This page explains the process to become an approved credit reporting agency.
If you’re approved, we’ll provide you with details of tax debt owed by companies. You can include this information in the credit reports you prepare for your clients.
You’ll operate under an information sharing arrangement, which describes (among other things) how to use our information and how to keep it secure.
Before you apply
Before you apply, make sure you:
- understand your obligations under the Credit Reporting Privacy Code 2020, Clause 33 of Schedule 7 of the Tax Administration Act 1994 and the Privacy Act 2020
- have appropriate governance, risk, and assurance arrangements in place
- can demonstrate strong information security and privacy controls
- have a clear, lawful and proportionate purpose for using our information.
Credit Reporting Privacy Code 2020, Clause 33 of Schedule 7 of the Tax Administration Act 1994
We may ask for evidence of these as part of the approval process.
How to apply
To start the application process, contact us to discuss your proposal.
Email: [email protected]
You’ll need to provide:
- an overview of your organisation and services
- why you’re asking for Inland Revenue information
- the legal basis for your request
- details of how the information will be used, stored, and protected.
If your proposal meets our initial requirements, we’ll confirm the next steps.
Information sharing agreement
If we agree to proceed with your application, you’ll need to enter into a formal information sharing agreement with us.
This agreement sets out:
- what information can be shared and for what purpose
- how the information can be used and disclosed
- privacy, security, and audit requirements
- incident management and breach notification obligations
- reporting and assurance requirements.
You cannot receive our information until this agreement is signed by both of us.
Security and privacy assurance
You’ll need to complete security and privacy assurance activities before you go live with our information. Activities may include:
- security architecture and control assessments
- privacy impact assessments
- evidence of compliance with relevant standards
- independent assurance or certification, where required.
We’ll confirm what’s needed based on the type of the information being shared.
Technical onboarding
Once contractual and assurance requirements are met, we’ll work with you on technical onboarding.
This may include:
- establishing secure connectivity, for example: secure file transfer protocol (SFTP) or approved alternatives
- connectivity and data exchange testing
- file format and data validation testing
- operational readiness checks.
You must successfully complete testing before any live data is exchanged.
Go‑live
You can start using our information when:
- the information‑sharing agreement is signed
- security and privacy requirements are met
- technical testing is completed successfully
- operational contacts and support arrangements are confirmed
- we agree a go‑live date.
Ongoing obligations
As an approved credit reporting agency, you’ll need to:
- use our information only for the agreed purpose
- maintain security and privacy controls
- report incidents, breaches, or material changes
- participate in reviews or audits, if required
- keep your contact and organisational details up to date.
If you do not meet these requirements we may suspend or withdraw your access.
Get in touch
If you’re interested in becoming a credit reporting agency, email us to start the conversation.
Email: [email protected]
We’ll guide you through the process and explain what’s required at each stage.