Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT)

Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT)

Organised crime is on the increase in New Zealand, putting your organisation’s success and reputation at risk. The Anti-Money Laundering/Countering the Financing of Terrorism Act, passed in 2009, forms a part of a legislative package that will implement the next stage of reforms to New Zealand’s anti-money laundering regime. The law formally recognises that effective detection and deterrence of money laundering, and associated crime, needs collaboration between the financial sector and government.

The Act ensures that your organisation meets its obligations to prevent association with money laundering. Although compliance never comes at a convenient time and will require a significant investment of time and resources, early preparation is inevitably more efficient and effective.

Use the links below to learn how you can achieve efficient, economic and effective compliance:
Why we need AML/CFT legislation How will it work? Who needs to comply?




What’s the impact on your business? What do you need to do? How can we help you?
Implementing leading industry “Know Your Customer” practices

Why we need AML/CFT legislation

The legislation brings New Zealand into alignment with international anti-money laundering practices. Already trailing behind key economies if the legislation was not introduced, NZ would be considered a point of vulnerability globally for money laundering activity. If NZ is perceived as a weak link in the global AML/CFT effort, it could have a significant cost to NZ businesses. The lack of a regime would inevitably lead to us being competitively disadvantage as a result offshore entities (banks) having to apply additional controls in respect of New Zealand sourced remittances. Although money laundering has been around for a long time, the financing of terrorism is a more recent phenomenon, with a high correlation between the two.

However, apart from being a global issue it is also very much a domestic concern with benefits domestically from the introduction of the legislation. Illicit activity in NZ such as the drugs trade and illegal fishing also needs the proceeds to be laundered to be rendered accessible. AML/CFT legislation will help address the issues of NZ’s black market.
back to top

How will it work?

Money laundering and terrorist financing techniques are in a constant state of evolution. To be even remotely effective, related legislation and regulation needs to be inherently adaptive – a risk based approach, and in particular, ongoing prospective risk assessments are the best means to achieve this.

The legislated risk-based approach recognises that one solution does not fit all circumstances; that not all entities face the same money laundering risks, and that not all entities will have the same risk appetite. Importantly it recognises that there can be more than one solution to a problem, that any solution must be commercial, and that different combinations of controls can deliver reasonable levels of protection.

An entity’s AML/CFT risk is primarily a function of the services or products it offers, the consumer base to which those services and products are made available, and the channels through which customers access the services and products.

The Act imposes a set of reporting requirements for entities affected, a risk based approach to risk assessment, customer identification and transaction monitoring to detect possible money laundering and terrorism financing activity, and a regime for supervision, monitoring and enforcement of AML/CFT obligations.
back to top

Who needs to comply?

There is a two phased approach covering the different types of businesses that need to comply with the Act.

The first phase applies to casinos and financial institutions that carry out one or more of the financial activities that define a financial institution under the Act. Examples of businesses that fall into this category of entity are:

  • Banks
  • Brokers
  • Casinos
  • Collective investment schemes
  • Financial advisers
  • Futures dealers
  • Issuers of securities
  • Life insurers
  • Money changers
  • Non-bank deposit takers
  • Non-deposit taking lenders
  • Trustee companies

The second phase entities or designated non-financial businesses and professions (DNFBPs), such as accountants, lawyers, real estate agents and jewellers, will be brought into the regulatory environment in due course.

The category of entity and the nature of services will determine the timeframe in which compliance needs to be achieved and the AML/CFT supervisor your business needs to report to.
back to top

What’s the impact on your business?

Although there has been an extensive timeframe in developing the regulations and codes, those affecting first phase entities are due to be finalised before the end of 2010. Once finalised, the regulators are expected to allow reporting entities up to two years to prepare their AML programmes and processes before enforcement commences.

Depending on what type of entity your business is, you will be supervised by one of the following AML/CFT (joint) regulators:

  • The Securities Commission
  • The Reserve Bank
  • The Department of Internal Affairs

The precise impact of the AML/CFT regime on your business will be determined in the first instance by your AML/CFT risk profile, which will result from the risk assessment you undertake.

