The Act imposes several obligations. If you operate a business that falls within the definition of reporting entity you will need:
a written risk assessmentof the money laundering and financing of terrorism activity you could expect in the course of running your business
an anti-money laundering and countering financing of terrorism programme that includes procedures to detect, deter, manage and mitigate money laundering and the financing of terrorism
a compliance officer appointed to administer and maintain your programme
customer due diligence processes based on your risk assessment including customer identification and verification of identity
suspicious transaction reporting, auditing and annual reportingsystems and processes.
Understanding the risks
The FMA's Sector Risk Assessment (SRA) is a review of the characteristics of certain sectors of the financial system. It assesses the level of risk of money laundering occurring in that sector and outlines any particular risks in that area.
Section 58 of the Act requires each reporting entity to assess the risk it may reasonably expect to face of money laundering and financing of terrorism in the course of its business. The Act calls this a risk assessment.
The Act requires that, in identifying money laundering or terrorism financing risk, your reporting entity must consider:
the nature, size and complexity of your business
the types of products or services you provide
the methods by which you deliver products and services to your customers.
the types of customers you deal with
the countries you deal with
the institutions you deal with
any other applicable guidance material produced by the AML/CFT supervisors.
Put in place a compliance programme
The Act takes a risk-based approach to compliance. Reporting entities (within the limits set by the Act and regulations) have some flexibility to determine the way in which they meet their obligations based on their risk assessment.
Once a risk assessment is completed, a business can then put in place an AML/CFT programme that minimises or mitigates these risks. See the AML/CFT programme guideline.
The AML/CFT programme will set out your procedures, policies and controls for detecting, managing and mitigating the risk of money laundering, and the financing of terrorism your business may reasonably expect to face. The programme must be in writing and based on your risk assessment.