Requirements

You will need to comply with the AML/CFT Act if you provide any of the following services:

AML/CFT Supervisor – Department of Internal Affairs

• Accountants (from 1 October 2018)
• Cash Transport
• Casinos
• Conveyancers (from 1 July 2018)
• Debt Collection
• Factoring
• Financial Leasing
• Foreign Exchange
• High Value Goods (from 1 August 2019)
• Lawyers (from 1 July 2018)
• Money Changers
• Non-Bank Credit Card
• Non-Bank Deposit Taking Lenders
• Payment Provider
• Payroll
• Real Estate Agents (from 1 January 2019)
• Remittance
• Safe Deposits
• Sports and Race Betting (from 1 August 2019)
• Stored Value Cards
• Tax Pooling
• Trust and Company formation (from 1 July 2018)

AML/CFT Supervisor – Financial Markets Authority

• Issuers of Securities
• Licensed Supervisors
• Derivatives Issuers and Dealers
• DIMS Providers
• Fund Managers
• Brokers and Custodians
• Financial Advisers
• Equity Crowd Funding Platforms
• Peer-to-Peer Lenders

AML/CFT Supervisor – Reserve Bank

• Banks
• Life Insurers
• Non-Bank Deposit Takers

You must assess the risks your business faces from money launderers and terrorism financers.

You must then apply suitable procedures, policies and controls to effectively manage the risks you have identified.

The AML/CFT Act requires you to address the following in your Risk Assessment

• Methodology
• Nature, size and complexity
• Products and services offered
• Methods of delivery
• Customer types
• Country risk
• Institutions
• Risks identified by the AML/CFT Supervisors and the Commissioner of Police.

Once you have completed your Risk Assessment, you must develop an AML/CFT Programme.

This should include internal procedures, policies and controls to detect and manage the risk of money laundering and terrorism financing.

Your AML/CFT Programme should include:

• Who is responsible for the AML/CFT Programme to ensure compliance with the AML/CFT Act
• Staff
  • Staff Vetting
  • Staff Training
  • Staff Records
• Customer Due Diligence
  • Simplified Customer Due Diligence
  • Standard Customer Due Diligence
• Enhanced Due Diligence (EDD)
  • Customers subject to EDD
  • Trusts
  • Companies
  • Source of Funds and Source of Wealth
  • Politically Exposed Persons
  • Beneficial Owners
• Verification
  • Certification
  • Electronic Verification
• Account Opening Procedure
• Ongoing Customer Due Diligence
• Termination of Customer
• Agents
• Country Assessment
• Written Findings
• Suspicious Activity
  • Common Indicators
  • Reporting
• Account Monitoring
  • Transaction Monitoring
  • Transaction Records
  • Assurance
• Wire Transfers
• Prescribed Transaction Reporting
• Products and Transactions that Favour Anonymity
• Managing and Mitigating Risk
• Review and Audit of the AML/CFT Programme
• Record Keeping

The above list provides you with an overview of what is required to be included in your AML/CFT Programme. You should also read the guidance material issued by the AML/CFT Supervisors for further information.

You are required to complete an Annual Report on your Risk Assessment and AML/CFT Programme for the period 1 July to 30 June each year.

This report must be filed with your AML/CFT Supervisor by 31 August.

Some of the questions you can expect to be asked in the AML/CFT Annual Report are:

• Your business address, shareholding and the name and contact details of the AML/CFT Compliance Officer.
• Whether your Risk Assessment meets the requirements of the AML/CFT Act?
• When was the most recent internal review of your Risk Assessment completed?
• Has your Risk Assessment been independently audited?
• The date of the Risk Assessment audit?
• Did the audit highlight any deficiencies in your Risk Assessment?
• Have you made changes to your Risk Assessment as identified in the Audit?
• During the year did you make available a new product, service or channel?
• If so, did you include this in your Risk Assessment?
• Whether your AML/CFT Programme meets the requirements of the AML/CFT Act?
• When was the most recent internal review of your AML/CFT Programme completed?
• Has your AML/CFT Programme been independently audited?
• The date of the AML/CFT Programme audit?
• Did the audit highlight any deficiencies in your AML/CFT Programme?
• Have you made changes to your AML/CFT Programme as identified in the Audit?
• Do you have procedures to identify and verify the identity of new customers and persons seeking to conduct occasional transactions?
• Do you have exception handling procedures?
• Do you monitor transactions electronically, manual or both?
• What was your gross number of transactions? Presented by adding the number of deposit and withdrawals together.
• What was your gross value of transactions? Presented by adding the dollar amount of deposit and withdrawals together.
• The number of customers you had a business relationship with?
• How many customers were politically exposed persons, trusts, companies
• How many customers are non-residents?
• Estimate the percentage of customers that are NZ Residents, Non-residents, NZ Entities (trusts, companies, partnerships etc.), Non-resident entities (trusts, companies, partnerships etc.) and overseas government bodies?
• By what method did you accept the customer – face to face, non face to face, domestic intermediaries, agents, third parties and overseas intermediaries, agents, third parties?
• Name the 3 countries your business receives the most transactions from?
• Name the 3 countries your business sends the most transactions to?
• Domestic and foreign wire transfers represented by monthly $ average as an ordering, beneficiary and intermediary institution.

The AML/CFT Act requires you to have your Risk Assessment and AML/CFT Programme independently audited every two years, or at any other time your AML/CFT Supervisor requests.

The independent audit is to verify that your Risk Assessment identifies the money laundering and terrorist financing risks faced by your business, that you are keeping the assessment current, and that you are effectively determining the levels of risk faced by your business. In essence the independent audit of the Risk Assessment and AML/CFT Programme is intended to check that you are implementing your programme effectively.

Independant

The AML/CFT Act states that the person who conducts the audit must be independent, and not involved in the development of your Risk Assessment, or the establishment, implementation or maintenance of your AML/CFT Programme.

AML/CFT Audit Report

The Independent AML/CFT Audit Report is provided to your AML/CFT Supervisor upon their request.

You are required to keep your Risk Assessment and AML/CFT Programme up to date at all times.

To demonstrate evidence of this we recommend that you include a version history in these documents. This should detail a description of the area updated, the date it was updated and the person approving the change.

As a minimum these documents should be updated at least yearly but should an area of your business change at any stage then this would mean that the Risk Assessment and AML/CFT Programme would need to be updated at that stage.

The following are some events that may trigger you to update your documents

• New product or service offered.
• How you deliver the product or service changes.
• The types of customers you deal with change.
• You commence dealing with a country that has not been assessed in your Risk Assessment.
• The AML/CFT Supervisor or Commissioner of Police publishes a new Sector Risk Assessment that is relevant to your business.
• Recommendations made by your AML/CFT Supervisor or Auditor.