Anti-money laundering - thoughts from an AML/CFT supervisor
Anti-money laundering ("AML") supervision gets underway on 30 June 2013. By that date, the three AML/CFT supervisors ("AML supervisors") - the Department of Internal Affairs ("DIA"), the Financial Markets Authority and the Reserve Bank - expect reporting entities to be compliant with the AML regime. Today I will offer some thoughts on how the Reserve Bank will be approaching its responsibilities in this area.
The overarching reason for the AML regime is to reduce crime and make our communities safer. All of us here today - supervisors, reporting entities, advisers, the Financial Intelligence Unit – want to see a successful and effective regime, and less crime and safer communities as a result.
I will begin by focusing on the key, fundamental drivers and common interests we all share. I will then comment on supervision and enforcement. These matters involve questions of:
- Why do we care about the effectiveness and success of the AML regime?
- What should reporting entities expect from their AML supervisor when they conduct their AML supervisory activities? and
- How will the supervisors approach examples of non-compliance?
Why do we all care?
Money laundering and the underlying criminal activity that generates the proceeds is a massive international problem. Although it is notoriously difficult to estimate actual amounts laundered, some commentators estimate that earnings from crime (excluding tax evasion) amount to approximately 2-3% of GDP. In 2011 that would translate to approximately USD$300-450 billion in the USA and approximately NZD$4-6 billion for New Zealand. Even if only one tenth of those proceeds of crime is laundered, you can see that the potential scale of the problem is huge. New Zealand has comparatively low rates of crime and corruption, but we are not immune.
The first objective of the AML legislation is "to detect and deter money laundering". This is a key step towards rooting out and prosecuting the perpetrators of the underlying criminal activity. An effective AML regime helps to take the profit out of crime.
Detecting laundering of proceeds of crime is a key part of the AML regime. But it is also about detecting and deterring the financing of terrorism. Although New Zealand seems far away from international terrorism, we are not immune from being involved in activities related to the financing of terrorism. Financing terrorism is a global activity and a serious global problem. Terrorists are able to take advantage of any AML weaknesses in any jurisdiction's banking and money remitting systems, and many highly effective acts of terrorism have been able to be carried out with quite limited funding, literally on a shoestring budget. As a jurisdiction we need to have effective AML laws in place. And reporting entities need to be vigilant in adhering to those laws. It is not farfetched to suggest that one suspicious transaction report could help to prevent a future Bali bombing or Boston marathon-type event.
Why does it matter for New Zealand?
The second objective of the AML legislation is "to maintain and enhance New Zealand's international reputation..." by adopting the international Financial Action Task Force (FATF) standards. New Zealand cannot afford to be seen as a weak link in the chain of international efforts to tackle money laundering and the financing of terrorism. If FATF were to give New Zealand a poor AML rating at its next review (currently likely to occur in 2016), the consequences could be severe.
Compliance with the FATF recommendations helps maintain New Zealand's reputation on the world stage, by demonstrating our commitment to international efforts to combat money laundering and the financing of terrorism.
Global businesses are becoming more aware of the international reputations of the jurisdictions they do business with and in. They regard a country's FATF assessment rating as a key measure of the robustness of that country's AML regime. An unfavourable assessment from FATF would mean that New Zealand businesses would face costs, delays and other barriers when doing business with overseas trading partners and global businesses. Consequently, we all have a strong incentive to ensure that the AML regime is successful.
The alternative is not an option. A weak AML regime and an unfavourable assessment by FATF would damage New Zealand's international reputation and the prospects of New Zealand businesses on the international stage. It would also increase the likelihood that organised criminal groups and financiers of terrorism will try to exploit New Zealand's financial system.
What should reporting entities expect from the supervisors when they conduct their AML supervisory activities?
The AML supervisors have several functions under the AML legislation, of which the key ones are:
- Monitoring and assessing the risk of money laundering across the reporting entities we supervise;
- Monitoring reporting entities for compliance with the legislation; and
- Investigating reporting entities and enforcing compliance with the legislation.
On 30 June, the primary focus of the supervisors will be on the second function, monitoring compliance, with lesser focus on the other two, assessing risk across our sectors and investigation and enforcement. Let me explain why.
Each of the supervisors has assessed the risk of money laundering across its sector. That work is contained in the sector risk assessments that you are familiar with and one that will be published later this year. (DIA has extensively revised its sector risk assessments and intends to publish the revision before December 2013.) Further work on those sector risk assessments will be essential when the supervisors have conducted extensive monitoring and obtained better information on their reporting entities' compliance. So updating and refining each supervisor's sector risk assessments will not be the primary focus of the supervisors come 30 June.
