This guideline is designed to help you conduct your money laundering and terrorism financing risk assessment (risk assessment) under the Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) Act 2009 (the Act).
AML/CFT Guide for small financial adviser businesses
This guide describes how a small financial adviser business may go about AML/CFT obligations in a simple way. It focuses on risk assessments, customer due diligence (CDD) and suspicious transaction reports (STR) because they are particularly important obligations under the AML/CFT regime, which affect financial advisers in a unique way.
the methods by which you deliver products and services to your customers.
the types of customers you deal with
the countries you deal with
the institutions you deal with
any other applicable guidance material produced by the AML/CFT supervisors.
Put in place a compliance programme
The Act takes a risk-based approach to compliance.
Reporting entities (within the limits set by the Act and regulations) have some flexibility to determine the way in which they meet their obligations based on their risk assessment.
Once a risk assessment is completed, a business can then put in place an AML/CFT programme that minimises or mitigates these risks.
AML CFT Programme Guideline
The AML/CFT programme will set out your procedures, policies and controls for detecting, managing and mitigating the risk of money laundering, and the financing of terrorism your business may reasonably expect to face. The programme must be in writing and based on your risk assessment.
All reporting entities are required to prepare an annual report on their risk assessment and AML/CFT programme. Information from these reports will provide us with important information on the people and organisations we supervise, and help us:
understand the risk of money laundering and financing of terrorism activities in each reporting entity
ensure that information we have on our reporting entities is accurate and up-to-date
Login from Monday 6 July to our e-services portal by clicking on www2.e-services.fma.govt.nz/. If clicking on the link does not take you to the portal please copy or type the link on your browser and open it.
Click 'Login' at the top right corner of the screen.
On the next screen in the white box, type in your RealMe® login details. If this is the first time you have logged into our new online system, you will be asked to create a new profile which includes your name, email address and phone number.
On the next screen click on ‘All Forms’, then select ‘AML/CFT Annual Report’. This will take you through to the start of the questions.
If you experience any problems submitting your report or if you need help, please email us at email@example.com or call us on 0800 434 567.
Independent audit obligation
Each reporting entity must ensure its risk assessment and AML/CFT programme are audited every 2 years or at any other time at the request of the FMA.
We may also request a copy of any audit report.
You do not need to submit your audit report to us unless we request to see it.
We will use the audit report as a supervisory tool to give us a good insight into a reporting entity's AML/CFT compliance and is an effective way of helping us supervise.
Refer to the following guides and reports for more information:
Engage an independent and qualified auditor early – this is to ensure one is available to assist you.
Review and address issues in your risk assessment, AML/CFT compliance programme and supporting policies and procedures internally before the independent audit.
Refer to the guidelines and reports and our AML/CFT FAQs that detail specific information on what is necessary to complete your AML/CFT audit.
It will take time for your auditor to review your risk assessment, compliance programme, test supporting evidence and prepare an audit report. You should also allow sufficient time (sometimes up to several weeks) to review the audit findings, and agree with the final report.
Guideline for audits of risk assessments and AML/CFT programmes
This guideline is to help reporting entities manage the requirement to audit their AML/CFT risk assessment and AML/CFT programme, as required under section 59(2) of the AML/CFT Act.
Getting the best outcome from your AML/CFT audit guide
This information is intended to help our REs, especially small financial adviser businesses, get value from their AML/CFT Audit. Adopting all (or any) of these items in discussions with auditors is optional, but we believe that by considering these suggestions, REs are more likely to achieve the best possible results from their audit.
This report provides a general commentary on some of the audits we have examined from the period from 1 July 2016 to 30 June 2018, which marked our fifth year of monitoring compliance with the Act. We focused on risk assessments being up to date and well-maintained; adequacy and effectiveness of policies, procedures and controls as per the AML/CFT programme; customer due diligence, ongoing customer due diligence and enhanced due diligence; governance and management oversight.
In the case of an international wire transfer, the first reporting entity to transfer funds, and the last reporting entity to receive funds, must do a PTR. We expect that a reporting entity that receives and/or passes on instructions from a client to do an international wire transfer, but does not actually transfer the funds, is not required to do a PTR. This means that international wire transfers carried out by a bank on behalf of another reporting entity will be reportable by the bank. If an international wire transfer is settled outside the banking system (for example if a reporting entity carries out a transaction on behalf of a client and as a result money is made available to a beneficiary at another entity in another jurisdiction) the reporting entity must submit a PTR.
Automated and manual reporting
Automated reporting applies to those entities submitting PTRs through the FIU xml schema. To ensure smooth implementation of automated reporting a transitional compliance period will apply until 1 July 2018. REs submitting automated reports are expected to provide PTRs as soon as they are able from 1 November 2017. However, REs will not be considered non-compliant prior to the end of the transitional compliance period (1 July 2018).
Manually reporting applies to entities submitting reports one-by-one into the goAML web tool. REs submitting PTRs manually to the FIU are expected to report from 1 November 2017. PTRs will be used by FIU to help build an intelligence picture across the financial system. Please refer to the FIU website for more information. If you have any further questions please email us at firstname.lastname@example.org.