AML/CFT Questions and Answers
New Zealand’s AML/CFT Regime
When does it all take effect?
What are Regulations / Codes of Practice / Guidelines?
What if firms are not ready when required / will there be a transition period?
What should firms be doing now?
What is a Risk Assessment?
What is an AML/CFT Programme?
What is a Designated Business Group?
Supervision in relation to AML/CFT
Money laundering describes the process by which criminals make money obtained from their criminal activities (“dirty”) look legitimate ("clean").
They aim to introduce their "dirty money" into the financial system without detection or arousing suspicion. Once their "dirty money" is in the financial system, it can be transferred between different bank accounts or financial products in New Zealand or abroad, or used to purchase goods and services.
The aim of money laundering is to make this "dirty money" look like it has come from a legitimate source, and therefore difficult to connect the money with its criminal past.
Terrorist Financing is the financial support of terrorists, or those who encourage, plan or engage in terrorism.
Terrorist financing may involve funds raised from legitimate sources, such as personal donations and profits from businesses and charitable organizations. It may also be drawn from criminal sources, such as the drug trade, the smuggling of weapons and other goods, fraud, kidnapping or extortion.
People who finance terrorism often use similar methods and tools to those used for money laundering. Read our Sector Risk Assessment document for more information.
The Anti-Money Laundering and Countering Financing of Terrorism Act (AML/CFT Act) was passed in 2009. It will come fully into effect on 30 June 2013.
This time period is intended to give reporting entities time to undertake their risk assessments, and to plan and implement their systems and controls before requirements come into force.
The AML/CFT Act sets many obligations at a relatively high level. More detail is set out in:
Regulations – these contain minimum standards, thresholds, etc. These are mandatory and must be followed.
Codes of Practice – these set out methods by which reporting entities can comply with their obligations. While not mandatory, they can provide a defence against charges of non-compliance (a “safe-harbour”), if followed correctly. A reporting entity that fully complies with the code will be compliant with the relevant parts of the legislation. If a reporting entity decides to opt out of all, or part, of the code it is required to have provided written notification to its AML/CFT supervisor. This notification states that the reporting entity has opted out of compliance with all, or part, of the code and intends to satisfy its obligations by some other equally effective means.
Guidelines – these outline other non-binding guidance from supervisors.
The 2011 regulations, a Code of Practice and several guidelines have already been published. Further regulations and guidelines are currently under development in the lead-up to 30 June 2013.
New Zealand has not implemented an “assisted transition period” as was used in Australia. This means that reporting entities must comply with their obligations on 30 June 2013. The Reserve Bank of New Zealand intends to work with reporting entities in the lead-up to 30 June 2013 to help ensure that they fully understand their obligations and are in a position to comply.
Experience shows that implementation of new systems and controls always take longer than planned. It is important that reporting entities start planning for implementation as early as possible.
Reporting entities should familiarise themselves with the AML/CFT Act and its requirements. They should also:
- plan and/or undertake AML/CFT risk assessments; and
- plan and allocate resources for the design and implementation of AML/CFT programmes.
Reporting entities are required to assess the money laundering and financing of terrorism risk that they may reasonably expect to face in the course of their business.
In making this assessment, the Act requires that a reporting entity considers:
- the nature, size and complexity of its business;
- the products and services it offers;
- the methods by which it delivers products and services to its customers;
- the types of customers it deals with;
- the countries it deals with;
- the institutions it deals with;
- any guidance material produced by supervisors; and
- any other factors that are set out in regulations.
Reporting entities will also need to consider whether any of their products involve new or developing technologies that may favour customer anonymity. The Act also specifies that reporting entities must consider particular activities, such as wire transfers and correspondent banking relationships.
Guidelines have been published to help reporting entities develop procedures on the assessment of risks associated with the countries it deals with. The Countries Assessment guideline (PDF 456KB) will help you decide when you need to undertake this assessment and how to approach the assessment.
An AML/CFT programme sets out a reporting entity’s internal policies, procedures and controls to detect money laundering and financing of terrorism and to manage and mitigate the risk of it occurring. The programme must be in writing and be based on its risk assessment.
Certain elements of a programme are specifically required by the Act, including:
- vetting senior managers and AML staff;
- training senior managers and AML staff;
- Customer Due Diligence, including enhanced CDD and simplified CDD;
- reporting suspicious transactions ;
- monitoring and record keeping; and
- monitoring and managing compliance with the AML/CFT programme.
Risk-based systems and controls should be based on the nature, size and complexity of a reporting entity’s business, along with any money laundering and financing of terrorism risks it may face.
Entities that are eligible may choose to form a Designated Business Group (DBG). This enables the entities to share a Risk Assessment and some, but importantly not all, aspects of their AML/CFT Programmes.
Guidelines have been published to help reporting entities to decide whether they are eligible to form a DBG. The guidance is in two parts. The Designated Business Group - scope guideline (PDF 264KB) outlines the obligations that may be shared by members of a designated business group. The Designated Business Group – formation guideline (PDF 298KB) highlights the eligibility criteria and election process when forming or joining a designated business group. It also explains the process for notifying an AML/CFT supervisor about the formation of, or change to, a designated business group and provides the forms for doing so.