Similarly, investigating and enforcing compliance also depends on the supervisors first having monitored compliance. Monitoring activity will alert us to the majority of potential breaches. (We encourage whistle blowers or customers to alert us, and will take such reports seriously, but realistically we expect to find out more from our own activities).
So from 30 June the primary focus of all three supervisors will be on supervision; that is monitoring our reporting entities' compliance with the legislation. I will later describe how the supervisors might approach enforcement, but first some comments on supervision, since many of you are likely to have a supervisory interaction with your supervisor, while a smaller group may be subject to investigation and enforcement.
The supervisors have developed a range of tools with common features to help monitor their reporting entities' compliance. The supervisors will be using all or some of the following tools when performing their monitoring activities: onsite inspections, desk-based reviews and surveys or questionnaires.
The way that supervisors deploy these tools will vary – for obvious reasons – so I want to describe generally how the supervisors intend to use those tools and comment on the Reserve Bank's supervisory programme for 2013-2014.
In the vast majority of instances, the supervisors will give reporting entities adequate and reasonable notice about an onsite inspection. Usually they will request information in advance of the onsite inspection.
The scope of inquiries that the supervisors make during an onsite inspection will vary. Some onsite inspections may focus on a single obligation and may be completed quickly. But other onsite inspections may cover many of the reporting entity's obligations, and take several weeks to complete. The time the supervisors actually spend onsite will vary; some may take several weeks but the Reserve Bank's onsite inspections are unlikely to last any longer than a week.
The Reserve Bank's onsite inspection programme contains the times for each onsite inspection, identifies the inspectors for each such onsite review, and identifies the reporting entities that will be subject to an onsite inspection. The reporting entities that will receive an onsite inspection have been divided into three groups, broadly on the basis of their risk rating. The Reserve Bank's AML analysts have been divided into three teams of inspectors, with each team being responsible for the onsite assessments for one of the groups of reporting entities for a four month period. The onsite inspections will be spread evenly over the next 12 months, except for the summer break.
The onsite inspections will be a resource intensive tool. For example, about half AML analysts' time will be spent on onsite inspections (although the majority of that time will be preparation and report writing, rather than actually onsite).
We have developed a set of procedures, processes and templates, together with an obligations register, to ensure that our onsite inspections are carried out in a consistent manner. We expect that, for the larger or more complex reporting entities, the onsite inspections will target key areas of compliance, rather than every area of compliance. We will provide feedback to the relevant reporting entities that have an onsite inspection.
All supervisors will use desk-based reviews as a key tool to monitor compliance. In essence, a desk-based review will involve the supervisor requesting information, documents and records, relevant to one or more AML obligation, from a reporting entity.
For the desk-based reviews that the Reserve Bank intends to perform, we have developed a supervisory programme that:
- contains general timeframes (by reference to a particular month) for each desk-based review; and
- identifies the reporting entities that will be subject to a desk-based review.
As with onsite inspections, it will not necessarily be planned, or perhaps even practicable, to assess a reporting entity's compliance with all obligations. We expect that, for many reporting entities, the desk-based reviews will target key areas of compliance, rather than every area of compliance. We have developed procedures, processes, templates, and an obligations register, to ensure that our desk-based reviews are carried out in a consistent manner. By way of example, a desk-based review may involve an end to end analysis of an entity's processes for making suspicious transaction reports.
Thematic surveys and questionnaires
Thematic surveys can be an efficient way of monitoring compliance with specific obligations or among specific groups of reporting entities. These thematic surveys will be in addition to the annual reports that each reporting entity will need to complete and submit to its supervisor, starting in August 2014.
The Reserve Bank expects to conduct between one and three thematic surveys in the first year of supervision. In our supervisory programme we have:
- described our current preference in respect of the themes, topics and focal points for each questionnaire; and
- decided general timeframes when the questionnaires/surveys will be conducted.
By way of example, the Reserve Bank may conduct a survey of selected life insurers in relation to aspects of the exemptions available for some insurance products.
Each supervisor recognises that the tools they deploy will need to be refined in light of experiences and feedback gained during the supervisory process. All are conscious that we are entering new territory; no one in New Zealand has been responsible for monitoring such a comprehensive suite of AML obligations before. Consequently, it is important that supervisors be:
- alert to all potential areas of improvement and refinement; and
- prepared to be flexible.
