Your browser is not supported

Our website does not support the browser you are using. For a better browsing experience update to a compatible browser like the latest browsers from Chrome, Firefox and Safari.

Data and information governance

Find out how our data and information governance approach underpins our ability to responsibly deliver on our mandates.

How we use data and information

Every part of our organisation supports us to fulfil our role as kaitiaki (guardian) of Aotearoa New Zealand’s economy and financial system. How we look after our data and information holdings, plays a crucial part in ensuring we operate ethically and in compliance with relevant legislation (including the Privacy Act 2020 and the Public Records Act 2005) whilst delivering on our mandate.

Te Pūtea Matua has statutory functions under the:

  • Reserve Bank of New Zealand Act 2021
  • Banking (Prudential Supervision) Act 1989
  • Insurance (Prudential Supervision) Act 2010
  • Non-bank Deposit Takers Act 2013
  • Financial Market Infrastructures Act 2021
  • Anti money Laundering and Countering Financing of Terrorism Act 2009
  • Deposit Takers Act 2023.

We have specific powers under legislation to collect information from entities such as banks, insurers non-bank deposit takers, cash-in-transit firms and ATM providers. In relation to these statutory functions, we collect information and data, act as custodian of data, and create public records related to our prudential supervision, central banking and financial system oversight functions.

What is data and information governance and why do we care?

Data and Information governance is the range of steps we intentionally take to ensure our data and information is high-quality, trusted, discoverable and compliant. It is the act of exercising authority and control over data and information to attain the standards we’ve set.

Te Pūtea Matua is committed to good data and information management practices, including Māori data governance considerations. Sound practices around data and information ensures our regulatory and quality requirements are met in relation to information and knowledge (taonga tuku iho) that we’re entrusted with. Our data and information practices are informed by the following principles:

  • Kaitiakitanga - we are trusted custodians and guardians of data and information 
  • Manaakitanga - we gather and use data appropriately and ethically
  • Tatau - we enable data and insight led decision making that is appropriate and protected

Clear rules and roles around our use and management of data and information, means we can achieve the right outcomes for Aotearoa New Zealand, in a safe and timely manner.

The Data and Information Governance Office

At Te Pūtea Matua, safe data and information use is everyone’s responsibility. Our Data and Information Governance Office enables our people by fostering a culture of responsible, ethical data and information use across RBNZ.


Our Data and Information Governance Office supports our vision, enabling appropriate data use in practice, supporting us to:

Chart with arrow icon

Maximise the value of our data and information assets

doc with arrows icon

Manage data and information assets proactively through their lifecycle

Person with a cog icon

Minimise risk and maximise efficiencies

Data and Information Value Chain

It’s useful to think about governance in terms of how it supports data and information along its lifecycle – underpinning how we collect, store and analyse, share, measure and improve our data and information.


Our Data and Information Value Chain outlines how data and information enables our business and supports us in making sure it is governed properly – by which we mean understood, well managed and secure from beginning to end.

Infographic showing the RBNZ Data and Information Value Chain.
1. Design and collect
  • We identify the data and information we need to support our mandate
  • We collaborate to identify our stakeholders and their requirements
  • We issue statutory notices to entities such as banks, insurers non-bank deposit takers, cash-in-transit firms and ATM providers that allow us to collect certain data and information under our legislation 
  • We design and build our data in a way that is fair, secure, private and meets Māori data considerations
  • We collect data securely using approved transfer tools and processes
  • We catalogue our data, so it maintains the correct ownership, quality and is easy to find
2. Store and analyse
  • We store data in a way that meets security and privacy policy and legislation
  • We assure the quality of our data or information based on requirements
  • We prepare our data and information sets so they’re ready for publication or use
  • We analyse data to create insights ready for publication and release
3. Share and publish
  • We share data and information with approved people, businesses or agencies. We may apply restrictions (e.g. embargoes) if needed. We may be required to disclose information under the Official Information Act 1982. 
  • We publish some data or information with few or no restrictions (for example open data on our website)*
  • We enable discovery of data and insights using our catalogue to support efficiency and consistency.
4. Take action
  • We connect people with the data and insights they need to achieve their business outcomes
  • We use data or insights to support broader decision making aligned to our objectives
  • We act on data or insights to deliver on our mandate with the best possible information
5. Evaluate and improve
  • We promote data and information use to enhance our ability to deliver greater outcomes
  • We evaluate our data and information use and track links to decisions and outcomes
  • We improve our data and information use through initiatives, by testing and learning and challenging ourselves
6. Long-term handling
  • We responsibly re-use data and information where possible to get the greatest value
  • We retain data and information in a way that is consistent with the Public Records Act 2005 and the Privacy Act 2020 
  • We regularly review our data and information holdings to establish if we are required to keep it
  • We securely dispose of our data or information when it’s no longer needed (in line with our obligations under the Public Records Act 2005 and the Privacy Act 2020).

* As described, we may collect and publish information in line with our statutory functions, but there’s a great deal of information and data we collect and don't publish except for in specific circumstances as defined within each Act. For example, we collect Prudential information under the Banking (Prudential Supervision) Act 1989 but only publish under specific circumstances outlined in s 105.