New Zealand is implementing an enhanced anti-money laundering and counterterrorism financing (AML/CFT) regime to comply with OECD standards and be removed from the EU's blacklist. The new regime takes effect on June 30, 2013 and requires reporting entities like banks and investment firms to undertake risk assessments, develop AML/CFT compliance programs, appoint compliance officers, and implement customer due diligence and reporting processes. Chartered accountants can assist clients in meeting the new requirements which are aimed at preventing criminal use of businesses and upholding confidence in New Zealand's financial system. Non-compliance will be subject to civil and criminal penalties.
1. 30 SEPTEMBER 2012 31SEPTEMBER 2012
FEATURE Anti Money Laundering
N
ew Zealand is one of the last OECD countries to
implement enhanced legislation around Anti Money
Laundering/Countering the Financing of Terrorism
(AML/CFT) and is currently not on the European
Union (EU) banking and corporate “white list”. This
position is unlikely to be reversed until 30 June 2013,
when phase one of New Zealand’s new AML/CFT regime begins.
Preventing New Zealand businesses being used for criminal activities
is essential to upholding public and international confidence in New
Zealand’s financial systems. Make sure the new AML/CFT regime is on
your clients’ agendas if they are considered to be a reporting entity. Your
clients should start planning now
What will reporting entities need to do?
1.Set out their risk assessment in writing, and include a description of
how this risk assessment will be kept up to date.
2.Use their risk assessment to develop their AML/CFT programme,
which must include procedures to detect, deter, manage and mitigate
the risk of money laundering and the financing of terrorism.
3.Appoint a compliance officer to administer and maintain their AML/
CFT programme.
4.Develop customer due diligence processes including customer
identification and verification of identity.
5.Create suspicious transaction reporting, auditing and annual reporting
systems and processes.
A RISK-BASED APPROACH
All reporting entities must have appropriate policies and procedures in
place for assessing and managing the risk of their business being used
for money laundering or terrorist financing, and for reporting suspicious
transactions.
A risk-based approach to AML/CFT incurs a cost which is
proportionate to this risk, focusing effort where it has most impact.
AML/CFT procedures and policies may be integrated into existing
risk management systems or be controlled
separately. In either case, these policies and
procedures are valuable to businesses, in
contributing to the control of risks to both
businesses and individuals in this and other
areas.
Reporting entities can decide for themselves
how to carry out their risk assessment, which
may be simple or sophisticated depending on
the nature of their business. Each reporting
entity needs to make a reasoned decision as to
how it intends to manage money laundering
risk. A risk-based approach enables them to
target their effort on conducting customer due
diligence more effectively, with increased depth
of work being conducted where the risks are
perceived to be higher.
CLIENT ACCEPTANCE AND CONTINUANCE
Customer due diligence (CDD) is an essential
part of any AML/CFT system and is a
cornerstone requirement of the New Zealand
regime.
Reporting entities are required to ensure
CDD procedures are applied to all clients, both
new and existing.
There are three levels of CDD: standard,
enhanced and simplified. The level a reporting
entity should use in any instance will depend
on the customer, and the type of transactions
they conduct. Each level of CDD has its own
requirements, which may require a reporting
entity to obtain an understanding of:
• who the client is
• who owns it, including the ultimate
beneficiary
• who controls it
• the purpose and intended nature of the
business relationship
• the nature of the client
• the client’s source of funds
• the client’s business and economic purpose.
This is often referred to as “know your
client” or “KYC” information.
Reporting entities need to set out clear
requirements for collecting information about
their clients and for conducting verification of
identity, to a depth suitable to the assessed level
of risk. They also need to be continually alert
for changes in the nature or ownership of the
client, its business model, and its susceptibility
to (or evidence of) money laundering/terrorist
financing.
The occasional transaction threshold
for CDD obligations is $9,999, which has
numerical, rather than value, alignment with
Australia.
Enhanced CDD must be applied for higher
risk clients such as politically exposed persons
(PEPs) and those with complex transactions.
Trusts are high risk by default, as they are easy
to set up and not maintained on a register. In
addition to the normal CDD requirements
for trusts, Regulation 6 of the AML/CFT
(Requirements and Compliance) Regulations
2011 requires reporting entities to obtain the
name and date of birth of each beneficiary
of the trust (or if there are more than ten
beneficiaries to obtain a description of the
class or type of beneficiary, and if the trust is a
charitable trust, its objects).
Simplified CDD can be conducted on
a specified set of organisations such as
government departments, local authorities,
the New Zealand Police and certain listed
companies.
REPORTING REQUIREMENTS
An AML/CFT compliance officer (who reports
to senior management) must be appointed
to manage and maintain the AML/CFT
programme.
When there is a business relationship
between a reporting entity and a customer, the
reporting entity must conduct ongoing CDD
and undertake account monitoring to ensure,
among other things, that they identify any
grounds for reporting a suspicious transaction
(such as transactions which have no apparent
economic or visible lawful purpose).
If a suspicious transaction is identified, it
must be reported to the Financial Intelligence
Unit.
