What are reporting entities required to do?

The Anti-Money Laundering and Countering Financing of Terrorism Act 2009 imposes a number of obligations upon reporting entities.

These obligations include:

  • carrying out an assessment of the money laundering and terrorism financing risk a reporting entity may reasonably expect to face
  • appointing an AML/CFT compliance officer
  • the design, implementation and maintenance of a compliance programme (AML/CFT programme) that sets out procedures, policies, and internal controls for, among other things:
    • vetting and training certain staff
    • carrying out due diligence on customers (CDD) (which includes customer identification and verification)
    • undertaking ongoing customer due diligence and account monitoring
    • reporting suspicious transactions
    • record-keeping
    • monitoring and management of AML/CFT matters in an ongoing way
  • audits and reviews of the Risk Assessment and AML/CFT programme
  • an annual report to the relevant AML/CFT supervisor.

Please note that reporting entities supervised by the RBNZ must continue to observe their existing obligations under other legislation. For more information see

Supervisory approach

The AML/CFT Supervisory Framework sets out the framework and shared objectives, functions, powers and guiding principles of the three AML/CFT supervisors.

Read the AML/CFT Supervisory Framework (PDF 103KB)

Information on the Reserve Bank's approach to AML/CFT supervision is available from a speech delivered by the Reserve Bank in June 2013.

Read the speech by Rob Edwards - Anti-money laundering - thoughts from an AML/CFT supervisor

More information can be found in:

NZ Police FIU – SAR reporting requirements

The New Zealand Police Financial Intelligence Unit (FIU)'s role is to receive and analyse suspicious activity reports (SARs), and publish the National Risk Assessment as well as other guidance material. Reporting entities are required to report all suspicious matters to the FIU via its internet platform ‘goAML’. Reporting entities must register for a user name on the goAML website.

Go to the goAML website

Please visit if you require goAML assistance with:

  • How to register a new entity
  • How to register a new user to an existing entity
  • Useful FAQs

Once logged into goAML, further guidance and e-learning training is available by selecting the “?” icon on the blue task bar.

The schema for goAML is available on the New Zealand Police website. Please note that changes to this schema will occasionally be made.

GoAML – Financial Intelligence Unit reporting tool

The FIU's goAML webpage contains several relevant documents – including user instructions on how to correctly submit an SAR report or an additional information file, and the security features of goAML.

More information on the Financial Intelligence Unit (FIU)