The AML/CFT Act imposes several obligations:
Complete a written risk assessment
Section 58 of the AML/CFT Act requires each reporting entity to assess the risk it may reasonably expect to face of money laundering and financing of terrorism in the course of its business. The AML/CFT Act calls this a risk assessment.
View Section 58 from New Zealand Legislation, Anti-Money Laundering and Countering Financing of Terrorism Act 2009.
A risk assessment is the first step a business must take before developing an AML/CFT compliance programme. The supervisors have issued a guideline on how to complete a risk assessment. Read the AML/CFT Audit Guideline for risk assessment and AML/CFT programme.
Put in place a compliance programme
The AML/CFT Act takes a risk-based approach to compliance. Reporting entities (within the limits set by the AML/CFT Act and regulations) have some flexibility to determine the way in which they meet their obligations based on their risk assessment. Once a risk assessment is completed, a business can then put in place an AML/CFT programme that minimises or mitigates these risks.
The AML/CFT programme will set out your procedures, policies and controls for detecting, managing and mitigating the risk of money laundering, and the financing of terrorism your business may reasonably expect to face. The programme must be in writing and based on your risk assessment.
View the AML/CFT programme guideline.
Annual Reports obligation
All reporting entities are required to prepare an annual report on their risk assessment and AML/CFT programme. Download the AML/CFT annual report user guide to help you navigate the requirements.
Information from these reports will provide us with important information on the people and organisations we supervise, and help us:
- understand the risk of money laundering and financing of terrorism activities in each reporting entity
- ensure that information we have on our reporting entities is accurate and up-to-date
- determine the best use of our AML/CFT resources.
Complete your AML/CFT annual report
Independent audit obligation
Each reporting entity must ensure its risk assessment and AML/CFT programme are audited every 3 years or at any other time at the request of the FMA. We may also request a copy of any audit report. You do not need to submit your audit report to us unless we request to see it.
How to get started
- Engage an independent and qualified auditor early – this is to ensure one is available to assist you.
- Review and address issues in your risk assessment, AML/CFT compliance programme and supporting policies and procedures internally before the independent audit.
- Refer to the guidelines and reports and our FAQs that detail specific information on what is necessary to complete your AML/CFT audit.
- It will take time for your auditor to review your risk assessment, compliance programme, test supporting evidence and prepare an audit report. You should also allow sufficient time (sometimes up to several weeks) to review the audit findings, and agree with the final report.
Prescribed Transactions Reporting (PTR) obligation
From 1 November 2017 reporting entities must submit PTR to the Financial Intelligence Unit (FIU) at the NZ Police.
The Anti-Money Laundering and Countering Financing of Terrorism (Prescribed Transactions Reporting) Regulations 2016 specify the following threshold values for the two types of prescribed transaction:
- NZ $1,000 or more for an international wire transfer; and
- NZ$10,000 or more for a domestic physical cash transaction.
In the case of an international wire transfer, the first reporting entity to transfer funds, and the last reporting entity to receive funds, must do a PTR. We expect that a reporting entity that receives and/or passes on instructions from a client to do an international wire transfer, but does not actually transfer the funds, is not required to do a PTR. This means that international wire transfers carried out by a bank on behalf of another reporting entity will be reportable by the bank.
If an international wire transfer is settled outside the banking system (for example if a reporting entity carries out a transaction on behalf of a client and as a result money is made available to a beneficiary at another entity in another jurisdiction) the reporting entity must submit a PTR.
Please refer to the FIU website for more information. If you have any further questions please email us at [email protected].