Client Portals for Accountants and Financial Advisors in New Zealand: What to Look For

If you're an accountant or financial advisor in New Zealand, you handle more sensitive personal information every day than most businesses handle in a year. Tax returns. Financial statements. Investment portfolios. Income details. KiwiSaver balances. Business ownership records. This is exactly the kind of data that the Privacy Act 2020 was written to protect — and a significant amount of it is still being shared over standard email.

This isn't just a technology problem. It's a compliance problem, a client experience problem, and an operational efficiency problem all at once. A well-built client portal addresses all three. But what makes a portal right for a NZ accounting or financial advisory practice is different from what a generic business needs — the compliance requirements are specific, the workflows are specialised, and the stakes for getting it wrong are real.

This article covers what to look for in a client portal if you're in this space, what the NZ regulatory environment actually requires, and where off-the-shelf tools fall short.

The Privacy Act 2020 and Your Client Documents

The Privacy Act 2020 replaced the 1993 Act with significantly stronger requirements and, for the first time, mandatory breach notification. Under the Act, you are an "agency" holding personal information, and you have specific obligations around how that information is stored, accessed, and shared.

Privacy Principle 5 requires you to protect personal information against loss, misuse, or unauthorised access with "reasonable security safeguards". The key word is "reasonable" — it's assessed against the nature of the information and the risks involved.

For accountants and financial advisors, the information you hold is highly sensitive. A tax return contains IRD number, income from all sources, property ownership, KiwiSaver details, and often family financial information. An investment portfolio review contains full asset detail, transaction history, and current balances. Emailing this as a standard attachment — unencrypted, copyable, forwardable — is increasingly difficult to defend as "reasonable" when secure alternatives exist.

A portal changes this completely. Documents are stored with proper encryption, access is controlled and logged, and clients authenticate before they can view anything. If the Office of the Privacy Commissioner ever reviewed your document sharing practices, a secure portal is a demonstrably better answer than "we emailed a PDF".

Under the 2020 Act, you're also required to notify the Privacy Commissioner and affected individuals if a privacy breach is likely to cause serious harm. A breach involving emailed financial documents — forwarded to the wrong person, accessed via a compromised email account, or left visible in a hacked inbox — is exactly this scenario. It's a conversation nobody wants to have.

IRD Compliance Considerations

While the IRD doesn't mandate specific technology for how you share documents with clients, the compliance environment around tax advice and client records creates its own requirements.

Record-keeping. Accountants need to retain client records — working papers, filed returns, correspondence — for a minimum of seven years in most cases. A portal that archives client documents with version history and timestamp logging creates a better record than an email chain. You can demonstrate exactly what was filed, when, and what information it was based on.

Authority to act. Acting on a client's tax affairs without proper authority is a serious compliance issue. Engagement letters and authority forms that are signed via e-signature in the portal — with a timestamped record of who signed, when, and from what device — create a cleaner audit trail than a scanned PDF returned by email.

AML/CFT obligations. If you're subject to the Anti-Money Laundering and Countering Financing of Terrorism Act (and many accountants are, particularly those providing specified services), your client due diligence documentation needs to be collected and stored systematically. A portal with structured document collection — uploading ID, proof of address, and entity documents to a secure checklist — is far easier to audit and demonstrate than an email folder somewhere.

FMA Requirements for Financial Advisors

Financial advisors operating under a Financial Advice Provider (FAP) licence have specific record-keeping and disclosure requirements under the Financial Markets Conduct Act and the FMA's licensing conditions.

Disclosure obligations. Before providing advice, you're required to give clients a disclosure document (your FAP licence details, nature of advice, fees, conflicts of interest). This needs to be provided, acknowledged, and retained. A portal can present the disclosure document at onboarding, require the client to acknowledge it, and log that acknowledgement with a timestamp. This is cleaner than "I emailed it to them".

Advice records. You're required to keep a record of advice given — including the basis for the advice, the client's circumstances at the time, and the recommended course of action. A Statement of Advice (SOA) or similar document stored in the portal, with a record of when it was presented to the client and when they acknowledged receipt, is strong evidence of compliance.

Complaint handling. The FMA requires licensed advisors to have a complaints process and to keep records of complaints and how they were resolved. A portal messaging system creates a timestamped record of all client communication — which is invaluable if a complaint arises, because you can demonstrate exactly what was said and when.

Ongoing suitability monitoring. If you're managing ongoing advice relationships, particularly for investment clients, you need to periodically review whether your advice remains suitable. A portal can prompt and record annual review activity — scheduling reviews, sending pre-review questionnaires, storing the completed review — creating a documented trail of your ongoing duty of care.

Xero Integration: What It Looks Like in Practice

Most NZ accountants use Xero — either as their own practice management tool, their clients' accounting software, or both. A client portal that integrates with Xero can surface relevant financial information directly in the client's portal view.

Invoice visibility. Clients can see outstanding invoices, due dates, and payment history without calling or emailing. For accounting practices, this eliminates a significant volume of routine billing enquiries. No more "did you send an invoice?" emails, because the client can just check.

