The three AML/CFT Supervisors have also produced an Information Pack about Anti-Money Laundering and Countering the Financing of Terrorism.
Money laundering describes the process by which criminals make money obtained from their criminal activities (“dirty”) look legitimate ("clean").
They aim to introduce their "dirty money" into the financial system without detection or arousing suspicion. Once their "dirty money" is in the financial system, it can be transferred between different bank accounts or financial products in New Zealand or abroad, or used to purchase goods and services.
The aim of money laundering is to make this "dirty money" look like it has come from a legitimate source, and therefore difficult to connect the money with its criminal past.
Terrorist Financing is the financial support of terrorists, or those who encourage, plan or engage in terrorism.
Terrorist financing may involve funds raised from legitimate sources, such as personal donations and profits from businesses and charitable organizations. It may also be drawn from criminal sources, such as the drug trade, the smuggling of weapons and other goods, fraud, kidnapping or extortion.
People who finance terrorism often use similar methods and tools to those used for money laundering.
The Anti-Money Laundering and Countering Financing of Terrorism Act (AML/CFT Act) was passed in 2009. The Act and regulations came fully into effect on 30 June 2013.
The AML/CFT Act sets many obligations at a relatively high level. More detail is set out in:
Regulations – these contain minimum standards, thresholds, etc. These are mandatory and must be followed.
Codes of Practice – these set out methods by which reporting entities can comply with their obligations. While not mandatory, they can provide a defence against charges of non-compliance (a“safe-harbour”), if followed correctly. A reporting entity that fully complies with the code is compliant with the relevant parts of the legislation. If a reporting entity decides to opt out of all, or part, of the code it is required to have provided written notification to its AML/CFT supervisor. This notification states that the reporting entity has opted out of compliance with all, or part, of the code and intends to satisfy its obligations by some other equally effective means.
Guidelines – these outline other non-binding guidance from supervisors.
A Code of Practice and several guidelines have been published.
Reporting entities are required to assess the money laundering and financing of terrorism risk that they may reasonably expect to face in the course of their business.
In making this assessment, the Act requires that a reporting entity considers:
- the nature, size and complexity of its business;
- the products and services it offers;
- the methods by which it delivers products and services to its customers;
- the types of customers it deals with;
- the countries it deals with;
- the institutions it deals with;
- any guidance material produced by supervisors; and
- any other factors that are set out in regulations.
Reporting entities should consider whether any of their products involve new or developing technologies that may favour customer anonymity. The Act also specifies that reporting entities should consider particular activities, such as wire transfers and correspondent banking relationships.
Guidelines have been published to help reporting entities develop procedures on the assessment of risks associated with the countries it deals with. The Countries Assessment guideline will help you decide when you need to undertake this assessment and how to approach the assessment.
An AML/CFT programme sets out a reporting entity’s internal policies, procedures and controls to detect money laundering and financing of terrorism and to manage and mitigate the risk of it occurring. The programme must be in writing and be based on its risk assessment.
Certain elements of a programme are specifically required by the Act, including:
- vetting senior managers and AML staff;
- training senior managers and AML staff;
- Customer Due Diligence, including enhanced CDD and simplified CDD;
- reporting suspicious transactions ;
- monitoring and record keeping; and
- monitoring and managing compliance with the AML/CFT programme.
Risk-based systems and controls should be based on the nature, size and complexity of a reporting entity’s business, along with any money laundering and financing of terrorism risks it may face.
Entities that are eligible may choose to form a Designated Business Group (DBG). This enables the entities to share a Risk Assessment and some, but importantly not all, aspects of their AML/CFT Programmes.
Guidelines have been published to help reporting entities to decide whether they are eligible to form a DBG. The guidance is in two parts. The Designated Business Group - scope guideline outlines the obligations that may be shared by members of a designated business group.
The Designated Business Group – formation guideline highlights the eligibility criteria and election process when forming or joining a designated business group. It also explains the process for notifying an AML/CFT supervisor about the formation of, or change to, a designated business group and provides the forms for doing so.
