Your browser is not supported

Our website does not support the browser you are using. For a better browsing experience update to a compatible browser like the latest browsers from Chrome, Firefox and Safari.

AML/CFT obligations

This page explains some of the obligations reporting entities (including banks, non-bank deposit takers and some life insurers) need to comply with under the Anti-Money and Countering Financing of Terrorism Act 2009 (AML/CFT Act).

Reporting entities' obligations

For banks, life insurers and non-bank deposit takers, their obligations include:

  • assessing their money laundering and terrorism financing risk
  • appointing an AML/CFT compliance officer
  • designing, implementing and maintaining an AML/CFT compliance programme that sets out the procedures, policies and internal controls for: 
    • vetting and training relevant staff
    • carrying out due diligence on their customers
    • monitoring customer accounts and activities
    • reporting suspicious activities and transactions
    • keeping records
    • continuing to monitor and manage all AML/CFT matters, among other obligations
  • auditing and reviewing their risk assessment and compliance programme
  • submitting an annual report to their AML/CFT supervisor.

Our approach to supervision

We are committed to a risk-based relationship model and outcomes focused approach in preventing money laundering and terrorism financing.

This means we allocate our resources and efforts to the areas where we see the greatest threat to New Zealand's objectives under the AML/CFT legislation. These are to:

  • detect and deter money laundering and the financing of terrorism
  • maintain and enhance New Zealand’s international reputation by adopting, where appropriate in the New Zealand context, recommendations issued by the Financial Action Task Force
  • contribute to public confidence in the financial system.

Criminals are getting more flexible and innovative in their efforts to launder money and avoiding detection. So, it is important our anti-money laundering responses are flexible, proportionate and cost-effective. These are the main characteristics of a risk-based AML/CFT regime.

Step 1: complete a risk assessment

A risk assessment is the first step you must take before developing a programme to address money laundering and terrorism financing risks. It involves identifying and assessing the risks your business might reasonably expect to face.

In developing your risk assessment, the AML/CFT Act requires you to consider:

  • the nature, size and complexity of your business
  • your products and services
  • how you deliver products and services to your customers
  • the customers, countries and institutions you deal with
  • our guidance material
  • any other factors in regulations.

You should consider if any of your products involve new or developing technologies that may favour customers remaining anonymous. The AML/CFT Act also requires you to look at activities like wire transfers and correspondent banking relationships (as set out in Section 29(3) of the AML/CFT Act).

Our risk assessment guideline is designed to help you conduct a risk assessment, as required under Section 58 of the AML/CFT Act.

We have also published a countries assessment guideline to help you develop risk assessment processes for countries you deal with. For example, this may be necessary when you deal with a non-resident customer or an overseas institution.

Step 2: develop an AML/CFT programme

Developing an AML/CFT programme is the next step after conducting a risk assessment. It involves developing the procedures, policies and controls to manage and mitigate money laundering and terrorism financing risks.

The following guideline is designed to help you develop your programme as required under Section 56 of the AML/CFT Act.

Designated business groups

You may be eligible to form a designated business group (DBG), which allows you to adopt an AML/CFT programme and a risk assessment of another group member.

To find out if you are eligible and what you need to do, see the two guidelines below. The scope guideline outlines the obligations that may be shared by members of a designated business group. The formation guideline highlights the eligibility criteria and election process when forming or joining a designated business group.

Step 3: Annual reporting

The AML/CFT Act requires banks, life insurers and non-bank deposit takers to submit an AML/CFT annual report using our supplied report template (see below).

The Anti-Money Laundering and Countering Financing of Terrorism (Requirements and Compliance) Amendment Regulations prescribe the form and content of the annual report.

Read the amended regulations

Note: some browsers may attempt to open the template rather than download it, leading to an error message. Please ensure you download the template before trying to open it.

Forms instructions

Do not upload handwritten, scanned or signed forms. Include your unique code on the last page in place of a signature. Return your forms to us in typed PDF format. We have emailed instructions on how to submit completed forms to your AML Compliance Officer. If you have not received the instructions, email us as soon as possible at [email protected]

We have recently updated the annual report user guide to reflect the 2018 amendments to Schedule 2 of the Anti-Money Laundering and Countering Financing of Terrorism (Requirements and Compliance) Regulations 2011.

Reporting suspicious activity

The role of the New Zealand Police Financial Intelligence Unit (FIU) is to receive and analyse suspicious activity reports (SARs) and publish the National Risk Assessment as well as other guidance material.

You must report all suspicious activities and transactions to the FIU via its internet platform ‘goAML’. You will need to first register for a username on the website.

Go to the goAML website

Once logged into goAML, you can access several relevant documents including:

  • user instructions on how to correctly submit an SAR report or an additional information file
  • the security features of goAML.

The FIU has published a suspicious activity reporting guideline to help you comply with suspicious activity reporting obligations from 1 July 2018.

Suspicious Activity Reporting Guidelines

You can access more guidance and e-learning training by choosing the ‘?’ icon on the blue task bar on the FIU web page. You can also find out how to register a new entity or a new user for an existing entity. The New Zealand Police website also has the goAML schema, which may be updated from time to time.

GoAML – Financial Intelligence Unit reporting tool

More information on the Financial Intelligence Unit (FIU)