to October 2025, according to MBIE, drawing on data from Payments NZ’s first Reported Fraud Monitor, which aggregated figures from 12 banks. Payments NZ applied a revised methodology for that report, so the figures are not directly comparable with those from prior years.
The breakdown of how those losses occurred carries direct relevance for insurance professionals. Of the $265 million total, approximately $126 million involved authorised payment scams – cases where individuals were manipulated into approving transactions themselves. The remaining $139 million came from unauthorised account access. By category, compromised credentials accounted for roughly $84 million, products and services scams for around $76 million, and relationship and trust scams for approximately $31 million. Those three categories together represented close to three-quarters of all reported losses.
Authorised payment scams, at $126 million, reflect the same fraud mechanism behind business email compromise and invoice fraud – scenarios in which a payer is deceived into sending funds to an account controlled by a scammer rather than a legitimate recipient. These are claim types the insurance sector already encounters. Compromised credentials losses, at $84 million, map onto account takeover, a risk that affects both policyholders and the internal systems and customer portals that insurers operate. The fraud typology data, in other words, is not incidental to the insurance industry; it tracks categories of loss that insurers price, investigate, and manage. “These figures show that scams are not only widespread but also increasingly deceptive. It’s critical that people stay alert and take steps to protect themselves and their finances,” said MBIE spokesperson Ian Caplin.
Beyond the code framework, two other items in the forward programme are of particular relevance to insurance professionals. The alliance plans to expand the banks’ Confirmation of Payee system, which currently allows customers to check that a payee’s name corresponds to the account details before a transaction is completed. Extending the system’s reach means more businesses will have access to that verification step. For insurers, the payment flows most exposed to authorised push payment fraud – claims settlement to policyholders, payments to third-party suppliers and repairers, and premium refunds – are precisely the transactions Confirmation of Payee is designed to protect. A broader rollout would give insurers a more widely available tool for verifying payees before funds are released.
The third item is the establishment of a New Zealand Police Economic Crime Team, which will focus on identifying and investigating prolific fraud and scam offenders. The $84 million in compromised credentials losses and the $126 million in authorised payment scams reported in the Payments NZ data represent the kinds of cases such a unit would handle. For insurers managing fraud referrals, a dedicated team provides a more defined channel for escalating cases than the current general policing structure, and may also raise the bar on the documentation and evidentiary standards insurers apply when preparing referrals for police.
The work programme also includes a range of actions outside those three threads. The government is progressing a safe harbour provision – a legal defence for online service providers that remove suspected scam content – alongside a Trusted Flagger framework that would let regulators and law enforcement supply verified scam intelligence to online platforms to improve the speed and accuracy of takedowns. The Department of Internal Affairs will extend its 7726 scam and spam reporting tool to Google Android devices. The National Cyber Security Centre (NCSC) will lead development of an online portal for reporting and responding to cyber incidents. The alliance will also conduct cross-sector data sharing research and continue intelligence exchange with international bodies, including the Global Anti-Scam Alliance. On voluntary codes, the banking sector will conduct a six-month review of its scam protection commitments under the Code of Banking Practice, and the Telecommunications Forum will seek public feedback on updates to its Scam Prevention Code.
The work programme records several outcomes from the alliance’s first 11 months. A cross-sector pilot running from October 1, 2025, to March 31, 2026, detected and blocked more than 23,000 malicious domains, intercepted 3.1 million access attempts, and, according to MBIE, prevented $23.8 million from reaching scammers. Nine retail banks deployed fraud intelligence technology to prevent stolen funds from being moved through accounts, a measure the New Zealand Banking Association said had already stopped losses of millions of dollars. Mobile network operators implemented SMS firewalls to block messages impersonating banks and other organisations – a delivery mechanism behind a significant share of the authorised payment and credential-compromise losses recorded in the Payments NZ data.