Although many businesses have yet to start preparing for the AML/CFT regime, all reporting entities are expected to achieve compliance and prepare for a more stringent enforcement culture by December 2012.

Over time, the experience of reporting entities and the feedback they provide to the joint regulators through suspicious transaction reporting and other means will help to further develop the AML/CFT intelligence base in New Zealand and ensure that it adapts to the changing money laundering typologies as they affect New Zealand.

From a regulatory stand-point, failure to comply can result in civil and criminal offences with significant financial repercussions, however it is also important to consider damage to brand and reputation should non-compliance be made public.
back to top

What do you need to do?

Understand your obligations 

The first step towards achieving compliance is to understand how the AML/CFT legislation and regulations will affect your business – what will be required and your level of risk exposure.

Conduct a business impact and risk assessment 

For an effective assessment, it’s important to consult widely across your business; looking systematically at your customers, products and channels. The assessment can be performed internally using a best-practice approach, or by involving third party suppliers, but in either case it needs to use robust methodology i.e. one that is grounded in good practice risk management processes and which reflects current known money laundering and terrorist financing typologies. Regulators are expected, in turn, to focus their resources on what they view as ‘higher-risk’ sectors and individual reporting entities. Any risk-assessment you conduct needs to accordingly be carefully documented and clearly identify how your conclusions were reached.

Assessments will need to be conducted on an ongoing basis, at least annually, however the frequency of re-assessment will depend on the industry concerned, and whether it is considered low or high risk.

Implement a AML/CFT programme 

An AML/CFT programme sets out your procedures, policies and controls to enable your business to effectively detect, manage and mitigate the risks associated with money laundering and the financing of terrorism.

Designate a AML/CFT compliance officer

An AML/CFT compliance officer reports to senior management and is responsible for managing and maintaining the AML/CFT programme.

Conduct Customer Due Diligence 

Customer Due Diligence (DDD), otherwise known as Know Your Customer (KYC), encompasses collecting information about your customers’ identities and verifying it to ensure legitimacy. It also involves ensuring you have a complete set of data for each customer, and ongoing due diligence.
back to top

How can we help you?

To ensure you can achieve compliance effectively and efficiently through a robust risk-based approach we can help you with:

Risk assessment – conducting a risk assessment that will withstand regulatory scrutiny, to ascertain your level of exposure and areas to focus on. We can also work with you on calibrating your organisation’s risk appetite and tolerance for money laundering and terrorist financing risks.

Design risk-based controls – understanding the full suite of money laundering and terrorist financing controls available, making informed choices about those suited to your business and empowering senior management to develop a set of controls consistent with your businesses circumstance and risk exposure.

Implementation – creating and enabling a culture that supports a robust, resilient AML/CFT programme and constructive senior management’s approach to addressing risks associated with money laundering and financing of terrorism in your business.

Monitoring and compliance testing – providing senior management with the comfort that processes are operating as intended and effectively to achieve and maintain compliance.
back to top

Implementing leading industry “Know Your Customer” practices

Efficient and disciplined “Know Your Customer” (“KYC”) practices are key in today's regulatory environment. Inadequate management of this key component implicit in and underpinning an increasing number of pieces of recent regulation (whether e.g. AML/CFT, FATCA, OFAC or FAA related) can lead to serious regulatory compliances breaches, possible serious sanctions and fines and reputation loss. 

We can assist clients in better appreciating the fundamentals and substance of KYC across their business, improving the quality and integrity of their KYC information and, most importantly improving their value proposition to the customers they serve. Our services include:

  • Review, analyze and assess existing: customer data and intelligence, related policy and procedures against good market practices
  • Design remediation programs and enhancements to improve all facets of KYC capabilities, using methodologies, tools or templates that are scalable and help ensure internal consistency across your business
  • Assistance in the deployment of revised KYC related systems and procedures, together with associated training.