In a landmark decision, the New Zealand government and banking sector have adopted the **Contingent Reimbursement Model (CRM) Code** for 2026. This emergency measure aims to combat the rising tide of “Authorized Push Payment” (APP) fraud. Previously, victims were often left out of pocket if they “authorized” the transfer. As of today, the liability shifts significantly: banks must now refund victims within 7 days unless gross negligence is proven. This guide outlines how to claim your refund under the new rules.
- ๐The New Rules: Refund Eligibility (2026 Code)
- ๐ต๏ธCovered Scams: What Qualifies? (Categories)
- ๐จHow to Claim a Refund: Emergency Protocol
- โ ๏ธCritical Warning: The “Gross Negligence” Trap
- ๐งฎRefund Probability Calculator (Beta)
- ๐Key Takeaways & Quick Summary
- โFrequently Asked Questions About Scam Refunds
๐The New Rules: Refund Eligibility (2026 Code)
The “Game Changer” in this legislation is the shift of onus. The bank must prove you were negligent; you don’t have to prove you weren’t. However, there are three distinct tiers of outcomes.
Users read this also recommend essential next step.
WorkCover Australia 2026: Weekly Payment Rates & Claim Process (Calculator)
Tier 1: Mandatory Full Refund
You are entitled to a 100% refund of the lost funds (up to the $100k cap) if:
- Impersonation: The scammer impersonated a trusted entity (Police, Bank, Spark, IRD).
- Vulnerable Customer: You are identified as vulnerable (due to age, health, or distress) at the time of the scam.
- Warning Failure: The bank failed to provide an “Effective Warning” before you made the payment (e.g., no pop-up alert matching the payee name).
Tier 2: The “50/50” Split
In some cases, the responsibility is shared. This typically happens when:
- Partial Negligence: You ignored a specific warning from the bank but were manipulated socially.
- Both Parties at Fault: The bank had adequate systems, but the scam was sophisticated enough to bypass reasonable checks.
- The Banking Ombudsman often recommends a 50% split in these “grey area” cases.
Tier 3: Claim Denied
The bank can refuse reimbursement if they can prove **Gross Negligence**. This includes:
- Ignoring Explicit Warnings: You proceeded despite a clear, specific “STOP” warning on your banking app.
- Lying to the Bank: You told the bank teller the money was for a “holiday” when instructed by the scammer to lie.
- First-Party Fraud: If you are involved in the scam yourself (money muling).
๐ต๏ธCovered Scams: What Qualifies? (Categories)
The 2026 CRM Code specifically targets “Authorized Push Payment” (APP) fraud. Check if your situation falls under these protected categories.
Investment Scams
Fake term deposits or crypto schemes. New 2026 Rule: Banks must check if the destination account matches a known investment entity. If they didn’t, they pay.
Romance Scams
Long-term manipulation where you send money to a “partner”. Covered under the vulnerability clause if the bank noticed unusual spending patterns but stayed silent.
Invoice Redirection
Hackers intercept emails from builders/lawyers and change the bank details. Now covered, as “Confirmation of Payee” (CoP) systems should have flagged the name mismatch.
Hidden Protections & Pro Tips
The new bill includes subtle clauses that can save your claim. ๐ Click the floating icons to reveal.
Call Recording
Banks record calls. If you asked “Is this safe?” and the staff member said “Yes” without checking, the bank is 100% liable.
The 13-Month Rule
You can claim refunds for transactions dating back 13 months if you only just discovered the scam today.
Stop The Chain
If the receiving bank (the scammer’s bank) failed to freeze the mule account quickly, they may be liable to reimburse the sending bank (and you).
๐จHow to Claim a Refund: Emergency Protocol
Speed is everything. The new code requires victims to act swiftly to mitigate loss. Follow this 4-step execution plan immediately.
Step 1: Call Bank Now
The ‘Fraud’ Team
Call your bank’s 0800 number. Say the word **”FRAUD”** to the automated system to bypass the queue. Ask them to activate the “Fraud Payment Recall” immediately.
Step 2: File Police 105
Reference Number
File a report online at **105.police.govt.nz**. You need the “Police Acknowledgement Number” to submit a formal reimbursement claim to the bank.
Step 3: Written Claim
Cite the Code
Email your bank’s complaint department. Subject: “Formal Complaint – CRM Code 2026 Reimbursement Claim”. Attach your Police report number.
Step 4: Ombudsman
Deadlock
If the bank declines or doesn’t resolve it in 20 days, escalate to the **Banking Ombudsman**. It is free and binding on the bank.
โ ๏ธCritical Warning: The “Gross Negligence” Trap
Banks are pushing back on claims where they believe the customer was reckless. Avoid these specific actions to protect your right to a refund.
โ Don’t Lie to the Teller
Scammers often tell you to say “It’s for a renovation” when withdrawing cash or moving money. **If you lie to the bank staff**, you waive your right to protection. The bank will argue they tried to intervene, but you misled them.
Screen Sharing Apps: Never download AnyDesk or TeamViewer at the request of a “caller”. Doing so is often classified as gross negligence.
๐งฎRefund Probability Calculator (Beta)
Estimate your potential refund based on the **2026 Liability Split**. This tool considers the “negligence factor”.
*Note: Capped at $100k for standard claims. “Gross Negligence” results in $0.
๐Key Takeaways & Quick Summary
The 2026 CRM Code is a massive win for consumers, but it requires you to be proactive. Here is the bottom line.
2026 Refund Rules Summary
- Reimbursement is Standard: Banks must now refund APP fraud victims unless they prove you were grossly negligent.
- The Cap: The maximum mandatory reimbursement is generally **$100,000** per claim.
- Don’t Lie: Misleading the bank during the transaction is the fastest way to lose your refund rights.
Essential Related Reading
Wait! Before checking the FAQs, don't miss this exclusive guide related to your interest:
July 2026 Division 296 Tax: Protect Your Life Insurance & Estate From the $3M Super Trap (Verified Calculator)
โFrequently Asked Questions About Scam Refunds
Questions about the specific application of the new CRM code in New Zealand.
No, this code is specifically for **Authorized Push Payments** (bank transfers). Credit card fraud is already covered under the “Chargeback” rules, which have different (and often stronger) protections.
CoP is the new system rolled out in NZ banks (2025/2026) that checks if the account name matches the account number. If the bank failed to warn you of a mismatch, they are liable for the loss.
The new mandatory reimbursement rules generally apply to scams occurring **after** the code came into force. However, older cases can still be taken to the Ombudsman under “fair and reasonable” principles, just without the automatic presumption of liability.
Under the new code, banks aim to reimburse valid claims within **5 business days**. Complex cases involving multi-bank investigations can take up to 35 business days.
You are still covered. The “Authorized” in Authorized Push Payment fraud means you technically approved it, but under deception. The code protects you unless you ignored specific “scam warnings” presented during that approval.