COA Compliance for Security Companies in New Zealand

The regulatory framework: PSPLA and the 2010 Act

The Private Security Personnel and Private Investigators Act 2010 (the Act) governs the security industry in New Zealand. It established the Private Security Personnel Licensing Authority (PSPLA) as the body responsible for licensing both security companies and the individuals who work within them.

Under the Act, two separate licences apply. A company licence authorises a business to operate as a security company. A Certificate of Approval (COA) authorises an individual to work in a specified security role. Both must be current. A licensed company that employs or contracts an individual without a valid COA for their role is in breach of the Act, regardless of the individual's experience or history.

The PSPLA maintains a public register of both company licences and individual COAs. Anyone — including clients, insurers, and members of the public — can search the register to verify whether a company or individual is currently licensed.

Certificate of Approval licence classes

The Act defines six COA licence classes. Each authorises work in a specific type of security role, and an individual must hold the correct class for the work they are performing.

• Property Guard — guarding property against unlawful access, damage, or theft. The most common COA class for patrol officers across Auckland, Wellington, Christchurch, and other centres.
• Crowd Controller — managing access to and behaviour at venues and events where alcohol is served or crowds are managed.
• Personal Guard — providing close protection to individuals.
• Monitoring Officer — monitoring security alarms or surveillance systems, typically from a control room.
• Security Technician — installing, maintaining, or repairing security systems and equipment.
• Security Consultant — providing security risk assessments or advice to clients.

A guard who holds a Property Guard COA cannot legally work as a Crowd Controller without a separate Crowd Controller COA. Companies must track not just whether an officer holds a COA, but which class or classes they hold, and match assignments accordingly.

What security companies must do

Operating a licensed security company in New Zealand involves four core compliance obligations.

Hold a current company licence. A company licence must be in place before the business begins operating in a licensed security role. Licences are subject to renewal and can be suspended or cancelled by the PSPLA.

Employ only COA-licensed personnel in security roles. Every person performing a licensed security function — whether employed directly or engaged as a contractor — must hold a current COA for the relevant licence class. Companies are responsible for verifying this before deploying an individual to a role.

Maintain records of who worked where and when. In the event of a complaint, incident, or PSPLA audit, a company must be able to demonstrate which officers were deployed to each site, on which dates, and in which roles. Records must be accurate, contemporaneous, and retrievable.

Keep proof of eligibility to work in New Zealand. Security companies must retain documentation confirming that each employee or contractor is legally eligible to work in New Zealand. This applies to New Zealand citizens, permanent residents, and those on temporary work visas. Proof of eligibility must be current — a visa that has expired removes eligibility regardless of when it was originally verified.

How to demonstrate COA compliance

Demonstrating compliance is not just a matter of having the right people on the books. It is a matter of being able to show, clearly and quickly, that requirements were met at the time work was performed. That requires records, not just intentions.

For PSPLA purposes, compliance records should be able to answer the following questions for any shift on any site:

• Which officer was deployed to this site?
• Did that officer hold a current COA for the relevant licence class at the time of deployment?
• What was the officer's COA number and expiry date?
• Did that officer hold current proof of eligibility to work in New Zealand at the time?
• What activity was carried out, and when?

Companies that cannot answer these questions for a specific incident or audit period are exposed to regulatory risk, even if the underlying activity was carried out correctly.

What good operational records look like

Good compliance records for a New Zealand security company combine personnel records with operational records. Neither is sufficient on its own.

Personnel records should include, for each officer: full name, COA licence class and number, COA expiry date, proof of eligibility to work in New Zealand (document type and expiry where applicable), and a copy of the COA document itself. These records must be kept current and updated when a COA is renewed or when eligibility documentation changes.

Operational records should show, for each shift or patrol: the site, the officer deployed, the date and time, the activity completed (patrols, checkpoints, incidents), and any observations or reports raised. For patrol work, timestamped checkpoint records and GPS-backed data provide the clearest and most defensible evidence of what was done and when.

Companies operating across multiple regions — Auckland, Hamilton, Tauranga, Wellington, Christchurch, Dunedin, and other centres — benefit from centralised records that can be searched and reported across all sites, rather than site-by-site folders or spreadsheets that require manual aggregation.

Expiry tracking is one of the most common points of failure. A COA that lapses — even briefly — means the officer cannot legally work. Companies that rely on officers to self-report renewal requirements, or that check expiry dates manually on a spreadsheet, carry unnecessary risk. Automated alerts that flag approaching expiry dates well in advance give operations managers time to act before a compliance gap occurs.

Frequently asked questions