Filing status. If you use Xero Practice Manager or a similar tool, the portal can pull job status information and show clients where their tax return, annual accounts, or GST return is in the preparation process. "In progress", "Waiting on information from you", "Ready for your review", "Filed" — simple stages that eliminate the "just checking if my return has been done yet" phone call.

Client-side Xero data. For clients who use Xero for their own accounting, a portal can — with appropriate consent and API access — show summary financial information: current bank balance, recent transactions, outstanding payables and receivables. This is particularly useful for advisory clients who want a regular dashboard view without logging into Xero themselves.

The depth of Xero integration depends on what your clients actually want to see and what adds value to the relationship. Not every client wants a financial dashboard — some just want their documents and their invoice status. Start with what's most useful, not with everything that's technically possible.

E-Signature for Engagement Letters and Authority Forms

If there's one feature that accounting and advisory practices get immediate, measurable value from, it's e-signature built into the portal.

The current workflow in most practices looks like this: draft the engagement letter, email it as a PDF attachment, wait for the client to download it, print it, sign it, scan it, email it back. Or, more commonly: wait for the client to download it, see that they haven't done anything after a week, follow up, wait again. Average time from sending to receiving a signed engagement letter is often two to three weeks.

E-signature in the portal changes this to: draft the letter, upload it to the portal, notify the client. They log in, read it, click "Sign", type their name. Done. The signed copy is immediately stored in their document area. Average time to signature: one to two business days for an engaged client.

The signed document includes a timestamp, the signer's name, and an IP address record — creating a legally acceptable electronic signature under the Contract and Commercial Law Act 2017, which recognises electronic signatures as valid for most purposes. For AML/CFT purposes, it's also worth noting that electronic identity verification is increasingly accepted — a portal that connects to an identity verification service (like IDentity or similar) can handle remote KYC without the client needing to come in person or send certified copies.

Off-the-Shelf Tools vs Custom Portals

It's worth being honest about this: there are good off-the-shelf tools designed for NZ accountants and financial advisors, and for many practices they're the right answer.

Ignition handles engagement letters, e-signature, and proposal management well. If that's your primary pain point and your workflow fits their model, it's an excellent tool.

FYI is built for accountants specifically, with document management, Xero Practice Manager integration, and client communication features. For practices already deep in the Xero ecosystem, it's a natural fit.

Karbon is strong on practice management and workflow, with client-facing features including client requests and document collection.

So when does a custom portal make more sense than these tools? In my experience, it comes down to four situations:

Your workflow doesn't fit the off-the-shelf model. These tools are built around the most common accounting and advisory workflows. If yours diverges significantly — unusual engagement structures, non-standard service types, complex compliance requirements — you end up bending your process to fit the tool rather than the tool fitting your process.

Data residency matters to you. Most of these tools store data on overseas servers (US or Australia). For practices with specific data sovereignty requirements, or clients who explicitly ask where their data is stored, a custom portal hosted in New Zealand or Australia with clear data governance is more defensible.

You want a branded, seamless experience. Off-the-shelf portals present under the vendor's brand or a subdomain. A custom portal lives on your own domain, looks exactly like your website, and feels like a natural extension of your practice — not a third-party tool your clients have to sign up to.

You need integrations the off-the-shelf tool doesn't support. Xero is well-supported across all these platforms. But if you also need to pull data from a bespoke CRM, a specialist fund administration system, or an insurance platform, custom integration is often the only answer.

What a Well-Built Portal for an NZ Practice Includes

Bringing it together — here's what I'd include in a client portal for an NZ accounting or financial advisory practice:

Secure document vault per client. All documents — filed returns, reports, correspondence, signed agreements — stored securely, versioned, and accessible to the client 24/7. Access logged, with notifications when new documents are available.

Onboarding checklist. New client engagement process — collect ID, collect authority forms, complete engagement letter — driven by a structured checklist that both client and practice can track to completion.

E-signature. For engagement letters, authority forms, financial plan sign-offs, SOA acknowledgements, and any other document requiring a signature.

Job/project status tracking. Clients can see where their tax return, annual accounts, or financial plan is in the preparation process without calling to ask.

Xero invoice integration. Outstanding invoices, payment history, and direct debit status visible in the portal.

Secure messaging. A communication thread per client that keeps all correspondence in one place and creates an immutable record.

Disclosure document acknowledgement. For financial advisors, a structured disclosure process with logged acknowledgement.

Annual review scheduling. Automated prompts for periodic review meetings, with pre-meeting questionnaires and post-meeting document delivery built in.

The Case for Acting Now

Privacy obligations are tightening. The FMA is increasing its scrutiny of financial advisor practices. Clients are becoming more aware of data security. And the competitive pressure from larger firms with polished digital client experiences is real.

A secure, well-built client portal isn't just an efficiency tool — for NZ accountants and financial advisors, it's increasingly part of what it means to run a professional practice. The practices that invest in this now will look noticeably more professional than those still emailing PDFs in three years' time.

If you'd like to explore what a portal built specifically for your practice would look like — including the compliance features, Xero integration, and client experience — I'm happy to have that conversation. No generic demo, no one-size-fits-all solution: just a straightforward discussion about your specific workflow and what would actually help.