If there are suspicions, tipping off the
client must be avoided. Tipping off is seen as
assisting the perpetrator to commit the offence
which may be considered a crime in itself, even
if accidental.
All staff involved in AML/CFT related
matters should have regular training
co-ordinated by the compliance officer.
AML/CFT risk assessments and compliance
programmesmustbeauditedbyanappropriately
qualified, independent person every two years.
A reporting entity must be able to justify to
its supervisor how its auditor is appropriately
qualified. This does not necessarily mean that
the person has to be a chartered accountant,
or qualified to undertake financial audits. It
means that the person has the relevant skills
and experience to conduct the assessment. To
be independent, the individual must not be
involved in the development of a reporting
entity’s risk assessment, or the establishment,
implementation or maintenance of its AML/
CFT programme. Therefore a reporting entity
may choose to appoint an external person to
undertake the risk assessment audit.
Reporting entities must prepare an annual
AML/CFT report for their supervisor. The
government agencies tasked with supervising
the AML/CFT regime and the reporting entities
they will monitor are:
• the Reserve Bank of New Zealand – banks,
life insurers and non-bank deposit takers
• the Financial Markets Authority – issuers of
securities, trustee companies, futures dealers,
collective investment schemes, brokers, and
financial advisers
• the Department of Internal Affairs – casinos,
non-deposit taking lenders, money changers,
and any other financial institutions not
supervised by the Reserve Bank or the FMA.
The websites of these agencies provide a
ready source of information about the new
AML/CFT regime. A number of guidelines are
available. There is also an Identity Verification
Code of Practice.
The Ministry of Justice released a
consultation document in July which set
out the proposed annual reporting form and
content of a suspicious transaction report
under the AML/CFT Act. Electronic reporting
will be preferred.
Supervisors have adopted a collaborative
approach towards implementation of the new
AML/CFT regime. Be aware though – non-
compliance will not be dealt with lightly. There
is a mix of civil liability provisions and criminal
offences, with differing levels of potential
penalties – fines of up to NZ$300,000 and two
years imprisonment for individuals, and fines
of up to NZ$5m for corporations.
There are many opportunities for chartered
accountants to assist clients who are reporting
entities – including in the provision of auditing
services for AML/CFT risk assessment and
compliance programmes.
Zowie Murray CA is the Audit & Assurance
Specialist on the NZICA Technical Services Team.
Appearances can be
deceiving
CAs can assist their clients in meeting new
requirements aimed at preventing money
laundering and the financing of terrorism.
BY ZOWIE MURRAY
There is a
mix of civil
liability
provisions
and criminal
offences,
with
differing
levels of
potential
penalties
2. 30 SEPTEMBER 2012 31SEPTEMBER 2012
FEATURE Anti Money Laundering
N
ew Zealand is one of the last OECD countries to
implement enhanced legislation around Anti Money
Laundering/Countering the Financing of Terrorism
(AML/CFT) and is currently not on the European
Union (EU) banking and corporate “white list”. This
position is unlikely to be reversed until 30 June 2013,
when phase one of New Zealand’s new AML/CFT regime begins.
Preventing New Zealand businesses being used for criminal activities
is essential to upholding public and international confidence in New
Zealand’s financial systems. Make sure the new AML/CFT regime is on
your clients’ agendas if they are considered to be a reporting entity. Your
clients should start planning now
What will reporting entities need to do?
1.Set out their risk assessment in writing, and include a description of
how this risk assessment will be kept up to date.
2.Use their risk assessment to develop their AML/CFT programme,
which must include procedures to detect, deter, manage and mitigate
the risk of money laundering and the financing of terrorism.
3.Appoint a compliance officer to administer and maintain their AML/
CFT programme.
4.Develop customer due diligence processes including customer
identification and verification of identity.
5.Create suspicious transaction reporting, auditing and annual reporting
systems and processes.
A RISK-BASED APPROACH
All reporting entities must have appropriate policies and procedures in
place for assessing and managing the risk of their business being used
for money laundering or terrorist financing, and for reporting suspicious
transactions.
A risk-based approach to AML/CFT incurs a cost which is
proportionate to this risk, focusing effort where it has most impact.
AML/CFT procedures and policies may be integrated into existing
risk management systems or be controlled
separately. In either case, these policies and
procedures are valuable to businesses, in
contributing to the control of risks to both
businesses and individuals in this and other
areas.
Reporting entities can decide for themselves
how to carry out their risk assessment, which
may be simple or sophisticated depending on
the nature of their business. Each reporting
entity needs to make a reasoned decision as to
how it intends to manage money laundering
risk. A risk-based approach enables them to
target their effort on conducting customer due
diligence more effectively, with increased depth
of work being conducted where the risks are
perceived to be higher.
CLIENT ACCEPTANCE AND CONTINUANCE
Customer due diligence (CDD) is an essential
part of any AML/CFT system and is a
cornerstone requirement of the New Zealand
regime.
Reporting entities are required to ensure
CDD procedures are applied to all clients, both
new and existing.
