About the application form
We will send you the application form after your introductory meeting. The form is an interactive PDF that asks for:
- business details
- information on your anti-money laundering practices and financial crime controls
- operational information, including your operational risk management framework and/or policies and procedures, incident management procedures and a Business Continuity Plan (BCP) or Disaster Recovery Plan (DRP)
- information on any notifiable cyber security incidents or events.
Supporting information
You’ll need to submit the following with your completed application form.
RBNZ cyber capability survey
Download the survey template (XLSX, 153 KB)
While this survey references regulated entities, we use it to assess the cyber capabilities of both regulated and unregulated entities in relation to using ESAS and it must be completed as part of your application process.
See our guidance on cyber resilience (PDF, 650 KB)
Swift Customer Security Programme (CSP) annual attestation
If it’s relevant to your situation, you may be asked to submit a copy of your Swift Customer Security Programme (CSP) annual attestation, a security attestation required of all Swift users showing compliance levels with Swift controls.
Prerequisites
Prerequisites such as participation in a clearing system operated by Payments NZ or Swift connectivity (if you’re not already a Swift member) may apply, depending on your current situation and how you intend to use ESAS.
We will discuss this with you during your introductory meeting, to help you work out what you need and next steps.