How reporting entities can help make supervision a success
The three supervisors are well prepared for supervision, and will be able to monitor reporting entities' compliance in an effective, risk-based manner. But the monitoring process is not a unilateral activity; its success depends greatly on the cooperation of the reporting entities. All of the supervisors have the statutory powers to ensure that reporting entities engage effectively, and do not anticipate needing to exercise those powers.
How will the supervisors approach non-compliance?
The primary focus of the supervisors on 30 June will be on monitoring compliance, not investigating reporting entities and enforcing compliance. But some of you may feel apprehensive about how the supervisors will approach enforcement of breaches in the first year of supervision. My comments will, hopefully, allay some of that apprehension for most of you.
Despite having a different supervisor, we expect that each sector of reporting entities will be able to detect the similarities in the three supervisors' approaches to enforcement.
Each AML supervisor supervises a sector of reporting entities that has obvious distinguishing characteristics. The Reserve Bank's sector is smaller in number, and includes very large (and inherently higher risk) entities such as registered banks. We consider that our reporting entities are generally well prepared for commencement of the AML regime. Other sectors, in contrast, are larger in number and include a significant number of small entities, some of which are less familiar with the obligations under the legislation and may be non-compliant with some aspects of it. Some of those non-compliant entities may represent high money laundering risk.
This may lead to differences in approaches to enforcement. A supervisor who has a significant number of small and less informed reporting entities may consider it appropriate to be facilitative and proactively assist some of its reporting entities towards being compliant.
A supervisor who has a sector that represents both high compliance risk and high money laundering risk may well take a firm stance from the outset with serious or criminal non-compliance.
Despite any differences in operating style, the core elements of the supervisors' approaches to enforcement are similar. The following elements in respect of the Reserve Bank's intended approach to enforcement are very similar to the comparable elements of the other supervisors' approaches.
The Reserve Bank's primary focus will be on monitoring and supervisory activity, as distinct from enforcement. Although it is inevitable that our supervisory activities will detect some non-compliance with the AML obligations, we expect that many of these instances can be dealt with by a supervisory approach, rather than by overt enforcement action. We often deal with compliance breaches through a supervisory approach that results in the entity returning to a compliant state promptly and/or introducing mitigation steps to prevent the issue arising again.
Where material breaches are detected, the supervisory team will determine whether the reporting entity and the breach should be referred to the Bank's investigations team. In deciding whether to do so, the supervisory team will examine all relevant circumstances, including:
- whether the potential breach is the result of a lack of clarity in the legislative landscape;
- whether the reporting entity has made a genuine attempt to comply but has made a reasonable mistake; and
- whether the reporting entity is currently applying for an exemption or has only recently been declined.
Referral of a breach to the investigations team does not necessary mean there will be formal enforcement action. If prosecution is recommended, additional hurdles will need to be cleared, including a public interest test (for prosecutions) and further senior approval within the Reserve Bank.
Consequently, breaches need not be dealt with through enforcement. But please don't get complacent. The Reserve Bank and the other supervisors expect reporting entities to be compliant with their AML obligations from 30 June. Any reporting entities that have not made a genuine and reasonable attempt at compliance and are found to be in breach are likely to experience formal enforcement action. Similarly DIA has stated that it will take a firm stance from the outset if it detects serious or criminal non-compliance. In contrast, reporting entities that have made a genuine and reasonable attempt to comply, but seem to be in breach nevertheless, are more likely to face supervisory rather than enforcement interaction at this early stage in the implementation of our AML regime.
So to recap my key messages:
- Our AML regime is part of a coordinated international effort to tackle two worldwide problems;
- New Zealand cannot afford to be a weak link in the chain of international efforts to tackle money laundering and the financing of terrorism; and
- The supervisors are tasked with supervising entities and are well placed to begin their new role. The purpose of supervision is to check that firms have the systems in place to comply with their AML obligations, including to detect and report suspicious activity. While the new regime beds in, the emphasis will be on the monitoring of compliance with the legislation, ahead of taking enforcement action.
 ACAMS: Association of Certified Anti-Money Laundering Specialists
 FIU: Financial Intelligence Unit, New Zealand Police
 Chasing Dirty Money: The Fight Against Money Laundering P Reuter and E M Truman (2004)
 The FIU's 2010 National Risk Assessment contains a "rough estimate" of NZD$1-1.5 billion as the extent of money laundering in New Zealand.
 Reporting entities are the financial institutions and casinos that are subject to the AML legislation. The Reserve Bank's reporting entities comprise registered banks, life insurers and non-bank deposit takers.