There are three levels of CDD: standard,
enhanced and simplified. The level a reporting
entity should use in any instance will depend
on the customer, and the type of transactions
they conduct. Each level of CDD has its own
requirements, which may require a reporting
entity to obtain an understanding of:
• who the client is
• who owns it, including the ultimate
beneficiary
• who controls it
• the purpose and intended nature of the
business relationship
• the nature of the client
• the client’s source of funds
• the client’s business and economic purpose.
This is often referred to as “know your
client” or “KYC” information.
Reporting entities need to set out clear
requirements for collecting information about
their clients and for conducting verification of
identity, to a depth suitable to the assessed level
of risk. They also need to be continually alert
for changes in the nature or ownership of the
client, its business model, and its susceptibility
to (or evidence of) money laundering/terrorist
financing.
The occasional transaction threshold
for CDD obligations is $9,999, which has
numerical, rather than value, alignment with
Australia.
Enhanced CDD must be applied for higher
risk clients such as politically exposed persons
(PEPs) and those with complex transactions.
Trusts are high risk by default, as they are easy
to set up and not maintained on a register. In
addition to the normal CDD requirements
for trusts, Regulation 6 of the AML/CFT
(Requirements and Compliance) Regulations
2011 requires reporting entities to obtain the
name and date of birth of each beneficiary
of the trust (or if there are more than ten
beneficiaries to obtain a description of the
class or type of beneficiary, and if the trust is a
charitable trust, its objects).
Simplified CDD can be conducted on
a specified set of organisations such as
government departments, local authorities,
the New Zealand Police and certain listed
companies.
REPORTING REQUIREMENTS
An AML/CFT compliance officer (who reports
to senior management) must be appointed
to manage and maintain the AML/CFT
programme.
When there is a business relationship
between a reporting entity and a customer, the
reporting entity must conduct ongoing CDD
and undertake account monitoring to ensure,
among other things, that they identify any
grounds for reporting a suspicious transaction
(such as transactions which have no apparent
economic or visible lawful purpose).
If a suspicious transaction is identified, it
must be reported to the Financial Intelligence
Unit.
If there are suspicions, tipping off the
client must be avoided. Tipping off is seen as
assisting the perpetrator to commit the offence
which may be considered a crime in itself, even
if accidental.
All staff involved in AML/CFT related
matters should have regular training
co-ordinated by the compliance officer.
AML/CFT risk assessments and compliance
programmesmustbeauditedbyanappropriately
qualified, independent person every two years.
A reporting entity must be able to justify to
its supervisor how its auditor is appropriately
qualified. This does not necessarily mean that
the person has to be a chartered accountant,
or qualified to undertake financial audits. It
means that the person has the relevant skills
and experience to conduct the assessment. To
be independent, the individual must not be
involved in the development of a reporting
entity’s risk assessment, or the establishment,
implementation or maintenance of its AML/
CFT programme. Therefore a reporting entity
may choose to appoint an external person to
undertake the risk assessment audit.
Reporting entities must prepare an annual
AML/CFT report for their supervisor. The
government agencies tasked with supervising
the AML/CFT regime and the reporting entities
they will monitor are:
• the Reserve Bank of New Zealand – banks,
life insurers and non-bank deposit takers
• the Financial Markets Authority – issuers of
securities, trustee companies, futures dealers,
collective investment schemes, brokers, and
financial advisers
• the Department of Internal Affairs – casinos,
non-deposit taking lenders, money changers,
and any other financial institutions not
supervised by the Reserve Bank or the FMA.
The websites of these agencies provide a
ready source of information about the new
AML/CFT regime. A number of guidelines are
available. There is also an Identity Verification
Code of Practice.
The Ministry of Justice released a
consultation document in July which set
out the proposed annual reporting form and
content of a suspicious transaction report
under the AML/CFT Act. Electronic reporting
will be preferred.
Supervisors have adopted a collaborative
approach towards implementation of the new
AML/CFT regime. Be aware though – non-
compliance will not be dealt with lightly. There
is a mix of civil liability provisions and criminal
offences, with differing levels of potential
penalties – fines of up to NZ$300,000 and two
years imprisonment for individuals, and fines
of up to NZ$5m for corporations.
There are many opportunities for chartered
accountants to assist clients who are reporting
entities – including in the provision of auditing
services for AML/CFT risk assessment and
compliance programmes.
Zowie Murray CA is the Audit & Assurance
Specialist on the NZICA Technical Services Team.
Appearances can be
deceiving
CAs can assist their clients in meeting new
requirements aimed at preventing money
laundering and the financing of terrorism.
BY ZOWIE MURRAY
There is a
mix of civil
liability
provisions
and criminal
offences,
with
differing
levels of
potential
penalties
3. Copyright of Chartered Accountants Journal is the property of Institute of Chartered Accountants of New
Zealand and its content may not be copied or emailed to multiple sites or posted to a listserv without the
copyright holder's express written permission. However, users may print, download, or email articles for
individual use.