Basic obligations imposed on reporting entities will include -
- assessing the money laundering and financing of terrorism risk that it may reasonably expect to face in the course of its business;
- establishing, implementing and maintaining an AML/CFT Programme (procedures, policies and controls) to detect, manage and mitigate the risk of money laundering and the financing of terrorism;
- customer due diligence (identification and verification of identity) and ongoing CDD;
- suspicious transaction reporting; and
- record keeping.
Reporting entities will have considerable flexibility, within the limits prescribed by the Act and Regulations, in how they meet their obligations.
Customer Due Diligence (CDD) involves:
a) gathering information about customer identity; and
b) verifying a customer's identity, to ensure the customer is who they say they are.
In many cases, reporting entities will also need to establish the identity of the beneficial owner, meaning the person who ultimately controls the customer.
The Identity Verification Code of Practice 2011 sets out methods by which reporting entities can comply with their obligations to verify the name and date of birth of customers who have been assessed as low to medium risk. The Code is not mandatory, but provides a “safe-harbour” if followed correctly. If a reporting entity decides to opt out of this Code, it must adopt practices that are equally effective.
The Beneficial Ownership guideline has been published to help reporting entities develop procedures on the verification of beneficial ownership.
Ongoing Customer Due Diligence means regularly reviewing customer information and having systems to conduct account monitoring. This will be required for all customers, including existing customers.
“Politically-Exposed Persons” (PEPs) are individuals who, by virtue of their position in public life, may be vulnerable to corruption. The New Zealand legislation currently limits this concept to foreign PEPs, and does not include domestic (New Zealand-based) PEPs. Reporting entities are required to give specific consideration to the risks involved with PEPs and so should:
- have procedures in place to determine whether a customer, or a beneficial owner of a customer, is a PEP or a close associate of a PEP;
- obtain senior management approval for establishing or maintaining business relationships with PEPs;
- take reasonable measures to establish the source of wealth and source of funds of PEPs; and
- conduct enhanced, ongoing monitoring of the business relationship.
In assessing risk, a reporting entity must have regard to section 58(2) and “the institutions it deals with”. This includes your correspondent banking relationships.
“Correspondent banking relationship” has the meaning set out in section 29(3) of the AML/CFT Act. Nostro or Vostro facilities are examples of accounts that are “used, or are proposed to be used, for payments to, or receipts from, foreign financial institutions.”
Section 29 of the Act sets out the Customer Due Diligence requirements for correspondent banking relationships a reporting entity has, or proposes to have. We recommend you obtain independent legal advice if you are unclear about the obligations as they apply to your historical or existing accounts. For example, section 29(2)f of the Act states that you must “be satisfied” with the accounts you have that are used directly by third parties to transact business on their own behalf.
Other examples of “institutions (you) deal with” include:
- respondents with whom a full or partial exchange of SWIFT keys takes place; and
- external parties (partner, agent, third party, platform provider, etc.) for the delivery of products and/or services.
The Reserve Bank of New Zealand is committed to a risk-based approach in countering money laundering and terrorist financing. This means we will allocate our resources and efforts to the areas where we perceive the greatest threat to our statutory objectives, in order to:
- detect and deter money laundering and the financing of terrorism;
- maintain and enhance New Zealand’s international reputation by adopting, where appropriate in the New Zealand context, recommendations issued by the Financial Action Task Force; and
- contribute to public confidence in the financial system.
Criminals are increasingly flexible and innovative in their efforts to launder money and attempt to avoid detection. (Read our Sector Risk Assessment document for more information). It is therefore important that our anti-money laundering responses are flexible, proportionate and cost-effective. These are the main characteristics of a risk-based AML/CFT regime.
No. One of the policy drivers behind the legislation was trans-Tasman integration, but only where it is appropriate for New Zealand. The detail in the legislation and the Government’s approach differs in a number of areas, so it is imperative that reporting entities fully understand their obligations under the New Zealand regime.
Experience shows that the implementation of new systems and controls may take longer than first anticipated. It is important that reporting entities start planning for implementation. Reporting entities should familiarise themselves with the requirements of the AML/CFT Act and regulations and:
- plan and undertake an AML/CFT risk assessment, and
- plan and allocate resources for the design and implementation of their AML/CFT Programme.
The requirements for reporting entities are set out in the AML/CFT Act. The AML/CFT supervisors are unlikely to single out individual elements that they will focus on. Supervision will take into account the nature of the business and the risks that each reporting entity is managing.
The AML/CFT supervisors will be focusing on whether the reporting entity has an appropriate and reasonable risk assessment, and an AML/CFT programme that reflects and controls those risks. The AML/CFT supervisors intend to take a risk-based approach to supervision - selecting from the supervision and enforcement tools available to us. Read our latest Bulletin article for more information on the Reserve Bank’s approach to AML/CFT supervision.
This information does not constitute legal advice. Please consult the relevant statute and regulations and seek independent advice.
 AML/CFT - Anti-Money Laundering and Countering Financing of Terrorism