Basic obligations imposed on reporting entities include:
- assessing the money laundering and financing of terrorism risk that it may reasonably expect to face in the course of its business;
- establishing, implementing and maintaining an AML/CFT Programme (procedures, policies and controls) to detect, manage and mitigate the risk of money laundering and the financing of terrorism;
- customer due diligence (identification and verification of identity) and ongoing CDD;
- suspicious transaction reporting; and
- record keeping.
Reporting entities have considerable flexibility, within the limits prescribed by the Act and Regulations, in how they meet their obligations.
Customer Due Diligence (CDD) involves:
- gathering information about customer identity; and
- verifying a customer's identity, to ensure the customer is who they say they are.
In many cases, reporting entities also need to establish the identity of the beneficial owner, meaning the person who ultimately controls the customer.
The Amended Identity Verification Code of Practice 2013 (published October 2013) sets out methods by which reporting entities can comply with their obligations to verify the name and date of birth of customers who have been assessed as low to medium risk. The Code is not mandatory, but provides a “safe-harbour” if followed correctly. If a reporting entity decides to opt out of this Code, it must adopt practices that are equally effective and notify its AML/CFT supervisor.
The Beneficial Ownership guideline has been published to help reporting entities develop procedures on the verification of beneficial ownership.
“Politically-Exposed Persons” (PEPs) are individuals who, by virtue of their position in public life, may be vulnerable to corruption. The New Zealand legislation currently limits this concept to foreign PEPs, and does not include domestic (New Zealand-based) PEPs. Reporting entities are required to give specific consideration to the risks involved with PEPs and so should:
- have procedures in place to determine whether a customer, or a beneficial owner of a customer, is a PEP or a close associate of a PEP;
- obtain senior management approval for establishing or maintaining business relationships with PEPs;
- take reasonable measures to establish the source of wealth and source of funds of PEPs; and
- conduct enhanced, ongoing monitoring of the business relationship.
In assessing risk, a reporting entity must have regard to section 58(2) and“the institutions it deals with”. This includes your correspondent banking relationships.
“Correspondent banking relationship” has the meaning set out in section 29(3) of the AML/CFT Act. Nostro or Vostro facilities are examples of accounts that are “used, or are proposed to be used, for payments to, or receipts from, foreign financial institutions.”
Section 29 of the Act sets out the Customer Due Diligence requirements for correspondent banking relationships a reporting entity has, or proposes to have. We recommend you obtain independent legal advice if you are unclear about the obligations as they apply to your historical or existing accounts. For example, section 29(2)f of the Act states that you must “be satisfied” with the accounts you have that are used directly by third parties to transact business on their own behalf.
Other examples of “institutions (you) deal with” include:
- respondents with whom a full or partial exchange of SWIFT keys takes place; and
- external parties (partner, agent, third party, platform provider, etc.) for the delivery of products and/or services.
The Reserve Bank of New Zealand is committed to a risk-based approach in countering money laundering and terrorist financing. This means we allocate our resources and efforts to the areas where we perceive the greatest threat to our statutory objectives, in order to:
- detect and deter money laundering and the financing of terrorism;
- maintain and enhance New Zealand’s international reputation by adopting, where appropriate in the New Zealand context, recommendations issued by the Financial Action Task Force; and
- contribute to public confidence in the financial system.
Criminals are increasingly flexible and innovative in their efforts to launder money and attempt to avoid detection. It is therefore important that our anti-money laundering responses are flexible, proportionate and cost-effective. These are the main characteristics of a risk-based AML/CFT regime.
The AML/CFT supervisors are focusing on whether the reporting entity has an appropriate and reasonable risk assessment, and an AML/CFT programme that reflects and controls those risks. The AML/CFT supervisors take a risk-based approach to supervision - selecting from the supervision and enforcement tools available to us. Supervision will take into account the nature of the business and the risks that each reporting entity is managing.