Skip to main content

This page explains the process to become an approved credit reporting agency.

If you’re approved, we’ll provide you with details of tax debt owed by companies. You can include this information in the credit reports you prepare for your clients.

You’ll operate under an information sharing arrangement, which describes (among other things) how to use our information and how to keep it secure.

Before you apply

Before you apply, make sure you:

  • understand your obligations under the Credit Reporting Privacy Code 2020, Clause 33 of Schedule 7 of the Tax Administration Act 1994 and the Privacy Act 2020
  • have appropriate governance, risk, and assurance arrangements in place
  • can demonstrate strong information security and privacy controls
  • have a clear, lawful and proportionate purpose for using our information.

Credit Reporting Privacy Code 2020, Clause 33 of Schedule 7 of the Tax Administration Act 1994

Privacy Act 2020

We may ask for evidence of these as part of the approval process.

How to apply

To start the application process, contact us to discuss your proposal.

Email: [email protected]

You’ll need to provide:

  • an overview of your organisation and services
  • why you’re asking for Inland Revenue information
  • the legal basis for your request
  • details of how the information will be used, stored, and protected.

If your proposal meets our initial requirements, we’ll confirm the next steps.

Information sharing agreement

If we agree to proceed with your application, you’ll need to enter into a formal information sharing agreement with us.

This agreement sets out:

  • what information can be shared and for what purpose
  • how the information can be used and disclosed
  • privacy, security, and audit requirements
  • incident management and breach notification obligations
  • reporting and assurance requirements.

You cannot receive our information until this agreement is signed by both of us.

Security and privacy assurance

You’ll need to complete security and privacy assurance activities before you go live with our information. Activities may include:

  • security architecture and control assessments
  • privacy impact assessments
  • evidence of compliance with relevant standards
  • independent assurance or certification, where required.

We’ll confirm what’s needed based on the type of the information being shared.

Technical onboarding

Once contractual and assurance requirements are met, we’ll work with you on technical onboarding.

This may include:

  • establishing secure connectivity, for example: secure file transfer protocol (SFTP) or approved alternatives
  • connectivity and data exchange testing
  • file format and data validation testing
  • operational readiness checks.

You must successfully complete testing before any live data is exchanged.

Go‑live

You can start using our information when:

  • the information‑sharing agreement is signed
  • security and privacy requirements are met
  • technical testing is completed successfully
  • operational contacts and support arrangements are confirmed
  • we agree a go‑live date.

Ongoing obligations

As an approved credit reporting agency, you’ll need to:

  • use our information only for the agreed purpose
  • maintain security and privacy controls
  • report incidents, breaches, or material changes
  • participate in reviews or audits, if required
  • keep your contact and organisational details up to date.

If you do not meet these requirements we may suspend or withdraw your access.

Get in touch

If you’re interested in becoming a credit reporting agency, email us to start the conversation.

Email: [email protected]

We’ll guide you through the process and explain what’s required at each stage.

Last updated: 02 Jul 2026
Jump back to the top of the page