The Minimum Open Banking Implementation Plan confirms the minimum requirements and timelines that five API Providers (ANZ, ASB, BNZ, Westpac and Kiwibank) must have standardised APIs technically and operationally ready for use by the centre’s Third Parties.
The banks included in this plan collectively represents coverage of more than 90% of all consumer accounts across Aotearoa’s banking market.
This page will be updated as we publish delivery milestone dates for new versions of the standards, as an API Provider becomes ready with the standards, and with any updates to implementation dates.
Minimum Open Banking Implementation Plan
Published 2 October 2024
Below you will find milestone delivery dates that apply to ANZ, ASB, BNZ, Kiwibank and Westpac for the delivery of:
- Payment Initiation – v2.1 and v2.3
- Account Information – v2.1 and v2.3.
These standards must be delivered with the corresponding v2.1 or v2.3 Security Profile.
Note: As v2.3 Standards include all functions introduced under v2.2, no separate implementation dates have been set for v2.2 Standards.
Payment Initiation implementation plan
| API Provider | Version 2.1 | Version 2.3 |
| ANZ | READY | 30 May, 2025 |
| ASB | READY | 30 May, 2025 |
| BNZ | READY | 30 May, 2025 |
| Kiwibank | 30 May, 2026 | 30 May, 2026 |
| Westpac | READY | 30 May, 2025 |
Account Information implementation plan
| API Providers | Version 2.1 | Version 2.3 |
| ANZ | 30 Nov, 2024 | 28 Nov, 2025 |
| ASB | 30 Nov, 2024 | 28 Nov, 2025 |
| BNZ | READY | 28 Nov, 2025 |
| Kiwibank | 30 Nov, 2026 | 30 Nov, 2026 |
| Westpac | 30 Nov, 2024 | 28 Nov, 2025 |
Minimum requirements for API Providers to meet
These minimum requirements highlight important areas of functional and non-functional delivery scope for API Providers to meet their obligations under the minimum open banking implementation plan.
|
Category |
Criteria |
|---|---|
| Channel types |
Customer consent management via the mobile app for the customer types and accounts listed below. Note: Complying with redirect authorisation flow (security profile v2.0 onwards) is unrelated to this channel requirement. API Providers are advised that implementation of redirect authorisation flow includes enabling redirect to a browser while on the same device. |
| Customer types |
Note: Not all account types for each customer must be available (see below in “Account types”). |
| Account types |
|
| API Performance | Target availability for both APIs: 99.5-99.9%* |
| Reporting | API Centre monthly metrics to be uploaded within 7 calendar days of the month end. |
| Partnering readiness |
1. An integration testing environment that enables pre-production testing of the latest available Standardised API version* 2. There is an operating model that ensures people are available and able to handle issues/bugs in both production and pre-production environments 3. The developer portal requirements have been met 4. There is a templated or reference bilateral agreement that the provider attests to being available for use. |
| Other non-functional | Service monitoring and alerts are in place to monitor service reliability* |
| Quality & completeness | Technical testing completed and release notes are available to the third party developer community. |
* Recommended minimum requirements are guidelines and will not be enforceable under this Implementation Plan.
Find out more
The API Centre has additional guides to help you develop your open banking-enabled innovations. On our website you can find out more about:
- Best practices for developing trust using our CX Guidelines.
- What to expect when your customers have multi-signatory accounts in the Equivalency Principle
- What the API Providers Performance and Monitoring Requirements
- The Published Standards on our Confluence page.